NCERT | National Computer Emergency Response Team Philippines

Worok: A New Cyber Espionage Group Targeting Private and Local Government Entities Mostly in Asia

A new cyber espionage threat group that has been previously unknown named Worok and has been observed using undocumented tools targeting private and local government entities mostly in Asia. Based on the report by ESET, the group has been active for at least 2020 and observed a significant break in operation from 2021-05 to 2022-01, continue reading : Worok: A New Cyber Espionage Group Targeting Private and Local Government Entities Mostly in Asia

Multiple Vulnerabilities in VMware Products

______________________________ A. Nature of the Vulnerabilities CVE-2022-31656 (Authentication Bypass Vulnerability) VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. CVE-2022-31657 (URL Injection Vulnerability) continue reading : Multiple Vulnerabilities in VMware Products

Google Chrome Version 103.0.5060.134

______________________________ A. Highlighted Vulnerabilities Contributed By External Researchers CVE-2022-2477 High Use after free in Guest View CVE-2022-2478 High Use after free in PDF CVE-2022-2479 High Insufficient validation of untrusted input in File CVE-2022-2480 High Use after free in Service Worker API CVE-2022-2481 High Use after free in Views CVE-2022-2163 Low Use after free in Cast continue reading : Google Chrome Version 103.0.5060.134

Cisco Addresses Multiple Vulnerabilities in Cisco Nexus Dashboard

______________________________ A. Nature of Vulnerability CVE-2022-20857: Cisco Nexus Dashboard Arbitrary Command Execution Vulnerability A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to access a specific API running in the data network and execute arbitrary commands on an affected device. The vulnerability is due to insufficient access controls for a specific API. continue reading : Cisco Addresses Multiple Vulnerabilities in Cisco Nexus Dashboard

34th Annual FIRST Conference | Neart Le Chéile – Strength Together

First FIRST – Highly deemed as one significant step toward its keen interest for full membership and global recognition, the Philippines has officially expressed its pursuit of becoming one of the affiliates of the Forum of the Incident Response and Security Team (FIRST) through its first-ever in-person attendance and participation at the 34th FIRST Annual continue reading : 34th Annual FIRST Conference | Neart Le Chéile – Strength Together