Microsoft Releases May 2023 Patch Tuesday Security Updates

Microsoft has released its May 2023 Patch Tuesday security updates to fix multiple vulnerabilities across its products, including two reported vulnerabilities (CVE-2023-24932 and CVE-2023-29336) that are currently being exploited in the wild.  Based on the official release notes from Microsoft, there are a total of 49 vulnerabilities. Of these vulnerabilities, six are classified as critical, continue reading : Microsoft Releases May 2023 Patch Tuesday Security Updates

Malicious Campaign Attributed to Earth Longzhi Targets Organizations Based In Taiwan, Thailand, the Philippines, and Fiji

Trend Micro security researchers has uncovered improved tactics, techniques, and procedures (TTPs) on a new campaign attributed to an APT Group known as Earth Longhzi. The threat group’s effort is directed at organizations with locations in Taiwan, Thailand, the Philippines, and Fiji, according to the official report.  Upon monitoring of the CERT-PH, It was discovered continue reading : Malicious Campaign Attributed to Earth Longzhi Targets Organizations Based In Taiwan, Thailand, the Philippines, and Fiji

Microsoft Releases March 2023 Patch Tuesday Security Updates

_____________________________ A. List of Vulnerabilities Microsoft OneDrive CVE-2023-24930 Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability Elevation of Privilege Important Microsoft OneDrive CVE-2023-24923 Microsoft OneDrive for Android Information Disclosure Vulnerability Information Disclosure Important Microsoft Dynamics CVE-2023-24922 Microsoft Dynamics 365 Information Disclosure Vulnerability Information Disclosure Important Microsoft Dynamics CVE-2023-24921 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability continue reading : Microsoft Releases March 2023 Patch Tuesday Security Updates

Updating of SSL Certificates for Government Websites

_____________________________ A. Background SSL certificates are used to establish a secure and encrypted connection between a user’s browser and their website or portal. This encryption helps to protect sensitive information, such as personal data and financial information, from being intercepted and accessed by unauthorized third parties.  However, SSL certificates have an expiration date, and if continue reading : Updating of SSL Certificates for Government Websites

GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP

_____________________________ A. Nature of Attack a. Installation of Ransomware                 Threat actors can use the obtained account credentials to log in to the system through Remote Desktop Protocol (RDP), allowing them to gain control over the system and perform malicious activities. The threat actors who install GlobeImposter are also assumed to use RDP as their attack continue reading : GlobeImposter Ransomware Being Distributed with MedusaLocker via RDP