Advisory

BACKGROUND
 
Dridex, also known as Bugat and Cridex, is a banking malware that steals sensitive data from infected machines, and also deliver and execute malicious modules. Previously targeting Windows computers, it is now targeting Macs to spread by using email attachments that look like regular documents.
 
MODUS OPERANDI
 

An increasing number of local WhatsApp users have reported their accounts being hacked recently. The user would receive an SMS containing a 6-digit verification code, then someone on WhatsApp will ask for the code. Once the code is shared, the scammer will be able to login to your WhatsApp account, and you will be logged out.

Two new buffer overflow vulnerabilities with the formal assignments of CVE-2022-3602 and CVE-2022-3786 has just been disclosed in Open SSL version 3.0.0 to 3.0.6.

In Brunei, there are over 200 Fortinet devices exposed to the Internet and it is strongly advisable that the affected agencies patch their devices the soonest. 

Zero Day Exchange Vulnerabilities 
CVE-2022-41040 and CVE-2022-41082

BACKGROUND
      
Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. 
 
The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker.

BACKGROUND
 
BruCERT has received an alarming number of reports from users whose Instagram account has been taken over, with a demand for ransom to be paid in order to regain access to their account. The main targets are Instagram business accounts or personal accounts with many followers and their contact number in their profile.
 

BACKGROUND
      
Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.
 
These infections range from password-stealing trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, cryptocurrency miners, and even further malware loaders.
 

BACKGROUND
Researchers have found that add-on spellchecking features added to popular web browsers Google
Chrome and Microsoft Edge have been leaking sensitive information back to their parent companies
Google and Microsoft respectively. The transmitted data includes Personally Identifiable Information
(PII) such as name, address, email, date of birth, contact information, bank and payment information,
username and passwords.
Both browsers have basic built-in spellcheckers enabled by default, which do not transmit data back

A new malware bundle uses victims' YouTube channels to upload malicious video tutorials advertising fake cheats for popular video games. The videos contain links to download the fake cracks and cheats which will actually install a collection of self-spreading malware.

BACKGROUND

More than 80,000 Hikvision cameras have been discovered to be vulnerable to exploitation and
exposed on the public Internet. These vulnerabilities were fixed by Hikvision last year, however there
are still cameras that have not been updated with the latest firmware thus remain unfixed. Hikvision
has released four repair firmware since the first repair.