NCERT | National Computer Emergency Response Team Philippines

Google Chrome Version 100.0.4896.127

Google has released Chrome Version 100.0.4896.127 for Windows, Mac, and Linux, to fix 2 security issues, including a known zero-day vulnerability (CVE-2022-1364). According to Google, they are aware that an exploit for CVE-2022-1364 exists in the wild. ______________________________ A. Nature of Vulnerability CVE-2022-1364 A high severity type confusion weakness in the Chrome V8 JavaScript engine continue reading : Google Chrome Version 100.0.4896.127

Google Chrome Version 100.0.4896.60

On March 29, 2022, Google released its 100th version of Chrome where major features have been introduced such as a new logo, security improvements, development features, and more. The Chrome 100 also fixes the 28 security vulnerabilities with nine being marked as ‘High’ severity. It can be recalled that on March 25, Google has released continue reading : Google Chrome Version 100.0.4896.60

Remote Code Execution Vulnerability in Sophos Firewall (CVE-2022-1040)

A British-based security provider, Sophos, has addressed a critical vulnerability in Sophos Firewall product after security researchers responsibly disclosed it through Sophos bug bounty program. All Sophos Firewall prior to versions 18.5 MR3 (18.5.3) are affected by the security flaw, which users/administrators should already get the hotfixes automatically by default. ______________________________ A. Nature of the continue reading : Remote Code Execution Vulnerability in Sophos Firewall (CVE-2022-1040)

Cyclops Blink Targeting Asus Routers

ASUS has released a security advisory to provide information and mitigation for the Russian-linked advanced persistent threat (APT)) group Sandworm or Voodoo Bear malware dubbed as Cyclops Blink. Based on a report by Trend Micro, they’ve acquired a variant of the Cyclops Blink targeting multiple ASUS routers that are believed to establish persistence to the continue reading : Cyclops Blink Targeting Asus Routers

CISA Adds 95 Known Exploited Vulnerabilities to Catalog

CISA has added 95 new vulnerabilities to its known exploited vulnerabilities catalog. Based on the evidence, the security flaws listed are currently actively exploited in the wild used for a cyber-attack that may pose a significant risk to enterprises. CERT-PH urges agencies using products listed below to check, and remediate the issues presented in a continue reading : CISA Adds 95 Known Exploited Vulnerabilities to Catalog