CyberSecurity.PH #005
Philippines considering TikTok ban; ownCloud gets a CVSS 10 vulnerability; 25+ industrial control system vulnerabilities this month; tools for cybersecurity engineering
Welcome to Cybersecurity | PH weekly issue 005.
https://www.cybersecurity.ph/
Philippines
President Ferdinand R. Marcos Jr. to work on swift passage of bills boosting Philippines cybersecurity
Malacañang announced yesterday that “President Ferdinand R. Marcos Jr. has vowed to look for ways to ensure the immediate passage of measures that would help strengthen the country’s cybersecurity efforts” - Philippine News Agency
This announcement comes within weeks of the recently published National Security Policy that highlights cybersecurity and cognitive security as key areas of focus.
Philippines considering ban on TikTok for state security personnel based on cybersecurity concerns
Reported that Philippines’ National Security Adviser, Eduardo Manahan Año has established a task force to determine if the TikTok app carries national cybersecurity risks - The Messenger and Bloomberg
The Philippines would be following other countries that have imposed bans on the app due to cybersecurity concerns.
Among the various concerns with the TikTok application, a key concern is that it grants itself extensive privileges to access device content (documents, photos, contacts and messages) that are not generally obvious to users - Gizmodo
Cybersecurity Reports
Okta data breach last month impacted all support customers
Okta, an enterprise user identity and authentication provider had a data breach last month in which the company stated 134 of their customers were impacted. This has now expanded to include customer details of all Okta support customers.
Okta made the updated announcement in a blog post yesterday in which the stolen customer data-fields are described, these include name, address, phone, number, login dates etc.
Among other problems here, the support system also contains browser request HAR files, where these files contain session authentication tokens that, if still valid, can enable a threat actor to take over a valid user authentication session.
More reporting - The Record and Bleeping Computer
Advanced Persistent Threat actor “Stately Taurus” targeting the Philippines
Unit 42, a threat research team from Palo Alto Networks, have reported their observation of three active threat campaigns against various organizations in the South Pacific including the Philippines government conducted by APT group “Stately Taurus” - Unit 42
The Tactics, Techniques and Procedures (TTP) used against a Philippine government target involved a .zip file delivered via Google Drive link that then contained a .exe file made to look like a PDF that then sets off a chain of compromise.
Cybersecurity Threat Landscape
Popular “ownCloud” software has a CVSS score 10 vulnerability
ownCloud is popular with organizations that wish to self host their own external file-sharing, and is thus common with organizations that are cost sensitive or privacy focused. A critical vulnerability CVE-2023-49103 was reported last week (2023-11-21) that carried the highest possible CVSS score of 10.
The issue is trivial to exploit and simply requires a threat-actor to request data from a URL that inadvertently exposes all system environment variables including the system admin credentials.
This vulnerability almost immediately became actively exploited with many outlets raising the alarm - The Record, Bleeping Computer
At least 2800 public ownCloud instances are listed on Shodan.
Emergency update number six for Google Chrome this year
Google is being relatively quiet on the details surrounding CVE-2023-6345 that allows a threat-actor to escape the execution sandbox with malicious content.
Reported that Google are aware of in-the-wild exploits for the vulnerability - Bleeping Computer
If you use Google Chrome, do the thing and update!
Five more industrial control system vulnerabilities from CISA this week
US cybersecurity agency CISA announced another five industrial control systems that have vulnerabilities leading to real-world physical infrastructure threat scenarios.
This brings the total industrial control systems advisories from CISA to over 25 in November 2023.
- 2023-11-21 - Five Industrial Control Systems Advisories
- 2023-11-16 - Fourteen Industrial Control Systems Advisories
- 2023-11-14 - Two Industrial Control Systems Advisories
- 2023-11-09 - Four Industrial Control Systems Advisories
- 2023-11-07 - One Industrial Control Systems Advisory
Cybersecurity Engineering
A weekly highlight on tools and other resources (often open-source) that we use, find useful or is just plain interesting
- Wazah - Open source XDR and SIEM protection for endpoints and cloud workloads - https://github.com/wazuh/wazuh
- CVSS v4 - The CVSS scoring system has had a major revision recently, stay up-to-date - https://www.first.org/cvss/v4.0/faq
- PentestGPT - Penetration testing with ChatGPT assistance, not quite prime time ready but tools like this are showing up quickly - https://github.com/GreyDGL/PentestGPT
Got news or something you’d like us to mention, feel free to get in contact - [email protected]