NCERT | National Computer Emergency Response Team Philippines

SharpPanda: APT Group Targeting Southeast Asian Countries

An ongoing cyber espionage and surveillance campaign of an APT Group, SharpPanda, was discovered and identified to be targeting Southeast Asian government with a newly deployed backdoor malware. The malware was said to be developed, tested, and deployed over the past three years in order to compromise systems of a Southeast Asian government’s Ministry of continue reading : SharpPanda: APT Group Targeting Southeast Asian Countries

Adobe Reader Zero-day Vulnerability (CVE-2021-28550)

Adobe released its monthly security update that addressed several vulnerabilities in its products, including a zero-day vulnerability impacting its Acrobat Reader products for Windows systems that is reported to be actively exploited in the wild. Successful exploitation of the flaw could allow attackers to arbitrary code execution. ______________________________ A. Nature of the Vulnerability Description of continue reading : Adobe Reader Zero-day Vulnerability (CVE-2021-28550)

Dell Driver Vulnerabilities (CVE-2021-21551)

Dell has addressed vulnerabilities in its BIOS driver software used across its desktop and laptop PCs, notebooks, and tablet products. The vulnerable driver, dbutil_2_3.sys, is used in firmware update utility packages, Dell Command Update, Dell Update, Alienware Update, Dell System Inventory Agent, or Dell Platform Tags to update drivers, BIOS, and firmware for Dell products. continue reading : Dell Driver Vulnerabilities (CVE-2021-21551)

21Nails, A Collection of Exim Vulnerabilities

A collection of critical vulnerabilities was found in Exim mail server that consisted of twenty-one flaws that can be exploited locally and remotely. some of which when chained together, could allow attackers to execute arbitrary code, modify email settings and configuration, create new accounts, even gain root privilege on affected mail servers with default or continue reading : 21Nails, A Collection of Exim Vulnerabilities

Apple Zero-day Vulnerabilities (CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666)

Apple has released a security update affecting its iOS, iPadOS, macOS, tvOS and watchOS products. The update addressed three zero-day vulnerabilities found in WebKit, a browser engine used by Safari and other third-party web browsers in iOS, that are reported to be exploited in the wild. In addition, another zero-day vulnerability was addressed on an continue reading : Apple Zero-day Vulnerabilities (CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666)