Advisory

Critical security update for Apple devices admin 17 Sep 2021

BACKGROUND

Apple has released security updates for iPhones, iPads, Apple Watches and Mac computers to address vulnerabilities (CVE-2021-30860 and CVE-2021-30858) that were being exploited by Pegasus spyware.
The bug allowed for a "zero-click" install of the spyware which is capable of stealing data, passwords, and activating a phone's microphone or camera.

IMPACT

May lead to arbitrary code execution on affected products.

SYSTEM AFFECTED 

Apple devices running iOS, macOS and watchOS.

Extortion scam utilizing Pegasus spyware admin 24 Aug 2021

BACKGROUND

Fake Fast Food Delivery Website admin 19 Aug 2021

BACKGROUND

Due to the challenging pandemic situation in Brunei Darussalam where the population is advised to stay at home, cybercriminals are taking the opportunity to phish sensitive and confidential information by creating a fake website for well-known fast-food chains.

Example:
https:// bn-mcdelivery .ru

This website appears to be hosted in Russia, and offers meals at a very low price, with many menu items that are not available in Brunei outlets.

Modus Operandi

Microsoft Exchange Server Vulnerability 'ProxyShell' admin 17 Aug 2021

BACKGROUND
      
Attackers are now actively exploiting Microsoft Exchange Servers using ‘ProxyShell’ vulnerability to install backdoors for later access, which uses three chained MS vulnerabilities to perform unauthenticated, remote code execution. These chained vulnerabilities are exploited remotely through Microsoft Exchange's Client Access Service (CAS) running on port 443 in IIS.
 
The three chained vulnerabilities used in ‘ProxyShell’ attacks are:

STAYING CYBER SAFE WHEN WORKING FROM HOME admin 12 Aug 2021

BACKGROUND
 
In view of the recent directive for organizations to activate their business continuity plan (BCP) protocols, most organizations are requiring employees to work from home (WFH). Remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.
 
RECOMMENDATIONS
 
Below are some security measures that can be applied:

ANDROID TROJAN ‘FLYTRAP’ admin 11 Aug 2021

BACKGROUND
      
Researchers have identified a new Android trojan named FlyTrap, which has affected more than 10,000 victims in over 140 countries since March. It has been able to spread through social media hijacking, third-party app stores, and sideloaded applications.
 
The malware uses social engineering tricks to compromise Facebook accounts, seemingly offering free Netflix coupon codes, Google AdWords coupon codes, or voting for the best football team.
 

PETITPOTAM ATTACK admin 05 Aug 2021

BACKGROUND

PetitPotam is a newly uncovered security flaw in the Windows operating system which can be used to attack remote Windows servers including Domain Controllers, to authenticate with a malicious destination, allowing an attacker to stage an NTLM relay attack and completely take over a Windows domain.

MODUS OPERANDI

[TLP:WHITE] Advisory on MosaicLoader malware distributed via ads in search results admin 23 Jul 2021

BACKGROUND
    
MosaicLoader is a Trojan horse-style malware that is being delivered through paid ads in search results designed to lure users looking for cracked software. Links to the malware will appear at the top of search results when people search for cracked versions of popular software.

PrintNightmare Bug (CVE-2021-1675 and CVE-2021-34527) admin 05 Jul 2021

BACKGROUND

Known vulnerabilities in Windows Print Spooler service can allow a total compromise of Windows systems. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on.