Advisory

BACKGROUND

Apple has released security updates for iPhones, iPads, Apple Watches and Mac computers to address vulnerabilities (CVE-2021-30860 and CVE-2021-30858) that were being exploited by Pegasus spyware.
The bug allowed for a "zero-click" install of the spyware which is capable of stealing data, passwords, and activating a phone's microphone or camera.

IMPACT

May lead to arbitrary code execution on affected products.

SYSTEM AFFECTED 

Apple devices running iOS, macOS and watchOS.

BACKGROUND

BACKGROUND

Due to the challenging pandemic situation in Brunei Darussalam where the population is advised to stay at home, cybercriminals are taking the opportunity to phish sensitive and confidential information by creating a fake website for well-known fast-food chains.

Example:
https:// bn-mcdelivery .ru

This website appears to be hosted in Russia, and offers meals at a very low price, with many menu items that are not available in Brunei outlets.

Modus Operandi

BACKGROUND
      
Attackers are now actively exploiting Microsoft Exchange Servers using ‘ProxyShell’ vulnerability to install backdoors for later access, which uses three chained MS vulnerabilities to perform unauthenticated, remote code execution. These chained vulnerabilities are exploited remotely through Microsoft Exchange's Client Access Service (CAS) running on port 443 in IIS.
 
The three chained vulnerabilities used in ‘ProxyShell’ attacks are:

BACKGROUND
 
In view of the recent directive for organizations to activate their business continuity plan (BCP) protocols, most organizations are requiring employees to work from home (WFH). Remote working creates additional opportunities for cyber threat actors to perform malicious cyber activities by exploring open vulnerabilities in less secured networks, thus gaining access to users’ data or the organization's network.
 
RECOMMENDATIONS
 
Below are some security measures that can be applied:

BACKGROUND
      
Researchers have identified a new Android trojan named FlyTrap, which has affected more than 10,000 victims in over 140 countries since March. It has been able to spread through social media hijacking, third-party app stores, and sideloaded applications.
 
The malware uses social engineering tricks to compromise Facebook accounts, seemingly offering free Netflix coupon codes, Google AdWords coupon codes, or voting for the best football team.
 

BACKGROUND

PetitPotam is a newly uncovered security flaw in the Windows operating system which can be used to attack remote Windows servers including Domain Controllers, to authenticate with a malicious destination, allowing an attacker to stage an NTLM relay attack and completely take over a Windows domain.

MODUS OPERANDI

BACKGROUND
    
MosaicLoader is a Trojan horse-style malware that is being delivered through paid ads in search results designed to lure users looking for cracked software. Links to the malware will appear at the top of search results when people search for cracked versions of popular software.

BACKGROUND

Known vulnerabilities in Windows Print Spooler service can allow a total compromise of Windows systems. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on.