Alerts & Advisories
25 Jan 2023
Cisco has warned of two security vulnerabilities affecting Small Business Routers which have reached end-of-life (EoL). Both vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.
19 Jan 2023
Telegram takeover involving a money transfer scam has been active in Brunei Darussalam since last year and a recent spike in this scam has been reported to BruCERT in the past month. This is a worrying trend as a growing number of individuals have fallen victim and transferred funds ranging from $200 to $1,000 to the scammers. It is suspected that the number of unreported cases is much higher. The scam is initiated by hijacking a user’s Telegram account, then using the compromised account to request for money from people in the user’s contact list.
10 Jan 2023
Dridex, also known as Bugat and Cridex, is a banking malware that steals sensitive data from infected machines, and also deliver and execute malicious modules. Previously targeting Windows computers, it is now targeting Macs to spread by using email attachments that look like regular documents.
30 Nov 2022
WhatsApp is one of the most common communication methods used in our country. Therefore, it is of utmost importance to take precautionary measures to secure your account. Compromised WhatsApp accounts may lead to risks such as data leakage and identity theft, among others.
3 Nov 2022
Two new buffer overflow vulnerabilities with the formal assignments of CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”) and CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) has just been disclosed in Open SSL version 3.0.0 to 3.0.6.
12 Oct 2022
Fortinet has released a critical warning of a high severity vulnerability, CVE-2022-40684, which is affecting FortiOS, FortiProxy and FortiSwitchManager.
7 Oct 2022
Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server.
29 Sep 2022
Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.