Alerts and Advisories
Alerts & Advisories
Phone Scam Impersonating Local Telco
11 Nov 2023
Members of the public have reported receiving suspicious calls from a foreign telephone number (e.g. +92++++++) impersonating a local telco. The caller speaks with a foreign accent and claims that the telco customer’s account has expired. Such calls are suspected to be attempts at phishing personal details such as full name, identity card number, telco account details and other Personal Identifiable Information (PII).
Instagram Account Impersonating The Ministry Of Home Affairs
10 Nov 2023
An Instagram account named hal_ehwal_dalam_negeri is impersonating the Ministry of Home Affairs (MOHA) of Brunei Darussalam, claiming to offer free assistance (Bantuan Percuma) from the government, in the form of job opportunities, health insurance, business capital and education funding.
Microsoft Exchange Server RCE Flaw (CVE-2023-36745)
1 Nov 2023
A Proof-of-Concept (PoC) exploit has been published for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can allow remote attackers to execute code.
Brunei Postal Services Department Phishing Scam
23 Oct 2023
BruCERT has received reports of a new phishing scam involving Brunei Postal Services Department. A message which appears to be from “Brunei Postal Services” claims that there is a parcel which cannot be delivered to the recipient due to incomplete address information. The message includes a link that requires the recipient to confirm their address.
Ransomware Exploiting Zero-Day Vulnerability in Cisco ASA and FTD Software
17 Oct 2023
Ransomware groups including LockBit and Akira are reportedly exploiƟng a zero-day vulnerability (CVE-2023- 20269) in the VPN feature of Cisco’s Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software, to gain access to corporate networks.
Akira Ransomware
17 Oct 2023
Akira is a ransomware group which was first observed in March 2023. Akira ransomware actors typically gain access to victims’ devices by using compromised credentials. Its operators use multi-extortion tactics, steal victims’ critical data and encrypts devices and files before demanding outrageous ransom payments. Victims who fail to comply with their demands will be listed on their TOR-based website along with the stolen data.
cURL Vulnerability (CVE-2023-38545 and CVE-2023-38546)
12 Oct 2023
cURL, powered by libcurl, is a popular command-line tool for transferring data specified with URL syntax. It supports a wide range of protocols such as FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS. Almost every single internet-connected device uses cURL or libcurl (directly or indirectly). This includes almost all Linux based OS and other OS, servers, printers, Android devices, cars, smart devices, all IoT devices, etc.
Apple Security Update Fixes Vulnerabilities Linked To Pegasus Spyware
11 Sep 2023
Apple has released security updates for iOS, macOS, iPadOS and watchOS to fix two zero-day vulnerabilities which have been exploited in the wild to compromise Apple products without any interaction from the victim. The exploit allows attackers to target victims with NSO Group’s Pegasus Spyware, without any interaction from the targeted user.
Urgent Update For Apple Devices To Address Zero-Day Bug
16 Jul 2023
Apple users are strongly advised to install an urgent Rapid Security Response (RSR) update to address a vulnerability that impacts fully patched iPhones, Macs, and iPads. The RSR patches includes updates for the latest versions of macOS, iOS, iPadOS, and Safari.
Royal Ransomware Targeting Critical Infrastructure
9 Mar 2023
Organizations in critical infrastructure sectors including communications, education, public healthcare, and manufacturing are facing increasing threat by attacks involving Royal ransomware.
Ransomware Attacks Exploiting VMware Bug to Target ESXi Servers
6 Feb 2023
A new wave of ransomware attacks targeting VMware ESXi hypervisors are exploiting a known vulnerability CVE-2021-21974 on unpatched systems. The issue is an Open Service Location Protocol (OpenSLP) heap-overflow vulnerability that can lead to remote code execution.
Critical Vulnerability in FortiOS SSL-VPN Targeting Governments
27 Jan 2023
Fortinet has issued a warning on a vulnerability affecting several versions of Fortinet FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. The security flaw is tracked as CVE-2022-42475 which is rated Critical and assigned a CVSS score of 9.3 out of 10. The attacks are said to be complex and highly targeted at “governmental or government-related targets.” FortiOS is a network security operating system developed by Fortinet, Inc which provides a comprehensive set of networking and security features for organizations across all industries.