Advisory

Critical Vulnerability in FortiOS SSL-VPN Targeting Governments

BACKGROUND

Fortinet has issued a warning on a vulnerability affecting several versions of Fortinet FortiOS used in its FortiGate secure socket layer virtual private network (SSL VPN) and firewall products. The security flaw is tracked as CVE-2022-42475 which is rated Critical and assigned a CVSS score of 9.3
out of 10. The attacks are said to be complex and highly targeted at “governmental or government-related targets.”

Dridex Malware Targeting MacOS

BACKGROUND
 
Dridex, also known as Bugat and Cridex, is a banking malware that steals sensitive data from infected machines, and also deliver and execute malicious modules. Previously targeting Windows computers, it is now targeting Macs to spread by using email attachments that look like regular documents.
 
MODUS OPERANDI
 

WhatsApp Stolen Accounts

An increasing number of local WhatsApp users have reported their accounts being hacked recently. The user would receive an SMS containing a 6-digit verification code, then someone on WhatsApp will ask for the code. Once the code is shared, the scammer will be able to login to your WhatsApp account, and you will be logged out.

Zero Day Exchange Vulnerabilities / CVE-2022-41040 and CVE-2022-41082

Zero Day Exchange Vulnerabilities 
CVE-2022-41040 and CVE-2022-41082

BACKGROUND
      
Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. 
 
The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker.

Hacked Business Instagram Account

BACKGROUND
 
BruCERT has received an alarming number of reports from users whose Instagram account has been taken over, with a demand for ransom to be paid in order to regain access to their account. The main targets are Instagram business accounts or personal accounts with many followers and their contact number in their profile.
 

“NullMixer” Infecting Windows PCs With Dozens Of Malware

BACKGROUND
      
Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.
 
These infections range from password-stealing trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, cryptocurrency miners, and even further malware loaders.
 

Spell-Jacking: Chrome and Edge Web Browsers Leaking Sensitive Information

BACKGROUND
Researchers have found that add-on spellchecking features added to popular web browsers Google
Chrome and Microsoft Edge have been leaking sensitive information back to their parent companies
Google and Microsoft respectively. The transmitted data includes Personally Identifiable Information
(PII) such as name, address, email, date of birth, contact information, bank and payment information,
username and passwords.
Both browsers have basic built-in spellcheckers enabled by default, which do not transmit data back