Windows Defender Vulnerability (CVE-2021-1647)

A critical vulnerability in Microsoft’s default anti-malware software, Windows Defender, has been patched with the release of the first Monthly Security Update on 2021 together with 83 additional security vulnerabilities. Tracked as CVE-2021-1647, the remote code execution (RCE) flaw was found in the Malware Protection Engine component (mpengine.dll). The flaw has been exploited for the continue reading : Windows Defender Vulnerability (CVE-2021-1647)

Zyxel’s Firewalls and AP Controllers Vulnerability (CVE-2020-29583)

Threat actors have been detected to be targeting Zyxel’s firewall and WLAN controller products that contain an undocumented account with an unchangeable password, which can be found in cleartext in the product’s firmware. Tracked as CVE-2020-29583, a hardcoded credential vulnerability that exists in Zyxel firewalls and AP controllers with an unchangeable static plain-text password and continue reading : Zyxel’s Firewalls and AP Controllers Vulnerability (CVE-2020-29583)

NATIONAL CYBER DRILL 2020 PRESS RELEASE

TLP: White VENUE: Online (Email, Instant Messaging and Digital Distribution Platform, and Video Conferencing Platform) DATE: 26 November 2020 OBJECTIVES: Participants are expected: – To develop a proactive mindset and approach on cybersecurity– To be able to familiarize, detect, and respond to cyber threats promptly and effectively– To practice effective and adaptive incident handling and continue reading : NATIONAL CYBER DRILL 2020 PRESS RELEASE

Software Supply Chain Attack against SolarWinds Affected Organizations Globally

The National Computer Emergency Response Team (CERT-PH) monitored a large-scale cyber-attack against government and non-government organizations involving the SolarWinds Orion network management tool, which is currently being exploited by threat actors worldwide. These highly skilled Nation-State Threat actors are weaponizing the SolarWinds Orion’s legitimate software update in order to distribute a malware called SUNBURST and continue reading : Software Supply Chain Attack against SolarWinds Affected Organizations Globally

National Cyberdrill 2020

DICT Cybersecurity Bureau thru the National Computer Emergency Response Team (CERT-PH) is inviting Government Agencies and Organizations from the Critical Information Infrastructure to register and participate in the Philippine National Cyber Drill 2020 on November 25-26, 2020, with the theme: “Strengthening Cybersecurity and Adopting to the New Normal through Incident Response and Collaboration”. The National continue reading : National Cyberdrill 2020