DICT Cybersecurity Bureau thru the National Computer Emergency Response Team (CERT-PH) is inviting Government Agencies and Organizations from the Critical Information Infrastructure to register and participate in the Philippine National Cyber Drill 2020 on November 25-26, 2020, with the theme: “Strengthening Cybersecurity and Adopting to the New Normal through Incident Response and Collaboration”. The National continue reading : National Cyberdrill 2020
CERT-PH has been monitoring and receiving reports on cyber-attacks targeting the academe sector over the past weeks. These security incidents, mainly involving data breaches and web defacements, affected information systems of schools/universities across the country. With the rise on the number of users using online systems for remote working and learning because of the pandemic, continue reading : Security Measures for the Academe
A new critical vulnerability (CVE-2020-1206) affecting Microsoft Windows operation system’s Server Message Block (SMB) protocol was recently publicly disclosed. The vulnerability dubbed SMBleed, resides in SMB version 3.1.1’s decompression function, Srv2DecompressData. An unauthenticated attacker can exploit the vulnerability by sending a specially crafted message request to a targeted SMB server, and successful exploitation could allow continue reading : SMBleed – Microsoft SMB Protocol Vulnerability
Online shopping is already a widespread method of purchasing goods and services in the Philippines. With the implementation of the enhanced community quarantine because of the COVID-19 pandemic, most people prefer to shop essential goods from the safety and comfort of their homes. The CERT-PH is warning online shoppers who use credit or debit cards continue reading : Beware of Digital Credit Card Theft
Microsoft warned about limited targeted attacks exploiting two zero-day vulnerabilities found in the Windows Adobe Type Manager Library. The two vulnerabilities are said to be remote code execution (RCE) vulnerabilities that exist in the way that Windows’ Adobe Type Manager Library handles certain fonts. The bug can be exploited by tricking the victim into opening continue reading : Windows Adobe Type Manager Library Zero-Day Vulnerabilities
Due to the impact of the ongoing COVID-19 crisis today, many companies and organizations in the Philippines are already considering telecommuting or most commonly known as work from home as an alternate option to continue their day to day business operations. Rather than traveling to the office, the employee “travels” via telecommunication links, keeping in continue reading : SECURITY PRACTICES FOR REMOTE ACCESS IN TELECOMMUTING
A vulnerability was discovered in one of the famous content management system specifically on the Featured Articles menu parameters. CVE-2020-10243 has been assigned to this vulnerability affecting a wide range of joomla versions. It was reported last March 9, 2020 and can be exploited using SQL Injection attack. Joomla rated it as High impact and continue reading : Vulnerability on Joomla versions 1.7.0 – 3.9.15
The National Computer Emergency Response Team of the Philippines (CERT-PH) alerts all government agencies, private sectors, and all individuals to be aware of the malicious attack vectors that were made in order to take advantage of the ongoing Coronavirus (COVID-19) pandemic. Threat actors may send fraudulent emails that have malicious links or attachments which are continue reading : COVID-19 MALICIOUS CYBER ATTACK VECTORS AND SAFETY PRECAUTIONS
On January 14, 2020, Microsoft released its monthly security update as part of the Patch Tuesday updates for January 2020. The updates addressed notable vulnerabilities in the Windows Operating System. 1. CVE-2020-0601 The spoofing vulnerability, disclosed by US National Security Agency (NSA), exists in the way the default Windows cryptographic library, CryptoAPI (Crypt32.dll), validates Elliptic continue reading : Microsoft Latest Security Updates
All organizations and users who are using Mikrotik routers are urged to review and make sure that all patch releases are already applied to their devices. Patching your outdated Mikrotik routers and other devices’ versions will minimize any risks of getting injected with cryptojacking malware on your system. CERT-PH recommends assigning a personnel to monitor the official blog website continue reading : Mikrotik Vulnerability