Skip to main content

Alerts and Advisories

Spell-Jacking: Chrome and Edge Web Browsers Leaking Sensitive Information

23 Sep 2022

Researchers have found that add-on spellchecking features added to popular web browsers Google Chrome and Microsoft Edge have been leaking sensitive information back to their parent companies Google and Microsoft respectively.

See more

Malicious Gaming Videos on YouTube Spreading Malware

20 Sep 2022

A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats for popular video games. The videos contain links to download the fake cracks and cheats which will actually install a collection of self-spreading malware.

See more

Zero-click Hikvision Cameras RCE Flaw (CVE-2021-36260)

31 Aug 2022

More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision has released four repair firmware since the first repair.

See more

Telegram Takeover

5 Aug 2022

An increasing number of local Telegram users have reported to BruCERT since April this year that their accounts had been hacked or taken over. It is suspected that the number of unreported cases could be much higher.

See more

Microsoft Ransomware Targeting OneDrive and SharePoint Files By Abusing Versioning Configurations

19 Jul 2022

A proof-of-concept exploit could give hackers access to Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint and make it inaccessible to the compromised user. It involves “file versioning” which is a feature in both OneDrive and SharePoint where a document is autosaved whenever an edit is made.

See more

Microsoft Support Diagnostic Tool Vulnerability

6 Jun 2022

A remote code execution (RCE) vulnerability CVE-2022-30190, known as "Follina", is affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

See more

Conti Ransomware

8 Apr 2022

Conti is a ransomware-as-a-service (RaaS) group, which allows affiliates to rent access to its infrastructure to launch attacks. This group has encrypted the networks of hospitals, businesses and government agencies, and in many cases, receiving a significant ransom payment in exchange for the decryption key.

See more

BitRAT malware

24 Mar 2022

Security research has discovered a new malware campaign that disguises itself in the form of a Windows 10 Pro license activator. It is a remote access trojan known as BitRAT and is being distributed via webhards, which are an online file sharing services popular in South Korea.

See more

Good Practices to Protecting your Instagram account

12 Mar 2022

Instagram is one of the most popular social media used in Negara Brunei Darussalam, with almost half of the population is using it for communicating. Losing access to your account can be a nightmare scenario for users.

See more

Organisations are encouraged to urgently strengthen cyber security posture

1 Mar 2022

Cyber threats are expected to increase globally as a result of the current conflict in Europe. All organizations in Brunei Darussalam are advised to increase awareness and strengthen all critical systems to safeguard data against potential cyber-attacks, such as website defacement, distributed denial of service (DDoS), and ransomware attacks.

See more

Fake Windows 11 upgrade installs malware

11 Feb 2022

Hackers have created websites impersonating Microsoft, offering a fake Windows 11 upgrade. The fake websites look genuine, and are being promoted via forums and social media posts or instant messages.

See more

SysJoker Malware

13 Jan 2022

A multi-platform malware called SysJoker creates backdoors and gives the attacker the ability to run commands, as well as download and upload files. Written in C++, each variant is designed for the targeted operating system, and are all undetected on VirusTotal, an online malware scanning site that uses 57 different antivirus detection engines.

See more