NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 02 December 2024

    Cyber Security News
    1
    1
    71
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Zabbix Urges Upgrades After Critical SQL Injection Bug Disclosure
        "Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise. Tracked as CVE-2024-42327, the SQL injection bug scored a near-perfect 9.9 when assessed using the Common Vulnerability Scoring System (CVSSv3) and can be exploited by users with API access. The project's description of the vulnerability explained: "A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability."
        https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/
        https://support.zabbix.com/browse/ZBX-25623
      • Microsoft Fixes AI, Cloud, And ERP Security Flaws; One Exploited In Active Attacks
        "Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com. "An improper access control vulnerability in partner.microsoft[.]com allows an unauthenticated attacker to elevate privileges over a network," the tech giant said in an advisory released this week."
        https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html
      • Windows Server 2012 Mark Of The Web Vulnerability (0day) - And Free Micropatches For It
        "Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a security check otherwise enforced by Mark of the Web on certain types of files. Our analysis revealed this vulnerability was introduced to Windows Server 2012 over two years ago, and remained undetected - or at least unfixed - until today. It is even present on fully updated servers with Extended Security Updates. We reported this issue to Microsoft, and, as usual, issued micropatches for it that will remain free until Microsoft has provided an official fix."
        https://blog.0patch.com/2024/11/windows-server-2012-mark-of-web.html
        https://www.bleepingcomputer.com/news/security/new-windows-server-2012-zero-day-gets-free-unofficial-patches/

      Malware

      • Rockstar 2FA: A Driving Force In Phishing-As-a-Service (PaaS)
        "Trustwave SpiderLabs has been actively monitoring the rise of Phishing-as-a-Service (PaaS) platforms, which are increasingly popular among threat actors. In our previous blog, we explored the appeal of these platforms and discussed various major phishing kits today. In this two-part blog, we'll focus on a phishing kit named ‘Rockstar 2FA’ that is linked to widespread adversary-in-the-middle (AiTM) phishing attacks. This article also provides a walkthrough of Rockstar 2FA’s attack flow with examples from the email campaign."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas/
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-phishing-as-a-service-paas-noteworthy-email-campaigns/
        https://www.bleepingcomputer.com/news/security/new-rockstar-2fa-phishing-service-targets-microsoft-365-accounts/
        https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html
        https://securityaffairs.com/171532/cyber-crime/rockstar-2fa-phaas.html
      • Ransomware Roundup - Interlock
        "FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants."
        https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock
      • Shady Bets: How To Protect Yourself From Gambling Fraud Online
        "Scammers are becoming increasingly sophisticated in using fake betting game ads to target unsuspecting users across social media platforms. The Group-IB CERT Team has identified more than 500 deceptive ads and over 1,377 malicious websites designed to trick users into downloading fraudulent applications that promise users easy money in a matter of seconds. Despite their appealing claims, these ads are designed to steal personal data and money from users."
        https://www.group-ib.com/blog/shady-bets/
        https://hackread.com/fake-betting-apps-ai-generated-voices-steal-data/
      • Printer Problems? Beware The Bogus Help
        "Anyone who has ever used a printer likely has had a frustrating experience at some point. There always seems to be some kind of issue with the software not responding, paper getting jammed or one of many other possible failures. When people need help, they often turn to Google (and now AI) to look for an answer. This is where scammers come in, preying on unsuspecting and irate users ready to throw their printer out the window."
        https://www.malwarebytes.com/blog/scams/2024/11/printer-problems-beware-the-bogus-help

      Breaches/Hacks/Leaks

      • Bologna FC Confirms Data Breach After RansomHub Ransomware Attack
        "Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. The Italian football team warns not to download or disseminate any of the stolen data, claiming it is a "serious criminal offense." "Bologna FC 1909 S.p.a. would like to communicate that a ransomware cyber attack recently targeted its internal security systems," reads the short statement."
        https://www.bleepingcomputer.com/news/security/bologna-fc-confirms-data-breach-after-ransomhub-ransomware-attack/
        https://therecord.media/italian-football-club-blogna-fc-ransomware
        https://www.theregister.com/2024/11/30/bologna_fc_ransomhub/
      • INC Ransom Claims Cyber-Attack On UK Children's Hospital
        "An infamous ransomware group has claimed to have compromised sensitive data from a children’s hospital in Liverpool, UK. On November 28, INC Ransom posted on its data leak site that it has obtained large-scale data patient records, donor reports and procurement data for 2018-2024 from Alder Hey Children’s NHS Foundation Trust."
        https://www.infosecurity-magazine.com/news/inc-ransom-cyberattack-uk-children/
        https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital/
      • Uganda Confirms Cyberattack On Central Bank But Minimizes Extent Of Breach
        "Ugandan officials confirmed on Thursday that the country’s central bank system was hacked by financially-motivated cybercriminals . The statement from Uganda’s Minister of State for Finance, Henry Musasizi, followed several media reports claiming that a Southeast Asian hacker group breached the Bank of Uganda’s accounts and stole as much as $17 million."
        https://therecord.media/uganda-cyberattack-central-bank
        https://securityaffairs.com/171562/security/financially-motivated-threat-actors-hacked-ugandas-central-bank.html

      General News

      • Russia Arrests Cybercriminal Wazawaka For Ties With Ransomware Gangs
        "Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. While the prosecutor's office has yet to release any details on the individual's identity (described as a "programmer" in court documents), the individual is Matveev, according to an anonymous source of the Russian state-owned news agency RIA Novosti."
        https://www.bleepingcomputer.com/news/security/russia-arrests-cybercriminal-wazawaka-for-ties-with-ransomware-gangs/
        https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html
        https://securityaffairs.com/171541/cyber-crime/mikhail-pavlovich-matveev-arrested-in-russia.html
        https://hackread.com/fbi-wanted-hacker-ransomware-attacks-arrested-russia/
      • Ransomware Gangs Seek Pen Testers To Boost Quality
        "Businesses are not the only organizations looking for skilled cybersecurity professionals; cybercriminals are also advertising for individuals capable of creating dark AI models and penetration-testing products — that is, ransomware — to reduce the chance of defenders finding ways to circumvent the scheme. In advertisements on Telegram chats and forums — such as the Russian Anonymous Marketplace, or RAMP — ransomware affiliate groups and initial access providers are seeking cybersecurity professionals to help find and close holes in their malware and other attack tools, security firm Cato Networks stated in its "Q3 SASE Threat Report.""
        https://www.darkreading.com/threat-intelligence/ransomware-gangs-seek-pen-testers-boost-professionalism
      • The Effect Of Compliance Requirements On Vulnerability Management Strategies
        "In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes."
        https://www.helpnetsecurity.com/2024/11/29/steve-carter-nucleus-security-vulnerability-management-challenges/
      • AI-Based Tools Designed For Criminal Activity Are In High Demand
        "Multiple regional conflicts, such as Russia’s continued invasion of Ukraine and the Israel-Hamas conflict, have resulted in a surge in cyberattacks and hacktivist activities, according to Trellix. The research examines an increasingly complex ransomware ecosystem where groups have adopted advanced tools with embedded AI to spread ransomware."
        https://www.helpnetsecurity.com/2024/11/29/ai-tools-ransomware/
      • UK Justice System Failing Cybercrime Victims, Cyber Helpline Finds
        "UK cybercrime victims are being failed by the justice system, with perpetrators hardly ever facing charges and convictions, according to a report by The Cyber Helpline, a charity supporting individuals impacted by cybercrime and other online harms. The analysis The Funnel of Justice, found that victims of cybercrime in England and Wales are seven-times less likely to see the perpetrators charged or summonsed compared to victims of offline crimes. Additionally, 98% of cyber enabled crimes result in no further action from the police or justice system."
        https://www.infosecurity-magazine.com/news/uk-justice-cybercrime-victims/
      • IT Threat Evolution Q3 2024
        "In May 2024, we discovered a new APT targeting Russian government organizations. CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures. The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens. CloudSorcerer also employs GitHub as its initial C2 server. CloudSorcerer functions as separate modules – for communication and data collection – depending on the process it’s running, but executes from a single executable. It leverages Microsoft COM object interfaces to perform its malicious operations."
        https://securelist.com/malware-report-q3-2024/114678/
        https://securelist.com/malware-report-q3-2024-non-mobile-statistics/114695/
        https://securelist.com/malware-report-q3-2024-mobile-statistics/114692/
      • Bulgarians Plead Guilty To Spying For Russia Using ‘advanced Technology’
        "Two Bulgarian nationals have pleaded guilty in the United Kingdom to being part of a spy ring run by a Russian agent in the U.K. The defendants used hundreds of devices, including drones, jammers and hidden bugs to target individuals and locations of interest to Moscow, prosecutors told a London jury on Thursday. The two suspects — Orlin Roussev, 46, and Bizer Dzhambazov, 43 — admitted in court to conducting surveillance across Europe over a three-year period starting in 2020. Three other alleged accomplices — Katrin Ivanova, 33, Vanya Gaberova, 30, and Tihomir Ivanchev, 39 — denied the allegations. Their trial is expected to continue until February."
        https://therecord.media/bulgarians-plead-guilty-uk-spying-russia
      • Scams To Look Out For This Holiday Season
        "As the mercury starts to dip and the Halloween decorations are cleared away, it can mean only one thing: the countdown to Christmas has begun. But the festive season – or Golden Quarter if you’re a retailer – is not just a boon for online stores. It’s also a time of plenty for digital thieves and con artists. To make sure you’re not their next victim, it pays to understand what holiday season scams look like, and how best to stay safe."
        https://www.welivesecurity.com/en/scams/scams-look-out-for-holiday-season/
      • Why Simulating Phishing Attacks Is The Best Way To Train Employees
        "Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms of social engineering. The FBI’s Internet Crime Complaint Center (IC3) identifies phishing as the most commonly reported type of cybercrime, with around 300,000 incidents in 2023 alone resulting in financial losses exceeding $18.23 million."
        https://hackread.com/why-simulating-phishing-attacks-best-train-employees/
      • How Threat Actors Can Use Generative Artificial Intelligence?
        "Generative Artificial Intelligence (GAI) is rapidly revolutionizing various industries, including cybersecurity, allowing the creation of realistic and personalized content. The capabilities that make Generative Artificial Intelligence a powerful tool for progress also make it a significant threat in the cyber domain. The use of GAI by malicious actors is becoming increasingly common, enabling them to conduct a wide range of cyberattacks. From generating deepfakes to enhancing phishing campaigns, GAI is evolving into a tool for large-scale cyber offenses"
        https://securityaffairs.com/171582/uncategorized/how-threat-actors-can-use-generative-artificial-intelligence.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5f5f6bc5-9544-4058-8022-504c9c643981-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post