The Department of Information and Communications Technology (DICT) – Cybersecurity Bureau – CERT-PH has recently observed malicious activities targeting various government agencies, leveraging the Microsoft Build Engine (MSBuild) tool. This advisory provides guidelines on detecting, removing, and mitigating threats posed by the misuse of MSBuild.What is MSBuild? Microsoft Build Engine (MSBuild) is a tool used continue reading : PUBLIC ADVISORY: GUIDELINES ON SECURING SYSTEMS AGAINST MALICIOUS USE OF MSBUILD TOOL

Microsoft has released its November 2024 Patch Tuesday security updates to fix multiple vulnerabilities across its products. Based on the official Microsoft release notes, there are 89 Microsoft CVEs, of which two of the vulnerabilities are detected being exploited in the wild(CVE-2024-43451 and CVE-2024-49039). _____________________________ A. List of the Vulnerabilities Kindly check the link below continue reading : Microsoft Releases November 2024 Patch Tuesday Security Updates

Volt Typhoon has been active since at least 2021 and primarily targets U.S government and defense organizations for intelligence-gathering purposes. The group exploits vulnerable internet-facing servers to gain initial access and leverage living off the land binaries (LOLBin) for evasion purposes. In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), continue reading : Understanding Volt Typhoon: Key IOCs and TTPs

The CERT-PH team has received reports of phishing emails being sent using a fake CERT-PH address. Please be aware that the only legitimate email address used by CERT-PH is [email protected]. If you receive any communication claiming to be from CERT-PH but using a different email address, such as cert-ph@dict[.]ph[.]site or similar variations, do not open continue reading : PUBLIC ADVISORY: Beware of Phishing Emails Impersonating CERT-PH

From January to July 2024, CERT-PH handled 1823 cyber incidents affecting various organizations.