Cyber Threat Intelligence 15 October 2024

NCSA_THAICERT

Vulnerabilities

Jetpack Fixes Critical Information Disclosure Flaw Existing Since 2016
"WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites. The issue was discovered during an internal audit and impacts all Jetpack versions since 3.9.9, released in 2016."
https://www.bleepingcomputer.com/news/security/jetpack-fixes-critical-information-disclosure-flaw-existing-since-2016/
https://jetpack.com/blog/jetpack-13-9-1-critical-security-update/
Tens Of Thousands Of IPs Vulnerable To Fortinet Flaw Dubbed ‘must Patch’ By Feds
"Around 87,000 IPs are likely susceptible to a Fortinet vulnerability that the Cybersecurity and Infrastructure Security Agency put on its “must patch” list last week because attackers are actively exploiting it, according to data from the nonprofit Shadowserver Foundation. The number was at 87,930 on Saturday before dropping slightly to 86,602 on Sunday."
https://cyberscoop.com/ips-vulnerable-fortinet-flaw-must-patch/
https://www.theregister.com/2024/10/14/fortinet_vulnerability/
Juniper Networks Patches Dozens Of Vulnerabilities
"Juniper Networks has released patches for dozens of vulnerabilities in its Junos OS and Junos OS Evolved network operating systems, including multiple flaws in several third-party software components. Fixes were announced for roughly a dozen high-severity security defects impacting components such as the packet forwarding engine (PFE), routing protocol daemon (RPD), routing engine (RE), kernel, and HTTP daemon."
https://www.securityweek.com/juniper-networks-patches-dozens-of-vulnerabilities/
Recent Firefox Zero-Day Exploited Against Tor Browser Users
"Shortly after Firefox version 131.0.2 started rolling out last week with patches for an exploited zero-day vulnerability, the Tor browser too was updated with the fix. Tracked as CVE-2024-9680, the exploited bug is described as a high-severity use-after-free issue in Firefox’s Animation timeline that could lead to the execution of arbitrary code. “An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” Mozilla explained last week."
https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/
https://therecord.media/recently-patched-firefox-bug-being-used-against-tor-browser-users
Crypto-Apocalypse Soon? Chinese Researchers Find a Potential Quantum Attack On Classical Encryption
"Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption. Outlined in a paper [PDF] titled "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", published in the late September edition of Chinese Journal of Computers, the researchers assert that D-Wave’s machines can optimize problem-solving in ways that make it possible to devise an attack on public key cryptography."
https://www.theregister.com/2024/10/14/china_quantum_attack/
http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
Zero-Day Flaws Exposed EV Chargers To Shutdowns And Data Theft
"NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric vehicles chargers) at 44con, demonstrating the cybersecurity risks. Discover the technical details and consequences of the flaws."
https://hackread.com/zero-day-flaws-ev-chargers-to-shutdowns-data-theft/
https://www.nccgroup.com/us/research-blog/44con-charging-ahead-exploiting-an-ev-charger-controller-at-pwn2own-automotive-2024/

Malware

Whispers From The Dark Web Cave. Cyberthreats In The Middle East
"The Kaspersky Digital Footprint Intelligence team analyzed cybersecurity threats coming from dark web cybercriminals who targeted businesses and governments in the Middle East in H1 2024. Our research highlights the most severe and pervasive threats, and identifies potential risks and consequences as well as defensive strategies."
https://securelist.com/meta-threat-landscape-h1-2024/114164/
Water Makara Uses Obfuscated JavaScript In Spear Phishing Campaign, Targets Brazil With Astaroth Malware
"Trend Micro Research recently identified a significant surge of spear phishing attacks aimed at users in Brazil. These emails, which come with attachments often masquerading as personal income tax documents, contain harmful ZIP files. The threat uses mshta.exe, an oft-abused utility normally meant to run HTML Application files, to execute obfuscated JavaScript commands, establishing connections to a C&C server. In terms of impact, the spear phishing campaigns mostly target companies in Brazil. The figure below shows the distribution of the cyberattacks by industry, with Trend Micro telemetry showing manufacturing companies, retail firms, and government agencies as the most affected."
https://www.trendmicro.com/en_us/research/24/j/water-makara-uses-obfuscated-javascript-in-spear-phishing-campai.html
FASTCash For Linux
"This post analyzes a newly identified variant of FASTCash "payment switch" malware which specifically targets the Linux operating system. The term 'FASTCash' is used to refer to the DPRK attributed malware that is installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs."
https://doubleagent.net/fastcash-for-linux/
https://www.bleepingcomputer.com/news/security/new-fastcash-malware-linux-variant-helps-steal-money-from-atms/
Expanding The Investigation: Deep Dive Into Latest TrickMo Samples
"On September 10, Cleafy publicly disclosed a new variant of the Banking Trojan called TrickMo. This variant employed innovative techniques to evade detection and analysis, such as zip file manipulation and obfuscation. While Cleafy did not release any Indicators of Compromise (IOCs), our research team conducted its own research and identified 40 recent variants of this threat, 16 droppers and 22 active Command and Control (C2) as well as additional functionalities."
https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/
https://www.bleepingcomputer.com/news/security/trickmo-malware-steals-android-pins-using-fake-lock-screen/
ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack On RAG-Based AI Systems
"Researchers at the Spark Research Lab (University of Texas at Austin)1, under the supervision of Symmetry CEO Professor Mohit Tiwari uncovered a novel attack method, dubbed ConfusedPilot. This novel attack method targets widely used Retrieval Augmented Generation (RAG) based AI systems, such as Microsoft 365 Copilot. This attack allows manipulation of AI responses simply by adding malicious content to any documents the AI system might reference, potentially leading to widespread misinformation and compromised decision-making processes within the organization.. With 65% of Fortune 500 companies currently implementing or planning to implement RAG-based AI systems, the potential impact of these attacks cannot be overstated."
https://securityboulevard.com/2024/10/confusedpilot-ut-austin-symmetry-systems-uncover-novel-attack-on-rag-based-ai-systems/
https://www.darkreading.com/cyberattacks-data-breaches/confusedpilot-attack-manipulate-rag-based-ai-systems
HORUS Protector Part 2: The New Malware Distribution Service
"Recently, the SonicWall Capture Labs threat research team came across a new Horus FUD (Fully Un-Detectable) malware crypter used for spreading different malware families including AgentTesla, Remcos, Snake, NjRat and many others. Here, we will be discussing the infection chain/spreading mechanism followed by payloads distributed using Horus Protector. If you want to learn more about Horus Protector, please read our previous blog."
https://blog.sonicwall.com/en-us/2024/10/horus-protector-part-2-the-new-malware-distribution-service/
This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands
"The open source ecosystem, due to its widespread adoption, has become a prime target for supply chain attacks. Malicious actors often exploit built-in features of open source packages to automatically distribute and execute harmful code. They particularly favor two techniques: Automatic, preinstall scripts that execute upon package installation, and seemingly innocent packages that import malicious dependencies."
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
https://thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html

Breaches/Hacks/Leaks

Intel Broker Claims Cisco Breach, Selling Stolen Data From Major Firms
"Intel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from global firms like Verizon, AT&T, Microsoft, and more. Data is now for sale on Breach Forums. Intel Broker, a hacker notorious for high-profile data breaches, is claiming to have breached the technology giant Cisco Systems, Inc."
https://hackread.com/intel-broker-cisco-data-breach-selling-firms-data/
Central Tickets Confirms Data Breach As Hacker Leaks Data Of 1 Million Users
"In July 2024, Central Tickets experienced a major data breach that compromised users’ personal information, including names, emails, phone numbers and more. Hackread.com managed to track the activity of the hacker behind this breach."
https://hackread.com/central-tickets-data-breach-hacker-leaks-user-data/
Robot Vacuum Cleaners Hacked To Spy On, Insult Owners
"Multiple robot vacuum cleaners in the US were hacked to yell obscenities and insults through the onboard speakers. ABC news was able to confirm reports of this hack in robot vacuum cleaners of the type Ecovacs Deebot X2, which are manufactured in China. Ecovacs is considered the leading service robotics brand, and is a market leader in robot vacuums."
https://www.malwarebytes.com/blog/news/2024/10/robot-vacuum-cleaners-hacked-to-spy-on-insult-owners
https://www.abc.net.au/news/2024-10-11/robot-vacuum-yells-racial-slurs-at-family-after-being-hacked/104445408
America First Policy Institute, a Group Advising Trump, Says Its Systems Were Breached
"A group helping to lay the groundwork for a future Donald Trump administration said its computer systems were breached, marking the second known instance that people supporting the former president have been the target of a cyberattack. The America First Policy Institute discovered the breach last week. It would not say what materials were compromised."
https://www.securityweek.com/america-first-policy-institute-a-group-advising-trump-says-its-systems-were-breached/
Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches
"Gryphon Healthcare and Tri-City Medical Center last week disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen. The Houston, Texas-based billing services provider Gryphon is notifying 393,358 individuals of an incident discovered on August 13, 2024, which involved an unnamed partner “that Gryphon provides medical billing services for.”"
https://www.securityweek.com/gryphon-healthcare-tri-city-medical-center-disclose-significant-data-breaches/
https://www.theregister.com/2024/10/14/gryphon_healthcare_breach/
General News
The Quantum Dilemma: Game-Changer Or Game-Ender
"If someone told you five years ago that you could pose questions to an AI agent about the most vexing issues in science and it could answer back swiftly and meaningfully, you would’ve thought they were joking. But AI has ushered in this reality. The same holds true for quantum computing. For those that need a refresher on quantum computing, it’s considered ground-breaking technology: a super computer that uses the principles of quantum mechanics to perform highly complex mathematical calculations at a speed and scale that far exceeds today’s supercomputers."
CISOs’ Strategies For Managing a Growing Attack Surface
"In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance in an expanding attack surface, all while dealing with limited resources and rising business demands."
https://www.helpnetsecurity.com/2024/10/14/rickard-carlsson-detectify-attack-surface-management-strategy/
CISSP And CompTIA Security+ Lead As Most Desired Security Credentials
"33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection, according to O’Reilly. This highlights the need for specialized training as AI adoption continues to accelerate across industries. Cloud security expertise also emerges as a significant concern. Despite cloud computing’s two-decade presence, 38.9% of respondents identified cloud security as the most significant skills shortage. This revelation underscores a lag in expertise as organizations continue their cloud migration journeys, potentially leaving them vulnerable to cloud-specific security threats."
https://www.helpnetsecurity.com/2024/10/14/ai-security-skills-shortage/
CIOs Want a Platform That Combines AI, Networking, And Security
"While AI has captured the attention of the technology industry, the majority of CIOs and senior IT leaders are primarily focused on the convergence of networking and security, according to Extreme Networks. The survey, fielded in July and August 2024, polled 200 CIOs and senior IT leaders across a variety of vertical markets and found that CIOs stack ranked their top three IT priorities for the second half of 2024 as 1) securing their enterprise network, 2) integrating network and security and 3) evaluating and deploying AI across their organization."
https://www.helpnetsecurity.com/2024/10/14/ai-network-security-challenges/
Skills Shortages Now a Top-Two Security Risk For SMBs
"A shortage of cybersecurity expertise and capacity in global SMBs is fueling talent burnout and creating new opportunities for threat actors, Sophos has warned. The UK-headquartered security vendor polled 5000 IT and security professionals in 14 countries, 1402 of whom work in organizations with 100-500 employees, to compile its report: Addressing the cybersecurity skills shortage in SMBs. It revealed that a shortage of security skills is now ranked by SMBs as their second top cyber challenge after zero-day threats, while for organizations of over 500 employees, it ranks only seventh."
https://www.infosecurity-magazine.com/news/skills-shortages-toptwo-security/
Analyzing The Latest APWG Phishing Activity Trends Report: Key Findings And Insights
"In the second quarter of 2024, 877,536 phishing attacks were reported, a marked decrease from the 963,994 attacks reported in the first quarter of the same year. However, this might not be a reason to celebrate just yet, as this reduction might be due to the fact that email providers have made it increasingly difficult for users to report phishing attempts. Complaints and testing reveal that certain prominent email providers are blocking users' attempts to forward emails they suspect might be phishing attempts. This could skew the results, as the true phishing activity may be higher than the figures show, highlighting the need for better and more accessible reporting mechanisms."
https://www.tripwire.com/state-of-security/analyzing-latest-apwg-phishing-activity-trends-report-key-findings-and-insights
https://docs.apwg.org/reports/apwg_trends_report_q2_2024.pdf
Why Your Identity Is The Key To Modernizing Cybersecurity
"In today's digital world, threats are around every corner. The technology behind attacks is increasingly sophisticated. Actors include criminal organizations seeking big payouts and nation-states conducting espionage and looking for opportunities to create chaos. At the same time, the world continues to transform rapidly around us. With artificial intelligence (AI), we're about to go through the biggest business transformation since the widespread adoption of the Internet, and the bad guys are also exploring how they can use AI for harm."
https://www.darkreading.com/vulnerabilities-threats/why-identity-key-modernizing-cybersecurity
China Again Claims Volt Typhoon Hack Gang Was Invented By The US To Discredit It
"Chinese authorities have published another set of allegations that assert the Volt Typhoon threat actor is an invention of the US and its allies, and not a crew run by Beijing. Published on Monday in five languages, a document titled "Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies" largely revisits the content of a similar document published in July."
https://www.theregister.com/2024/10/15/china_volt_typhoon_false_flag/

อ้างอิง
Electronic Transactions Development Agency(ETDA)