...
Critical Vulnerability Affecting Apache Log4j
The Apache Software Foundation has released a security advisory to address a Critical vulnerability: remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1 dubbed Log4Shell by researchers. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is already being used to implant cryptocurrency miners, and researchers have detected mass scanning activity searching for servers using Log4j. Log4j is an open-source, Java-based logging tool used in many Java-based applications widely used by enterprise applications and cloud services. Therefore, BtCIRT urges all administrators to review the Apache Log4j 2.15.0 Announcement and upgrade...
Bhutan Cyber Security Week
Cyber security threats are growing and can affect anyone, and can have a greater impact on social well being and also on the overall country’s economy. During the pandemic there were numerous cases of victims of scams and phishing incidents that have led to financial losses for the victims. Therefore, BtCIRT is initiating a week-long cybersecurity awareness campaign to observe the country’s first ever Cyber Security Week from 20 – 25 December, 2021. It is expected to provide a bigger window of opportunity to create cybersecurity awareness among the general public, educate and inspire students and upskill ICT Professionals....
Google Releases Security Update
Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Therefore, BtCIRT recommended users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible....
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system. Therefore, Bhutan Computer Incident Response Team recommended users and administrators to review Drupal Security Advisory SA-CORE-2021-011 and apply the necessary updates....