NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 09 December 2024

    Cyber Security News
    1
    1
    372
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Russian Hacktivists Increasingly Tamper With Energy And Water System Controls
        "Two Russian hacktivist groups are increasingly targeting critical infrastructure in the U.S. and elsewhere, and their attacks go well beyond the DDoS attacks and website defacements that hacktivist groups typically engage in. The groups – the People’s Cyber Army and Z-Pentest – have posted videos to their Telegram channels allegedly showing members tampering with operational technology controls (OT), most notably in the oil and gas and water system sectors."
        https://cyble.com/blog/russian-hacktivists-target-energy-and-water-infrastructure/

      Vulnerabilities

      • SonicWall Patches 6 Vulnerabilities In Secure Access Gateway
        "SonicWall this week announced patches for multiple vulnerabilities in the SMA100 SSL-VPN secure access gateway, including high-severity flaws leading to remote code execution (RCE). The most severe of these issues are two buffer overflow bugs affecting the web management interface and a library loaded by the Apache web server. Tracked as CVE-2024-45318 and CVE-2024-53703, (CVSS score of 8.1), the two issues allow remote attackers to cause stack-based buffer overflows, which could potentially lead to code execution."
        https://www.securityweek.com/sonicwall-patches-6-vulnerabilities-in-secure-access-gateway/
        https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0018
      • URL File NTLM Hash Disclosure Vulnerability (0day) - And Free Micropatches For It
        "Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to obtain user's NTLM credentials by simply having the user view a malicious file in Windows Explorer - e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker's web page."
        https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html
        https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/
        https://www.theregister.com/2024/12/06/opatch_zeroday_microsoft/
      • Machine Learning Bug Bonanza – Exploiting ML Clients And “Safe” Model Formats
        "In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive into the details of vulnerabilities we’ve disclosed, but this time in two other categories:"
        https://jfrog.com/blog/machine-learning-bug-bonanza-exploiting-ml-clients-and-safe-models/
        https://thehackernews.com/2024/12/researchers-uncover-flaws-in-popular.html

      Malware

      • Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)
        "AhnLab SEcurity intelligence Response Center (ASEC) has covered the attack cases targeting CVE-2023-46604 vulnerability in past blog posts. Systems without vulnerability patch are still being targeted, cases show that their intention is to mainly install CoinMiners. Recently, threat actors using Mauri ransomware have been found exploiting the Apache ActiveMQ vulnerability to attack Korean systems."
        https://asec.ahnlab.com/en/85000/
      • Ultralytics AI Model Hijacked To Infect Thousands With Cryptominer
        "The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) Ultralytics is a software development company specializing in computer vision and artificial intelligence (AI), specifically in object detection and image processing. It's best known for its "YOLO" (You Only Look Once) advanced object detection model, which can quickly and accurately detect and identify objects in video streams in real time."
        https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
        https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html
      • Meeten Malware: A Cross-Platform Threat To Crypto Wallets On MacOS And Windows
        "Cado Security Labs have identified a new sophisticated scam targeting people who work in Web3. The campaign includes crypto stealer Realst that has both macOS and Windows variants, and has been active for around four months. The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy. The company, which is currently going by the name “Meetio”, has cycled through various names over the past few months."
        https://www.cadosecurity.com/blog/meeten-malware-threat
        https://www.bleepingcomputer.com/news/security/crypto-stealing-malware-posing-as-a-meeting-app-targets-web3-pros/
        https://thehackernews.com/2024/12/hackers-using-fake-video-conferencing.html
        https://www.helpnetsecurity.com/2024/12/06/information-cryptocurrency-stealing-malware-windows-macos/
      • End-Of-Year PTO: Days Off And Data Exfiltration With Formbook
        "The holiday season is a time of joy and relaxation, but it often brings an influx of corporate emails ranging from leave approvals to scheduling paid time off. The Cofense Phishing Defense Center (PDC) has recently intercepted a malicious phishing email masquerading as a legitimate end-of-year leave approval notice. Disguised as a formal HR communication, this email leverages the urgency and importance of year-end leave scheduling in order to trick the recipients into clicking a malicious link. This enables the threat actor to steal sensitive information via FormBook malware."
        https://cofense.com/blog/end-of-year-pto-days-off-and-data-exfiltration-with-formbook
      • Pirated Corporate Software Infects Russian Businesses With Info-Stealing Malware
        "Russian businesses that use unlicensed corporate software have fallen victim to an ongoing information-stealing campaign, researchers have found. The cybercriminals behind the campaign, which began in January of this year, have been distributing the well-known info-stealer malware RedLine on local online forums frequented by business owners and accountants. They disguise it as a tool designed to bypass licensing requirements for business automation software."
        https://therecord.media/russia-businesses-pirated-corporate-software-redline-infostealer-malware
        https://securityaffairs.com/171771/cyber-crime/redline-info-stealer-campaign-targets-russian-businesses.html
      • Russian Users Report Gazprombank Outages Amid Alleged Ukrainian Cyberattack
        "Russian users have reported difficulties accessing services at Gazprombank, one of the country’s largest privately owned banks, following an alleged cyberattack by Ukraine’s military intelligence agency. Data from several website outage tracking services indicates that Gazprombank customers have complained about being unable to make transactions or pay bills through the bank’s app or website."
        https://therecord.media/gazprombank-outages-russia-ukraine-claims-cyberattack
      • Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations And Other Scams
        "Threat actors frequently exploit trending events like global sporting championships to launch attacks, including phishing and scams. Because of this, proactive monitoring of event-related domain abuse is crucial for cybersecurity teams. Our network abuse investigations regularly uncover suspicious domain registration campaigns, particularly those using event-specific keywords or phrases in newly registered domains. These campaigns often surge around notable events."
        https://unit42.paloaltonetworks.com/suspicious-domain-registration-campaigns/
      • Romania Cancels Presidential Election Results After Alleged Russian Meddling On TikTok
        "In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on democracy. "The electoral process for the election of the President of Romania will be resumed in its entirety, with the Government to establish a new date for the election of the President of Romania, as well as a new calendar program for the implementation of the necessary actions," the Constitutional Court of Romania said."
        https://thehackernews.com/2024/12/romania-cancels-presidential-election.html
        https://therecord.media/romania-annuls-presidential-election-over-interference
      • Is KillSec3 Trying To Extort Victims Using Publicly Leaked Data?
        "KillSec3 is a ransomware group, but is it really encrypting its victims these days? Recent data suggests that its affiliate(s) may be trying to extort victims using data that has already been publicly leaked."
        https://databreaches.net/2024/12/08/is-killsec3-trying-to-extort-victims-using-publicly-leaked-data/

      Breaches/Hacks/Leaks

      • Blue Yonder SaaS Giant Breached By Termite Ransomware Gang
        "The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. Blue Yonder (formerly JDA Software and operating as a Panasonic subsidiary) is an Arizona-based worldwide supply chain software provider for retailers, manufacturers, and logistics providers. Its list of over 3,000 customers includes other high-profile companies like Microsoft, Renault, Bayer, Tesco, Lenovo, DHL, 3M, Ace Hardware, Procter & Gamble, Carlsberg, Dole, Wallgreens, Western Digital, and 7-Eleven."
        https://www.bleepingcomputer.com/news/security/blue-yonder-saas-giant-breached-by-termite-ransomware-gang/
        https://therecord.media/blue-yonder-cyberattack-customer-systems-returning
      • Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client
        "Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week. However, despite the claims, a Deloitte spokesperson told Infosecurity that its investigation indicates that the allegations relate to a single client's system which sits outside of the Deloitte network. “No Deloitte systems have been impacted,” the spokesperson said."
        https://www.infosecurity-magazine.com/news/deloitte-denies-breach-claims/
      • Atrium Health Data Breach Impacts 585,000 People
        "Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals. The HHS website does not provide any information regarding the incident, but the notification is likely related to an issue involving online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019."
        https://www.securityweek.com/atrium-health-data-breach-impacts-585000-people/
        https://securityaffairs.com/171747/data-breach/atrium-health-disclosed-a-data-breach.html
      • 8Base Ransomware Group Hacked Croatia’s Port Of Rijeka
        "A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.), Croatia’s largest dry cargo concessionaire, provides maritime traffic services, port operations, and cargo storage. It also offers various economic services, including equipment maintenance, building upkeep, load securing, and quality control. The ransomware gang claims to have stolen sensitive data including accounting info and contracts."
        https://securityaffairs.com/171779/cyber-crime/8base-ransomware-croatias-port-of-rijeka.html
      • Anna Jaques Hospital Ransomware Breach Exposed Data Of 300K Patients
        "Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients. Anna Jaques is a not-for-profit community hospital in Massachusetts, recognized for delivering high-quality care and performing over 4,700 surgeries yearly."
        https://www.bleepingcomputer.com/news/security/anna-jaques-hospital-ransomware-breach-exposed-data-of-300k-patients/

      General News

      • Teenagers Leading New Wave Of Cybercrime
        "Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian. Today, the world of cyber hacking is not confined to grown ups nor is the fallout. According to the FBI, the average age of someone arrested for cybercrime is 19 vs. 37 for any crime. Many teens will have been recruited into the “business” by more sophisticated fraudsters, who reach them through online gaming, chat and social media."
        https://www.helpnetsecurity.com/2024/12/06/ai-cyber-incidents/
      • Building a Robust Security Posture With Limited Resources
        "In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by legacy systems, and build defenses for startups. Lindahl-Wise also highlights collaboration and strategic planning as essential for maintaining a strong security posture."
        https://www.helpnetsecurity.com/2024/12/06/gareth-lindahl-wise-ontinue-maintaining-security-posture/
      • Exploits And Vulnerabilities In Q3 2024
        "Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems. For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number of exploits for it will drop. As for Linux, this operating system has the Linux Kernel Runtime Guard (LKRG), implemented as a separate kernel module. Although the first version of LKRG was released back in 2018, it is undergoing constant refinement. And it is becoming more actively used in various Linux builds."
        https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
      • Dutch Counter-Ransomware Initiative Led To Global Takedowns
        "A counter-ransomware initiative supported by Dutch public and private sectors has contributed to ransomware disruptions globally, found an assessment from the University of Leiden. "Project Melissa" was launched in 2023 by Cybersafe Netherlands, the Dutch National Cyber Security Center, along with security companies with a focus on information sharing to facilitate disruption and criminal prosecution."
        https://www.bankinfosecurity.com/dutch-counter-ransomware-initiative-led-to-global-takedowns-a-26994
      • Why SOC Roles Need To Evolve To Attract a New Generation
        "When I began my career, the security operations center (SOC) analyst role seemed like an exciting entry point into a promising career. And for me, it was. However, the job is increasingly perceived as thankless and high-stress, filled with repetitive tasks, high stakes, and limited opportunities for professional growth. High turnover and talent shortages are common, so if businesses want to retain skilled analysts and appeal to the next generation of talent, the SOC role needs a serious rebrand."
        https://www.darkreading.com/cybersecurity-operations/soc-roles-evolve-attract-new-generation
      • Flashpoint Intelligence Forecast: The 2025 Threat Landscape
        "The threat landscape is evolving faster than ever, with cyber, physical, and geopolitical challenges converging in ways that demand new approaches to security. In 2025 organizations will be faced with an increasingly interconnected web of threats, from criminal groups exploiting new technologies along with more aggressive extortion tactics, to state-backed actors using cyber campaigns, physical sabotage, and influence operations aimed at destabilizing entire industries."
        https://flashpoint.io/blog/flashpoint-intelligence-forecast-2025-threat-landscape/
      • How Chinese Insiders Are Stealing Data Scooped Up By President Xi's National Surveillance System
        "Chinese tech company employees and government workers are siphoning off user data and selling it online - and even high-ranking Chinese Communist Party officials and FBI-wanted hackers' sensitive information is being peddled by the Middle Kingdom's thriving illegal data ecosystem."
        https://www.theregister.com/2024/12/08/chinese_insiders_stealing_data/
      • November 2024 Threat Trend Report On APT Attacks (South Korea)
        "AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during November 2024 as well as features of each type."
        https://asec.ahnlab.com/en/85024/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 55b949d2-4ecf-4fff-9678-fe3a782bb5b7-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post