UNC4191- A Cyber-Espionage using USB devices targets Southeast Asia.

______________________________ A. Nature of the Attack The attack was observed using three newly discovered malware used on different phases of this campaign, which will lead to the deployment of NCAT to provide backdoor access to the affected system. MistCloak is a launcher written in C++ that executes an encrypted executable payload stored in a file continue reading : UNC4191- A Cyber-Espionage using USB devices targets Southeast Asia.

Beware of possible ‘Friendster’ Phishing Site

______________________________ A. Nature of the Attack The “new” Friendster appears to be a legitimate website but upon initial investigation, the current IP address hosting the website (23.106.120.84) had previous reports about phishing, brute force and DDoS attacks, hacking, and host exploitations. The link provided in the post uses a non-popular top-level domain (.click). Also, it continue reading : Beware of possible ‘Friendster’ Phishing Site

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2022-4135)

______________________________ A. Natures of Vulnerability CVE-2022-4135 Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) ______________________________ B. Actions to be Taken CERT-PH encourages all Google Chrome users/administrators to continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2022-4135)

Earth Preta Spear-Phishing Campaign Targets Governments Worldwide Including Philippines

______________________________ A. Nature of the Attack The campaign uses fake Google accounts to distribute the malware via spear-phishing emails that are stored on Google Drive. Throughout the campaign, the Trend Micro research team observed two new malware families used by the groups (TONEINS and TONESHELL), including PUBLOAD, a malware that was previously reported by Cisco continue reading : Earth Preta Spear-Phishing Campaign Targets Governments Worldwide Including Philippines

Samba Security Vulnerability(CVE-2022-42898)

Samba has released versions 4.17.3, 4.16.7, and 4.15.12 to fix a security vulnerability(CVE-2022-42898) on 32-bit systems. Based on the released statement by Samba, all versions of Samba prior to 4.15.12, 4.16.7, and 4.17.3 are affected by this security flaw. ______________________________ A. Nature of the Vulnerability CVE-2022-42898 Samba’s Kerberos libraries and AD DC failed to guard continue reading : Samba Security Vulnerability(CVE-2022-42898)