NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 29 November 2024

    Cyber Security News
    1
    1
    262
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Over-The-Air Vulnerabilities Discovered In Advantech EKI Access Points
        "As industrial networks expand into wireless domains, new vulnerabilities are exposing critical infrastructure to potential cyber threats. With this evolution, safeguarding wireless devices within industrial settings has become essential. Since the launch of Guardian Air, Nozomi Networks has emphasized the need for stronger protections, particularly on wireless fronts."
        https://www.nozominetworks.com/blog/over-the-air-vulnerabilities-discovered-in-advantech-eki-access-points
        https://thehackernews.com/2024/11/over-two-dozen-flaws-identified-in.html
        https://www.infosecurity-magazine.com/news/critical-vulnerabilities/

      Vulnerabilities

      • Microsoft Patches Exploited Vulnerability In Partner Network Website
        "Microsoft informed customers on Tuesday that vulnerabilities affecting cloud, AI and other services have been patched, including a flaw that was exploited in attacks. The tech giant has patched vulnerabilities in Azure, Copilot Studio, and its Partner Network website — one security hole in each — but customers do not need to take any action. CVE identifiers and advisories have been published for transparency only. Microsoft published separate advisories for each vulnerability. They have all been described as privilege escalation issues that have a maximum severity rating of ‘critical’, but based on their CVSS score two of them have a ‘high severity’ rating and only one is actually ‘critical’."
        https://www.securityweek.com/microsoft-patches-exploited-vulnerability-in-partner-network-website/

      Malware

      • The Only Thing Worse Than Being Fired Is Scammers Fooling You Into Thinking You're Fired
        "A current phishing campaign scares recipients into believing they've been sacked, when in reality they've been hacked – and infected with infostealers and other malware that means a payday for the crooks behind the scam. The attack begins with an email that appears to be a legal notice informing recipients their employment has been terminated"
        https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/
      • Mimic Ransomware: What You Need To Know
        "Mimic is family of ransomware, first found in-the-wild in 2022. In common with many other ransomware attacks, Mimic encrypts a victim's files, and demands a ransom payment in cryptocurrency for the release of a decryption key."
        https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know
      • Dozens Of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining And Data Theft
        "Through our continuous monitoring of software supply chain threats, the Checkmarx Research team identified a supply chain attack that has remained active for over a year. The package, @0xengine/xmlrpc, began its life as a “legitimate” XML-RPC implementation in October 2023, but strategically transformed into a malicious tool in later versions and has remained active through November of 2024. This discovery serves as a stark reminder that a package’s longevity and consistent maintenance history do not guarantee its safety."
        https://checkmarx.com/blog/dozens-of-machines-infected-year-long-npm-supply-chain-attack-combines-crypto-mining-and-data-theft/
        https://thehackernews.com/2024/11/xmlrpc-npm-library-turns-malicious.html
      • Proxy Tools Detected By AhnLab EDR
        "After gaining control over infected systems, threat actors may also perform remote screen control using RDP. This is partly for convenience but can also serve the purpose of maintaining persistence. If the RDP service is not active during the attack process, threat actors may install RDP Wrappers, steal existing account credentials, or create new backdoor accounts."
        https://asec.ahnlab.com/en/84841/

      Breaches/Hacks/Leaks

      • Over 600,000 Records, Including Background Checks, Vehicle, And Property Records Exposed Online By An Information Service Provider
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained more than 600K records belonging to SL Data Services/Propertyrec — an information research provider that offers real estate ownership data and criminal records search information."
        https://www.websiteplanet.com/news/propertyrecs-breach-report/
        https://hackread.com/propertyrec-leak-exposes-background-check-records/
        https://www.malwarebytes.com/blog/news/2024/11/data-broker-exposes-600000-sensitive-files-including-background-checks

      General News

      • VPN Vulnerabilities, Weak Credentials Fuel Ransomware Attacks
        "Attackers leveraging virtual private network (VPN) vulnerabilities and weak passwords for initial access contributed to nearly 30% of ransomware attacks, according to Corvus Insurance. According to the Q3 report, many of these incidents were traced to outdated software or VPN accounts with inadequate protection."
        https://www.helpnetsecurity.com/2024/11/28/vpn-weak-credentials-ransomware-attacks/
      • Crypto Companies Are Losing Ground To Deepfake Attacks
        "The crypto sector stands out as the only surveyed industry where deepfake fraud surpasses traditional document fraud in prevalence, according to Regula. The study finds that 57% of crypto companies report audio deepfake incidents, compared to just 45% facing fake or modified document fraud."
        https://www.helpnetsecurity.com/2024/11/28/crypto-deepfake-fraud/
      • Smaller, Smarter, Safer | The Future For Small, Smart Things
        "As IoT devices proliferate and integrate deeply into our everyday lives, the demand for advanced, scalable security solutions across all organizations and industries has become critical. Traditional security approaches often struggle with IoT devices’ limited resources, which restrict their capacity to run comprehensive security controls. This challenge has paved the way for Embedded Machine Learning (Embedded ML), or TinyML, as a game-changing solution uniquely suited to address IoT’s security demands."
        https://blog.checkpoint.com/security/smaller-smarter-safer-the-future-for-small-smart-things/
      • APT Trends Report Q3 2024
        "Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about. This is our latest roundup, covering activity we
        Relevance: General, Trends and statistics
        https://securelist.com/apt-report-q3-2024/114623/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) affbf888-7cd8-4ea7-a388-643f21873407-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post