Skip to main content

Alerts and Advisories

Critical Microsoft Exchange Server Flaw (CVE-2024-21410)

19 Feb 2024

A newly discovered critical security flaw in Microsoft Exchange Server has been actively exploited and is being tracked as CVE-2024-21410, with a CVSS score 9.8. The issue has been described as a case of privilege escalation impacting the Exchange Server.

See more

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2024-21413)

19 Feb 2024

A significant critical security issue in Outlook tracked as CVE-2024-21413 refers to a Remote Code Execution (RCE) vulnerability that exploits the Microsoft Outlook preview pane as an attack vector. Successful exploitation of this vulnerability would enable an attacker to bypass the Office Protected View and open in editing mode instead of protected mode. This vulnerability has a CVSS score of 9.8.

See more

Critical Vulnerabilities in Fortinet FortiOS (CVE-2024-21762 and CVE-2024-23113)

15 Feb 2024

article .post-block .post-thumbnail:not(:first-child) { display: none !important; }

Advisory
15 FEB 2024

 

See more

WhatsApp Account Takeover

30 Jan 2024

There have been multiple reports of a deceptive SMS message which appears to be from WhatsApp and directs the recipient to the link https://whats-1.cc which is a phishing website.

See more

Fake Lucky Draw Ad From Local Bank

8 Jan 2024

An advertisement which appears on Facebook and Instagram is falsely representing a local bank while promoting a fake lucky draw with attractive prizes. In the ad, users are urged to join the lucky draw by clicking on a link which leads to a phishing website impersonating the bank. The URL is clearly from a neighbouring country and is not the bank’s official website.

See more

Vishing Calls Impersonating Organizations

15 Dec 2023

Members of the public have reported receiving suspicious phone calls from callers who claim to represent known entities such as government agencies, private organizations and embassies. These vishing calls appear to be from local phone numbers, attempting to trick individuals into providing information such as their name, identity card number, credit card details, and other Personally Identifiable Information (PII).

See more

Fake Message Impersonating Ministry of Culture Youth and Sports (MCYS), Brunei Darussalam

15 Dec 2023

A message impersonating the Ministry of Culture, Youth and Sports (MCYS) which claims to provide monthly assistance of $3,770 to struggling Bruneians has been spreading via WhatsApp messaging platform.

See more

Phone Scam Impersonating Local Telco

11 Nov 2023

Members of the public have reported receiving suspicious calls from a foreign telephone number (e.g. +92++++++) impersonating a local telco. The caller speaks with a foreign accent and claims that the telco customer’s account has expired. Such calls are suspected to be attempts at phishing personal details such as full name, identity card number, telco account details and other Personal Identifiable Information (PII).

See more

Instagram Account Impersonating The Ministry Of Home Affairs

10 Nov 2023

An Instagram account named hal_ehwal_dalam_negeri is impersonating the Ministry of Home Affairs (MOHA) of Brunei Darussalam, claiming to offer free assistance (Bantuan Percuma) from the government, in the form of job opportunities, health insurance, business capital and education funding.

See more

Microsoft Exchange Server RCE Flaw (CVE-2023-36745)

1 Nov 2023

A Proof-of-Concept (PoC) exploit has been published for a Microsoft Exchange Server vulnerability, identified as CVE-2023-36745, which can allow remote attackers to execute code.

See more

Brunei Postal Services Department Phishing Scam

23 Oct 2023

BruCERT has received reports of a new phishing scam involving Brunei Postal Services Department. A message which appears to be from “Brunei Postal Services” claims that there is a parcel which cannot be delivered to the recipient due to incomplete address information. The message includes a link that requires the recipient to confirm their address.

See more

Ransomware Exploiting Zero-Day Vulnerability in Cisco ASA and FTD Software

17 Oct 2023

Ransomware groups including LockBit and Akira are reportedly exploiƟng a zero-day vulnerability (CVE-2023- 20269) in the VPN feature of Cisco’s Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) software, to gain access to corporate networks.

See more