Skip to main content

Alerts and Advisories

Local Bank Phone Scam

10 Nov 2022

BruCERT has received several reports of a phone scam impersonating a local bank in an attempt to obtain sensitive information such as name, identity card number, credit card details and other personally identifiable information (PII).

See more

High Severity OpenSSL Vulnerabilities

3 Nov 2022

Two new buffer overflow vulnerabilities with the formal assignments of CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”) and CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) has just been disclosed in Open SSL version 3.0.0 to 3.0.6.

See more

Group Privacy Settings for WhatsApp and Telegram

13 Oct 2022

Most instant messaging apps including WhatsApp and Telegram will allow anyone to message or add users to a group chat even if they are not in the user’s contact list.

See more

Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)

12 Oct 2022

Fortinet has released a critical warning of a high severity vulnerability, CVE-2022-40684, which is affecting FortiOS, FortiProxy and FortiSwitchManager.

See more

Zero Day Exchange Vulnerabilities CVE-2022-41040 and CVE-2022-41082

7 Oct 2022

Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server.

See more

Hacked Business Instagram Account

6 Oct 2022

BruCERT has received an alarming number of reports from users whose Instagram account has been taken over, with a demand for ransom to be paid in order to regain access to their account.

See more

“NullMixer” Infecting Windows PCs With Dozens Of Malware

29 Sep 2022

Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.

See more

Whatsapp Vulnerabilities

29 Sep 2022

Two "remote code execution" vulnerabilities affecting WhatsApp could allow attackers to gain complete control of a targeted user's mobile application.

See more

Spell-Jacking: Chrome and Edge Web Browsers Leaking Sensitive Information

23 Sep 2022

Researchers have found that add-on spellchecking features added to popular web browsers Google Chrome and Microsoft Edge have been leaking sensitive information back to their parent companies Google and Microsoft respectively.

See more

Malicious Gaming Videos on YouTube Spreading Malware

20 Sep 2022

A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats for popular video games. The videos contain links to download the fake cracks and cheats which will actually install a collection of self-spreading malware.

See more

Zero-click Hikvision Cameras RCE Flaw (CVE-2021-36260)

31 Aug 2022

More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision has released four repair firmware since the first repair.

See more

Telegram Takeover

5 Aug 2022

An increasing number of local Telegram users have reported to BruCERT since April this year that their accounts had been hacked or taken over. It is suspected that the number of unreported cases could be much higher.

See more