NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 28 November 2024

    Cyber Security News
    1
    1
    330
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • QScanner: Linux Command-Line Utility For Scanning Container Images, Conducting SCA
        "QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible with diverse container orchestration systems, container runtimes, and operating systems."
        https://www.helpnetsecurity.com/2024/11/27/qscanner-linux-scanning-container-images/

      Vulnerabilities

      • ProjectSend CVE-2024-11680 Exploited In The Wild
        "ProjectSend is an open-source file-sharing web application. The project is moderately popular, with almost 1,500 GitHub stars and more than 4,000 instances indexed by Censys. Although the CVE for this vulnerability was only published today (November 26), the patch has been publicly available for over a year (May 16, 2023). Since the patch release, multiple exploits have been published by Synactiv, Project Discovery (Nuclei), and Rapid7 (Metasploit). The lack of a CVE is an oversight that stands out, particularly given Rapid7’s status as a CNA (CVE Numbering Authority) with Researcher and Open Source scope."
        https://vulncheck.com/blog/projectsend-exploited-itw
        https://www.bleepingcomputer.com/news/security/hackers-exploit-projectsend-flaw-to-backdoor-exposed-servers/
        https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html
        https://www.securityweek.com/projectsend-vulnerability-exploited-in-the-wild/

      Malware

      • Gaming Engines: An Undetected Playground For Malware Loaders
        "Cybercriminals constantly try to evolve their tactics and techniques, aiming to increase infections. Their need to stay undetected pushes them to innovate and discover new methods of delivering and executing malicious code, which can result in credentials theft and even ransomware encryption. Check Point Research discovered a new undetected technique that uses Godot Gaming Engine to execute malicious GDScript code."
        https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/
        https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/
        https://www.helpnetsecurity.com/2024/11/27/godot-engine-malware-loader-godloader/
      • Bootkitty: Analyzing The First UEFI Bootkit For Linux
        "Over the past few years, the UEFI threat landscape, particularly that of UEFI bootkits, has evolved significantly. It all started with the first UEFI bootkit proof of concept (PoC) described by Andrea Allievi in 2012, which served as a demonstration of deploying bootkits on modern UEFI-based Windows systems, and was followed with many other PoCs (EfiGuard, Boot Backdoor, UEFI-bootkit). It took several years until the first two real UEFI bootkits were discovered in the wild (ESPecter, 2021 ESET; FinSpy bootkit, 2021 Kaspersky), and it took two more years until the infamous BlackLotus – the first UEFI bootkit capable of bypassing UEFI Secure Boot on up-to-date systems – appeared (2023, ESET)."
        https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/
        https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/
        https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html
        https://www.helpnetsecurity.com/2024/11/27/linux-uefi-bootkit-bootkitty/
        https://www.infosecurity-magazine.com/news/bootkit-bootkitty-targets-linux/
        https://www.securityweek.com/eset-flags-prototype-uefi-bootkit-targeting-linux/
        https://securityaffairs.com/171479/malware/bootkitty-uefi-bootkit-linux.html
        https://www.theregister.com/2024/11/27/firstever_uefi_bootkit_for_linux/
      • Credit Card Skimmer Malware Targeting Magento Checkout Pages
        "Magento websites are a frequent target for cybercriminals due to their widespread usage in eCommerce and the valuable customer data they handle. During a routine investigation, we discovered a malicious JavaScript injection targeting Magento websites. This malware dynamically creates a fake credit card form or extracts payment fields directly depending on the variant of the malware, activating only on checkout pages. The stolen data is then encrypted and exfiltrated to a remote server."
        https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
        https://www.darkreading.com/application-security/sneaky-skimmer-malware-magento-sites-black-friday
      • "Operation Undercut" Shows Multifaceted Nature Of SDA’s Influence Operations
        "Operation Undercut is a covert influence operation conducted by Russia’s Social Design Agency (SDA) to sway public opinion against Ukraine and weaken Western support. Leveraging AI-enhanced videos and impersonating reputable news sources, Operation Undercut disseminates disinformation targeting audiences across the US, Ukraine, and Europe. This operation, running in tandem with other campaigns like Doppelgänger, is designed to discredit Ukraine’s leadership, question the effectiveness of Western aid, and stir socio-political tensions. The campaign also seeks to shape narratives around the 2024 US elections and geopolitical conflicts, such as the Israel-Gaza situation, to deepen divisions."
        https://www.recordedfuture.com/research/operation-undercut-shows-multifaceted-nature-sdas-influence-operations
        https://go.recordedfuture.com/hubfs/reports/TA-RU-2024-1126.pdf
        https://www.darkreading.com/cybersecurity-operations/operation-undercut-russia-malign-influence-campaigns
      • APT-C-60 Hackers Exploit StatCounter And Bitbucket In SpyGlace Malware Campaign
        "The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, an email purporting to be from a prospective employee was sent to the organization's recruiting contact, infecting the contact with malware," the agency said."
        https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html
        https://blogs.jpcert.or.jp/ja/2024/11/APT-C-60.html
        https://www.infosecurity-magazine.com/news/aptc60-targets-japan-using-trusted/
      • Latest Multi-Stage Attack Scenarios With Real-World Examples
        "Multi-stage cyber attacks, characterized by their complex execution chains, are designed to avoid detection and trick victims into a false sense of security. Knowing how they operate is the first step to building a solid defense strategy against them. Let's examine real-world examples of some of the most common multi-stage attack scenarios that are active right now."
        https://thehackernews.com/2024/11/latest-multi-stage-attack-scenarios.html

      Breaches/Hacks/Leaks

      • Zello Asks Users To Reset Passwords After Security Incident
        "Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. Zello is a mobile service with 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app. Over the past two weeks, numerous people have received security notices from Zello on November 15th asking them to reset their app password."
        https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/
      • Chinese Hackers Breached T-Mobile's Routers To Scope Out Network
        "T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network. However, the company says its engineers blocked the threat actors before they could spread further on the network and access customer information. Also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286, this Chinese state-sponsored threat group has been active since at least 2019 and typically focuses on breaching government entities and telecommunications companies in Southeast Asia."
        https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-t-mobiles-routers-to-scope-out-network/
        https://www.t-mobile.com/news/un-carrier/update-cyberattacks-targeting-us-wireless-companies
        https://therecord.media/tmobile-salt-typhoon-hacking-china
        https://www.bankinfosecurity.com/t-mobile-disputes-claims-chinese-hack-on-customer-data-a-26927
        https://www.theregister.com/2024/11/27/tmobile_cyberattack_victory_lap/
      • Hoboken Closes City Hall, Local Courts After Pre-Thanksgiving Ransomware Attack
        "The city of Hoboken shut down its government offices on Wednesday after an early morning ransomware attack caused widespread issues. Officials published several messages on city websites and social media around 10 a.m. EST warning local residents that the attack will cause a range of outages and service shutdowns ahead of the Thanksgiving holiday. City Hall is shuttered Wednesday and “all online City services are suspended,” the government announced. Municipal court and street sweeping are cancelled as well, but all other parking enforcement is in effect."
        https://therecord.media/hoboken-closes-city-hall-ransomware
      • Data Broker Leaves 600K+ Sensitive Files Exposed Online
        "More than 600,000 sensitive files containing thousands of people's criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher. We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks."
        https://www.theregister.com/2024/11/27/600k_sensitive_files_exposed/

      General News

      • 2024 MSC Malware Trend Report
        "With the decrease in distribution of MS Office document-type malware, the distribution of malware in various formats such as LNK and CHM is on the rise. In the second quarter of this year, malware in the MSC (snap-ins/Management Saved Console) file format used in Microsoft Management Console (MMC) was identified. MSC files are in an XML-based format, and various tasks such as registering and executing script codes, command commands, or programs can be performed."
        https://asec.ahnlab.com/en/84799/
      • News Desk 2024: The Rise Of Cybersecurity Platforms
        "Omdia's survey of cybersecurity leaders demonstrated that they're currently in a conundrum — drowning in security products they want to pare down but instead having to add layers to cope with the exploding threat landscape. It's a challenge they are looking at cybersecurity platforms to solve, but it's going to take time."
        https://www.darkreading.com/cloud-security/rise-of-cybersecurity-platform-news-desk-black-hat-2024
        https://omdia.tech.informa.com/om122970/cybersecurity-decision-maker-survey-2024-overall-findings
      • Supply Chain Managers Underestimate Cybersecurity Risks In Warehouses
        "32% of warehouse respondents report that social engineering is one of the most-used entry points in warehouse cyberattacks – tied with software vulnerabilities (32%) and followed by devices (19%), according to Ivanti. As the backbone of the supply chain, a cyberattack on a warehouse can result in major consequences such as significant operational downtime, damage to a company’s reputation and financial losses."
        https://www.helpnetsecurity.com/2024/11/27/warehouses-cybersecurity-concern/
      • Consumer And Privacy Predictions For 2025
        "Part of the Kaspersky Security Bulletin, our predictions for 2024 identified key consumer cyberthreats and trends shaped by global events, technological advances and evolving user behavior. Last year, we suggested that charity-related scams would increase globally. While cybercriminals exploited humanitarian crises and charitable causes, taking advantage of both major conflicts and new donation methods, the anticipated boost could not be confirmed."
        https://securelist.com/ksb-consumer-and-privacy-predictions-2025/114620/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) e544d5f9-3f65-4a58-ad1f-e579f693d825-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post