NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 14 October 2024

    Cyber Security News
    1
    1
    387
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • NHS England Warns Of Critical Veeam Vulnerability Under Active Exploitation
        "NHS England has posted an alert relating to a critical Veeam Backup & Replication vulnerability which is now under active exploitation by ransomware groups. Successful exploitation of the vulnerability (CVE-2024-40711) could lead to remote code execution (RCE), the alert noted. RCE could allow attackers to run code on a remote device without the need for physical access. Threat severity has been rated high, with a CVSS score of 9.8."
        https://www.infosecurity-magazine.com/news/nhs-england-warns-cve-active/

      Malware

      • Telekopye Transitions To Targeting Tourists Via Hotel Booking Scam
        "The growing popularity of online marketplaces has attracted fraudsters preying on unsuspecting buyers and sellers, looking to score payment card information rather than to strike a bargain. ESET researchers have found that one such organized scammer network – which uses Telekopye, a toolkit discovered by ESET Research in 2023 – has expanded its operations to target users of popular accommodation booking platforms."
        https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
        https://www.helpnetsecurity.com/2024/10/11/telekopye-booking-platforms-scams/
      • Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE And Gulf Regions
        "Recently, Trend Micro has been tracking Earth Simnavaz (also known as APT34 and OilRig), a cyber espionage group believed to be linked to Iranian interests. This group primarily targets organizations in the energy sector, particularly those involved in oil and gas, as well as other critical infrastructure. It is known for using sophisticated tactics, techniques, and procedures (TTPs) to gain unauthorized access to networks and exfiltrate sensitive information."
        https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html
        https://www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/
        https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html
      • September 2024’s Most Wanted Malware: Notable AI-Driven Techniques And Persistent RansomHub Threats
        "Check Point’s Global Threat Index for September 2024 revealed its Global Threat Index for September 2024. The report highlights an interesting trend in the cybersecurity landscape, particularly the emergence of artificial intelligence (AI)-driven malware, alongside the ongoing dominance of ransomware threats."
        https://blog.checkpoint.com/research/september-2024s-most-wanted-malware-notable-ai-driven-techniques-and-persistent-ransomhub-threats/
      • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
        "Today FortiGuard Labs is releasing this blog post about a case where an advanced adversary was observed exploiting three vulnerabilities affecting the Ivanti Cloud Services Appliance (CSA). At the time of our investigation, two out of the three identified vulnerabilities were not publicly known. This incident is a prime example of how threat actors chain zero-day vulnerabilities to gain initial access to a victim’s network."
        https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa
      • Octo2 Malware Uses Fake NordVPN, Chrome Apps To Infect Android Devices
        "Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This advanced trojan uses sophisticated techniques to evade detection, steal credentials, and enable remote access to infected devices. Cybersecurity researchers at DomainTools have released their new research on Octo2, a new version of the notorious Octo malware family. Octo2 targets Android mobile devices and based on its activity, researchers believe that it will target users globally soon."
        https://hackread.com/octo2-malware-fake-nordvpn-chrome-apps-android-device/
      • CoreWarrior Spreader Malware Surge
        "This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching out to multiple IP addresses, opening multiple sockets for backdoor access, and hooking Windows UI elements for monitoring."
        https://blog.sonicwall.com/en-us/2024/10/corewarrior-spreader-malware-surge/
      • ShadowLogic
        "The HiddenLayer SAI team has discovered a novel method for creating backdoors in neural network models dubbed ‘ShadowLogic’. Using this technique, an adversary can implant codeless, surreptitious backdoors in models of any modality by manipulating a model’s ‘graph’ – the computational graph representation of the model’s architecture. Backdoors created using this technique will persist through fine-tuning, meaning foundation models can be hijacked to trigger attacker-defined behavior in any downstream application when a trigger input is received, making this attack technique a high-impact AI supply chain risk."
        https://hiddenlayer.com/research/shadowlogic/
        https://www.securityweek.com/shadowlogic-attack-targets-ai-model-graphs-to-create-codeless-backdoors/
      • A Cyber Attack Hit Iranian Government Sites And Nuclear Facilities
        "Amid escalating Middle East tensions, Iran faced major cyberattacks Saturday, disrupting its government branches and targeting nuclear facilities. The massive cyberattack followed Israel’s pledged response to Iran’s October 1 missile barrage, as regional conflicts intensified in Gaza and Lebanon. Abolhassan Firouzabadi, former secretary of Iran’s Supreme Council for Cyberspace, told local media Iran suffered a cyber attack. Firouzabadi also added that threat actors stole sensitive information from targeted infrastructure."
        https://securityaffairs.com/169693/cyber-warfare-2/cyber-attack-hit-iranian-nuclear-facilities.html

      Breaches/Hacks/Leaks

      • Healthcare Attacks Spread Beyond US – Just Ask India's Star Health
        "Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online. When news of a potential break appeared in September, the firm asserted that initial assessments showed "no widespread compromises" and that "sensitive customer data remains secure.""
        https://www.theregister.com/2024/10/11/star_health_breach/
      • Cyberattack Targets Healthcare Nonprofit Overseeing 13 Colorado Facilities
        "A prominent hospital system in Colorado said a cyberattack is affecting the portal patients use to communicate with providers. Axis Health System operates 13 facilities serving thousands of people across southwest and western Colorado. The nonprofit posted a message on its website this week confirming it is experiencing a cyber incident. It is unclear when the incident started and Axis Health did not respond to requests for additional information."
        https://therecord.media/cyberattack-targets-healthcare-nonprofit-colorado
        https://www.bankinfosecurity.com/rhysida-leaks-nursing-home-data-demands-15m-from-axis-a-26516
      • Russian Court Websites Down After Breach Claimed By Pro-Ukraine Hackers
        "The websites of Russian general jurisdiction courts have been down for several days following a cyberattack claimed by pro-Ukrainian hackers. The sites currently display an error message. The attackers have leaked a document on Telegram that appears to show the Russian judicial authority reporting an incident involving the case management and electronic court filing system known as “Pravosudiye” (which means “justice” in Russian)."
        https://therecord.media/russian-court-websites-down-attack-claimed-pro-ukraine-group
      • RAC Duo Busted For Stealing And Selling Crash Victims' Data
        "Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents. Debbie Okparavero, 61, of Salford, and Maliha Islam, 51, of Manchester, had worked as customer services specialists at RAC's call center in Stretford until their "unlawful conduct" was spotted by the company and subsequently reported to the Information Commissioner's Office (ICO)."
        https://www.theregister.com/2024/10/11/rac_worker_convictions/
      • Teraleak: Pokémon Developer Game Freak Hacked; Decades Of Data Leaked
        "Game Freak’s “Teraleak” appears to expose nearly 1 terabyte of sensitive Pokémon data, including source code, cancelled games, concept art, and unreleased projects. The breach, affecting over 2,600 employees, has caused a major buzz in the gaming industry."
        https://hackread.com/teraleak-pokemon-developer-game-freak-hacked-data-leak/

      General News

      • Cyber Attacks In ASEAN Countries: A Detailed Analysis (January - August 2024)
        "Between January and August 2024, ASEAN countries experienced an unprecedented surge in cyber incidents, recording a total of 1,594 attacks. Indonesia, in particular, was disproportionately affected, largely due to a high-profile ransomware attack on its National Data Center, which triggered a wave of opportunistic attacks by various threat actors. The cyber threat landscape across ASEAN evolved during this period, with Distributed Denial of Service (DDoS) attacks dominating, but a concerning rise in data breaches and defacements indicates an increasingly aggressive focus on stealing sensitive data and defacing critical digital properties."
        https://falconfeeds.io/blog/post/cyber-attacks-in-asean-countries-a-detailed-analysis-january--august-2024-545506
      • EU Plans Sanctions For Cyberattackers Acting On Behalf Of Russia
        "In an effort to thwart adversaries launching cyberattacks, information manipulation, and interference campaigns on Russia's behalf, representatives from 27 European Union member states approved a sanctions mechanism. This new framework will allow the EU to target individuals, agencies or organizations that attempt to undermine the values of the member states or their "security, independence and integrity."The EU said in a statement it had detected an increasing number of these pro-Russian activities: Targets included critical infrastructure as well as "instrumentalisation of migration and other disruption actions.""
        https://www.darkreading.com/cyber-risk/eu-sanctions-sabotage-cyberattacks-russia
      • Data Loss Incidents Impact Patient Care
        "92% of healthcare organizations experienced at least one cyber attack in the past 12 months, an increase from 88% in 2023, with 69% reporting disruption to patient care as a result, according to Proofpoint."
        https://www.helpnetsecurity.com/2024/10/11/healthcare-cybersecurity-concerns/
      • Unlocking The Power Of Cryptographic Agility In a Quantum World
        "In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing. Cryptographic agility enables organizations to seamlessly transition to post-quantum algorithms without disrupting existing systems. Leonhard also emphasizes its broader role in adapting to new vulnerabilities, regulations, and industry standards."
        https://www.helpnetsecurity.com/2024/10/11/glen-leonhard-cryptomathic-cryptographic-agility/
      • Research Reveals Growing Distrust For Threat Detection Tools As SOC Teams Struggle To Identify Real Attacks
        "Vectra AI, Inc., the leader in AI-driven XDR (extended detection and response), today announced the findings of its 2024 State of Threat Detection and Response Research Report: The Defenders’ Dilemma. The report shows that security operations center (SOC) practitioners believe they are losing the battle detecting and prioritizing real threats – due to too many siloed tools and a lack of accurate attack signal. They cite a growing distrust in vendors, believing their tools can be more of a hindrance than help in spotting real attacks. This is at odds with growing confidence in their teams’ abilities and a sense of optimism around the promise of artificial intelligence (AI)."
        https://www.vectra.ai/about/news/research-reveals-growing-distrust-for-threat-detection-tools-as-soc-teams-struggle-to-identify-real-attacks
        https://www.darkreading.com/vulnerabilities-threats/soc-teams-threat-detection-tools-stifling
      • The Invisible Army Of Non-Human Identities
        "Imagine a vast and invisible army silently infiltrating your organization's digital defenses. No, this isn't the plot of a sci-fi thriller — it's the reality of non-human identities (NHIs) in today's cybersecurity landscape. As a seasoned security architect, I've watched this hidden force grow from a manageable contingent to a sprawling, often ungoverned multitude that's keeping chief information security officers (CISOs) awake at night."
        https://www.darkreading.com/vulnerabilities-threats/invisible-army-non-human-identities
      • Retail CISOs Take On More Risk To Foster Innovation
        "Chief information security officers (CISOs) have long borne the reputation of blocking innovation to keep their organization and all its data safe and sound. However, those competing priorities appear to be shifting, especially in the retail and consumer sectors. While the majority of CISOs (59%) across all sectors see themselves as "enablers" — as opposed to just managers of cyber-risk — nearly all (97%) CISOs in the retail segment view their role as an enabler, according to a survey of more than 1,000 global CISOs conducted by cybersecurity firm Netskope."
        https://www.darkreading.com/cybersecurity-operations/cisos-risky-retail-other-industries-follow
        https://www.netskope.com/resources/reports-guides/the-retail-ciso-bringing-balance
      • How Governance, Risk And Compliance (GRC) Addresses Growing Data Liability Concerns
        "In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments. According to a study by IBM’s Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits is fraught with challenges, particularly in data management."
        https://securityintelligence.com/articles/how-governance-risk-compliance-addresses-growing-liability-concerns/
      • Cyber Insurer Says Ransomware Attacks Drove a Spike In Claim Sizes
        "A report published Thursday by cyber insurance provider Coalition found that although its customers made fewer claims in the first half of 2024 than the same period a year earlier, the size of those claims increased 14% — to an average loss of $122,000. The jump in losses was “driven by a spike in ransomware severity,” the company said, adding that threat actors “targeted larger businesses and reaped the benefits with increased paydays.”"
        https://therecord.media/cyber-insurer-says-ransomware-attacks-drove-higher-claims
        https://web.coalitioninc.com/download-2024-cyber-claims-report-mid-year-update.html
      • Eighteen Individuals And Entities Charged In International Operation Targeting Widespread Fraud And Manipulation In The Cryptocurrency Markets
        "Eighteen individuals and entities have been charged for widespread fraud and manipulation in the cryptocurrency markets. Charges were unsealed in Boston against the leaders of four cryptocurrency companies, four cryptocurrency financial services firms (known as “market makers”) and employees at those firms.Four defendants have pleaded guilty, another defendant has agreed to plead guilty, and authorities apprehended three other defendants in Texas, the United Kingdom and Portugal this week. More than $25 million in cryptocurrency has been seized and multiple trading bots responsible for millions of dollars’ worth of wash trades for approximately 60 different cryptocurrencies have been deactivated."
        https://www.justice.gov/usao-ma/pr/eighteen-individuals-and-entities-charged-international-operation-targeting-widespread
        https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) e77bdfd1-c09a-4cde-9a75-51902ffb0666-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post