A three-day cybersecurity seminar was held at Thimphu from 9th October till 11th October. It was organized by the Czech Embassy in New Delhi, in collaboration with National Cyber and Information Security Agency (NUKIB), GovTech Agency, and the Czech Republic’s Honorary Consulate in Thimphu. The seminar aimed to enhance the preparedness and resilience of Bhutanese state institutions against cyberattacks. It covered legal strategies, current challenges, and ways to attract new talent in the field. This initiative follows Czech Ambassador Eliska Zigova’s commitment during her May visit to provide technical expertise to Bhutan....
Digital Investment Scheme and related Scams.
Issued in collaboration with OCP,MoEA and FICRT, RMA. BtCIRT has been informed of online investment schemes using instant messaging platforms like Whatsapp and Telegram that are advertised through social media platforms like Facebook. We have found out that many Bhutanese are taking part in them and already a few have even fallen victim to it without getting the promised returns. We have also been informed that a few Bhutanese accounts are being used to collect the investments. Therefore, the account holders are encouraged to verify with relevant authorities on the legality of such business operations and understand the legal...
Critical Vulnerability Affecting Apache Log4j
The Apache Software Foundation has released a security advisory to address a Critical vulnerability: remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1 dubbed Log4Shell by researchers. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is already being used to implant cryptocurrency miners, and researchers have detected mass scanning activity searching for servers using Log4j. Log4j is an open-source, Java-based logging tool used in many Java-based applications widely used by enterprise applications and cloud services. Therefore, BtCIRT urges all administrators to review the Apache Log4j 2.15.0 Announcement and upgrade...
Porn Scam Alert
BtCIRT has been reported of porn scam emails which purports to come from a hacker claiming to have video and image footage of the victim watching pornography. Victims are then threatened that the scammer will send the alleged video or images to their personal contacts unless they pay a ransom of $5306 in bitcoin payment. They claim to have managed to hijack the victim’s browser while the victim visited an adult site and used it as an RDP server to install a keylogger, using which they got access to the victim’s contacts from Facebook, Messenger and email account and...
Corono Virus Related- SCAM ALERT!!
The Bhutan Computer Incident Response Team (BtCIRT), Department of IT and Telecom (DITT) would like to earnestly request the general public to not fall into the corona virus related scam/phishing during the lockdown. It has come to the notice of BtCIRT of a scam making rounds in the social media platform Whatsapp whereby the scam message indicates the government is offering money to all citizens above the age of 18 years old for which a link is provided for checking eligibility (as attached below):Any COVID related support or information that the government provides would be announced through BBS, websites...