NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 December 2024

    Cyber Security News
    1
    1
    264
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • ICS Patch Tuesday: Security Advisories Released By Siemens, Schneider, CISA, Others
        "The December 2024 ICS Patch Tuesday brings advisories from the cybersecurity agency CISA, as well as several major industrial automation companies. Schneider Electric published three new advisories this Patch Tuesday. One advisory describes a critical flaw in Modicon controllers that can allow an unauthenticated attacker to cause disruption to operations. Another advisory describes a high-severity issue in Harmony and Pro-face HMI products, which could “cause complete control of the device when an authenticated user installs malicious code into the HMI product”."
        https://www.securityweek.com/ics-patch-tuesday-security-advisories-released-by-siemens-schneider-cisa-others/

      Vulnerabilities

      • Unauthorized Plugin Installation/Activation In Hunk Companion
        "This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross‑Site Scripting (XSS), or even the creation of administrative backdoors. By leveraging these outdated or unmaintained plugins, attackers can bypass security measures, manipulate database records, execute malicious scripts, and gain unauthorized administrative access to the site."
        https://wpscan.com/blog/unauthorized-plugin-installation-activation-in-hunk-companion/
        https://www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
      • Apple Pushes Major iOS, MacOS Security Updates
        "It’s Patch Wednesday in Cupertino. Apple’s security response team pushed out major security updates to fix security flaws across the iOS and macOS ecosystems, warning of risks of data leakage, sandbox escapes and code execution attacks. The company called immediate attention to its iOS 18.2 and macOS Sequoia 15.2 patches, warning of flaws in the kernel, WebKit, AppleMobileFileIntegrity, Passwords and ImageIO components."
        https://www.securityweek.com/apple-pushes-major-ios-macos-security-updates/
      • Atlassian, Splunk Patch High-Severity Vulnerabilities
        "Atlassian and Splunk on Tuesday announced patches for more than two dozen vulnerabilities across their product portfolios, including multiple high-severity flaws in third-party components. Atlassian released fixes for 10 high-severity vulnerabilities in Bamboo Data Center and Server, Bitbucket Data Center and Server, and Confluence Data Center and Server, all rated high-severity and affecting third-party dependencies."
        https://www.securityweek.com/atlassian-splunk-patch-high-severity-vulnerabilities/
      • Oasis Security Research Team Discovers Microsoft Azure MFA Bypass
        "Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching."
        https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
        https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html
        https://www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour
        https://hackread.com/authquake-flaw-mfa-bypass-azure-office-365-accounts/
        https://www.infosecurity-magazine.com/news/microsoft-azure-mfa-flaw-access/

      Malware

      • The Stealthy Stalker: Remcos RAT
        "In Q3 2024, McAfee Labs identified a sharp rise in the Remcos RAT threat. It has emerged as a significant threat in the world of cybersecurity, gaining traction with its ability to infiltrate systems and compromise sensitive data. This malware, often delivered through phishing emails and malicious attachments, allows cybercriminals to remotely control infected machines, making it a powerful tool for espionage, data theft, and system manipulation. As cyberattacks become more sophisticated, understanding the mechanisms behind RemcosRAT and adopting effective security measures are crucial to protecting your systems from this growing threat. This blog presents a technical analysis of two RemcosRAT variants"
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-stealthy-stalker-remcos-rat/

      • Cybercriminals Impersonate Dubai Police To Defraud Consumers In The UAE - Smishing Triad In Action
        "Resecurity has identified a wide-scale fraudulent campaign targeting consumers in the UAE by impersonating law enforcement. Victims are asked to pay non-existent fines online (traffic tickets, parking violations, driving license renewals) following multiple phone calls made on behalf of Dubai Police officers. This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Dubai Police have warned against calls from scammers asking for financial details, reminding residents that official institutions will never request this information over the phone."
        https://www.resecurity.com/blog/article/cybercriminals-impersonate-dubai-police-to-defraud-consumers-in-the-uae-smishing-triad-in-action
        https://www.infosecurity-magazine.com/news/scam-uae-residents-fake-police/

      • Lookout Discovers New Chinese Surveillance Tool Used By Public Security Bureaus
        "Researchers at the Lookout Threat Lab have discovered a surveillance family, dubbed EagleMsgSpy, used by law enforcement in China to collect extensive information from mobile devices. Lookout has acquired several variants of the Android-targeted tool; internal documents obtained from open directories on attacker infrastructure also allude to the existence of an iOS component that has not yet been uncovered."
        https://www.lookout.com/threat-intelligence/article/eaglemsgspy-chinese-android-surveillanceware
        https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html
        https://www.bleepingcomputer.com/news/security/new-eaglemsgspy-android-spyware-used-by-chinese-police-researchers-say/
        https://therecord.media/chinese-provincial-security-teams-use-spyware-collect-texts-location

      • Frequent Freeloader Part II: Russian Actor Secret Blizzard Using Tools Of Other Groups To Attack Ukraine
        "After co-opting the tools and infrastructure of another nation-state threat actor to facilitate espionage activities, as detailed in our last blog, Russian nation-state actor Secret Blizzard used those tools and infrastructure to compromise targets in Ukraine. Microsoft Threat Intelligence has observed that these campaigns consistently led to the download of Secret Blizzard’s custom malware, with the Tavdig backdoor creating the foothold to install their KazuarV2 backdoor."
        https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
        https://www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/
        https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html
        https://cyberscoop.com/turla-leverage-cybercriminal-tools-target-ukraine-microsoft/
        https://www.infosecurity-magazine.com/news/secret-blizzard-ukrainian-military/

      • Trust Hijacked: The Subtle Art Of Phishing Through Familiar Facades
        "Explore the advanced tactics employed in recent email phishing campaigns targeting employees from over 30 companies across 12 industries and 15 jurisdictions. This blog unveils sophisticated techniques used to outsmart Secure Email Gateways (SEGs) and exploit trusted platforms, creating highly convincing schemes to deceive victims and steal their credentials."
        https://www.group-ib.com/blog/trust-hijacked/
        https://hackread.com/ongoing-phishing-campaign-targets-employees/

      • Teaching An Old Framework New Tricks: The Dangers Of Windows UI Automation
        "Those of us who write for a living love dictation and grammar-checking software. Those of us who do security research for a living like to break stuff and write about it. So, after months of seeing ads for these writing assistants, we decided to tinker around and see what we could find. Specifically, we wanted to understand how an application can manipulate another application’s user interface (UI) remotely. What we discovered was just as shocking as learning that people still run XP: It is processed by a very old framework called the UI Automation framework."
        https://www.akamai.com/blog/security-research/2024-december-windows-ui-automation-attack-technique-evades-edr
        https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html

      • Inside Zloader’s Latest Trick: DNS Tunneling
        "Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular Trojan based on the leaked Zeus source code that emerged in 2015. The malware was originally designed to facilitate banking fraud via Automated Clearing House (ACH) and wire transfers. However, similar to other malware families like Qakbot and Trickbot, Zloader has been repurposed for initial access, providing an entry point into corporate environments for the deployment of ransomware."
        https://www.zscaler.com/blogs/security-research/inside-zloader-s-latest-trick-dns-tunneling
        https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

      • Likely China-Based Attackers Target High-Profile Organizations In Southeast Asia
        "Threat actors using tools linked to China-based APT groups have targeted multiple high-profile organizations in Southeast Asia, including government ministries in two different countries, an air traffic control organization, a telecoms company, and a media outlet. The attacks, which have been underway since at least October 2023, appear to have intelligence gathering as their main goal. The attackers use a variety of both open-source and living-off-the-land tools in their operations."
        https://www.security.com/threat-intelligence/china-southeast-asia-espionage
        https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html

      • Head Mare Group Intensifies Attacks On Russia With PhantomCore Backdoor
        "On 2nd September 2024, Kaspersky released a blog about the Head Mare group, which first emerged in 2023. Head Mare is a hacktivist group targeting organizations in Russia and Belarus with the goal of causing maximum damage rather than financial gain. They use up-to-date tactics, such as exploiting the CVE-2023-38831 vulnerability in WinRAR, to gain initial access and deliver malicious payloads. The group maintains a public presence on X, where they disclose information about their victims."
        https://cyble.com/blog/head-mare-deploys-phantomcore-against-russia/

      • Breaches/Hacks/Leaks

      • Lynx Ransomware Behind Electrica Energy Supplier Cyberattack
        "The Romanian National Cybersecurity Directorate (DNSC) says the Lynx ransomware gang breached Electrica Group, one of the largest electricity suppliers in the country. Electrica became an independent company in 2000 after it was established as a division of the National Electricity Company (CONEL) in 1998. Since 2014, Electrica has been listed on the London and Bucharest stock exchanges. The company now provides electricity supply, maintenance, and other energy services to over 3.8 million users across Muntenia and Transylvania."
        https://www.bleepingcomputer.com/news/security/lynx-ransomware-behind-electrica-energy-supplier-cyberattack/

      • Krispy Kreme Cyberattack Impacts Online Orders And Operations
        "US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. Krispy Kreme is an American multinational doughnut and coffeehouse chain operating 1,521 shops and 15,800 points of access and employing 22,800 people as of late 2023. The company has an active partnership with McDonalds to offer its products to thousands of additional locations."
        https://www.bleepingcomputer.com/news/security/krispy-kreme-cyberattack-impacts-online-orders-and-operations/
        https://www.darkreading.com/cyberattacks-data-breaches/krispy-kreme-doughnut-delivery-cooked-cyberattack
        https://therecord.media/online-ordering-cyberattack-krispy-kreme
        https://www.bankinfosecurity.com/krispy-kreme-discovers-cybersecurity-hole-a-27027
        https://www.securityweek.com/no-doughnuts-today-cyberattack-puts-krispy-kreme-in-a-sticky-situation/
        https://hackread.com/krispy-kreme-cyber-attack-disrupted-online-order-us/
        https://www.infosecurity-magazine.com/news/cyber-incident-krispy-kreme-online/
        https://www.theregister.com/2024/12/11/krispy_kreme_cybercrime/

      • 446,000 Impacted By Center For Vein Restoration Data Breach
        "Vein care provider Center for Vein Restoration is notifying over 446,000 individuals that their personal, medical, and financial information was compromised in a recent cyberattack. Headquartered in Greenbelt, Maryland, Center for Vein Restoration provides patient-centered treatment options for venous insufficiency, including varicose veins and spider veins."
        https://www.securityweek.com/446000-impacted-by-center-for-vein-restoration-data-breach/

      General News

      • November 2024 Deep Web And Dark Web Trend Report
        "This trend report on the deep web and dark web of November 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true."
        https://asec.ahnlab.com/en/85072/
      • Governments, Telcos Ward Off China's Hacking Typhoons
        "While the US government and at least eight telecommunications firms struggle to defend their networks against the China-sponsored Salt Typhoon group, other nations' telecommunications firms have often been primary targets for advanced persistent threats (APTs) as well."
        https://www.darkreading.com/cyberattacks-data-breaches/governments-telcos-chinas-hacking-typhoons
      • Open Source Malware Up 200% Since 2023
        "Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt open-source tools to build custom AI models."
        https://www.helpnetsecurity.com/2024/12/11/open-source-malware/
      • Why Crisis Simulations Fail And How To Fix Them
        "In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for effective communication, clearly defined roles, and realistic scenarios to help teams perform under pressure."
        https://www.helpnetsecurity.com/2024/12/11/allison-ritter-cyberbit-crisis-simulations/
      • Containers Have 600+ Vulnerabilities On Average
        "Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security throughout the software’s lifecycle persist. And yet, according to a 2022 Anchore report, enterprises plan to expand container adoption over the next 24 months, with 88% planning to increase container use and 31% planning to increase container use significantly."
        https://www.helpnetsecurity.com/2024/12/11/containers-security-concerns/
      • Law Enforcement Shuts Down 27 DDoS Booters Ahead Of Annual Christmas Attacks
        "Law enforcement agencies worldwide have disrupted a holiday tradition for cybercriminals: launching Distributed Denial-of-Service (DDoS) attacks to take websites offline. As part of an ongoing international crackdown known as PowerOFF, authorities have seized 27 of the most popular platforms used to carry out these attacks."
        https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-shuts-down-27-ddos-booters-ahead-of-annual-christmas-attacks
        https://www.bleepingcomputer.com/news/security/operation-poweroff-shuts-down-27-ddos-for-hire-platforms/
        https://therecord.media/ddos-sites-takedown-international-law-enforcement-europol
        https://www.infosecurity-magazine.com/news/operation-poweroff-takes-down-ddos/
      • 2025 Predictions By Greg Day
        "Deepfakes become the norm as another tool in the cyber attackers arsenal. Whilst deepfakes have been visible within limited circles, such as the political sphere for a number of years, the innovation is moving this capability into the mainstream arsenal of cybercriminals. Some industries such as finance have used voice recognition as part of their verification processes, so we should assume these and others will be challenged by the innovation coming from Deepfakes going mainstream."
        https://www.cybereason.com/blog/2025-predictions
      • Symmetrical Cryptography Pioneer Targets The Post-Quantum Era
        "A future that uses quantum computing is not far off — but not quite here either. When it does arrive, it will ultimately render the methods we use to encrypt information useless. And while some organizations and businesses may be slow to act, bad actors are already preparing, stealing large amounts of encrypted data and putting it on hold until a later date, when quantum capabilities become available and allow them to decrypt it."
        https://www.darkreading.com/cyber-risk/symmetrical-cryptography-post-quantum-era
      • Tips For Preventing Breaches In 2025
        "We witnessed some of the largest data breaches in recent history in 2024, with victims including industry titans like AT&T, Snowflake (and, therefore, Ticketmaster), and more. For US businesses, data breaches cost more than $9 million on average, and they cause lasting damage to customer and partner trust."
        https://www.darkreading.com/cyberattacks-data-breaches/tips-preventing-breaches-2025
      • Cybersecurity Lessons From 3 Public Breaches
        "The statistics paint a clear picture — over 9,000 cyber incidents were reported in just the first half of 2024, translating to nearly one new attack every single hour. This escalating risk has pushed cybersecurity to the forefront of business strategy. According to a study by Accenture, 96% of CEOs identified security as essential to their company's growth, prompting continuous investment. Yet, despite these efforts, 74% of them expressed concern about their ability to effectively mitigate or withstand cyberattacks due to the increasing complexity of threats."
        https://www.darkreading.com/cyberattacks-data-breaches/cybersecurity-lessons-from-3-public-breaches
      • South Korea Takes Down Fraudulent Online Trading Network Used To Extort $6.3M
        "A South Korean law enforcement operation has taken down a large-scale fraud network that extorted $6.3m from victims with fake online trading platforms that were sophisticatedly designed to steal money. Dubbed Operation Midas, this year-long task involved the Korean Financial Security Institute (K-FSI), a South Korean nonprofit, and several South Korean law enforcement agencies."
        https://www.infosecurity-magazine.com/news/south-korea-takes-down-fraudulent/
      • Google’s Willow Chip Signals The Urgency Of Post-Quantum Cryptography Migration
        "Forget the 10 septillion years needed for a classical computer to solve this problem, and focus instead on the falling number of necessary error correction qubits. Google announced its latest quantum computing advance, the Willow chip, on December 9, 2024. The announcement focuses on two aspects: current power and future potential. The power is demonstrated by large numbers: Willow can solve a problem in less than five minutes that would take a classical supercomputer 10 septillion years to solve."
        https://www.securityweek.com/googles-willow-chip-signals-the-urgency-of-post-quantum-cryptography-migration/
      • Russia Claims To Bust Global Scam Network Linked To Georgian Ex-Defense Minister
        "Russia's security service said it had detained a dozen members of an international criminal group with links to a former Georgian defense minister. Known as Milton Group, the network allegedly operated call centers that defrauded over 100,000 people, including those from the European Union, the U.K., Canada, Brazil, India and Japan. In a statement earlier this week, Russia's Federal Security Service (FSB) said the group’s illegal profits reached $1 million a day, mainly through fake investment scams."
        https://therecord.media/russia-claims-to-bust-scam-network-tied-to-former-georgian-minister

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 4de4c87e-c4bb-46fe-b748-5e91ea46f3db-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post