Alerts

[ALERT] ADVISORY ON CISCO WEBEX VULNERABILITIES

BACKGROUND
Three high-severity security update patches for Cisco appliances have been released, which affects Webex Teams for Windows (CVE-2020-3535), its Identity Services Engine (CVE-2020-3467), and Video Surveillance 8000 Series IP Cameras (CVE-2020-3544).

IMPACT
CVE-2020-3467
Allow the attacker to modify parts of the configuration using authenticated user. The modified configuration could either allow unauthorized devices onto the network or prevent authorized devices from accessing the network

WhatsApp Spam Vulnerability

BACKGROUND

WhatsApp users have reportedly been receiving spam messages from a foreign phone number, informing that their WhatsApp number was selected to win a prize. Users who block the sender's number would then have their WhatsApp account suspended for a certain period of time. Once their account is recovered, previous chat conversations might be lost if the user has not backed up their chats.


IMPACT

[ALERT] ADVISORY ON RDP BRUTE FORCE ATTACKS

BACKGROUND
    
A way for employees to access corporate devices is by using Remote Desktop Protocol (RDP). Remote Desktop is a remote management tool which allows you to connect to any computer and take over the desktop. It’s like you are sitting and looking at your own computer, only remotely. It is highly used especially during this pandemic situation, for those who have moved to work from home. If poorly configured, it might be vulnerable to attacks.


IMPACT

Phone Scam

BACKGROUND
 
BruCERT has recently received a number of complaints from the public regarding phone scammers impersonating legitimate banks. The scammers contact victims through unofficial channels such as apps like WhatsApp or Viber, usually calling from an international number. They claim to be calling to check all customers’ cards and pressure the victim to reveal personal and financial information.


IMPACT

Bitcoin Storm Investment Scam

Background  

Fake news articles have been circulating on social media as sponsored ads, encouraging the public to invest in a cryptocurrency trading platform called Bitcoin Storm, which allegedly can transform anyone into a millionaire within 3-4 months.  

Impact  

  • May lead to huge financial losses 
  • Credit card or banking details will be stolen
  • Leakage of personal information such as email address, username and password 


Recommendations  

WhatsApp Flaw Leads To Shoulder Surfing Attacks

Background Description:

Studies show that 80% of Bruneians use WhatsApp for businesses and sharing information via mobile devices. Due to the way that WhatsApp sends an SMS to users who login to their account on a new device, it leaves users open to account hijacking just by ‘shoulder surfing’. Someone who knows a user’s phone number can easily take over their account just by looking at the victim’s phone when it receives the 6-digit code.


Impact:

Instagram Copyright Violation Scam

Background

Scammers are sending fake copyright infringement notices through WhatsApp and email, claiming to be from Instagram. The message claims that the user’s Instagram account will be permanently deleted for violating copyright guidelines, unless the user provides feedback within 24 hours by clicking on a link.

The link leads to a phishing website where the user is asked for their Instagram username and password, followed by their email address and password.


Impact

Google Classroom

Background Description
As Brunei has implemented e-learning and e-teaching, various online platforms are being used to facilitate online studies. Google Classroom is one of the popular options being utilized.
 

Impact
Use of weak passwords may lead to compromised account and personal information.
 

Recommendation