What are the opening hours?

Monday 08:00 - 16:00 Tuesday 08:00 - 16:00 Wednesday 08:00 - 16:00 Thursday 08:00 - 16:00 Friday 08:00 - 15:00

Digital Forensics Research & Service Center - DFRSC

Home
Pakistan
Lahore
Digital Forensics Research & Service Center - DFRSC

DFRSC is the first research facility of its kind in Pakistan. It will work to increase awareness about digital forensics and cyber security in Pakistan.

Digital Forensic Research and Service Centre (DFRSC) have been established at Lahore Garrison University, Lahore. The Prime Purpose of this centre is to Conduct research on Digital forensic problems and provide solutions, in order to, enhance crime investigation process.

14/05/2026

Microsoft introduces **MDASH AI System** — an advanced AI-powered cybersecurity platform designed to discover vulnerabilities in Windows at scale.

MDASH uses more than **100 specialized AI agents** to analyze code, validate findings, and prove exploitable security flaws automatically. In Microsoft’s latest Patch Tuesday, the system successfully identified **16 Windows vulnerabilities**, including critical remote code ex*****on flaws.

Key Highlights:
• AI-driven vulnerability discovery
• Multi-agent security analysis
• Faster detection & remediation
• Improved Windows security defense

This marks a major shift where AI is no longer just assisting cybersecurity — it is actively defending systems before attackers can exploit them.

12/05/2026

New Banking Malware Alert: TCLBANKER

Cybersecurity researchers have discovered a dangerous Brazilian banking trojan called TCLBANKER targeting banks, fintech apps, and cryptocurrency platforms.

What makes it dangerous?
• Steals banking credentials and sensitive data
• Uses fake login overlays & fake Windows update screens
• Can remotely control victim devices
• Spreads through WhatsApp Web & Microsoft Outlook
• Sends malware directly from victims’ own accounts

The malware also uses advanced anti-detection techniques to avoid antivirus and security analysis tools.

Stay Safe:
Avoid opening unknown ZIP/MSI files
Verify email attachments before opening
Enable 2FA on financial accounts
Keep antivirus and software updated

11/05/2026

Critical Security Alert for Node.js Developers

Researchers have discovered multiple critical vulnerabilities in the vm2 library that allow attackers to escape the sandbox and execute arbitrary code on the host system.

Affected versions: vm2 ≤ 3.11.1
Recommended fix: Update immediately to version 3.11.2

These vulnerabilities can allow attackers to:
• Escape the sandbox environment
• Execute system commands
• Access sensitive server resources
• Achieve Remote Code Ex*****on (RCE)

This incident highlights how difficult it is to securely isolate untrusted JavaScript code in sandbox environments.

If your application uses vm2 for running user-supplied JavaScript, patch your systems as soon as possible and review your security controls.

06/05/2026

Critical Security Alert: Apache HTTP/2 Vulnerability (CVE-2026-23918)

A severe vulnerability has been discovered in Apache HTTP Server that could lead to Denial-of-Service (DoS) and even Remote Code Ex*****on (RCE).

Key Highlights:
• Affects Apache HTTP Server version 2.4.66 (fixed in 2.4.67)
• Caused by a “double free” memory issue in the HTTP/2 module
• DoS attack is extremely easy — no authentication required
• Potential RCE possible under specific conditions (especially on Debian-based systems)

Why it matters:
Attackers can crash server workers with minimal effort, disrupting services. In advanced scenarios, they may even execute arbitrary code on the server.

Recommendation:
If you're running Apache HTTP Server, update to version 2.4.67 immediately to stay protected.

Cybersecurity is not optional — it's essential. Stay updated, stay secure.

01/05/2026

ThreatsDay Bulletin Cybersecurity Weekly Highlights

This week in cyber security is packed with eye-opening incidents and evolving threats. Here are some key takeaways you shouldn’t ignore

SMS Blaster Attacks

Hackers used fake cellular towers to send phishing messages directly to nearby phones. A reminder that even SMS isn’t always safe anymore.

Supply Chain Attacks Rising

Malicious npm and PyPI packages are stealing sensitive data like .env files and developer credentials during installation. Always verify packages before use.

Browser Extensions Selling Data

Millions of users are affected as some extensions openly collect and sell browsing data. Privacy policies matter more than ever.

Massive Exposure of Remote Access Servers

Over 3 million RDP & VNC servers are exposed online, many without passwords or running outdated systems.

Advanced Phishing Kits

New kits like Saiga 2FA and Phoenix System are making phishing more automated, targeted, and dangerous.

Infostealer Surge

Malware like Vidar Stealer 2.0 is dominating the underground market, stealing credentials at scale.

Critical Healthcare Vulnerabilities

38 flaws in OpenEMR could have exposed sensitive patient data worldwide — highlighting risks in healthcare tech.

Billions of Credentials Leaked

Nearly 2.9 billion credentials were compromised in 2025 alone. Cyber hygiene is no longer optional.

Key Lesson:

Cybersecurity isn’t just about advanced tools — it’s about getting the basics right:

Strong passwords

Regular updates

Verifying links & downloads

Stay cautious. Stay updated. Stay secure.

30/04/2026

New Linux Security Alert: Copy Fail Vulnerability (CVE-2026-31431)

A critical Linux vulnerability known as “Copy Fail” (CVE-2026-31431) has been disclosed, affecting major Linux distributions including Ubuntu, Red Hat Enterprise Linux, SUSE, and Amazon Linux.

This high-severity flaw exists in the Linux kernel’s cryptographic subsystem (algif_aead module) and has been present since 2017.

According to researchers, an unprivileged local user may be able to write controlled data into the kernel’s page cache and exploit it to gain root access (full system control) In some cases, even a small script can manipulate system binaries such as `/usr/bin/su` to escalate privileges.

Although the vulnerability is not remotely exploitable, it is extremely dangerous in local and multi user environments, as well as containerized systems, due to its reliability and cross-distribution impact.

This issue shares similarities with past vulnerabilities like Dirty Pipe (CVE-2022-0847), highlighting ongoing risks in kernel-level security.

Major Linux vendors have already released security advisories and patches. Users and administrators are strongly advised to update their systems immediately to mitigate potential risks.

Key takeaway: Even local vulnerabilities can lead to full system compromise timely patching and system hardening are critical.

27/04/2026

Cybersecurity Alert: Microsoft Teams-based “Snow” Malware Attack

Recent reports indicate that an advanced threat group has been misusing Microsoft Teams to deploy a malware suite known as “Snow”.

Attack flow (simplified):
• Users are first targeted with email bombing to create confusion
• Attackers then contact victims on Microsoft Teams while posing as IT support
• A fake “security patch” or update link is shared
• The victim unknowingly installs the malware

Malware capabilities:
• Stealth access via browser extensions
• Remote command ex*****on through hidden tunnels
• Data theft, screenshots, and file extraction
• Lateral movement across networks and credential stealing

Key takeaway:
Even trusted platforms like Microsoft Teams can be exploited for social engineering attacks. Human awareness remains one of the strongest defenses in cybersecurity.

Lesson: Never trust unknown links or “IT support” messages without proper verification.

23/04/2026

New Cyber Threat Alert: Lotus Data Wiper

A newly discovered data-wiping malware called *Lotus* has been used in targeted cyberattacks against energy and utility sectors in Venezuela. According to Kaspersky, this malware is designed to completely destroy infected systems, making data recovery nearly impossible.

The attack begins with malicious scripts that disable security services, log out users, and shut down network access. Once the system is weakened, the Lotus wiper overwrites entire physical drives, deletes restore points, and erases files permanently.

This highlights the growing risk of destructive cyberattacks, especially in critical infrastructure sectors. Organizations should stay vigilant by monitoring unusual system activity and maintaining secure, offline backups.
**Key takeaway:** Prevention and preparedness are the only real defenses against such advanced threats.

20/04/2026

Strengthening Identity Security with Zero Trust

Stolen credentials remain one of the biggest cybersecurity threats today, acting as a primary entry point for attackers. Once inside, excessive permissions and lack of visibility allow them to move freely and cause serious damage.

This is where the **Zero Trust** model comes in—but simply adopting it isn’t enough. To be truly effective, Zero Trust must be built around a strong identity strategy that continuously verifies users and devices.

Here are key ways Zero Trust improves security:

Enforces least privilege access (only necessary permissions)
Enables continuous, context-aware authentication
Limits attacker movement within systems
Secures remote work and third-party access
Provides centralized monitoring and visibility

The key takeaway: Zero Trust is not a one-time setup—it’s an ongoing journey toward stronger and smarter security.

16/04/2026

Cybersecurity in the Transportation Industry

When we think of trucks on highways, cybersecurity is usually not the first thing that comes to mind. However, modern trucks are no longer just mechanical vehicles—they are advanced digital systems equipped with sensors, internet connectivity, and communication networks.

This digital transformation has introduced new security challenges. Cybercriminals are actively targeting the trucking and logistics sector using techniques like ransomware attacks, identity theft, and even GPS spoofing to steal high-value cargo. Since this industry plays a critical role in delivering essential goods like food, fuel, and medicine, any disruption can have serious consequences.

The good news is that adopting strong cybersecurity practices—such as multi-factor authentication, network security, and employee awareness—can significantly reduce these risks. Although smaller companies may face challenges in implementation, continuous efforts in awareness, collaboration, and security improvements are helping the industry stay resilient.

As technology evolves, securing transportation systems is no longer optional—it’s essential.

13/04/2026

Cybersecurity Alert: Russian GRU Exploiting Vulnerable Routers

The U.S. FBI, NSA, and international intelligence partners from Canada, Europe, and Ukraine have released a joint warning regarding Russian GRU cyber actors (APT28 / Fancy Bear) exploiting vulnerable home and office routers to steal sensitive information.

Key Points:

Hackers change DNS settings on routers to intercept traffic.
They target military, government, and critical infrastructure systems.
Stolen data may include passwords, emails, authentication tokens, and web browsing data, even from secure (HTTPS) connections.
Devices at risk include outdated or poorly secured SOHO routers, e.g., TP-Link routers with CVE-2023-50224.

How to Protect Yourself:
Update your router firmware
Change default usernames and passwords
Disable remote management from the Internet
Replace end-of-support devices
Pay attention to browser/email certificate warnings

For Organizations:

Enforce VPNs for remote access
Apply secure configurations for applications
Review remote work policies
Encourage employees to upgrade personal devices

Report Suspicious Activity:
If you suspect a Russian GRU intrusion, report it to your local FBI field office or file a complaint at ic3.gov with details about your router and settings.

This infographic provides a visual guide to understanding the attack, who is at risk, and recommended protective actions.

Stay vigilant and protect your networks!

Address

Lahore Garrison University. , Sector C DHA Phase 6
Lahore

Opening Hours

Monday	08:00 - 16:00
Tuesday	08:00 - 16:00
Wednesday	08:00 - 16:00
Thursday	08:00 - 16:00
Friday	08:00 - 15:00

Website

http://www.dfrsc.org/

Alerts

Be the first to know and let us send you an email when Digital Forensics Research & Service Center - DFRSC posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Want your university to be the top-listed University in Lahore?