NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 November 2024

    Cyber Security News
    1
    1
    419
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Microsoft Defender Weaknesses Found In Crypto Malware Analysis
        "SafetyDetectives’ Research Team has uncovered weaknesses in the Microsoft Defender antivirus during an examination of a malware-laced NFT game."
        https://www.safetydetectives.com/news/msdefender-malware-vulnerability/
        https://hackread.com/malware-bypasses-microsoft-defender-2fa-crypto/

      Malware

      • The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks For Covert Access
        "In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. The investigation began when an alert from a custom detection signature Volexity had deployed at a customer site (“Organization A”) indicated a threat actor had compromised a server on the customer’s network. While Volexity quickly investigated the threat activity, more questions were raised than answers due to a very motivated and skilled advanced persistent threat (APT) actor, who was using a novel attack vector Volexity had not previously encountered."
        https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
        https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
      • The Hidden Network
        "Between 2023 and 2024, our World Watch Cyber Threat Intelligence team issued over 35 advisories and updates concerning zero-day vulnerabilities exploited by Chinese threat actors. These account for 41% of all advisories with a high or very high threat level (equal to or above 4/5 based on our scoring scheme), representing a substantial portion of the critical threats potentially facing our customers. Whether aimed at directly compromising organizations for intelligence gathering or broadly infecting edge devices to build botnets or operational relay box (ORB) networks, the exploitation of vulnerabilities by Chinese state-linked threat actors underscores their considerable offensive capabilities."
        https://research.cert.orangecyberdefense.com/hidden-network/report.html
        https://www.darkreading.com/cyber-risk/private-firms-academia-china-cyber-offense-strategy
      • JarkaStealer In PyPI Repository
        "Our Global Research and Analysis Team (GReAT) experts have discovered two malicious packages in the Python Package Index (PyPI) – a popular third-party software repository for Python. According to the packages’ descriptions, they were libraries that allowed to work with popular LLMs (large language models). However, in fact, they imitated the declared functionality using the demo version of ChatGPT, and their main purpose was to install JarkaStealer malware. The packages were available for download for more than a year. Judging by the repository’s statistics, during this time they were downloaded more than 1700 times by users from more than 30 countries."
        https://www.kaspersky.com/blog/jarkastealer-in-pypi-packages/52640/
        https://thehackernews.com/2024/11/pypi-attack-chatgpt-claude.html
        https://www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer
      • Lateral Movement On MacOS: Unique And Popular Techniques And In-The-Wild Examples
        "In this article, we explore various lateral movement techniques for macOS, some of which are specific to macOS while others are shared by other operating systems. We’ll also provide real-world examples to illustrate these methods and discuss detection opportunities."
        https://unit42.paloaltonetworks.com/unique-popular-techniques-lateral-movement-macos/
      • Unveiling The Past And Present Of APT-K-47 Weapon: Asyncshell
        "Recently, in the course of daily APT tracking,the Knownsec 404 Advanced Threat Intelligence team discovered an attack campaign by the APT-K-47 organization using the topic of “Hajj”, and the attackers used a CHM file to execute a malicious payload in the same directory. The final payload is relatively simple, supporting only the cmd shell, and is implemented using asynchronous programming, which is very similar to the “Asynshell” that was used by the organization several times during Our team’s tracking cycle from 2023 to the first half of 2024. Based on our tracking observations, the previously captured Asynshell has been updated in several versions, and based on the logic and functionality of the code, we have reason to suspect that this sample is an upgraded version of Asynshell, which has the following characteristics compared to the previous ones:"
        https://medium.com/@knownsec404team/unveiling-the-past-and-present-of-apt-k-47-weapon-asyncshell-5a98f75c2d68
        https://thehackernews.com/2024/11/apt-k-47-uses-hajj-themed-lures-to.html
      • When Guardians Become Predators: How Malware Corrupts The Protectors
        "We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system."
        https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/
        https://www.bleepingcomputer.com/news/security/hackers-abuse-avast-anti-rootkit-driver-to-disable-defenses/
      • Microsoft Shares Latest Intelligence On North Korean And Chinese Threat Actors At CYBERWARCON
        "This year at CYBERWARCON, Microsoft Threat Intelligence analysts are sharing research and insights representing years of threat actor tracking, infrastructure monitoring and disruption, and attacker tooling. The talk DPRK – All grown up will cover how the Democratic People’s Republic of Korea (DPRK) has successfully built computer network exploitation capability over the past 10 years and how threat actors have enabled North Korea to steal billions of dollars in cryptocurrency as well as target organizations associated with satellites and weapons systems."
        https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/
        https://thehackernews.com/2024/11/google-exposes-glassbridge-pro-china.html
        https://thehackernews.com/2024/11/north-korean-hackers-steal-10m-with-ai.html

      Breaches/Hacks/Leaks

      • SafePay Ransomware Gang Claims Microlise Attack That Disrupted Prison Van Tracking
        "The new SafePay ransomware gang has claimed responsibility for the attack on UK telematics biz Microlise, giving the company less than 24 hours to pay its extortion demands before leaking data. SafePay claims to have stolen 1.2 TB. Microlise, which offers vehicle tracking services and more to the likes of DHL and Serco – both of which were confirmed as collateral damage in Microlise's incident – told The Register that some of its data was stolen earlier this month."
        https://www.theregister.com/2024/11/22/safepay_microlise/
      • Yakuza Victim Data Leaked In Japanese Agency Attack
        "Japan's web of ruthless Yakuza organized crime syndicates continues to operate, threatening the country's citizens with everything from extortion to gangland murders. Local agencies within communities are set up to help those who get involved with gangsters — but unfortunately, one of them has been hacked, potentially leading to physical safety consequences for the victims. The Kumamoto Prefecture Violence Prevention Movement Promotion Center said that 2,500 people who have used its counseling services (which aid with everything from evading extortion to disentangling romantically from Yakuza members) have been impacted by a data breach following a successful phishing effort."
        https://www.darkreading.com/cyberattacks-data-breaches/yakuza-victim-data-leaked-japanese-attack
      • Hackers Breach Andrew Tate’s Online University—obtain Chat Logs And Leak Data On 800,000 Users
        "An online course founded by far-right influencer Andrew Tate was breached by hackers, revealing the email addresses of roughly 325,000 users. The self-described online university, known as The Real World, offers users “advanced training and mentoring” for around $50 per month. Formerly known as Hustler’s University, the platform focuses on topics such as health and fitness, financial investment, and e-commerce businesses."
        https://www.dailydot.com/debug/andrew-tate-the-real-world-hack/
        https://www.theregister.com/2024/11/22/andrew_tate_raid/
        https://hackread.com/andrew-tate-university-breach-user-records-chats-leak/
      • Irish Researcher Finds 1.1 Million NHS Employee Records Were Leaked
        "A Dublin cybersecurity researcher, Aaron Costello, has found that 1.1 million NHS employee records were leaked online because of improper configuration settings in Microsoft Power Pages, a software platform used by over 250 million people a month to build websites. Mr Costello, who works with AppOmni, previously discovered a computer glitch meant the HSE’s Covid vaccination portal left the data of one million people vulnerable."
        https://www.breakingnews.ie/ireland/irish-researcher-finds-1-1-million-nhs-employee-records-were-leaked-1698047.html

      General News

      • The Limits Of AI-Based Deepfake Detection
        "In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications. He addresses the effectiveness and limitations of watermarking, AI-based detection, and the potential of emerging technologies in securing media authenticity. Colman also emphasizes the importance of public education, sector-specific AI implementation, and proactive research collaboration to counter rapidly advancing deepfake tactics."
        https://www.helpnetsecurity.com/2024/11/22/ben-colman-reality-defender-deepfakes-detection/
      • Five Ransomware Groups Responsible For 40% Of Cyber-Attacks In 2024
        "Five ransomware groups, including RansomHub and LockBit 3.0, accounted for 40% of all cyber-attacks in Q3 2024, highlighting the increasing complexity and competition within the ransomware ecosystem, according to research by Corvus Insurance. Overall, the Corvus’ Q3 2024 Cyber Threat Report, The Ransomware Ecosystem is Increasingly Distributed, noted that the ransomware threat level remained elevated. The insurance firm’s findings showed that Q3 saw 1257 victims posted to leak sites, marking a 0.7% rise from Q2’s total of 1248 victims."
        https://www.infosecurity-magazine.com/news/five-ransomware-groups-40-of/
      • Manufacturing Sector In The Crosshairs Of Advanced Email Attacks
        "Advanced email attacks, including phishing and business email compromise (BEC), are surging in the manufacturing sector as cybercriminals target an industry with a low tolerance for downtime. Phishing attacks in the sector have surged 83% in the past 12 months, with Generative AI technologies enabling threat actors create greater volumes of sophisticated email attacks. Mike Britton, CIO at Abnormal Security, told Infosecurity that the spike in phishing activity is partly due to generative AI tools ensuring these messages lack the characteristics most commonly associated with phishing emails, such as poor spelling and grammar."
        https://www.infosecurity-magazine.com/news/manufacturing-advanced-email/
      • Exploring CISA’s 2023 Top Routinely Exploited Vulnerabilities
        "The CISA top routinely exploited vulnerabilities report is always a good read. While it's pretty late in the year, it offers a unique opportunity to reflect on the previous year’s exploitation trends and understand which vulnerabilities posed the greatest threats in 2023 to government organizations. Each year, the report sparks questions about why certain vulnerabilities made the list and what makes them particularly significant. This year, we decided to explore the vulnerabilities that top CISA's list using VulnCheck Intelligence to better understand the impact and threats associated with these vulnerabilities and the detection coverage VulnCheck provides defenders."
        https://vulncheck.com/blog/cisa-top-exploited-2024
        https://www.securityweek.com/400000-systems-potentially-exposed-to-2023s-most-exploited-flaws/
      • Outsmarting Holiday Scams: Tips For Navigating AI-Enhanced Fraud
        "It’s that time of year again— the holiday season is approaching, and unfortunately, so are holiday scams. Last year, The FBI Internet Crime Complaint Center (IC3) reported that nearly 12,000 victims fell prey to holiday scams, which resulted in losses exceeding $73 million. In this blog post, we will explore some common themes and phishing tactics that are used to target people during this festive season to help you and your employees stay protected from cybercrime as the year draws to a close."
        https://www.proofpoint.com/us/blog/security-awareness-training/avoiding-fraud-over-the-holidays
      • Going Beyond Secure By Demand
        "In late June 2017, maritime giant A.P. Møller – Maersk was hit with a devastating software infection that affected "close to a fifth of the world's shipping capacity." As it turned out, the attack was not targeted at Maersk, but spun out of a regional "hot war" between Ukraine and Russia that saw a malware strain named "NotPetya" delivered to customers of a Ukrainian software company, with clients in the Ukraine and the rest of the world. The attack cost the global economy a whopping $10 billion in damages — the world's most costly cyber event to date."
        https://www.darkreading.com/vulnerabilities-threats/going-beyond-secure-by-demand
      • UK Drinking Water Supplies Disrupted By Record Number Of Undisclosed Cyber Incidents
        "A record number of cyber incidents impacted Britain’s critical drinking water supplies this year without being publicly disclosed, according to information obtained by Recorded Future News. The exact nature of these incidents is unclear, and they may include operational failures as well as attacks. Under British cybersecurity laws — known as the NIS Regulations — critical infrastructure companies are required to report “significant incidents” to the government within three days or face a fine of up to £17 million ($21 million)."
        https://therecord.media/uk-drinking-water-infrastructure-cyber-incident-reports
      • Black Friday Spam Report 2024: 3 In 4 Spam Emails Are Scams, Bitdefender Antispam Lab Warns
        "Researchers at Bitdefender’s Antispam Lab team have been monitoring Black Friday-themed spam since October, and cybercriminals have wasted no time trying to capitalize on the frenzy. From phishing emails impersonating trusted brands to sophisticated malware campaigns, the holiday season has proven fertile ground for all kinds of fraudulent and malicious activity. This article aims to educate and protect consumers by raising awareness about cybercriminal activities, including scams, phishing campaigns, and fraudulent schemes. These activities also harm legitimate companies, as scammers exploit their credibility and reputation to deceive consumers."
        https://www.bitdefender.com/en-us/blog/hotforsecurity/black-friday-spam-report-2024
        https://www.infosecurity-magazine.com/news/black-friday-spam-emails-scams/
      • Bangkok Busts SMS Blaster Sending 1 Million Scam Texts From a Van
        "The Thailand police located a van and arrested its driver for using an SMS blaster device to spam over 100,000 SMS phishing texts an hour to people living in Bangkok. The device, which reportedly had a range of approximately three kilometers (10,000 feet), could send out messages at a rate of 100,000 every hour. Over three days, the scammers sent almost one million SMS text messages to mobile devices in range that stated, "Your 9,268 points are about to expire! Hurry up and redeem your gift now.""
        https://www.bleepingcomputer.com/news/security/bangkok-busts-sms-blaster-sending-1-million-scam-texts-from-a-van/
        https://www.khaosodenglish.com/news/2024/11/18/chinese-cybercrime-bust-in-thailand-over-700-million-calls-using-fake-02-numbers/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c05f2886-e4ff-4ff6-b3d2-82382e033867-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post