Skip to main content

Alerts and Advisories

Microsoft Ransomware Targeting OneDrive and SharePoint Files By Abusing Versioning Configurations

19 Jul 2022

A proof-of-concept exploit could give hackers access to Office 365 or Microsoft 365 documents stored on OneDrive or SharePoint and make it inaccessible to the compromised user. It involves “file versioning” which is a feature in both OneDrive and SharePoint where a document is autosaved whenever an edit is made.

See more

Microsoft Support Diagnostic Tool Vulnerability

6 Jun 2022

A remote code execution (RCE) vulnerability CVE-2022-30190, known as "Follina", is affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application.

See more

Conti Ransomware

8 Apr 2022

Conti is a ransomware-as-a-service (RaaS) group, which allows affiliates to rent access to its infrastructure to launch attacks. This group has encrypted the networks of hospitals, businesses and government agencies, and in many cases, receiving a significant ransom payment in exchange for the decryption key.

See more

BitRAT malware

24 Mar 2022

Security research has discovered a new malware campaign that disguises itself in the form of a Windows 10 Pro license activator. It is a remote access trojan known as BitRAT and is being distributed via webhards, which are an online file sharing services popular in South Korea.

See more

Good Practices to Protecting your Instagram account

12 Mar 2022

Instagram is one of the most popular social media used in Negara Brunei Darussalam, with almost half of the population is using it for communicating. Losing access to your account can be a nightmare scenario for users.

See more

Organisations are encouraged to urgently strengthen cyber security posture

1 Mar 2022

Cyber threats are expected to increase globally as a result of the current conflict in Europe. All organizations in Brunei Darussalam are advised to increase awareness and strengthen all critical systems to safeguard data against potential cyber-attacks, such as website defacement, distributed denial of service (DDoS), and ransomware attacks.

See more

Fake Windows 11 upgrade installs malware

11 Feb 2022

Hackers have created websites impersonating Microsoft, offering a fake Windows 11 upgrade. The fake websites look genuine, and are being promoted via forums and social media posts or instant messages.

See more

SysJoker Malware

13 Jan 2022

A multi-platform malware called SysJoker creates backdoors and gives the attacker the ability to run commands, as well as download and upload files. Written in C++, each variant is designed for the targeted operating system, and are all undetected on VirusTotal, an online malware scanning site that uses 57 different antivirus detection engines.

See more

Emergency fix for Exchange Y2K Bug

4 Jan 2022

Microsoft has released an emergency fix for a year 2022 bug that is breaking email delivery on on-premise Microsoft Exchange servers. Email is getting stuck in the queue, and these errors are caused by Microsoft Exchange checking the version of the FIP-FS antivirus scanning engine and attempting to store the date in a signed int32 variable.

See more

“Log4Shell” Log4j2 Vulnerability

13 Dec 2021

This vulnerability allows an attacker to execute code on a remote server; a so-called Remote Code Execution (RCE). Because of the widespread use of Java and log4j this is likely one of the most serious vulnerabilities on the Internet. The effect of the RCE can potentially be very large and there are complicating and mitigating factors involved.

See more

FluBot malware

6 Dec 2021

FluBot is a malware which is used to steal banking credentials, payment information, text messages and contacts from infected devices. After infecting an Android device, FluBot spreads by spamming text messages to contacts and instructing them to install malicious apps.

See more

Telephone Interview for Population and Housing Census (BPP) 2021

15 Nov 2021

BruCERT has received a number of reports from concerned members of the public regarding the legitimacy of phone calls from the Department of Economic Planning and Statistics (JPES).

See more