CyberSecurity.PH #001
Our mission with cybersecurity.ph is to build a valuable resource for organizations operating in the Philippines to improve cybersecurity literacy, reduce cybersecurity risks and increase cybersecurity resiliency.
Welcome to our first CyberSecurity | PH post.
Our mission with cybersecurity.ph is to build a valuable resource for organizations operating in the Philippines to improve cybersecurity literacy, reduce cybersecurity risks and increase cybersecurity resiliency.
The plan to achieve this is to produce a regular up-to-date email feed with current cybersecurity matters; details on cybersecurity threat landscape changes; and highlight awesome security-engineering tools and techniques.
With more than 20 cybersecurity years experience from waaaaay, back in the late 90’s to now in 2023 we have managed cybersecurity for organizations at real scale (50M+ users) and remain active in security engineering projects.
We have a keen sense for open-source tools and techniques, and look forward to highlighting effective projects that cybersecurity practitioners can consider to perform their identify, protect, detect, respond, and recovery tasks without budget breaking spend.
Got feedback or need to get in contact? [email protected]
Cybersecurity Reports
Atlassian Confluence
Yet another critical level vulnerability in Atlassian Confluence in the past week tracked as CVE-2023-22518 the issue opens vulnerable instances to data-destruction but not data-theft, still very damaging to any organization impacted. Atlassian's Chief Information Security Officer (CISO) Bala Sathiamurthy, is publicly urging customers to take action - this issue is additional to the more serious CVE-2023-22515 issue last month, also for Confluence that is actively being exploited and drawing alerts from CISA recommending urgent action.
Citrix Bleed
Tracked as CVE-2023-4966 this issue applies to customer-managed NetScaler ADC and NetScaler Gateway products and is actively being exploited according to Mandiant - the issue is invoked using a specially crafted HTTP GET request that returns crash-dump information that with session authentication tokens that can be used by threat-actors to hijack an authenticated session without any need for login or MFA checks etc.
Wordpress
Mentioning Wordpress feels a bit dull, however it is very common among organizations big and small so it’s worth a mention; the latest WordPress v6.3.2 resolves 8x security fixes. Also, according to Wordpress security vendor Sucuri an additional 24x security related fixes among the Wordpress plugin ecosystem have also been addressed in the past month.
Cybersecurity Threat Landscape
Counter Ransomware Initiative
The third Counter Ransomware Initiative (CRI) meeting this week with 50x member countries attending; 40x of these have signed a pledge to not pay ransomware; The Philippines is not yet party to the CRI which may have the undesirable effect of making the Philippines a more attractive target to threat-actors because no anti-ransomware pledge is in place to stymie payments to suspected ransomware gangs etc.
Canadian government software ban WeChat / Kaspersky
The Canadian government has banned software from WeChat and Kaspersky on privacy and security concerns - not stated but broadly understood, each software requires excessive device permissions that may lead to inappropriate exfiltration of data such as authentication tokens and keys for third-party software and systems.
Cybersecurity Engineering
A weekly highlight on tools and other resources (often open-source) that we use, find useful or is just plain interesting
- ScubaGear - Automation to assess the state of your M365 tenant against CISA's baselines; ScubaGear is an effective way to discover weak-spots in your MS365 configurations - https://github.com/cisagov/ScubaGear
- Logging Made Easy (LME) - CISA recently took over stewardship of the Logging Made Easy project that can be very helpful for organizations that do not have the kind of budget needed for a full fledged SIEM - https://github.com/cisagov/LME
- Nuclei - Fast and customizable vulnerability scanner based on simple YAML based domain-specific-language (DSL) - https://github.com/projectdiscovery/nuclei
Got news or something you’d like us to mention, feel free to get in contact - [email protected]