Dark Pink APT Group Targets Government and Military Organizations in Southeast Asia and Europe

_____________________________ A. Nature of the Attack The initial infection starts with a targeted spear-phishing email using a unique phishing email depending on their targeted organization. There are 3 documented methods used after the initial access to the targeted assets. 1). First Method – Threat actors pack all of the described above files, including a malicious continue reading : Dark Pink APT Group Targets Government and Military Organizations in Southeast Asia and Europe

NATIONAL CYBER DRILL 2022

Anchored on the theme “Building Cybersecurity Allies: Lifting Nation’s Cyber Response Capacity and Creating a Digitally Prepared Community, the Philippine National Computer Emergency Response Team (CERT-PH) holds its annual National Cyber Drill (NCD) on November 28 – 29, 2022 as part of its initiative to support the Philippine government’s steadfast cybersecurity efforts and programs for the continue reading : NATIONAL CYBER DRILL 2022

CERT-PH Cyber Incident Drill 2022

The Philippine National Computer Emergency Response Team (CERT-PH) has successfully conducted its annual CERT-PH Cyber Incident Drill (CCID) anchored on the theme “A Reinforced Cybersecurity: Revamping the Collaborative Competency of Government and Stakeholders in Responding to Threat Incidents” on October 24 – 26, 2022. The three-day activity coincides with the observance of National Cybersecurity Awareness continue reading : CERT-PH Cyber Incident Drill 2022

Beware of Phishing Campaign Taking Advantage of the Sim Registration Act

_____________________________ A. Nature of the Attack In contrast to the purpose of the law, CERT-PH has monitored a phishing campaign taking advantage of it. In the malicious campaign that we observed, threat actors are sending phishing emails to their victims to verify their Virtual Wallet in accordance with Sim Card Registration. A malicious link is continue reading : Beware of Phishing Campaign Taking Advantage of the Sim Registration Act

Critical Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)

Fortinet has released a security update to address the critical vulnerability(CVE-2022-42475) affecting its FortiOS SSL-VPN. Based on the official advisory, “Fortinet is aware of an instance where this vulnerability was exploited in the wild, and recommends immediately validating your systems against the following indicators of compromise” _____________________________ A. Nature of Vulnerability CVE-2022-42475 _____________________________ B. Affected continue reading : Critical Vulnerability in FortiOS SSL-VPN (CVE-2022-42475)