Share this article
Email
[CyberSecurity.PH #019] – reported Philippine Statistics Authority (PSA) data leak; vulnerable Microsoft Exchange servers; US agency scolds Microsoft on substandard cloud security; Phishing-as-a-service MFA bypass; Supply chain attack on SSH inserts backdoor via XZ library
Philippines
- PBBM urges Army forces to bolster cybersecurity capabilities
- Twitter report of Philippine Statistics Authority (PSA) data leak
Cybersecurity Threat Landscape
- German cyber agency warns 37 percent of Microsoft Exchange servers are vulnerable to critical bugs
- Microsoft told to clean up substandard cloud cybersecurity by US federal review board
- Apple account “MFA Bombing” targeting users to cause account compromise
- Phishing-as-a-service (PhaaS) platform “Tycoon 2FA” designed to bypass MFA targets Microsoft 365 and Gmail accounts
- Free VPN apps on Google Play silently turn Android phones into network proxies
- Discord Bot Python SDK modified to include a fake Colorama package with malware from a fake typo-squatted PyPi repo
Cybersecurity Vulnerabilities
- Supply chain attack on SSH inserts malicious backdoor code via XZ library
- Microsoft SharePoint RCE vulnerabilities actively exploited
Cybersecurity Engineering
- Google Chrome implements “’Device Bound Session Credentials” using TPM to sign session-auth cookies
