NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    ETDA Cyber Threat Intelligence 30 September 2024

    Cyber Security News
    1
    1
    401
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Tosint: Open-Source Telegram OSINT Tool
        "Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal activities."
        https://www.helpnetsecurity.com/2024/09/27/tosint-open-source-telegram-osint-tool/
        https://github.com/drego85/tosint

      Vulnerabilities

      • Progress Urges Admins To Patch Critical WhatsUp Gold Bugs ASAP
        "Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. However, even though it released WhatsUp Gold 24.0.1, which addressed the issues last Friday and published an advisory on Tuesday, the company has yet to provide any details regarding these flaws. "The WhatsUp Gold team has identified six vulnerabilities that exist in versions below 24.0.1," Progress warned customers this week."
        https://www.bleepingcomputer.com/news/security/progress-urges-admins-to-patch-critical-whatsup-gold-bugs-asap/
        https://thehackernews.com/2024/09/progress-software-releases-patches-for.html
        https://securityaffairs.com/169056/security/progress-software-whatsup-gold-critical-bugs.html
      • Novel Exploit Chain Enables Windows UAC Bypass
        "Researchers have flagged a weakness they're tracking as CVE-2024-6769, calling it a combination user access control (UAC) bypass/privilege escalation vulnerability in Windows. It could allow an authenticated attacker to obtain full system privileges, they warned.That's according to Fortra, which assigned the issue a medium severity score of 6.7 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. Its proof-of-concept exploit demonstrates that "you have the ability to shut down the system," stressed Tyler Reguly, associate director of security R&D at Fortra."
        https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
        https://www.fortra.com/security/advisories/research/fr-2024-002

      Malware

      • DCRat Targets Users With HTML Smuggling
        "DCRat (also known as Dark Crystal RAT) is a modular remote access Trojan (RAT) which is offered as malware-as-a-service (MaaS) and has been around since 2018. It is written in C# and has typical RAT and information stealing capabilities, such as executing shell commands, logging keystrokes, exfiltrating files and credentials, among others. DCRat has historically been delivered through compromised or fake websites, password-protected archives delivered through popular media such as Signal, Cobalt Strike Beacons, or email spam with macro-embedded Excel or PDF attachments."
        https://www.netskope.com/blog/dcrat-targets-users-with-html-smuggling
        https://thehackernews.com/2024/09/new-html-smuggling-campaign-delivers.html
      • Storm-0501: Ransomware Attacks Expanding To Hybrid Cloud Environments
        "Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations."
        https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
        https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/
        https://thehackernews.com/2024/09/microsoft-identifies-storm-0501-as.html
        https://www.theregister.com/2024/09/27/microsoft_storm_0501/

      General News

      • 3 Tips For Securing IoT Devices In a Connected World
        "IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present a real and often overlooked cybersecurity threat."
        https://www.helpnetsecurity.com/2024/09/27/iot-devices-security/
      • Developing An Effective Cyberwarfare Response Plan
        "In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael emphasizes the need for AI-powered defenses and proactive cybersecurity strategies to combat these evolving threats."
        https://www.helpnetsecurity.com/2024/09/27/nadir-izrael-armis-ai-cyberwarfare/
      • Cybersecurity Compass: Bridging The Communication Gap
        "One of the biggest challenges in cybersecurity is bridging the communication gap between technical and non-technical stakeholders. Having a common language in cybersecurity is crucial. Technical experts often discuss cybersecurity in terms of threats, vulnerabilities, and technical solutions, which can be overwhelming for non-technical leaders. On the other hand, non-technical executives may focus on business impacts, compliance, and financial risks."
        https://www.trendmicro.com/en_us/research/24/i/cybersecurity-compass.html
      • Three IRGC Cyber Actors Indicted For ‘Hack-And-Leak’ Operation Designed To Influence The 2024 U.S. Presidential Election
        "The Justice Department today announced the unsealing of an indictment charging Iranian nationals, and Islamic Revolutionary Guard Corps (IRGC) employees, Masoud Jalili, 36, also known as, مسعود جلیلی, Seyyed Ali Aghamiri, 34, also known as, سید علی آقامیری, and Yaser Balaghi, 37, also known as, یاسر بلاغی (the Conspirators), with a conspiracy with others known and unknown to hack into accounts of current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns."
        https://www.justice.gov/opa/pr/three-irgc-cyber-actors-indicted-hack-and-leak-operation-designed-influence-2024-us
        https://www.bleepingcomputer.com/news/security/iranian-hackers-charged-for-hack-and-leak-plot-to-influence-election/
        https://therecord.media/us-charges-iranians-behind-hack
        https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html
        https://www.bankinfosecurity.com/iranian-hackers-indicted-for-cyberattacks-on-trump-campaign-a-26403
        https://cyberscoop.com/iranians-charged-in-trump-campaign-hack/
        https://www.theregister.com/2024/09/27/us_charges_iran_trump_campaign_hack/
      • Two Russian Nationals Charged In Connection With Operating Billion-Dollar Money Laundering Services; Justice Department Seizes Web Domains For Multiple Illicit Crypto Exchanges
        "Today, the Justice Department announced actions coordinated with the Department of State, Department of the Treasury, and other federal and international law enforcement partners to combat Russian money laundering operations. The actions involved the unsealing of an indictment charging a Russian national with his involvement in operating multiple money laundering services that catered to cybercriminals, as well as the seizure of websites associated with three illicit cryptocurrency exchanges."
        https://www.justice.gov/usao-edva/pr/two-russian-nationals-charged-connection-operating-billion-dollar-money-laundering
        https://www.bleepingcomputer.com/news/legal/us-charges-jokers-stash-and-rescator-money-launderers/
        https://www.bankinfosecurity.com/alleged-russian-cybercrime-money-launderer-indicted-in-us-a-26399
      • Top Allies For Executives & Boards To Leverage During a Cyber Crisis
        "Many organizations have gone to great lengths in preparing for a cyberattack, leveraging both services and solutions to limit risk and exposure. Despite these efforts, breaches persist, ransomware payouts have grown, and leaders continue to make mistakes during cyber crises that impact organizations and customers both short and long term."
        https://www.darkreading.com/cyberattacks-data-breaches/allies-executives-boards-leverage-during-cyber-crisis
      • Could Security Misconfigurations Become No. 1 In OWASP Top 10?
        "The convergence of rising cyber threats, advanced artificial intelligence (AI), remote work, and hybrid infrastructures presents significant cybersecurity challenges in today's IT landscape. As a result, it's necessary to make your endpoints, cloud infrastructure, and remote access channels more secure. As cyber adversaries adopt new tactics, organizations worldwide respond by expanding the use of continuous threat exposure management (CTEM) systems, investing in robust security solutions, and leveraging cross-functional collaboration to mitigate risks and safeguard digital assets effectively.
        https://www.darkreading.com/vulnerabilities-threats/could-security-misconfigurations-become-no-1-owasp-top-10
      • Governments Urge Improved Security And Resilience For Undersea Cables
        "The US government and global partners have urged action to strengthen the security and resiliency of undersea cable infrastructure, thereby protecting global communications and data from compromise. This includes incorporating cybersecurity best practices in the design of undersea cable infrastructure, reducing the risk of these services being hacked."
        https://www.infosecurity-magazine.com/news/governments-security-undersea/
      • Access Control Is Going Mobile — Is This The Way Forward?
        "Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims."
        https://securityintelligence.com/articles/access-control-mobile-the-way-forward/
      • Sophistication Of AI-Backed Operation Targeting Senator Points To Future Of Deepfake Schemes
        "An advanced deepfake operation targeted Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, this month, according to the Office of Senate Security, the latest sign that nefarious actors are turning to artificial intelligence in efforts to dupe top political figures in the United States. Experts believe schemes like this will become more common now that the technical barriers that once existed around generative artificial intelligence have decreased. The notice from Senate Security sent to Senate offices on Monday said the attempt “stands out due to its technical sophistication and believability.”"
        https://www.securityweek.com/sophistication-of-ai-backed-operation-targeting-senator-points-to-future-of-deepfake-schemes/
      • Red Team Hacker On How She 'breaks Into Buildings And Pretends To Be The Bad Guy'
        "A hacker walked into a "very big city" building on a Wednesday morning with no keys to any doors or elevators, determined to steal sensitive data by breaking into both the physical space and the corporate Wi-Fi network. Turns out she didn't need to do any breaking in at all. She rode the elevator up to the reception floor without needing a security badge, found the office suite door propped open, walked past a security guard sitting at a desk and straight into a conference room."
        https://www.theregister.com/2024/09/29/interview_with_a_social_engineering/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 369d7c3b-e56b-4dde-a127-aca18ba3d730-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post