NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 October 2024

    Cyber Security News
    1
    1
    489
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Aranya: Open-Source Toolkit To Accelerate Secure By Design Concepts
        "SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a turning point in defending against AI-driven attacks like malware, ransomware, command injection, and spoofing. By shifting security measures from traditional centralized solutions and network controls to being integrated directly into technology manufacturers’ applications and devices, it helps end-user organizations reduce costs, simplify security management, and minimize their exposure to threats."
        https://www.helpnetsecurity.com/2024/10/21/aranya-open-source-toolkit-secure-by-design/
        https://github.com/aranya-project/aranya

      Vulnerabilities

      • Fortinet Releases Patches For Undisclosed Critical FortiManager Vulnerability
        "In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. The company, which is known for pushing out fixes for critical vulnerabilities before disclosing their existence to the public, has privately notified select customers a week ago and shared temporary mitigation advice."
        https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
      • VMware Struggles To Fix Flaw Exploited At Chinese Hacking Contest
        "VMware appears to be having trouble patching a nasty code execution flaw in its vCenter Server platform. For the second time in as many months, the virtualization tech vendor pushed a patch to cover a remote code execution vulnerability first documented — and exploited — at a Chinese hacking contest earlier this year. “VMware by Broadcom has determined that the vCenter patches released on September 17, 2024 did not fully address CVE-2024-38812,” the company said in an updated advisory on Monday. No additional details were provided."
        https://www.securityweek.com/vmware-struggles-to-fix-flaw-exploited-at-chinese-hacking-contest/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog
      • Atlassian Patches Vulnerabilities In Bitbucket, Confluence, Jira
        "Atlassian has announced security updates that resolve six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management products. The Bitbucket Data Center and Server updates resolve CVE-2024-21147, a high-severity flaw in the Java Runtime Environment (JRE) that could lead to unauthorized access to and tampering with critical data. Oracle released patches for this bug as part of its July 2024 CPU and Atlassian included the patches in Bitbucket Data Center and Server versions 9.2.1, 8.19.10, and 8.9.20."
        https://www.securityweek.com/atlassian-patches-vulnerabilities-in-bitbucket-confluence-jira/

      Malware

      • Over 6,000 WordPress Hacked To Install Plugins Pushing Infostealers
        "WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. Over the past couple of years, information-stealing malware has become a scourge to security defenders worldwide as stolen credentials are used to breach networks and steal data. Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware."
        https://www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/
      • New Bumblebee Loader Infection Chain Signals Possible Resurgence
        "Bumblebee is a highly sophisticated downloader malware cybercriminals use to gain access to corporate networks and deliver other payloads such as Cobalt Strike beacons and ransomware. The Google Threat Analysis Group first discovered the malware in March 2022 and named it Bumblebee based on a User-Agent string it used.The Netskope Threat Labs team discovered what seems to be a new infection chain leading to Bumblebee malware infection, and our findings corroborate those shared by other researchers."
        https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence
        https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-after-recent-law-enforcement-disruption/
        https://www.infosecurity-magazine.com/news/possible-bumblebee-resurgence/
      • Akira Ransomware Continues To Evolve
        "Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos’ findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version of their ransomware encryptor earlier in the year, we just recently observed another novel iteration of the encryptor targeting Windows and Linux hosts alike. Previously, Akria typically employed a double-extortion tactic in which critical data is exfiltrated prior to the compromised victim systems becoming encrypted. Beginning in early 2024, Akira appeared to be sidelining the encryption tactics, focusing on data exfiltration only. We assess with low to moderate confidence that this shift was due in part to the developers taking time to further retool their encryptor."
        https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/
      • New Anti-Bot Services On The Dark Web Help Phishing Pages Bypass Google’s Red Page
        "Novel anti-bot services are being advertised on the dark web, offering cybercriminals advanced tools to bypass Google’s protective ‘Red Page’ warnings in a concerning development for cybersecurity teams. These services represent the latest evolution in the ongoing cat-and-mouse game between cybercriminals and security measures. To learn more about combating phishing attackers using anti-bot services, check out our SlashNext Complete page."
        https://slashnext.com/blog/anti-bot-service-bypass-google-red-page/
        https://www.darkreading.com/threat-intelligence/anti-bot-services-cybercrooks-bypass-google-red-page
      • DDoS Attacks Against Japan
        "In response to Japan's call for increased participation in US-led military alliances, two pro-Russian threat actors announced a coordinated DDoS attack campaign targeting Japanese organizations on October 14, 2024 (Figure 1). The attacks mainly focused on the logistics & manufacturing sectors, as well as governmental and political organizations. Multiple non-spoofed direct-path DDoS attack vectors were utilized, primarily originating from well-known nuisance networks [4], as well as cloud provider and VPN networks [3]. At the time of this publication, the attack campaign is ongoing, and the hacktivists continue to push new targets to their DDoSia botnet."
        https://www.netscout.com/blog/asert/ddos-attacks-against-japan
        https://www.darkreading.com/cyberattacks-data-breaches/russia-linked-hackers-attack-japan-govt-ports
      • Stealer Here, Stealer There, Stealers Everywhere!
        "Information stealers, which are used to collect credentials to then sell them on the dark web or use in subsequent cyberattacks, are actively distributed by cybercriminals. Some of them are available through a monthly subscription model, thus attracting novice cybercriminals. According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked by information stealers in 2023. That said, the real number of the attacked devices may be even higher, as not all stealer operators publish all their logs immediately after stealing data."
        https://securelist.com/kral-amos-vidar-acr-stealers/114237/
      • The Silent Game: Sophisticated Threat Actors Targeting Gambling Industry
        "During 2024, Security Joes' Incident Response Team assisted in handling an incident involving an experienced threat actor with a distinct set of tactics, techniques, and procedures (TTPs) aimed at taking over the entire network infrastructure of a company within the gambling and gaming industry, while maintaining persistence and stealth. The multi-stage attack lasted nearly nine months, during which the attackers executed several actions, including but not limited to DCSync attacks, rogue Kerberos requests (Kerberoasting), impersonation using Silver Tickets, phantom DLL hijacking, LSASS memory extraction, and execution of malicious code using the LOLBIN wmic.exe."
        https://www.securityjoes.com/post/the-silent-game-sophisticated-threat-actors-targeting-gambling-industry
        https://thehackernews.com/2024/10/chinese-nation-state-hackers-apt41-hit.html
      • Cyprus' Critical Infrastructure Targeted By Coordinated Cyberattacks Linked To Pro-Palestine Groups
        "Cyprus’ critical infrastructure and government websites were targeted in a series of coordinated cyberattacks claimed by several pro-Palestine hacker groups. The country’s cyber officials reported that most of the attacks were unsuccessful, causing only temporary disruptions to targeted facilities, including banks, airports and government websites. The first warnings about a potential cyber operation against Cyprus emerged last week, following statements on Telegram and dark web forums from groups such as LulzSec Black, Moroccan Soldiers, Black Maskers Army and Anonymous Syria. The groups claimed they would compromise Cypriot agencies to “punish” the country for its support of Israel."
        https://therecord.media/cyprus-critical-infrastructure-cyberattack-israel-palestine
      • ‘Unprecedented' Interference Targets Moldova's Elections
        "Moldova’s parliamentary email servers were hit by a cyberattack last week, just ahead of the country’s presidential election and a referendum on joining the European Union. In a statement to local media, the parliament’s spokesperson said some of the agency’s information was compromised by an unidentified threat actor last Thursday but provided no further details."
        https://therecord.media/unprecedented-interference-moldova-elections-cyberattack
      • Attackers Target Exposed Docker Remote API Servers With Perfctl Malware
        "Recent cyberattacks have leveraged unprotected Docker Remote API servers to deploy malicious code. Attacks targeting the Docker Remote API server are structured, starting with probing for the server's presence and ending with the actual execution of payloads. We will conduct a detailed analysis of the attack flow, describing how attackers exploit vulnerable Docker Remote API servers. By looking over recent incidents, we will emphasize the importance of securing the Docker Remote API server and the potential consequences of this exploitation."
        https://www.trendmicro.com/en_us/research/24/j/attackers-target-exposed-docker-remote-api-servers-with-perfctl-.html
      • Report: China’s Spamouflage Disinformation Campaign Testing Techniques On Sen. Marco Rubio
        "The covert Chinese information operation known as Spamouflage has renewed its long-running disinformation campaign against Republican Senator Marco Rubio of Florida, according to researchers at Clemson University’s Media Forensics Lab. In a report written by Clemson University professors Darren Linvill and Patrick Warren, obtained by the Click Here podcast and Recorded Future News, the researchers found that in mid-September Spamouflage seemed to be targeting Rubio’s official X account to test a roster of new tactics, some not previously observed. In 2022, the group had flooded the senator’s social media accounts with posts during his re-election bid."
        https://therecord.media/china-spamouflage-operation-testing-techniques-marco-rubio
        https://open.clemson.edu/cgi/viewcontent.cgi?article=1007&context=mfh_reports
        https://www.theregister.com/2024/10/21/china_spamouflage_trolls_marc_rubio/

      Breaches/Hacks/Leaks

      • Hacker Advertises “Top Secret US Space Force (USSF) Military Technology Archive”
        "A hacker using the alias “TAINTU” is offering what they claim to be 1.45 TB of “top secret USSF military technology archives” for sale, priced at $15,000 in Bitcoin (BTC) or Monero (XMR) cryptocurrency. The acronym USSF stands for the United States Space Force, the space operations branch of the U.S. Armed Forces. The USSF is responsible for organizing, training, and equipping military personnel for space-related operations."
        https://hackread.com/hacker-advertise-secret-us-space-force-military-tech-archive/
      • Crypto Payment Services Firm Says More Than 92,000 Affected By Data Breach
        "A recent data breach at the crypto payment processor Transak exposed the information of more than 92,000 people after an employee's laptop was accessed. The company said on Sunday that “no financially sensitive or critical information was compromised” but admitted that names, birthdays, passports, driver’s license information and user selfies were leaked in the breach. In a statement, the Miami-based company said the incident only affected about 1% of its user base. A “sophisticated phishing attack” granted the attacker access to an unnamed know-your-customer vendor Transak uses for document scanning and verification."
        https://therecord.media/crypto-payment-services-data-breach
      • Spate Of Ransomware Attacks On German-Speaking Schools Hits Another In Switzerland
        "The growing menace of cyberattacks impacting German-speaking educational institutions in Europe has hit a vocational school in Switzerland whose specialisms include nursing and construction. The Vocational Training Center, or Berufsbildungszentrum (BBZ), in the canton of Schaffhausen became the victim of a ransomware attack earlier this month, the canton’s department of education announced on Monday."
        https://therecord.media/ransomware-attack-german-speaking-school-switzerland-bbz-schaffhausen

      General News

      • Building Secure AI With MLSecOps
        "In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that are both safe and trustworthy."
        https://www.helpnetsecurity.com/2024/10/21/ian-swanson-protect-ai-secure-ai/
      • Should The CISOs Role Be Split Into Two Functions?
        "84% of CISOs believe the role needs to be split into two functions – one technical and one business-focused, to maximize security and organizational resilience, according to Trellix. The research reveals insights from over 500 CISOs worldwide on cybersecurity regulation, the CISO role, and their interactions and challenges when reporting to their organization’s board."
        https://www.helpnetsecurity.com/2024/10/21/cisos-growing-responsibilities/
      • State Of Cloud Security
        "Securely configuring the potentially thousands of cloud identities, workloads, and other resources needed to support the high pace of modern software development is difficult—but also critical to prevent attackers from breaching these systems, where security gaps too often go unnoticed. For this report, we analyzed security posture data from a sample of thousands of organizations that use AWS, Azure, or Google Cloud. In particular, we focused on understanding how organizations approach and mitigate common risks that frequently lead to documented public cloud security incidents. (A detailed methodology is available in the annex.)"
        https://www.datadoghq.com/state-of-cloud-security/
        https://www.darkreading.com/cloud-security/unmanaged-cloud-credentials-risk-half-orgs
        https://www.infosecurity-magazine.com/news/orgs-long-lived-cloud-credentials/
      • Why I'm Excited About The Future Of Application Security
        "In my years managing security in complex environments, I've seen how threats and defenses evolve, but application security has proven a very tough nut to crack. What excites me today is the significant progress we're making in closing long-standing gaps in AppSec, and I would argue that application detection and response (ADR) is leading the charge."
        https://www.darkreading.com/application-security/excited-future-application-security

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c3418074-e92f-4354-b9e6-74ac3b028597-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post