NCERT | National Computer Emergency Response Team Philippines

Microsoft April 2021 Security Update

Microsoft has released its monthly security update for the month of April addressing a collection of vulnerabilities, including five (5) zero-day flaws and four (4) additional Microsoft Exchange vulnerabilities. Minimal information is given for the zero-day vulnerabilities, but successful exploitations could allow threat actors an elevation of privilege, denial of service (DoS) attacks, and information continue reading : Microsoft April 2021 Security Update

Compromised APKPure Client to Deliver Malware

APKPure, one of the largest and popular alternative app stores that contains third-party games and software catalogs for the Android OS, was discovered to be infected with malware which allows malicious threat actors to distribute Trojans and malwares to Android devices. APKPure version 3.17.18 was discovered to have been tampered and tweaked in attempts to continue reading : Compromised APKPure Client to Deliver Malware

Joker Malware Found in Huawei Android App Store

The Joker malware was recently found in ten (10) mobile applications distributed via the official Android store for Huawei Android devices, AppGallery. The malicious components contained a line of codes that connects to the malware’s command and control (C2) server to receive configurations and additional components. More than 500,000 Huawei users are said to have continue reading : Joker Malware Found in Huawei Android App Store

Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)

Three security vulnerabilities in the FortiOS used in Fortinet SSL VPN are currently being observed to be exploited by advanced persistent threat (APT) actors. Exploitation of the vulnerabilities, CVE-2018-13379, CVE-2019-5591, and CVE-2020-12812, may provide threat actors to gain a foothold within vulnerable networks before moving laterally and carrying out reconnaissance activity. The Federal Bureau of continue reading : Multiple FortiOS Vulnerabilities (CVE-2018-13379, CVE-2019-5591, CVE-2020-12812)

Apple iOS Zero-day Vulnerability (CVE-2021-1879)

Apple addressed an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The flaw could be exploited to allow attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices. A. Nature of the Vulnerability The vulnerability was tracked continue reading : Apple iOS Zero-day Vulnerability (CVE-2021-1879)