NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 09 October 2024

    Cyber Security News
    1
    1
    428
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Healthcare's Grim Cyber Prognosis Requires Security Booster
        "The healthcare sector continues to grow, but without the proper focus on cybersecurity, the prognosis for the industry's resilience against ransomware and other attacks has only worsened. Against a backdrop of non-IT disruptions — such as private equity failures, shortages of medicines, and the cutting of services — two-thirds (66%) of healthcare organizations also suffered ransomware attacks in the past year, up from 60% in the prior year, according to a report from cybersecurity firm Sophos. Major attacks on hospitals and medical-service providers have led to disruptions of services, significant financial outlay, and the exposure of sensitive patient data. In some cases, they also affected patient outcomes."
        https://www.darkreading.com/threat-intelligence/healthcare-cyber-prognosis-security-booster

      New Tooling

      • New Scanner Finds Linux, UNIX Servers Exposed To CUPS RCE Attacks
        "An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone Margaritelli. Although its RCE aspect appears limited in real-world deployments due to the prerequisites for exploitation, Akamai later showed that CVE-2024-47176 also opened the possibility for 600x amplification in distributed denial of service (DDoS) attacks."
        https://www.bleepingcomputer.com/news/software/new-scanner-finds-linux-unix-servers-exposed-to-cups-rce-attacks/
        https://github.com/MalwareTech/CVE-2024-47176-Scanner

      Vulnerabilities

      • Microsoft October 2024 Patch Tuesday Fixes 5 Zero-Days, 118 Flaws
        "Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/
        https://www.tripwire.com/state-of-security/vert-threat-alert-october-2024-patch-tuesday-analysis
        https://blog.talosintelligence.com/microsoft-patch-tuesday-october-2024/
        https://www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now
        https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
        https://www.theregister.com/2024/10/08/patch_tuesday_october_2024/
        https://www.securityweek.com/patch-tuesday-microsoft-confirms-exploited-zero-day-in-windows-management-console/
      • Adobe Patches Critical Bugs In Commerce And Magento Products
        "Software maker Adobe has rolled out urgent patches with fixes for security defects in multiple product lines and warned of code execution risks on Windows and macOS platforms. The Patch Tuesday release includes a major security makeover for Adobe Commerce and Magento Open Source, an enterprise-facing product regularly in the crosshairs of malicious hackers."
        https://www.securityweek.com/adobe-patches-critical-bugs-in-commerce-and-magento-products/
        https://helpx.adobe.com/security/products/magento/apsb24-73.html
      • Ivanti Warns Of Three More CSA Zero-Days Exploited In Attacks
        "American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed on Tuesday, attackers are chaining the three security flaws with another CSA zero-day patched in September. Successful exploitation of these vulnerabilities can let remote attackers run SQL statements via SQL injection, execute arbitrary code via command injection, and bypass security restrictions by abusing a path traversal weakness on vulnerable CSA gateways (used to provide enterprise users secure access to internal network resources)."
        https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/
        https://www.ivanti.com/blog/october-2024-security-update
        https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
        https://www.helpnetsecurity.com/2024/10/08/cve-2024-9379-cve-2024-9380-cve-2024-9381/
        https://securityaffairs.com/169553/hacking/ivanti-csa-zero-days-actively-exploited.html
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
        CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability
        CVE-2024-43573 Microsoft Windows MSHTML Platform Spoofing Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • Broken Mirror: iPhone Mirroring At Work May Expose Employees’ Personal Information
        "As deployments of macOS 15.0 Sequoia and iOS 18 continue, Sevco discovered a major systemic privacy bug whereby the applications from a user’s personal iPhone may become part of the company’s software inventory via a new Apple feature known as “iPhone Mirroring.” In short, the applications on an employee’s personal iPhone may be exposed to their corporate IT department."
        https://www.sevcosecurity.com/iphone-mirroring-expose-employee-personal-information/
        https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/
        https://www.securityweek.com/macos-sequoia-update-fixes-security-software-compatibility-issues/
      • 7,000 WordPress Sites Affected By Unauthenticated Critical Vulnerabilities In LatePoint WordPress Plugin
        "On September 17, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for two critical vulnerabilities in the LatePoint plugin, which is estimated to be actively installed on more than 7,000 WordPress websites. The Unauthenticated Arbitrary User Password Change vulnerability makes it possible for an unauthenticated attacker to change the password of any user, including an administrator, which allows them to take over the account and the website. The Authentication Bypass vulnerability makes it possible for an attacker to gain access to any account on the site, including any administrator accounts."
        https://www.wordfence.com/blog/2024/10/7000-wordpress-sites-affected-by-unauthenticated-critical-vulnerabilities-in-latepoint-wordpress-plugin/
      • SAP Patches Critical Vulnerability In BusinessObjects
        "Enterprise software maker SAP on Tuesday released six new security notes with patches for a wide range of vulnerabilities, including a critical issue in its BusinessObjects Business Intelligence product line. The company called urgent attention to CVE-2024-41730, a missing authorization check issue in the BusinessObjects Business Intelligence suite that carries a critical-severity rating."
        https://www.securityweek.com/sap-patches-critical-vulnerability-in-businessobjects/

      Malware

      • Mamba 2FA: A New Contender In The AiTM Phishing Ecosystem
        "In late May 2024, Sekoia’s Threat Detection & Research (TDR) team received an insight from a partner about an ongoing phishing campaign leveraging HTML attachments that mimicked Microsoft 365 login pages. The phishing pages were able to relay some methods of multi-factor authentication (MFA), and made use of the Socket.IO JavaScript library to communicate via websockets with a backend server. At first, these characteristics look like the Tycoon 2FA phishing-as-a-service platform, but further inspection found that the campaign leveraged a previously unknown adversary-in-the-middle (AiTM) phishing kit, that Sekoia track as Mamba 2FA."
        https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/
        https://www.bleepingcomputer.com/news/security/new-mamba-2fa-bypass-service-targets-microsoft-365-accounts/
      • Malicious Chrome Extensions Skate Past Google's Updated Security
        "Malicious browser extensions are bypassing Google's latest security and privacy standard for Chrome extensions, and they are finding their way into the Chrome Web Store — putting organizations and individuals at considerable risk. That's according to researchers at Singapore-based SquareX, who recently demonstrated how bad actors could sneak harmful browser add-ons past the protections in Google's latest Manifest V3 update for Chrome extensions."
        https://www.darkreading.com/cyber-risk/malicious-chrome-extensions-past-google-updated-security
      • Not All Fun And Games: Lua Malware Targets Educational Sector And Student Gaming Engines
        "In March 2024, OALabs reported on a new packed Lua loader aimed at the gaming community. This report was followed in April by additional threat insights by McAfee. In the months since, Morphisec Threat Labs observed its continued spread and evolution, with telemetry data indicating that this malware strain is highly prevalent across North America, South America, Europe, Asia, and even Australia. This post provides an analysis of the loader associated with this persistent attack."
        https://blog.morphisec.com/threat-analysis-lua-malware
        https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html
        https://hackread.com/lua-malware-hit-student-gamers-fake-game-cheats/
      • Storm-1575 Threat Actor Deploys New Login Panels For Phishing Infrastructure
        "The Storm-1575 group is known for frequently rebranding its phishing infrastructure. Recently, ANY.RUN analysts identified the deployment of new login panels, which are part of the threat actor’s ongoing efforts to compromise users’ Microsoft and Google accounts."
        https://hackread.com/storm-1575-threat-actor-new-login-panels-phishing-infrastructure/
      • HORUS Protector Part 1: The New Malware Distribution Service
        "Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others. The authors appear to be native French speakers. The files in the distribution mechanism have instructions in the French language and the desktops shown in YouTube demo videos have French as the default language for the software installed on their desktop."
        https://blog.sonicwall.com/en-us/2024/10/horus-protector-part-1-the-new-malware-distribution-service/

      Breaches/Hacks/Leaks

      • Casio Reports IT Systems Failure After Weekend Network Breach
        "Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. The disclosure comes from Casio Computer, the parent company of the Casio brand, widely known for its watches, calculators, musical instruments, cameras, and other electronics. "Casio Computer Co., Ltd. confirmed on October 5 of this year that its network had been accessed by a third party in an unauthorized manner," reads an announcement published on Casio's website earlier today."
        https://www.bleepingcomputer.com/news/security/casio-reports-it-systems-failure-after-weekend-network-breach/
        https://therecord.media/casio-cyberattack-system-failure
      • Credit Monitoring And Supply Chain Risk Company Hacked
        "Hackers stole sensitive employee data from a software-as-a-service company that advises consumers on trade credit and provides supply chain risk monitoring, according to a Securities and Exchange Commission filing. CreditRiskMonitor[.]com said on Tuesday that hackers got away with an unspecified amount of data between July 9 and July 17. The pilfered files included personally identifiable information of employees and independent contractors, but does not include customer data, CreditRiskMonitor noted."
        https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/
      • MoneyGram Confirms Hackers Stole Customer Data In Cyberattack
        "MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. The company first detected the attack on September 27th, causing it to shut down IT systems, preventing MoneyGram customers from accessing or transferring money to other users. In a new data breach notification published today, MoneyGram now says that the threat actors had access to its network even earlier, between September 20 and 22, 2024."
        https://www.bleepingcomputer.com/news/security/moneygram-confirms-hackers-stole-customer-data-in-cyberattack/
        https://therecord.media/moneygram-says-customer-information-stolen
        https://www.infosecurity-magazine.com/news/moneygram-data-breach-incident/
        https://www.bankinfosecurity.com/moneygram-money-transfer-firm-reports-customer-data-breach-a-26476
        https://www.malwarebytes.com/blog/news/2024/10/moneygram-confirms-customer-data-breach
        https://securityaffairs.com/169527/data-breach/moneygram-disclosed-a-data-breach.html
        https://www.securityweek.com/moneygram-says-personal-information-stolen-in-recent-cyberattack/

      General News

      • Mideast, Turkey Cyber Threats Spike, Prompting Defense Changes
        "Organizations in Saudi Arabia, the United Arab Emirates, and Turkey suffered more than 10 attacks in the past year on average — and the vast majority of business and IT professionals expect the coming year to be worse — driving efforts by cybersecurity experts in those countries to simplify and modernize their cyber defenses and IT infrastructure."
        https://www.darkreading.com/cyber-risk/mideast-turkey-cyber-threats-spike-defense-changes
      • The Role Of Self-Sovereign Identity In Enterprises
        "As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and organizations vulnerable to data breaches and privacy violations."
        https://www.helpnetsecurity.com/2024/10/08/self-sovereign-identity-ssi/
      • How Hybrid Workforces Are Reshaping Authentication Strategies
        "In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity."
        https://www.helpnetsecurity.com/2024/10/08/brian-pontarelli-fusionauth-authentication-challenges/
      • Avoid Scams After Disaster Strikes
        "As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events."
        https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes
      • The Perils Of Ignoring Cybersecurity Basics
        "Back in July, 8 million Windows devices around the world went offline after CrowdStrike released a software update with a buggy content validator. Hospitals could not access patient records, interrupting patient care. Airlines were forced to delay or cancel thousands of flights. Some payment platforms were unavailable, resulting in people not being paid on time. The Emergency Alert System in the United States was affected, which, in turn, disrupted 911 services in several states."
        https://www.darkreading.com/cybersecurity-operations/perils-ignoring-cybersecurity-101
      • How Major Companies Are Honoring Cybersecurity Awareness Month
        "Cybersecurity Awareness Month, an annual initiative since 2004, provides organizations each October with valuable opportunities to reinforce security best practices among employees. As we engage in these activities this month, it's also an opportunity to discover ways to build a culture of security where employees understand how their daily decisions and actions can affect an organization's overall security."
        https://www.darkreading.com/vulnerabilities-threats/major-companies-honoring-cybersecurity-awareness-month
      • Your IT Systems Are Being Attacked. Are You Prepared?
        "This summer, a cyberattack disrupted the normal operations of thousands of auto dealerships across the United States, affecting everything from records to scheduling, causing no end to annoyances and leaving hordes of exasperated salespeople and customers at their wits' end. The most recent and dramatic example of hacker success illustrates that IT security must become the first priority at the highest levels of an organization. This modern-day plague shows no sign of subsiding. With each successful attack, hackers become even more emboldened."
        https://www.darkreading.com/cyberattacks-data-breaches/it-systems-being-attacked-prepared
      • Cloud Security Risks Surge As 38% Of Firms Face Exposures
        "A new report has highlighted the growing risks associated with modern cloud environments, revealing that 38% of organizations globally face critical exposures from a dangerous combination of security gaps. The Tenable Cloud Risk Report 2024 showed that these companies are at risk due to a “toxic cloud triad” involving publicly exposed, critically vulnerable and highly privileged cloud workloads. This combination leaves them vulnerable to cyber-attacks that could result in application disruptions, system takeovers and costly data breaches."
        https://www.infosecurity-magazine.com/news/cloud-security-risks-surge-38/
      • 31 New Ransomware Groups Join The Ecosystem In 12 Months
        "Despite the flurry of law enforcement action to take down ransomware gangs, Secureworks has observed a 30% year-on-year rise in active ransomware groups. In the eighth edition of the Secureworks annual State of The Threat Report, the firm identified 31 new groups that had entered the ransomware ecosystem in the last 12 months. The report noted that while the threat landscape had previously been dominated by a few big players, it is now home to a broader set of emerging entities."
        https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-2024/
      • Is AI Saving Jobs… Or Taking Them?
        "Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job. Well, which is it? As with all things security-related, AI-related and employment-related, it’s complicated."
        https://securityintelligence.com/articles/is-ai-saving-jobs-or-taking-them/
      • EU Condemns Russia After Detecting ‘increasing Number’ Of Hybrid Activities
        "The European Union issued a condemnation of Russia on Tuesday over the Kremlin’s “intensifying campaign of hybrid activities” targeting the bloc and its partners. It comes in the wake of numerous reported sabotage attempts targeting EU entities, particularly those involved in manufacturing weapons intended to support Ukraine, as well as attempts to influence democratic elections across the continent."
        https://therecord.media/russia-hybrid-activities-european-union-condemnation

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 215207db-eca2-4494-a80c-dfdf53eb78ac-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post