NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 September 2024

    Cyber Security News
    1
    1
    524
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Ransomware On The Rise: Healthcare Industry Attack Trends 2024
        "According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023. For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77 million on average."
        https://securityintelligence.com/articles/healthcare-industry-attack-trends-2024/
      • 2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge
        "In 2024, we’ve reached a critical juncture with regard to cybersecurity in healthcare. The numbers revealed in our 2024 Healthcare Threat Brief are alarming. According to our report, a staggering minimum of 14 million healthcare patients in the United States have fallen victim to malware breaches so far this year – despite SonicWall sensors thwarting more than 26,000 cyberattacks in this sector. Healthcare is a growing target for threat actors, and 91% of attacks on healthcare systems involve ransomware."
        https://blog.sonicwall.com/en-us/2024/09/2024-sonicwall-threat-brief-healthcares-escalating-cybersecurity-challenge/
        https://www.sonicwall.com/medialibrary/en/brief/2024-threat-brief-healthcare.pdf

      Industrial Sector

      • Advantech ADAM-5550
        "Successful exploitation of these vulnerabilities could allow a remote attacker to intercept the easily decodable credentials of a legitimate user to gain full access to the device and could plant malicious code on the web page of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-01
      • Advantech ADAM-5630
        "Successful exploitation of this vulnerability could allow an attacker to hijack a legitimate user's session, perform cross-site request forgery, or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-02
      • Atelmo Atemio AM 520 HD Full HD Satellite Receiver
        "Successful exploitation of this vulnerability could allow an unauthorized attacker to execute system commands with elevated privileges."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-03
      • GoTenna Pro X And Pro X2
        "Successful exploitation of these vulnerabilities could allow an attacker to compromise the confidentiality and integrity of the communications between the affected devices."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-04
      • Threat Landscape For Industrial Automation Systems, Q2 2024
        "In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022."
        https://securelist.com/industrial-threat-landscape-q2-2024/113981/
      • Israeli Group Claims Lebanon Water Hack As CISA Reiterates Warning On Simple ICS Attacks
        "The US cybersecurity agency CISA on Wednesday reiterated a warning that unsophisticated methods can be used to hack industrial control systems (ICS) and other operational technology (OT). Even so, some threat actors appear to be making exaggerated claims when it comes to attacks on such systems. A pro-Israel hacktivist group known as Red Evil and We Red Evils — known to target Hamas, Lebanon and Iran — this week claimed to have compromised water systems used by Hezbollah, the Lebanese political party and paramilitary group."
        https://www.securityweek.com/israeli-group-claims-lebanon-water-hack-as-cisa-reiterates-warning-on-simple-ics-attacks/
      • GoTenna Pro ATAK Plugin
        "Successful exploitation of these vulnerabilities could allow an attacker to compromise the confidentiality and integrity of the communications between the affected devices."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05

      Government/Law/Policy

      • NIST Drops Password Complexity, Mandatory Reset Rules
        "The National Institute of Standards and Technology (NIST) is no longer recommending using a mixture of character types in passwords or regularly changing passwords.NIST's second public draft version of its password guidelines (SP 800-63-4) outlines technical requirements as well as recommended best practices for password management and authentication. The latest guidelines instruct credential service providers (CSP) to stop requiring users to set passwords that use specific types or characters or mandating periodic password changes (commonly every 60 or 90 days). Also, CSPs were instructed to stop using knowledge-based authentication or security questions when selecting passwords."
        https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules
        https://www.infosecurity-magazine.com/news/nist-scraps-passwords-mandatory/

      Vulnerabilities

      • HPE Aruba Networking Fixes Critical Flaws Impacting Access Points
        "HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points. The security flaws (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) could allow unauthenticated attackers to gain remote code execution on vulnerable devices by sending specially crafted packets to the PAPI (Aruba's Access Point management protocol) UDP port (8211). HPE Aruba Networking, a Hewlett Packard Enterprise (HPE) subsidiary formerly known as Aruba Networks, warned that successful exploitation enables threat actors to execute arbitrary code with privileged access."
        https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-three-critical-rce-flaws-impacting-its-access-points/
        https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
        https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/
      • Cisco Releases Security Updates For IOS And IOS XE Software
        "Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. "
        https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software
        https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-ios-software-2/
      • Attacking UNIX Systems Via CUPS, Part I
        "Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s directly involved in the CUPS project said: From a generic security point of view, a whole Linux system as it is nowadays is just an endless and hopeless mess of security holes waiting to be exploited."
        https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
        https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
        https://www.theregister.com/2024/09/26/unauthenticated_rce_bug_linux/
        https://hackread.com/old-vulnerability-9-9-impacts-all-gnu-linux-systems/
      • Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% Of Cloud Environments
        "Wiz Research has uncovered a critical security vulnerability, CVE-2024-0132, in the widely used NVIDIA Container Toolkit, which provides containerized AI applications with access to GPU resources. This impacts any AI application – in the cloud or on-premise – that is running the vulnerable container toolkit to enable GPU support. The vulnerability enables attackers who control a container image executed by the vulnerable toolkit to escape from that container and gain full access to the underlying host system, posing a serious risk to sensitive data and infrastructure."
        https://www.wiz.io/blog/wiz-research-critical-nvidia-ai-vulnerability
        https://www.securityweek.com/critical-nvidia-container-flaw-exposes-cloud-ai-systems-to-host-takeover/
        https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/
      • Hacking Kia: Remotely Controlling Cars With Just a License Plate
        "On June 11th, 2024, we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate. These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription. Additionally, an attacker could silently obtain personal information, including the victim's name, phone number, email address, and physical address. This would allow the attacker to add themselves as an invisible second user on the victim's vehicle without their knowledge."
        https://samcurry.net/hacking-kia
        https://www.bleepingcomputer.com/news/security/kia-dealer-portal-flaw-could-let-attackers-hack-millions-of-cars/
        https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

      Malware

      • Unraveling Sparkling Pisces’s Tool Set: KLogEXE And FPSpy
        "Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. These samples enhance Sparkling Pisces' already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities."
        https://unit42.paloaltonetworks.com/kimsuky-new-keylogger-backdoor-variant/
        https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html
      • Lumma Stealer Campaign Targets League Of Legends World Championship Fans Through Social Media Ads
        "As the League of Legends (LoL) World Championship kicks off, Bitdefender Labs is warning that cybercriminals are exploiting the event to launch sophisticated malware campaigns targeting unsuspecting gamers across Europe. Through carefully crafted social media advertisements, hackers are enticing fans to download what appears to be the popular multiplayer online battle arena (MOBA) game. However, what awaits victims is not a fun gaming experience, but rather a dangerous piece of malware known as Lumma Stealer."
        https://www.bitdefender.com/blog/hotforsecurity/lumma-stealer-campaign-targets-league-of-legends-world-championship-fans-through-social-media-ads/
        https://www.infosecurity-magazine.com/news/malicious-ads-infostealer-league/
        https://hackread.com/fake-league-of-legends-download-ads-lumma-stealer/
      • SilentSelfie: Uncovering a Major Watering Hole Campaign Against Kurdish Websites
        "At the beginning of 2024, Sekoia Threat Detection & Research team (TDR) was put in relation with members of the Kurdish minority regarding a suspicious script on a legitimate website named nuceciwan129[.]xyz. This script, when visited, prompted users to activate their webcams and share their locations, arousing suspicion among some users. After a first investigation, our contacts discovered an obfuscated JavaScript code sending reconnaissance data to a PHP script hosted on the nuceciwan129[.]xyz server."
        https://blog.sekoia.io/silentselfie-uncovering-a-major-watering-hole-campaign-against-kurdish-websites/
        https://thehackernews.com/2024/09/watering-hole-attack-on-kurdish-sites.html
      • The Cryptocurrency Drainer Hiding On Google Play
        "As digital assets become increasingly popular, so do the risks that come along with it. Despite improvements in cryptocurrency wallet security and growing user awareness about the dangers, cybercriminals continue to find increasingly sophisticated ways to deceive users and bypass security measures. Crypto drainers, which are malware designed to steal crypto assets, have become a popular method for attackers. Using phishing websites and apps that mimic legitimate cryptocurrency platforms, attackers fool users into authorizing an illegitimate transaction, which allows the drainer to execute the transfer of digital assets to the perpetrators."
        https://blog.checkpoint.com/research/the-cryptocurrency-drainer-hiding-on-google-play/
        https://www.bleepingcomputer.com/news/security/fake-walletconnect-app-on-google-play-steals-android-users-crypto/
        https://www.infosecurity-magazine.com/news/first-mobile-crypto-drainer-google/
        https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/
      • Simple Mail Transfer Pirates: How Threat Actors Are Abusing Third-Party Infrastructure To Send Spam
        "Spammers are always looking for creative ways to bypass spam filters. As a spammer, one of the problems with creating your own architecture to deliver mail is that, once the spam starts flowing, these sources (IPs/domains) can be blocked. Spam can more easily find its way into the inbox if it is delivered from an unexpected or legitimate source. Realizing this, many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email."
        https://blog.talosintelligence.com/simple-mail-transfer-pirates/
      • Cyberespionage The Gamaredon Way: Analysis Of Toolset Used To Spy On Ukraine In 2022 And 2023
        "The war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a multifaceted war, rife with disinformation campaigns and cyberwarfare. Throughout these years, ESET Research has revealed several high-profile cyberattacks conducted by Russia-aligned advanced persistent threat (APT) groups targeting Ukrainian entities and Ukrainian speakers, analyzed various operations, and kept track of multiple APT groups focusing on this region because of the war."
        https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/
        https://therecord.media/russia-gamaredon-eset-engaged-hackers

      Breaches/Hacks/Leaks

      • Police Are Probing a Cyberattack On Wi-Fi Networks At UK Train Stations
        "U.K. transport officials and police said Thursday they are investigating a “cyber-security incident” that hit the public Wi-Fi networks at the country’s biggest railway stations. Passengers trying to log onto the Wi-Fi at stations including Manchester Piccadilly, Birmingham New Street and 11 London terminuses on Wednesday evening were met by a page reading “We love you, Europe,” followed by an anti-Islam message listing a series of terror attacks. Network Rail, which manages the stations, said the Wi-Fi had been switched off and no passenger data was taken."
        Priority: 3 - Important
        Relevance: General
        https://www.securityweek.com/police-are-probing-a-cyberattack-on-wi-fi-networks-at-uk-train-stations/
        https://www.theregister.com/2024/09/26/public_wifi_operator_investigating_cyberattack/
        https://www.darkreading.com/cyberattacks-data-breaches/public-wi-fi-compromised-uk-train-stations
        https://hackread.com/uk-train-stations-wi-fi-hacked-islamophobic-messages/
        Kuwait Health Ministry Restoring Systems After Cyberattack Takes Down Hospitals, Healthcare App
        "Kuwait’s Health Ministry is recovering from a cyberattack that took down systems at several of the country’s hospitals, as well as the country’s Sahel healthcare app. The Ministry of Health website is still down as of Thursday afternoon but the agency released a statement through the Kuwait News Agency. The government used backups to restore systems at the Kuwait Cancer Control center and within the offices that manage the national health insurance system and expatriate check-up system."
        https://therecord.media/kuwait-ministry-restoring-systems-cyberattack

      General News

      • New MIT Protocol Protects Sensitive Data During Cloud-Based Computation
        "Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare. Hospitals, for instance, may be reluctant to adopt AI tools for analyzing confidential patient data due to potential privacy risks."
        https://www.helpnetsecurity.com/2024/09/26/mit-security-protocol-cloud-based-computation/
        https://arxiv.org/pdf/2408.05629
      • Compliance Management Strategies For Protecting Data In Complex Regulatory Environments
        "In this Help Net Security interview, Andrius Buinovskis, Head of Product at NordLayer, discusses how organizations can assess their compliance management and ensure they meet regulatory requirements. Buinovskis also addresses the challenges of managing multiple frameworks and offers strategies for building a strong security compliance program."
        https://www.helpnetsecurity.com/2024/09/26/andrius-buinovskis-nordlayer-compliance-management/
      • Companies Mentioned On The Dark Web At Higher Risk For Cyber Attacks
        "The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyber attack, according to Searchlight Cyber. Marsh McLennan Cyber Risk Intelligence Center analyzed the dark web dataset against a sample of 9,410 organizations with an overall breach rate of 3.7% from 2020 to 2023 to determine whether there was a correlation between data breaches and findings on the dark web in the year before the incident."
        https://www.helpnetsecurity.com/2024/09/26/dark-web-cyberattack-risk/
      • ASD’s ACSC, CISA, And US And International Partners Release Guidance On Detecting And Mitigating Active Directory Compromises
        "Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory."
        https://www.cisa.gov/news-events/alerts/2024/09/25/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active
        https://www.cyber.gov.au/sites/default/files/2024-09/PROTECT-Detecting-and-Mitigating-Active-Directory-Compromises.pdf
        https://www.helpnetsecurity.com/2024/09/26/active-directory-compromise/
      • Sophos: Attacks Drop In Nearly All Sectors But Healthcare
        "Ransomware attacks are declining across many sectors - but not in healthcare, where an ongoing surge is reaching a four-year high in incidents, according to a new research report from security firm Sophos. Of 402 healthcare organizations surveyed by Sophos, two-thirds reported suffering a ransomware attack in the past year, up from 60% in 2023. In comparison, the number of respondents hit by ransomware attacks across all sectors fell to 59% in 2024, down from 66% in 2023, the report released on Thursday says."
        https://www.bankinfosecurity.com/sophos-attacks-drop-in-nearly-all-sectors-but-healthcare-a-26376
        https://assets.sophos.com/X24WTUEQ/at/4bk9xt4h7gsm4xs6mfzh3k/sophos-state-of-ransomware-healthcare-2024.pdf
      • Fortifying The Weakest Link: How To Safeguard Against Supply Chain Cyberattacks
        "In recent years, cybercriminals have increasingly exploited vulnerabilities in widely-used IT and security tools, leading to major security incidents. For instance, a zero-day vulnerability in Ivanti enterprise VPNs was recently exploited, allowing attackers to deploy a backdoor named ‘DSLog’. Similarly, a remote code execution vulnerability in TeamCity enabled attackers, suspected to be from the APT29 group, to infiltrate systems by installing malicious SSH certificates, using PowerShell to download and execute malicious DLLs, and maintaining persistence through scheduled tasks. Another example is the Fortra GoAnywhere MFT vulnerability, which ransomware groups like LockBit and Cl0p exploited to execute remote code, resulting in significant attacks, particularly in the healthcare sector."
        https://www.securityweek.com/fortifying-the-weakest-link-how-to-safeguard-against-supply-chain-cyberattacks/
      • US Sanctions Crypto Exchanges Used By Russian Ransomware Gangs
        "The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. Cryptex (which used the cryptex[.]net domain) reportedly provides financial services to cybercriminals and laundered over $51 million in funds linked to ransomware attacks."
        https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-exchanges-used-by-russian-ransomware-gangs/
        https://home.treasury.gov/news/press-releases/jy2616
        https://www.justice.gov/opa/pr/two-russian-nationals-charged-connection-operating-billion-dollar-money-laundering-1
        https://therecord.media/cryptocurrency-exchanges-seizures-ivanov-sanctions-us-netherlands
        https://cyberscoop.com/jokers-stash-cryptex-uaps-pm2btc-cybercrime-money-laundering/
      • Moving DevOps Security Out Of The 'Stone Age'
        "Combining software development, deployment, and operations pipelines into DevOps teams promises increased efficiency, easier and more frequent updates, and higher-quality applications. Yet the complexity of the infrastructure has also led to a growing attack surface that is hard to monitor and maintain."
        https://www.darkreading.com/application-security/managing-devops-security-posture-escape-stone-age
      • Boredom Is The Silent Killer In Your IT Systems
        "We're so fixated on external threats that we usually fail to look within. Boredom in IT teams often led by technical debt is a real problem, and it's costing companies more than they realize. Cyber threats are evolving, and our approach to combating these threats needs to evolve alongside it. Security is now a problem we need to tackle at all levels, but essentially, it requires a team of reactive developers that can tackle these threats at the start of the development life cycle. The engagement level of your IT team should really be a security concern."
        https://www.darkreading.com/vulnerabilities-threats/boredom-silent-killer-it-systems
      • Over a Third Of Employees Secretly Sharing Work Info With AI
        "More than a third (38%) of employees share sensitive work information with AI tools without their employer’s permission, according to new research by CybSafe and the National Cybersecurity Alliance (NCA). The report found that this behavior was particularly prominent among younger generations. Around half (46%) of Gen Z and 43% of millennials surveyed admitted sharing sensitive work information with such tools without their employer’s knowledge."
        https://www.infosecurity-magazine.com/news/third-employees-sharing-work-info/
      • Ransomware Incidents Hit 117 Countries In 2023, Task Force Says
        "More than 6,500 ransomware attacks were recorded in 2023, touching a record number of 117 countries across the globe after a brief dip in 2022. There was a 73% year-over-year increase in attacks to 6,670 ransomware incidents, with notable spikes in June and July due to the exploitation of a popular file transfer tool. The numbers were compiled by the Ransomware Task Force, which was organized in 2021 by the nonprofit Institute for Security and Technology and is a public/private consortium made up of cybersecurity experts, government officials and more."
        https://therecord.media/ransomware-task-force-2023-global-report
      • What You Need To Know: The Biggest Cyber Threats In 2024
        "In today’s world, both small businesses and everyday consumers face a growing number of cyber threats. From ransomware attacks to phishing scams, hackers are becoming more sophisticated. OpenText’s 2024 Threat Hunter Perspective sheds light on what’s coming next and how to protect yourself. Whether you’re running a small business or managing personal data at home, here’s what you need to know."
        https://www.webroot.com/blog/2024/09/24/what-you-need-to-know-the-biggest-cyber-threats-in-2024/
        https://www.opentext.com/media/report/opentext-2024-threat-hunter-perspectives-insights-from-the-front-lines-report-en.pdf

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c98f487a-d6a9-4bc9-93bc-cd860a002303-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post