NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 November 2024

    Cyber Security News
    1
    1
    377
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Researcher Discloses 36 Vulnerabilities Found In IBM Security Verify Access
        "Security researcher Pierre Barre has drawn attention to three dozen vulnerabilities in IBM Security Verify Access (ISVA), including ones that could have allowed attackers to compromise the entire authentication infrastructure based on the authorization and network security policy management solution. An attacker looking to exploit these issues would need to mount a man-in-the-middle (MiTM) attack or gain access to the internal network of an organization using IBM’s ISVA appliances and Docker images."
        https://www.securityweek.com/researcher-discloses-32-vulnerabilities-found-in-ibm-security-verify-access/
        https://pierrekim.github.io/blog/2024-11-01-ibm-security-verify-access-32-vulnerabilities.html
      • Chinese Air Fryers May Be Spying On Consumers, Which? Warns
        "A consumer rights group has warned UK shoppers to research their next electronics purchases carefully, after finding evidence of “excessive smart device surveillance” from Chinese air fryers and other products. Which? claimed that smart air fryers from Xiaomi, Cosori and Aigostar all wanted to know customers’ precise locations, as well as permission to record audio on the user’s phone. The Xiaomi app linked to the smart device also connected to ad trackers from Facebook, TikTok’s Pangle ad network and Tencent, depending on the location of said user, the report claimed."
        https://www.infosecurity-magazine.com/news/chinese-air-fryers-spying/

      Malware

      • ToxicPanda: a New Banking Trojan From Asia Hit Europe And LATAM
        "In late October 2024, Cleafy’s Threat Intelligence team observed a significant spike in a new Android malware sample initially classified as TgToxic. However, further analysis revealed that while it shares some bot command similarities with the TgToxic family, the code diverges considerably from its original source. Many capabilities characteristic of TgToxic are notably absent, and some commands appear as placeholders without real implementation. Based on these findings, we started tracking this family as ToxicPanda."
        https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
        https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html
        https://www.darkreading.com/application-security/android-botnet-toxicpanda-bashes-banks-europe-latin-america
        https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html
        https://www.infosecurity-magazine.com/news/toxicpanda-malware-banking-android/
      • Cybercriminals Are Stealing Cookies To Bypass Multifactor Authentication
        "The FBI Atlanta Division is warning the public that cybercriminals are gaining access to email accounts by stealing cookies from a victim’s computer. A “cookie” is a small piece of data that a website sends to your computer, allowing the website to remember information about your session, such as login details, preferences, or items in your shopping cart. “Remember-Me cookies” are tied specifically to a user’s login and often last for 30 days before expiring. This type of cookie helps a user login without having to keep putting in their username, password, or their multifactor authentication (MFA)."
        https://www.fbi.gov/contact-us/field-offices/atlanta/news/cybercriminals-are-stealing-cookies-to-bypass-multifactor-authentication
        https://www.malwarebytes.com/blog/news/2024/11/warning-hackers-could-take-over-your-email-account-by-stealing-cookies-even-if-you-have-mfa
      • FBI Seeks Public Help To Identify Chinese Hackers Behind Global Cyber Intrusions
        "The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed to exfiltrate sensitive data from firewalls worldwide," the agency said. "The FBI is seeking information regarding the identities of the individuals responsible for these cyber intrusions.""
        https://thehackernews.com/2024/11/fbi-seeks-public-help-to-identify.html
        https://www.fbi.gov/wanted/seeking-info/edge-device-intrusions
      • ClickFix Tactic: Revenge Of Detection
        "In May 2024, a new social engineering tactic called ClickFix emerged, featuring a ClearFake cluster that the Sekoia Threat Detection & Research (TDR) team closely monitored and analysed in a private report. This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems. The previous blog post ClickFix tactic: The Phantom Meet outlines the ClickFix cluster, which leverages fake video conferencing pages (such as Google Meet or Zoom) to distribute infostealers. A private report released shortly after, describes a larger cluster that uses fake CAPTCHAs pages for the same purpose."
        https://blog.sekoia.io/clickfix-tactic-revenge-of-detection/
        https://www.infosecurity-magazine.com/news/clickfix-fake-errors-malicious-code/

      Breaches/Hacks/Leaks

      • Hackers Claimed The FREE S.A.S. Data Had Been Sold. One Now Claims That Wasn’t True.
        "On October 26, FREE S.A.S., a major ISP in France, confirmed that it had been hacked after a threat actor calling himself “drussellx” listed customer data up for auction on a popular hacking forum. Drussellx claimed to have acquired the information of 19.2 million subscribers on October 17, 2024. The breach “affects all FREE Mobile and Freebox customers, and includes the IBANs of all 5.11 million Freebox subscribers,” drussellx wrote."
        https://databreaches.net/2024/11/05/hackers-claimed-the-free-s-a-s-data-had-been-sold-one-now-claims-that-wasnt-true/
      • Georgia Hospital Unable To Access Record System After Ransomware Attack
        "A ransomware attack on a prominent hospital in southwest Georgia knocked out access to the electronic health record system. Memorial Hospital and Manor in the town of Bainbridge posted an urgent message on Sunday warning patients that the hospital’s IT team had discovered a ransomware attack the morning before when employees found notifications from the virus protection software."
        https://therecord.media/georgia-hospital-records-ransomware-attack
      • Chinese Group Accused Of Hacking Singtel In Telecom Attacks
        "Singtel, Singapore’s largest mobile carrier, was breached by Chinese state-sponsored hackers this summer as part of a broader campaign against telecommunications companies and other critical infrastructure operators around the world, according to two people familiar with the matter. The previously undisclosed breach was discovered in June, and investigators believe it was pulled off by a hacking group known as Volt Typhoon, according to the two people, who asked not to be identified to discuss a confidential investigation."
        https://www.straitstimes.com/business/chinese-group-accused-of-hacking-singtel-in-telecom-attacks
        https://www.channelnewsasia.com/singapore/singtel-malware-chinese-hacking-group-volt-typhoon-4724931
        https://www.itnews.com.au/news/china-state-linked-group-accused-of-hacking-singtel-612857

      General News

      • SOC Around The Clock: World Tour Survey Findings
        "Cybercriminals have more tools than ever to disrupt business operations, steal data for ransom, and manipulate employees into exposing sensitive information. Generative AI (GenAI) is taking those capabilities to new levels by enhancing phishing attacks and enabling audio and video deepfakes. Security professionals are also facing new pressures from chief executives and corporate boards who increasingly understand the legal, financial, and reputational risks cyber threats pose to businesses."
        https://www.trendmicro.com/en_us/research/24/k/world-tour-survey-results.html
        https://www.trendmicro.com/explore/the-defenders-survey-report
        https://resources.trendmicro.com/rs/945-CXD-062/images/EBK00_World_Tour_Survey_240910US_WEB.pdf
      • Automatically Detecting DNS Hijacking In Passive DNS
        "In this article, we explain our process of detecting domain name service (DNS) hijacking and provide some notable examples of this detection from the first half of 2024. DNS hijacking allows cybercriminals to modify DNS records of domain names and redirect users to malicious servers. Threat actors compromise domains for a variety of different types of attacks, including meddler in the middle (MitM) attacks, drive-by downloads, phishing and scams. Hijackers use a victim domain's reputation to direct victims into malicious campaigns, independent of the expectations of its original visitors. For example, to hijack domains criminals can steal domain owners' credentials at registrars or DNS service providers or alternatively infiltrate these services."
        https://unit42.paloaltonetworks.com/detect-dns-hijacking-passive-dns/
      • Open-Source Software: A First Attempt At Organization After CRA
        "The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized by creating representative bodies capable of giving an organic response to issues such as those raised at the European level by the Cyber Resilience Act."
        https://www.helpnetsecurity.com/2024/11/05/open-source-cra/
      • Maximizing Security Visibility On a Budget
        "In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also discusses how AI and machine learning can help organizations stay proactive as the attack surface continues to grow."
        https://www.helpnetsecurity.com/2024/11/05/barry-mainz-forescout-security-visibility/
      • AI Learning Mechanisms May Lead To Increase In Codebase Leaks
        "The proliferation of non-human identities and the complexity of modern application architectures have created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian and CyberArk. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across the US, UK, Germany, and France, the report reveals a significant rise in awareness and concern regarding the risks associated with secrets sprawl."
        https://www.helpnetsecurity.com/2024/11/05/organizations-secrets-management-concerns/
      • Canadian Suspect Arrested Over Snowflake Data Breach And Extortion Attacks
        "Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year. The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media. The exact nature of the charges against Moucka is currently not known."
        https://thehackernews.com/2024/11/canadian-suspect-arrested-over.html
        https://www.bleepingcomputer.com/news/security/suspect-behind-snowflake-data-theft-attacks-arrested-in-canada/
        https://therecord.media/alleged-snowflake-hacker-detained-in-canada
        https://www.darkreading.com/cyberattacks-data-breaches/canadian-authorities-arrest-snowflake-data-thief
        https://securityaffairs.com/170587/cyber-crime/canadian-authorities-arrested-snowflake-hacker.html
        https://www.bankinfosecurity.com/canadian-cops-bust-suspected-hacker-tied-to-snowflake-hits-a-26728
        https://cyberscoop.com/snowflake-breach-suspected-arrested-connor-moucka-waifu/
        https://hackread.com/canada-arrests-hacker-linked-snowflake-data-breaches/
        https://www.securityweek.com/suspected-snowflake-hacker-arrested-in-canada/
      • INTERPOL Cyber Operation Takes Down 22,000 Malicious IP Addresses
        "A global INTERPOL operation has taken down more than 22,000 malicious IP addresses or servers linked to cyber threats. Operation Synergia II (1 April - 31 August 2024) specifically targeted phishing, ransomware and information stealers and was a joint effort from INTERPOL, private sector partners and law enforcement agencies from 95 INTERPOL member countries. Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59 servers were seized. Additionally, 43 electronic devices, including laptops, mobile phones and hard disks were seized. The operation led to the arrest of 41 individuals, with 65 others still under investigation."
        https://www.interpol.int/News-and-Events/News/2024/INTERPOL-cyber-operation-takes-down-22-000-malicious-IP-addresses
        https://www.bleepingcomputer.com/news/security/interpol-disrupts-cybercrime-activity-on-22-000-ip-addresses-arrests-41/
        https://therecord.media/interpol-operation-arrests-takedowns
      • Oh, The Humanity! How To Make Humans Part Of Cybersecurity Design
        "Many security teams view their nonsecurity coworkers as the potential weak point in any cybersecurity plan, so they bring in technology to mitigate their inevitable poor choices. The viewpoint is understandable: The "human element" contributed to 68% of breaches in 2023 and 74% of breaches in 2022, according to Verizon's "Data Breach Investigations Report.""
        https://www.darkreading.com/cybersecurity-operations/how-to-make-humans-part-of-cybersecurity-design
      • How To Win At Cyber By Influencing People
        "Knowing you would like to implement zero trust and actually implementing it are two different things. That's at least in part because zero trust is not a single solution one can install and walk away from. Rather, it's an approach to IT and security that emphasizes validating every connection, whether it's user to app, app to app, or process to process. The advantages are clear though: a reduced attack surface; lateral movement across a network by attackers is prevented; and each and every access to any corporate resource is granted on a per-request basis."
        https://www.darkreading.com/vulnerabilities-threats/how-win-cyber-influencing-people
      • Skills Shortage Directly Tied To Financial Loss In Data Breaches
        "The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year. And that’s expensive. This skills deficit adds an average of $1.76 million in additional breach costs."
        https://securityintelligence.com/articles/skills-shortage-directly-tied-to-financial-loss-in-data-breaches/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 00fba52f-fb88-48e8-9092-eb03427ace87-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post