NCERT | National Computer Emergency Response Team Philippines

Codecov’s Bash Uploader Development Tool Compromised

Codecov has disclosed and acknowledged that it suffered a data breach that can potentially be chained to launch attacks on their customers. Codecov is a company that sells and provides solutions that integrate tools for developers to gain actionable visibility into their source code, also known as Code Coverage. This helps developers in measuring how continue reading : Codecov’s Bash Uploader Development Tool Compromised

Microsoft April 2021 Security Update

Microsoft has released its monthly security update for the month of April addressing a collection of vulnerabilities, including five (5) zero-day flaws and four (4) additional Microsoft Exchange vulnerabilities. Minimal information is given for the zero-day vulnerabilities, but successful exploitations could allow threat actors an elevation of privilege, denial of service (DoS) attacks, and information continue reading : Microsoft April 2021 Security Update

Compromised APKPure Client to Deliver Malware

APKPure, one of the largest and popular alternative app stores that contains third-party games and software catalogs for the Android OS, was discovered to be infected with malware which allows malicious threat actors to distribute Trojans and malwares to Android devices. APKPure version 3.17.18 was discovered to have been tampered and tweaked in attempts to continue reading : Compromised APKPure Client to Deliver Malware

Joker Malware Found in Huawei Android App Store

The Joker malware was recently found in ten (10) mobile applications distributed via the official Android store for Huawei Android devices, AppGallery. The malicious components contained a line of codes that connects to the malware’s command and control (C2) server to receive configurations and additional components. More than 500,000 Huawei users are said to have continue reading : Joker Malware Found in Huawei Android App Store

Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)

Three security vulnerabilities in the FortiOS used in Fortinet SSL VPN are currently being observed to be exploited by advanced persistent threat (APT) actors. Exploitation of the vulnerabilities, CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812, may provide threat actors to gain a foothold within vulnerable networks before moving laterally and carrying out reconnaissance activity. The Federal Bureau of continue reading : Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)