NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 September 2024

    Cyber Security News
    1
    1
    411
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Researcher Says Healthcare Facility’s Doors Hackable For Over a Year
        "A researcher says a US healthcare facility has failed to address a serious vulnerability that has been making it possible for threat actors to hack the doors of one of its buildings for at least the past year. The healthcare organization, on the other hand, has denied the findings. The research was conducted by Shawn Merdinger, who in 2010, at the DEFCON conference, showed how S2 Security door access controllers used by hospitals, schools, fire stations, businesses and other entities could be hacked. A decade later, Merdinger was jailed after sending threatening emails to people at several universities during a mental health crisis."
        https://www.securityweek.com/researcher-says-healthcare-facilitys-doors-hackable-for-over-a-year/

      Industrial Sector

      • Threat Actors Continue To Exploit OT/ICS Through Unsophisticated Means
        "CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm."
        https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means
        https://www.bleepingcomputer.com/news/security/cisa-hackers-target-industrial-systems-using-unsophisticated-methods/
        https://therecord.media/cisa-warns-of-attacks-aginst-water-systems-arkansas-city
      • Talos Discovers Denial-Of-Service Vulnerability In Microsoft Audio Bus; Potential Remote Code Execution In Popular Open-Source PLC
        "Cisco Talos’ Vulnerability Research team recently disclosed two vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays. One is a vulnerability in the High-Definition Audio Bus Driver in Windows systems that could lead to a denial of service, while the other is a memory corruption issue that exists in a multicasting protocol in Windows 10. Additionally, Talos researchers have disclosed three vulnerabilities in OpenPLC, a popular open-source programmable logic controller."
        https://blog.talosintelligence.com/talos-discovers-denial-of-service-vulnerability-in-microsoft-audio-bus-potential-remote-code-execution-in-popular-open-source-plc/

      New Tooling

      • NetAlertX: Open-Source Wi-Fi Intruder Detector
        "NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access."
        https://www.helpnetsecurity.com/2024/09/25/netalertx-open-source-wi-fi-intruder-detector/

      Vulnerabilities

      • Citrix Releases Security Updates For XenServer And Citrix Hypervisor
        "Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition."
        https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor
        https://support.citrix.com/s/article/CTX691646-xenserver-and-citrix-hypervisor-security-update-for-cve202445817?language=en_US
      • CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive
        "On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerability. This vulnerability, CVE-2024-28986, was added to CISA’s Known Exploited Vulnerability (KEV) catalog two days later on August 15, 2024."
        https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
        https://www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/
      • New Gemini For Workspace Vulnerability Enabling Phishing & Content Manipulation
        "This blog explores the vulnerabilities of Google’s Gemini for Workspace, a versatile AI assistant integrated across various Google products. Despite its powerful capabilities, the blog highlights a significant risk: Gemini is susceptible to indirect prompt injection attacks. This means that under certain conditions, users can manipulate the assistant to produce misleading or unintended responses."
        https://hiddenlayer.com/research/new-gemini-for-workspace-vulnerability/
        https://www.securityweek.com/ai-security-firm-shows-how-threat-actors-could-abuse-google-gemini-for-workspace/

      Malware

      • Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks
        "Attackers often capitalize on public interest in high-profile scandals to spread malware and exploit users’ curiosity. The recent Sean “Diddy” Combs scandal is no exception. As public attention skyrockets around the story, cybercriminals are seizing the opportunity to lure unsuspecting users into downloading malicious files and exposing themselves to cyber threats. Veriti’s research team has already observed cybercriminals leveraging P. Diddy’s name in malware attacks, and we anticipate more to come."
        https://veriti.ai/blog/diddy-do-it-or-did-cybercriminals-how-hackers-are-turning-scandals-into-cyber-attacks/
        https://hackread.com/pdiddysploit-malware-hidden-files-deleted-diddy-posts/
        https://www.darkreading.com/endpoint-security/sophisticated-rat-p-diddy-scandal-lures
      • From 12 To 21: How We Discovered Connections Between The Twelve And BlackJack Groups
        "While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity."
        https://securelist.com/blackjack-hacktivists-connection-with-twelve/113959/
      • Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)
        "This post explains an attack chain for the ChatGPT macOS application. Through prompt injection from untrusted data, attackers could insert long-term persistent spyware into ChatGPT’s memory. This led to continuous data exfiltration of any information the user typed or responses received by ChatGPT, including any future chat sessions."
        https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/
        https://thehackernews.com/2024/09/chatgpt-macos-flaw-couldve-enabled-long.html
      • China's 'Salt Typhoon' Cooks Up Cyberattacks On US ISPs
        "A freshly discovered advanced persistent threat (APT) dubbed "Salt Typhoon" has reportedly infiltrated Internet service provider (ISP) networks in the US, looking to steal information and potentially set up a launchpad for disruptive attacks. Citing "people familiar with the matter," the Wall Street Journal broke the news on Sept. 25 that the Chinese-sponsored state hackers have successfully targeted "a handful" of cable and broadband service providers during the campaign."
        https://www.darkreading.com/cyberattacks-data-breaches/chinas-salt-typhoon-cyberattacks-us-isps
        https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835
        https://www.msn.com/en-us/money/other/china-linked-hackers-breach-u-s-internet-providers-in-new-salt-typhoon-cyberattack/ar-AA1rc9xl
        https://www.theregister.com/2024/09/25/chinas_salt_typhoon_cyber_spies/
      • Unraveling SloppyLemming’s Operations Across South Asia
        "Cloudforce One is publishing the results of an investigation into an advanced actor that uses multiple cloud service providers to facilitate different aspects of their activities, such as credential harvesting, malware delivery and command and control (C2). This actor conducts extensive operations targeting Pakistani, Sri Lanka, Bangladesh, and China. Industries targeted include government, law enforcement, energy, telecommunications, and technology entities."
        https://blog.cloudflare.com/unraveling-sloppylemming-operations/
        https://www.securityweek.com/india-linked-hackers-targeting-pakistani-government-law-enforcement/
      • Inside The Dragon: DragonForce Ransomware Group
        "In light of the escalating frequency and complexity of ransomware attacks, are security leaders confident in their organization’s defenses? According to Group-IB’s Hi-Tech Crime Trends 2023/2024 Report, ransomware will have an increasingly significant impact in 2024 and beyond. Key trends driving this include the expansion of the Ransomware-as-a-Service (RaaS) market, the proliferation of stolen data on Dedicated Leak Sites (DLS), and a rise in affiliate programs."
        https://www.group-ib.com/blog/dragonforce-ransomware/
        https://therecord.media/lockbit-conti-dragonforce-ransomware-cybercrime

      Breaches/Hacks/Leaks

      • Thousands Of US Congress Emails Exposed To Takeover
        "Security experts have repeated warnings not to use work email addresses to sign-up to third-party sites, after finding that thousands of US Congress staffers could be exposed to account hijacking and phishing. Secure mail provider Proton teamed up with Constella Intelligence to search on the dark web for over 16,000 publicly available email addresses associated with congressional staff. It found that 3191 staff had their emails leaked to the dark web after third-party data breaches, with 1848 of these listed alongside plaintext passwords. A larger number (2975) had passwords exposed, although they weren’t stored in plaintext for all to see."
        https://www.infosecurity-magazine.com/news/us-congress-emails-takeover/
      • Dell Hit By Third Data Leak In a Week Amid “grep” Cyberattacks
        "Dell has allegedly been hit with yet another data leak, marking the third such incident in a week. The threat actor, who goes by the alias “grep,” has claimed responsibility for the latest breach and continues to target the tech giant. This time, the hacker has leaked approximately 500 MB of sensitive data, including internal documents, PDFs, images, internal device testing videos, and Multi-Factor Authentication (MFA) data, which if confirmed by Dell could further escalate concerns over the company’s data security."
        https://hackread.com/dell-data-leak-in-week-amid-grep-cyberattacks/
      • RansomHub Genius Tries To Put The Squeeze On Delaware Libraries
        "Despite being top of the ransomware tree at the moment, RansomHub – specifically, one of its affiliates – clearly isn't that bright as they are reportedly trying to extort Delaware Libraries for around $1 million. Public libraries are a core facility of any town or city and the pillars of society, supporting the community through various means, yet they're notoriously underfunded, raising the question of why they'd be targeted."
        https://www.theregister.com/2024/09/25/delaware_libraries_ransomware_attack/

      General News

      • Understanding Network Attacks: Types, Trends, And Mitigation Strategies
        "At a time when digital connectivity is the lifeblood of all business operations, the specter of network attacks is greater than ever. As entities depend on complex network infrastructures, malefactors exploit vulnerabilities with growing sophistication and frequency."
        https://www.tripwire.com/state-of-security/3-types-of-network-attacks
      • Securing Non-Human Identities: Why Fragmented Strategies Fail
        "In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure these digital entities effectively. Yeoh shares insights on addressing this issue, including the need for better visibility, lifecycle management, and cohesive security strategies."
        https://www.helpnetsecurity.com/2024/09/25/john-yeoh-csa-nhi-security/
      • 41% Concerned About Job Security Due To Skill Gaps
        "35% of employees lack confidence that they have the skills required to succeed in their roles, according to Skillsoft. Additionally, 41% expressed concerns about job security due to gaps in their skills."
        https://www.helpnetsecurity.com/2024/09/25/employees-skills-confidence/
        Organizations Are Making Email More Secure, And It’s Paying Off
        "Compromised identities have been a central component of countless costly breaches this year, according to Red Canary."
        https://www.helpnetsecurity.com/2024/09/25/compromised-identities-breaches/
      • Expert Tips On How To Spot a Phishing Link
        "Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:"
        https://thehackernews.com/2024/09/expert-tips-on-how-to-spot-phishing-link.html
      • Google Sees 68% Drop In Android Memory Safety Flaws Over 5 Years
        "The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. This is well below the 70% previously found in Chromium, making Android an excellent example of how a large project can gradually and methodically move to a safe territory without breaking backward compatibility. Google says it achieved this result by prioritizing new code to be written in memory-safe languages like Rust, minimizing the introduction of new flaws with time."
        https://www.bleepingcomputer.com/news/security/google-sees-68-percent-drop-in-android-memory-safety-flaws-over-5-years/
        https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
        https://thehackernews.com/2024/09/googles-shift-to-rust-programming-cuts.html
      • AI: The New Frontier In Safeguarding Critical Infrastructure
        "In an era where digital threats loom large, artificial intelligence (AI) emerges as a powerful ally in protecting our vital systems. According to Check Point Research, from January to August 2024, the utilities sector, including critical infrastructure, ranked fifth in the average number of weekly cyber attacks per organization, experiencing 1,514 attacks per week—a 37% increase compared to the previous year, further emphasizing the need for AI-driven defenses. This cutting-edge technology is revolutionizing cyber security practices for critical infrastructure, offering unprecedented defense against increasingly sophisticated attacks."
        https://blog.checkpoint.com/artificial-intelligence/ai-the-new-frontier-in-safeguarding-critical-infrastructure/
        How Russia, China & Iran Are Targeting US Elections
        "Adversaries of the United States have been hard at work in advance of the 2024 presidential election. Rather than direct attacks against infrastructure such as voting machines, these nation-state actors — primarily from Russia, China, and Iran — are using cyber operations to stoke discord and influence election outcomes."
        https://www.darkreading.com/vulnerabilities-threats/russia-china-iran-targeting-us-election
      • Keep Tier-One Applications Out Of Virtual Environments
        "For at least the past 20 years, virtual machines and enterprise-ready hypervisors were marketed, sold, and adopted as the future of server-based computing. Dedicated power-hungry servers sitting in racks on a raised floor were replaced by systems architected to host multiple virtual servers simultaneously and to optimize resources based on load. The time of idle RAM, underutilized networks, and free hard disk storage was transformed by load-balancing technology, shared resources, and CPU prioritization to minimize costs, energy, and footprint. The goals were achieved, and the technology worked."
        https://www.darkreading.com/application-security/keep-tier-one-applications-out-of-virtual-environments
      • 82% Of Phishing Sites Now Target Mobile Devices
        "82% of all phishing sites now target mobile devices. The figure comes from Zimperium's 2024 zLabs Global Mobile Threat Report, which also shows that 76% of these sites use HTTPS, tricking users into thinking the sites are secure. Additionally, the report reveals a sharp increase in unique malware samples, which surged 13% year-on-year, with riskware and trojans accounting for 80% of the threats. Healthcare remains the most affected industry, with 39% of mobile threats stemming from phishing attacks."
        https://www.infosecurity-magazine.com/news/82-phishing-target-mobile-devices/
      • Romance Scams Costlier Than Ever: 10 Percent Of Victims Lose $10,000 Or More
        "Romance scams continue to plague users, but their costs have risen to staggering heights, according to a Malwarebytes survey carried out last month via our weekly newsletter. More than 66 percent of 850 respondents have been targeted by a romance scam, and those that were ensnared paid a hefty price, with 10 percent of victims losing $10,000 and up. A shocking 3 percent parted with $100,000 or more. The vast majority of those who lost money were unable to recover it, highlighting the need for increased awareness of evolving romance scam tactics and aggressive new methods of manipulation."
        https://www.malwarebytes.com/blog/news/2024/09/romance-scams-costlier-than-ever-10-percent-of-victims-lose-10000-or-more

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 67dffdf3-6336-4265-bd02-93020d11c2c5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post