CyberSecurity.PH #011

Philippines

Philippines Government Works With Hackers for Assistance, Lack of Funds a Primary Obstacle Sourcing Cyber-talent

Reported via Bloomberg

“… The government’s cyber response team has 35 members. The group is so understaffed that it is sometimes forced to work with anonymous black hat hackers, who may have previously attacked government websites but are willing to offer tips on looming threats, said Jeffrey Ian Dy, undersecretary at the Department of Information and Communications Technology…” - bloomberg.com

A 2022 report funded by US Aid “National Cybersecurity Talent Workforce Assessment Report of the Philippines” highlights a lack of funds as a primary obstacle in sourcing cyber-talent with adequate capability - USAID

Cybersecurity Threat Landscape

Apple AirDrop broken By Chinese Authorities To Identify Senders

Reported that Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.

Further reporting - Bleeping Computer, Bloomberg

X (Twitter) Accounts Keep Getting Compromised

The list of high profile X (Twitter) accounts that have been compromised recently keeps getting longer -

• Mandiant (high profile US cybersecurity company)
• SEC (US government department)
• Netgear (well known US network equipment company)
• Hyundai (South Korean industrial conglomerate)

X (Twitter) has been on the defensive about these but it’s hard to ignore the nexus between the events (crypto scams) and the uptick in these events after the departure of the Twitter security team last year.

Further reporting - The Record, Bleeping Computer

More Countries Focusing on Foreign Election Interference

Reported via The Record

“… The 2024 U.S. elections will be different from any others because more countries are now getting involved in influence operations after seeing Russia, China and Iran’s previous actions, FBI Director Christopher Wray said. …“, “… more foreign actors, more nation-states want to get in the business of trying to interfere or at least influence elections …“

Further reading - The Record

Cybersecurity Engineering

A weekly highlight on tools and other resources (often open-source) that we use, find useful or is just plain interesting; check out our engineering-section online at CyberSecurity.PH too!

• pre-commit - An awesome framework for managing and maintaining multi-language pre-commit hooks, automate your application security controls - https://github.com/pre-commit/pre-commit
• Telerecon - A reconnaissance framework for researching and investigating threat actors on Telegram - https://github.com/sockysec/Telerecon
• nmap-bootstrap-xsl - Render nmap XML report data as beautiful reports for humans - https://github.com/honze-net/nmap-bootstrap-xsl

Cybersecurity Vulnerabilities

Ivanti Vulnerabilities Allegedly Exploited by Chinese State Hackers

CISA has added CVE-2023-46805 and CVE-2024-21887 that impact VPN products provided by Ivanti to their Known Exploited Vulnerabilities catalog. Used together these two vulnerabilities lead to full remote-code-execution on the target devices.

Assessment of threat actors currently exploiting this vulnerability by Volexity have attributed this to actor alias UTA0178 that Volexity believes is a Chinese nation-state-level threat actor - Volexity

A review of Shodan shows a very limited number of Ivanti appliances in use in the Philippines.

Further reporting - CISA, The Record, Ars Technica

Cybersecurity Overload

Sleight of hand: How China weaponizes software vulnerabilities

An article by the Atlantic Council providing an in-depth unpacking of a nation-state mandated vulnerability disclosure apparatus repurposed for vulnerability advantage.

Worth sitting down for 45 minutes to have a read - atlanticcouncil.org

Got news or something you’d like us to mention, feel free to get in contact - [email protected]