Alerts and Advisories
Alerts & Advisories
Emergency fix for Exchange Y2K Bug
4 Jan 2022
Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Email is getting stuck in the queue, and these errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.
“Log4Shell” Log4j2 Vulnerability
13 Dec 2021
This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE). Because of the widespread use of Java and log4j this is likely one of the most serious vulnerabilities on the Internet. The effect of the RCE can potentially be very large and there are complicating and mitigating factors involved.
FluBot malware
6 Dec 2021
FluBot is a malware which is used to steal banking credentials, payment information, text messages and contacts from infected devices. After infecting an Android device, FluBot spreads by spamming text messages to contacts and instructing them to install malicious apps.
Telephone Interview for Population and Housing Census (BPP) 2021
15 Nov 2021
BruCERT has received a number of reports from concerned members of the public regarding the legitimacy of phone calls from the Department of Economic Planning and Statistics (JPES).
BIBD phishing COVID-19 relief fund
9 Nov 2021
BruCERT has received reports of a phishing email which claims to be from "BIBD Bank Darussalam Brunei" offering a COVID-19 relief fund to its customers.
Brunei Postal Services Dept Phishing Scam
1 Nov 2021
BruCERT has received a report of a phishing scam involving Brunei Postal Services Department. An SMS message which appears to be from "Brunei Post" informs the recipient that their package has been relocated to a post office branch due to unpaid postage fees. The message includes a shortened link which will redirect the user to a fake website post-bn.com where they will be asked to enter their full name and credit card details.
School Website Compromised with Trojan in Phishing Attack
23 Sep 2021
BruCERT has received a report of a phishing website which claims to be St Andrew's School Brunei. The link which appears as https://saintandrew.edu.bn/wp-content/plugins/wp-embed- uses a common WordPress vulnerability which has been tested and found that it is able to run malicious activities in the system background.
Fake COVID-19 Relief Fund
18 Sep 2021
BruCERT has received reports of scam text messages shared via WhatsApp, offering a COVID-19 relief fund from the government. The message includes a malicious link which appears as http://bit.ly/COVID19_SUPPORT-FUND
Critical security update for Apple devices
17 Sep 2021
Apple has released security updates for iPhones, iPads, Apple Watches and Mac computers to address vulnerabilities (CVE-2021-30860 and CVE-2021-30858) that were being exploited by Pegasus spyware. The bug allowed for a "zero-click" install of the spyware which is capable of stealing data, passwords, and activating a phone's microphone or camera.
Extortion scheme
24 Aug 2021
An extortion scam is being spread through spam emails, claiming to have hacked users by utilizing a 'zero-click' vulnerability to install Pegasus spyware software on their phone.
Extortion scam utilizing Pegasus spyware
24 Aug 2021
An extortion scam is being spread through spam emails, claiming to have hacked users by utilizing a 'zeroclick' vulnerability to install Pegasus spyware software on their phone.
Fake Fast Food Delivery Website
18 Aug 2021
Due to the challenging pandemic situation in Brunei Darussalam where the population is advised to stay at home, cybercriminals are taking the opportunity to phish sensitive and confidential information by creating a fake websites for well known fast food chains.