Skip to main content

Alerts and Advisories

Phone Scam Impersonating Local Telco

11 Nov 2023

Members of the public have reported receiving suspicious calls from a foreign telephone number (e.g. +92++++++) impersonating a local telco. The caller speaks with a foreign accent and claims that the telco customer’s account has expired. Such calls are suspected to be attempts at phishing personal details such as full name, identity card number, telco account details and other Personal Identifiable Information (PII).

See more

Instagram Account Impersonating The Ministry Of Home Affairs

10 Nov 2023

An Instagram account named hal_ehwal_dalam_negeri is impersonating the Ministry of Home Affairs (MOHA) of Brunei Darussalam, claiming to offer free assistance (Bantuan Percuma) from the government, in the form of job opportunities, health insurance, business capital and education funding.

See more

Microsoft Exchange Server RCE Flaw (CVE-2023-36745)

1 Nov 2023

A Proof-of-Concept (PoC) exploit has been published for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can allow remote attackers to execute code.

See more

Brunei Postal Services Department Phishing Scam

23 Oct 2023

BruCERT has received reports of a new phishing scam involving Brunei Postal Services Department. A message which appears to be from “Brunei Postal Services” claims that there is a parcel which cannot be delivered to the recipient due to incomplete address information. The message includes a link that requires the recipient to confirm their address.

See more

Ransomware Exploiting Zero-Day Vulnerability in Cisco ASA and FTD Software

17 Oct 2023

Ransomware groups including LockBit and Akira are reportedly exploiƟng a zero-day vulnerability (CVE-2023- 20269) in the VPN feature of Cisco’s Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software, to gain access to corporate networks.

See more

Akira Ransomware

17 Oct 2023

Akira is a ransomware group which was first observed in March 2023. Akira ransomware actors typically gain access to victims’ devices by using compromised credentials. Its operators use multi-extortion tactics, steal victims’ critical data and encrypts devices and files before demanding outrageous ransom payments. Victims who fail to comply with their demands will be listed on their TOR-based website along with the stolen data.

See more

cURL Vulnerability (CVE-2023-38545 and CVE-2023-38546)

12 Oct 2023

cURL, powered by libcurl, is a popular command-line tool for transferring data specified with URL syntax. It supports a wide range of protocols such as FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS. Almost every single internet-connected device uses cURL or libcurl (directly or indirectly). This includes almost all Linux based OS and other OS, servers, printers, Android devices, cars, smart devices, all IoT devices, etc.

See more

Apple Security Update Fixes Vulnerabilities Linked To Pegasus Spyware

11 Sep 2023

Apple has released security updates for iOS, macOS, iPadOS and watchOS to fix two zero-day vulnerabilities which have been exploited in the wild to compromise Apple products without any interaction from the victim. The exploit allows attackers to target victims with NSO Group’s Pegasus Spyware, without any interaction from the targeted user.

See more

Urgent Update For Apple Devices To Address Zero-Day Bug

16 Jul 2023

Apple users are strongly advised to install an urgent Rapid Security Response (RSR) update to address a vulnerability that impacts fully patched iPhones, Macs, and iPads. The RSR patches includes updates for the latest versions of macOS, iOS, iPadOS, and Safari.

See more

Royal Ransomware Targeting Critical Infrastructure

9 Mar 2023

Organizations in critical infrastructure sectors including communications, education, public healthcare, and manufacturing are facing increasing threat by attacks involving Royal ransomware.

See more

Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers

6 Feb 2023

A new wave of ransomware attacks targeting VMware ESXi hypervisors are exploiting a known vulnerability CVE-2021-21974 on unpatched systems. The issue is an Open Service Location Protocol (OpenSLP) heap-overflow vulnerability that can lead to remote code execution.

See more

Critical Vulnerability in FortiOS SSL-VPN Targeting Governments

27 Jan 2023

Fortinet has issued a warning on a vulnerability affecting several versions of Fortinet FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. The security flaw is tracked as CVE-2022-42475 which is rated Critical and assigned a CVSS score of 9.3 out of 10. The attacks are said to be complex and highly targeted at “governmental or government-related targets.” FortiOS is a network security operating system developed by Fortinet, Inc which provides a comprehensive set of networking and security features for organizations across all industries.

See more