NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 October 2024

    Cyber Security News
    1
    1
    381
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • US Healthcare At Risk: Strengthening Resiliency Against Ransomware Attacks
        "The healthcare sector faces a rapidly increasing range of cybersecurity threats, with ransomware attacks emerging as one of the most significant. A combination of valuable patient data, interconnected medical devices, and small IT/cybersecurity operations staff, which spreads resources thin, can make healthcare organizations prime targets for threat actors. As healthcare operations become increasingly digitized—ranging from electronic health records (EHR) to telemedicine platforms and networked medical devices—the attack surface of hospitals grows more complex, further heightening their vulnerability to attacks."
        https://www.microsoft.com/en-us/security/security-insider/emerging-threats/US-healthcare-at-risk-strengthening-resiliency-against-ransomware-attacks#Chapter-One-article
        https://www.darkreading.com/cyberattacks-data-breaches/microsoft-healthcare-300-percent-surge-ransomware-attacks
        https://www.theregister.com/2024/10/24/ransomware_ripple_effect_hospitals/

      Industrial Sector

      • IniNet Solutions SpiderControl SCADA PC HMI Editor
        "Successful exploitation of this vulnerability could allow an attacker to gain remote control of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-02
      • VIMESA VHF/FM Transmitter Blue Plus
        "Successful exploitation of this vulnerability could allow an attacker to perform a Denial-of-Service."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-01
      • Deep Sea Electronics DSE855
        "Successful exploitation of this vulnerability could allow an attacker to access stored credentials."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-298-03

      Vulnerabilities

      • Cisco Event Response: October 2024 Cisco ASA, FMC, And FTD Software Security Advisory Bundled Publication
        "Cisco released its semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication on October 23, 2024. The October 23, 2024, release of the Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication includes 35 Cisco Security Advisories that describe 51 vulnerabilities in Cisco ASA, FMC, and FTD. Cisco has released software updates that address these vulnerabilities."
        https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300
        https://www.cisa.gov/news-events/alerts/2024/10/24/cisco-releases-security-bundle-cisco-asa-fmc-and-ftd-software
        https://www.darkreading.com/application-security/cisco-asa-ftd-software-active-vpn-exploitation
        https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html
        https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks/
        https://www.securityweek.com/cisco-patches-vulnerability-exploited-in-large-scale-brute-force-campaign/
        https://securityaffairs.com/170203/breaking-news/cisco-fixed-tens-of-vulnerabilities-including-actively-exploited-one.html
        https://www.theregister.com/2024/10/24/cisco_bug_brute_force/
      • Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
        "In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in various industries. The vulnerability, CVE-2024-47575 / FG-IR-24-423, allows a threat actor to use an unauthorized, threat actor-controlled FortiManager device to execute arbitrary code or commands against vulnerable FortiManager devices."
        https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575?e=48754805
        https://www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/
        https://www.darkreading.com/vulnerabilities-threats/critical-bug-exploited-fortinet-management-console
        https://www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/
        https://www.bankinfosecurity.com/hackers-probing-newly-disclosed-fortinet-zero-day-a-26624
        https://cyberscoop.com/fortinet-fortimanager-mandiant-unc5820-alert/
        https://securityaffairs.com/170189/hacking/fortijump-flaw-exploited-since-june-2024.html
      • Samsung Galaxy S24 And Sonos Era Hacked On Pwn2Own Ireland Day 2
        "On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. Pwn2Own is a hacking contest where security researchers compete to exploit software and mobile hardware devices to earn the coveted title of "Master of Pwn" and $1,000,000 in cash and prizes. On day 2 of Pwn2Own, the Viettel Cyber Security team maintained a strong lead in the race for the "Master of Pwn" title, with standout performances across several categories."
        https://www.bleepingcomputer.com/news/security/samsung-galaxy-s24-and-sonos-era-hacked-on-pwn2own-ireland-day-2/
        https://www.securityweek.com/samsung-galaxy-s24-hacked-at-pwn2own-ireland-2024/
        https://securityaffairs.com/170221/hacking/pwn2own-ireland-2024-day-two.html
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability
        CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Hacking EV Charging Stations Via The Charging Cable
        "EV charging infrastructure is becoming more and more prevalent in our society. To manage aspects such as configuration, payment and power management, public charging stations are almost always connected to the internet. While this connectivity facilitates the management and configuration of charging stations, it also introduces cyber security risks. A large-scale cyber-attack on EV charging stations could even enable an attacker to destabilize the power grid and cause blackouts."
        https://medium.com/@wilcovanbeijnum/hacking-ev-charging-stations-via-the-charging-cable-51532fa310a6
        https://www.bankinfosecurity.com/electric-vehicle-charging-stations-at-risk-from-hack-attacks-a-26620
      • AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
        "In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services. The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover."
        https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/
        https://www.darkreading.com/threat-intelligence/aws-cdk-default-s3-bucket-naming-pattern-lets-adversaries-waltz-into-admin-access
        https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html
        https://www.theregister.com/2024/10/24/aws_cloud_development_kit_flaw/
      • Nvidia Patches High-Severity Flaws In Windows, Linux Graphics Drivers
        "Technology giant Nvidia has rolled out urgent security updates to fix at least 8 high-severity vulnerabilities in GPU drivers for Windows and Linux, and in its virtual GPU (vGPU) software. The company shipped updates for five security defects affecting Nvidia’s graphics drivers for Windows that allow an unprivileged user to cause an out-of-bounds read. Tracked as CVE‑2024‑0117 to CVE‑2024‑0121, these bugs could be exploited for code execution, escalation of privilege, denial-of-service, information disclosure, and data tampering, Nvidia said in an advisory."
        https://www.securityweek.com/nvidia-patches-high-severity-flaws-in-windows-linux-graphics-drivers/
        https://nvidia.custhelp.com/app/answers/detail/a_id/5586
      • Command Injection And Local File Inclusion In Grafana: CVE-2024-9264
        "The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data."
        https://blog.sonicwall.com/en-us/2024/10/command-injection-and-local-file-inclusion-in-grafana-cve-2024-9264/

      Malware

      • Understanding The Initial Stages Of Web Shell And VPN Threats: An MXDR Analysis
        "Today’s evolving cyberthreats demand constant vigilance from organizations. Take for example two notable cybersecurity incidents we’ve observed, using novel twists on well-known techniques: a web shell attack and a VPN compromise. By scrutinizing their logs in Vision One during our containment and subsequent analysis of the incidents, we could unravel how these threats originated and escalated as well as what their next moves could have been."
        https://www.trendmicro.com/en_us/research/24/j/understanding-the-initial-stages-of-web-shell-and-vpn-threats-an.html
      • New Qilin.B Ransomware Variant Boasts Enhanced Encryption And Defense Evasion
        "Researchers at anti-ransomware solutions provider Halcyon have documented a new version of the Qilin ransomware payload dubbed Qilin.B for tracking. According to the Power Rankings: Ransomware Malicious Quartile report, Qilin (aka Agenda) is a ransomware-as-a-service (RaaS) operation that emerged in July of 2022 that can target both Windows and Linux systems. ‍Qilin operations include data exfiltration for double extortion."
        https://www.halcyon.ai/blog/new-qilin-b-ransomware-variant-boasts-enhanced-encryption-and-defense-evasion
        https://www.bleepingcomputer.com/news/security/new-qilin-ransomware-encryptor-features-stronger-encryption-evasion/
        https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html
        https://cyberscoop.com/qilin-ransomware-new-variant-halcyon/

      Breaches/Hacks/Leaks

      • Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins
        "A hacker leaked the personal data of 180,000 Esport North Africa users just before the tournament. While no financial details were exposed, users are advised to change passwords and stay alert for phishing attacks. The hacker, known as “Shooked,” leaked the personal details of over 180,000 Esport North Africa (ESNA) users just one day before the tournament is set to begin in Morocco. The 3 GB data dump, which Shooked claims is the “full database,” was released on Breach Forums on the morning of Wednesday, October 23, 2024. The ESNA tournament is scheduled to start on Thursday, October 24th."
        https://hackread.com/hackers-leak-esport-north-africa-user-record-before-tournament/
      • Insurance Admin Landmark Says Data Breach Impacts 800,000 People
        "Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack. Landmark Admin is a third-party administrator for insurance companies, offering back-office services like new business processing and claims administration for large insurance carriers. Some insurance carriers working with Landmark Admin include American Monumental Life Insurance Company, Pellerin Life Insurance Company, American Benefit Life Insurance Company, Liberty Bankers Life Insurance Company, Continental Mutual Insurance Company, and Capitol Life Insurance Company."
        https://www.bleepingcomputer.com/news/security/insurance-admin-landmark-says-data-breach-impacts-800-000-people/
        https://therecord.media/landmark-admin-data-breach-insurance-industry
      • Henry Schein Discloses Data Breach a Year After Ransomware Attack
        "Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022. On October 15, the company disclosed that it was forced to take some systems offline to contain a cyberattack that impacted manufacturing and distribution operations."
        https://www.bleepingcomputer.com/news/security/henry-schein-discloses-data-breach-a-year-after-ransomware-attack/
      • Over 115,000 United Nations Documents Associated To Gender Equality Exposed Online
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained 115,000 records associated with the UN Trust Fund to End Violence against Women — aimed at preventing and addressing violence against women and girls by providing financial and technical support to local, national, and regional organizations working to eliminate gender-based violence and promote women's rights."
        https://www.vpnmentor.com/news/report-unwomen-breach/
        https://hackread.com/misconfigured-un-database-gender-violence-victims-data/

      General News

      • What’s More Important When Hiring For Cybersecurity Roles?
        "When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not always the best option unless you have the time, money, and patience. One of these factors usually has a priority over the other."
        https://www.helpnetsecurity.com/2024/10/24/skills-certifications/
      • Enhancing National Security: The Four Pillars Of The National Framework For Action
        "In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat the exploitation of technology and social media by threat actors. Cohen argues that a coordinated, whole-of-society approach is essential to empower communities and counter integrated threats to national security."
        https://www.helpnetsecurity.com/2024/10/24/john-cohen-center-for-internet-security-national-framework-for-action/
      • AI And Deepfakes Fuel Phishing Scams, Making Detection Harder
        "AI impersonation is now the hardest vector for cybersecurity professionals to protect companies against, according to Teleport. The study, which surveyed 250 senior US and UK decision-makers, shows that social engineering remains one of the top tactics cybercriminals use to install malware and steal sensitive data, with the advancement of AI and deepfakes further fueling the effectiveness of phishing scams."
        https://www.helpnetsecurity.com/2024/10/24/ai-impersonation-cyberattack-vector/
      • CISA, US, And International Partners Release Joint Guidance To Assist Software Manufacturers With Safe Software Deployment Processes
        "Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of the software development lifecycle (SDLC)."
        https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-us-and-international-partners-release-joint-guidance-assist-software-manufacturers-safe
        https://www.cisa.gov/resources-tools/resources/safe-software-deployment-how-software-manufacturers-can-ensure-reliability-customers
      • Talos IR Trends Q3 2024: Identity-Based Operations Loom Large
        "Threat actors are increasingly conducting identity-based attacks across a range of operations that are proving highly effective, with credential theft being the main goal in a quarter of incident response engagements. These attacks were primarily facilitated by living-off-the-land binaries (LoLBins), open-source applications, command line utilities, and common infostealers, highlighting the relative ease at which these operations can be carried out. In addition to outright credential harvesting, we also saw password spraying and brute force attacks, adversary-in-the-middle (AitM) operations, and insider threats, underscoring the variety of ways in which actors are compromising users' identities."
        https://blog.talosintelligence.com/incident-response-trends-q3-2024/
      • Why Cybersecurity Acumen Matters In The C-Suite
        "With the mounting, competitive pressure to leverage generative artificial intelligence (GenAI), now is the time for CEOs to better understand the technology themselves. Cybersecurity deserves this same level of attention — and so does the discrepancy between C-level enthusiasm and skill level. Leveraging AI tools, cybercriminals and their attacks have become more sophisticated, and with this technology comes a swath of security concerns when used in a company environment."
        https://www.darkreading.com/vulnerabilities-threats/why-cybersecurity-acumen-matters-c-suite
      • 3 Proven Use Cases For AI In Preventative Cybersecurity
        "IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million. Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance."
        https://securityintelligence.com/articles/3-proven-use-cases-for-ai-preventative-cybersecurity/
      • New Scoring System Helps Secure The Open Source AI Model Supply Chain
        "Artificial intelligence models from Hugging Face can contain similar hidden problems to open source software downloads from repositories such as GitHub. Endor Labs has long been focused on securing the software supply chain. Until now, this has largely focused on open source software (OSS). Now the firm sees a new software supply threat with similar issues and problems to OSS – the open source AI models hosted on and available from Hugging Face."
        https://www.securityweek.com/new-scoring-system-helps-secure-the-open-source-ai-model-supply-chain/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) d1f095e4-f720-4db3-b1d4-a36e05daf48a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post