Advisory

WhatsApp Stolen Accounts

An increasing number of local WhatsApp users have reported their accounts being hacked recently. The user would receive an SMS containing a 6-digit verification code, then someone on WhatsApp will ask for the code. Once the code is shared, the scammer will be able to login to your WhatsApp account, and you will be logged out.

Zero Day Exchange Vulnerabilities / CVE-2022-41040 and CVE-2022-41082

Zero Day Exchange Vulnerabilities 
CVE-2022-41040 and CVE-2022-41082

BACKGROUND
      
Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. 
 
The first one, identified as CVE-2022-41040, is a server-side request forgery (SSRF) vulnerability, while the second one, identified as CVE-2022-41082, allows remote code execution (RCE) when Exchange PowerShell is accessible to the attacker.

Hacked Business Instagram Account

BACKGROUND
 
BruCERT has received an alarming number of reports from users whose Instagram account has been taken over, with a demand for ransom to be paid in order to regain access to their account. The main targets are Instagram business accounts or personal accounts with many followers and their contact number in their profile.
 

“NullMixer” Infecting Windows PCs With Dozens Of Malware

BACKGROUND
      
Cybercriminals are targeting users who search for cracked software by promoting malicious websites to download installers which deploy a malware called NullMixer. This new malware dropper is infecting Windows devices with a dozen malware families simultaneously.
 
These infections range from password-stealing trojans, backdoors, spyware, bankers, fake Windows system cleaners, clipboard hijackers, cryptocurrency miners, and even further malware loaders.
 

Spell-Jacking: Chrome and Edge Web Browsers Leaking Sensitive Information

BACKGROUND
Researchers have found that add-on spellchecking features added to popular web browsers Google
Chrome and Microsoft Edge have been leaking sensitive information back to their parent companies
Google and Microsoft respectively. The transmitted data includes Personally Identifiable Information
(PII) such as name, address, email, date of birth, contact information, bank and payment information,
username and passwords.
Both browsers have basic built-in spellcheckers enabled by default, which do not transmit data back

Telegram Takeover

BACKGROUND
 
An increasing number of local Telegram users have reported to BruCERT since April this year that their accounts had been hacked or taken over. It is suspected that the number of unreported cases could be much higher. 
 
MODUS OPERANDI
•     The user receives a message from Telegram containing a 5-digit login code as a result of the scammer trying to register the user’s phone number.