NCERT | National Computer Emergency Response Team Philippines

Critical Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)

Fortinet has released a security update to address the critical vulnerability(CVE-2022-42475) affecting its FortiOS SSL-VPN. Based on the official advisory, “Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise” _____________________________ A. Nature of Vulnerability CVE-2022-42475 _____________________________ B. Affected continue reading : Critical Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)

UNC4191- A Cyber-Espionage using USB devices targets Southeast Asia.

______________________________ A. Nature of the Attack The attack was observed using three newly discovered malware used on different phases of this campaign, which will lead to the deployment of NCAT to provide backdoor access to the affected system. MistCloak is a launcher written in C++ that executes an encrypted executable payload stored in a file continue reading : UNC4191- A Cyber-Espionage using USB devices targets Southeast Asia.

Beware of possible ‘Friendster’ Phishing Site

______________________________ A. Nature of the Attack The “new” Friendster appears to be a legitimate website but upon initial investigation, the current IP address hosting the website (23.106.120.84) had previous reports about phishing, brute force and DDoS attacks, hacking, and host exploitations. The link provided in the post uses a non-popular top-level domain (.click). Also, it continue reading : Beware of possible ‘Friendster’ Phishing Site

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2022-4135)

______________________________ A. Natures of Vulnerability CVE-2022-4135 Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) ______________________________ B. Actions to be Taken CERT-PH encourages all Google Chrome users/administrators to continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2022-4135)

Earth Preta Spear-Phishing Campaign Targets Governments Worldwide Including Philippines

______________________________ A. Nature of the Attack The campaign uses fake Google accounts to distribute the malware via spear-phishing emails that are stored on Google Drive. Throughout the campaign, the Trend Micro research team observed two new malware families used by the groups (TONEINS and TONESHELL), including PUBLOAD, a malware that was previously reported by Cisco continue reading : Earth Preta Spear-Phishing Campaign Targets Governments Worldwide Including Philippines