Skip to main content

Alerts and Advisories

Global IT Outage Caused by CrowdStrike Defective Update

19 Jul 2024

Recent major IT outages have impacted global users across sectors such as aviation, retail, communications, and banking. CrowdStrike has confirmed a widespread issue with its update causing Blue Screen of Death (BSOD) affecting Windows users. CrowdStrike is actively working on releasing an update to resolve the issue for machines with Windows and Falcon installed.

See more

OpenSSH Vulnerability - regreSSHion: Remote Code Execution (CVE-2024-6387)

2 Jul 2024

A critical vulnerability known as regreSSHion (CVE-2024-6387), has been discovered in OpenSSH, a widely used open-source implementation for secure network communication. This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code with root privileges on Linux systems running OpenSSH servers.

See more

Cisco ASA Devices Backdoored Via Two Zero-Days (CVE-2024-20353 and CVE-2024-20359)

1 May 2024

Cisco has warned that two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls are now actively exploited since November 2023 to breach government networks worldwide. The two vulnerabilities, namely CVE-2024-20353 and CVE-2024-20359, allow threat actors to deploy previously unknown malware and maintain persistence on compromised ASA and FTD devices.

See more

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability (CVE-2023-32046)

29 Apr 2024

CVE-2023-32046 is a vulnerability in the Windows MSHTML platform that could lead to an Elevation of Privilege (EoP) – essentially allowing a low privilege attacker to execute code in the context of the user or gain high-level access to a system they ordinarily would not have. Exploitation of the vulnerability requires that a user open a specially crafted file.

See more

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410)

29 Apr 2024

CVE-2024-21410 is a critical vulnerability affecting Microsoft Exchange Server, with a severity score of 9.8. Successful exploitation of the flaw could permit an attacker to relay a user's leaked Net-NTLMv2 hash against a susceptible Exchange Server and authenticate as the user. This elevation of privilege vulnerability can be exploited by attackers to gain unauthorized access to affected systems. It is essential for organizations to apply appropriate mitigations to protect their systems from potential exploitation.

See more

Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

26 Apr 2024

A critical command injection vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

See more

Cisco ASA/FTD Vulnerability (CVE-2020-3259)

26 Apr 2024

A buffer tracking issue exists in Cisco firewalls when the software parses invalid URLs that are requested from the web services interface. By sending a crafted GET request to the web services interface, an unauthenticated, remote attacker could retrieve memory contents from an affected device.

See more

Facebook Account Impersonating Pelita Brunei

18 Apr 2024

A new Facebook page impersonating Pelita Brunei is promoting fake monthly welfare assistance from the government of Brunei Darussalam (Bantuan Kebajikan Bulanan Kerajaan Brunei Darussalam).

See more

Fake Message on Kurnia Peribadi (Personal Gift) from His Majesty the Sultan

21 Mar 2024

A fake message is being circulated via Telegram, encouraging the reader to register as a recipient of Kurnia Peribadi KDYMM (Personal Gift from His Majesty the Sultan and Yang Di-Pertuan of Brunei Darussalam) on the occasion of Hari Raya Aidilfitri. The message contains a link to a webpage which requests the user to enter their Telegram phone number and one-time password (OTP).

See more

Critical Microsoft Exchange Server Flaw (CVE-2024-21410)

19 Feb 2024

A newly discovered critical security flaw in Microsoft Exchange Server has been actively exploited and is being tracked as CVE-2024-21410, with a CVSS score 9.8. The issue has been described as a case of privilege escalation impacting the Exchange Server.

See more

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)

19 Feb 2024

A significant critical security issue in Outlook tracked as CVE-2024-21413 refers to a Remote Code Execution (RCE) vulnerability that exploits the Microsoft Outlook preview pane as an attack vector. Successful exploitation of this vulnerability would enable an attacker to bypass the Office Protected View and open in editing mode instead of protected mode. This vulnerability has a CVSS score of 9.8.

See more

Critical Vulnerabilities in Fortinet FortiOS (CVE-2024-21762 and CVE-2024-23113)

15 Feb 2024

article .post-block .post-thumbnail:not(:first-child) { display: none !important; }

Advisory
15 FEB 2024

 

See more