NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 December 2024

    Cyber Security News
    1
    1
    99
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • Why Cybersecurity Is Critical To Energy Modernization
        "In this Help Net Security interview, Anjos Nijk, Managing Director of the European Network for Cyber security (ENCS), discusses cybersecurity in the energy sector as it modernizes with renewable sources and smart grid technologies. Nijk also addresses the need for international collaboration, the impact of IoT on security, and the emerging technologies that can enhance the resilience and reliability of critical energy infrastructure."
        https://www.helpnetsecurity.com/2024/12/20/anjos-nijk-encs-energy-grid-cybersecurity/

      Industrial Sector

      • Dragos Industrial Ransomware Analysis: Q3 2024
        "Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary operations and their tactics, techniques, and procedures (TTPs). Dragos OT cyber threat intelligence is fully reported in Dragos WorldView threat intelligence reports and is also compiled into the Dragos Platform for threat detection and vulnerability management."
        https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q3-2024/
        https://www.infosecurity-magazine.com/news/ransomware-industries-downtime/

      Vulnerabilities

      • Sophos Issues Hotfixes For Critical Firewall Flaws: Update To Prevent Exploitation
        "Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -"
        https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html
        https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
        https://www.bleepingcomputer.com/news/security/sophos-discloses-critical-firewall-remote-code-execution-flaw/
        https://securityaffairs.com/172179/security/sophos-firewall-critical-vulnerabilities.html
      • Fortinet Releases Security Updates For FortiManager
        "Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/12/20/fortinet-releases-security-updates-fortimanager
        https://www.fortiguard.com/psirt/FG-IR-24-425

      Malware

      • Supply Chain Attack On Rspack Npm Packages Injects Cryptojacking Malware
        "Rspack, a popular high performance JavaScript bundler written in Rust, has been hit with a supply chain attack, affecting two of its npm packages, including @rspack/core and @rspack/cli. Versions 1.1.7 of both packages are affected. They were released by an attacker who gained unauthorized npm publishing access, and contain malicious scripts."
        https://socket.dev/blog/rspack-supply-chain-attack
        https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
        https://www.bleepingcomputer.com/news/security/malicious-rspack-vant-packages-published-using-stolen-npm-tokens/
      • Holiday Bonus-Themed QR Code-Based Credential Phishing
        "Cofense Intelligence has recently identified a series of end-of-year and holiday bonus-themed credential phishing emails. These are notable because of their topical seasonal lure and for spoofing the recipient’s company. The victim organizations targeted in this campaign are mostly in the Mining, Quarrying, and Oil and Gas Extraction sectors."
        https://cofense.com/blog/holiday-bonus-themed-qr-code-based-credential-phishing
      • BellaCPP: Discovering a New BellaCiao Variant Written In C++
        "BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. One important aspect of the BellaCiao samples is how they exhibit a wealth of information through their respective PDB paths, including a versioning scheme we were able to work out once we analyzed historical records."
        https://securelist.com/bellacpp-cpp-version-of-bellaciao/115087/
      • Now You See Me, Now You Don’t: Using LLMs To Obfuscate Malicious JavaScript
        "We developed an adversarial machine learning (ML) algorithm that uses large language models (LLMs) to generate novel variants of malicious JavaScript code at scale. We have used the results to improve our detection of malicious JavaScript code in the wild by 10%. Recently, advancements in the code understanding capabilities of LLMs have raised concerns about criminals using LLMs to generate novel malware. Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or obfuscate existing malware, making it harder to detect."
        https://unit42.paloaltonetworks.com/using-llms-obfuscate-malicious-javascript/
      • Phishing Platform Rockstar 2FA Trips, And “FlowerStorm” Picks Up The Pieces
        "One of the Internet’s most prolific cybercrime-as-a-service operations recently suffered a setback: In November, Sophos MDR noticed that detections for the Rockstar2FA “phishing-as-a-service”(PaaS) platform had suddenly gone quiet. Based on telemetry gathered by Sophos MDR, it appears that the group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable. This does not appear to be because of a takedown action, but due to some technical failure on the backend of the service."
        https://news.sophos.com/en-us/2024/12/19/phishing-platform-rockstar-2fa-trips-and-flowerstorm-picks-up-the-pieces/
        https://www.bleepingcomputer.com/news/security/new-flowerstorm-microsoft-phishing-service-fills-void-left-by-rockstar2fa/

      Breaches/Hacks/Leaks

      • Ascension: Health Data Of 5.6 Million Stolen In Ransomware Attack
        "Ascension, one of the largest private U.S. healthcare systems, is notifying nearly 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. The health network reported a total revenue of $28.3 billion in 2023 and operates 140 hospitals and 40 senior care facilities across the United States."
        https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/
        https://therecord.media/nearly-six-million-affected-ransomware
        https://www.bankinfosecurity.com/ascension-notifying-56-million-affected-by-ransomware-hack-a-27118
      • Development Platform Builder.ai Exposed Over 1.2 TB Of Data Containing More Than 3 Million Records
        "Cybersecurity researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained more than 3 million records belonging to Builder.ai — a London-based company offering AI software and app development solutions without any technical knowledge or coding skills."
        https://www.websiteplanet.com/news/builderai-breach-report/
        https://hackread.com/builder-ai-database-misconfiguration-expose-tb-records/
      • Ukraine’s State Registers Hit With One Of Russia’s Largest Cyberattacks, Officials Say
        "Suspected Russian hackers have launched one of the largest cyberattacks on Ukraine’s state services in recent months, according to a statement from Ukrainian officials late Thursday. The attack targeted Ukrainian state registers, which store various types of official records, including citizens' biometric data, business records, property ownership, real estate transactions, legal and court decisions, voter information, tax records and permits."
        https://therecord.media/ukraine-government-cyberattack-state-registers-russia
        https://www.infosecurity-magazine.com/news/ukraines-probes-gru-linked/

      General News

      • Romanian Netwalker Ransomware Affiliate Sentenced To 20 Years In Prison
        "Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. Hulea was extradited to the United States after being arrested by Romanian police in Cluj in July 2023 at a request from U.S. law enforcement authorities."
        https://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/
        https://therecord.media/romanian-netwalker-sentenced-prison-twenty
        https://www.bankinfosecurity.com/romanian-sentenced-to-20-years-for-netwalker-ransomware-a-27117
        https://www.securityweek.com/another-netwalker-ransomware-affiliate-gets-20-year-prison-sentence-in-us/
        https://www.helpnetsecurity.com/2024/12/20/another-netwalker-affiliate-sentenced-to-20-years-in-prison/
        https://securityaffairs.com/172182/cyber-crime/romanian-national-was-sentenced-to-20-years-netwalker-attacks.html
      • 46% Of Financial Institutions Had a Data Breach In The Past 24 Months
        "As the financial industry is the most targeted sector for data breaches in 2024, it’s now more important than ever to strengthen the industry moving into 2025, according to SailPoint. In 2024, roughly 65% of financial organizations worldwide reported experiencing a ransomware attack, compared to 64% in 2023 and 34% in 2021."
        https://www.helpnetsecurity.com/2024/12/20/financial-industry-data-breaches/
      • How Nation-State Cybercriminals Are Targeting The Enterprise
        "Cyber warfare often mirrors traditional conflict, but as global geopolitical tensions continue to rise, the landscape of nation-state cyber-threat actors has shifted significantly. Recent events have spurred altered tactics, targets, and patterns of state-sponsored cyberattacks. While historically these threat actors focused primarily on critical infrastructure and government entities like energy grids and transportation, today's nation-state threat actors have expanded their scope further into the enterprise."
        https://www.darkreading.com/vulnerabilities-threats/how-nation-state-cybercriminals-target-enterprise
      • Managing Threats When Most Of The Security Team Is Out Of The Office
        "Experienced security leaders know that attackers are patient. Attackers can infiltrate corporate chat systems like Slack or Microsoft Teams and just ... watch. For months, they monitor conversations, learn who the experienced staff are, and take notes on upcoming vacation plans and each team member's communication style. Then when the company shifts to a skeleton crew — perhaps during a major holiday or summer break — they strike."
        https://www.darkreading.com/cybersecurity-operations/managing-threats-when-security-on-vacation
      • How To Protect Your Environment From The NTLM Vulnerability
        "A new zero-day vulnerability in NTLM discovered by researchers at 0patch allows attackers to steal NTLM credentials by having a user view a specially crafted malicious file in Windows Explorer — no need for the user to open the file. These password hashes can be used for authentication relay attacks or for dictionary attacks on the password, both for identity takeover."
        https://www.darkreading.com/endpoint-security/how-to-protect-your-environment-from-the-ntlm-vulnerability
      • Judge Rules NSO Group Is Liable For Spyware Hacks Targeting 1,400 WhatsApp User Devices
        "The developer of the powerful Pegasus spyware was found liable on Friday for its role in the infection of devices belonging to 1,400 WhatsApp users. The precedent-setting ruling from a Northern California federal judge could lead to massive damages against NSO Group, whose notorious spyware has been reportedly used, and often abused, by a roster of anonymous government clients worldwide."
        https://therecord.media/judge-rules-nso-group-liable-for-hack-of-1400-whatsapp-users
      • Top 5 Lessons For CISOs And Cybersecurity Professionals From 2024
        "The year 2024 has been a rollercoaster for cybersecurity professionals worldwide. From ransomware attacks paralyzing critical industries to insider threats causing massive data breaches, the challenges for Chief Information Security Officers (CISOs) and cybersecurity teams have been relentless. These cyberattacks and data breaches highlight the importance of adapting strategies and learning from past events to secure organizations better as cyber threats evolve."
        https://cyble.com/blog/top-lessons-for-cisos-from-2024/
      • The Fine Line Between Ideology And Crime: Understanding The True Purpose Of Dragon Ransomware – The Interview
        "This interview provides a detailed look at Dragon Ransomware, a group active in the cybercrime landscape that combines a defined organizational structure with advanced technological expertise. Their statements shed light on operational elements and motivations that help to better understand the internal dynamics of these illicit activities. Dragon RaaS (Ransomware-as-a-Service) officially began operations on July 9, 2024. Unlike conventional ransomware groups driven primarily by economic gains or political goals, Dragon positions itself as a revolutionary entity in the field of cybersecurity."
        https://www.suspectfile.com/the-fine-line-between-ideology-and-crime-understanding-the-true-purpose-of-dragon-ransomware-the-interview/
      • Inside Operation Destabilise: How a Ransomware Investigation Linked Russian Money Laundering And Street-Level Drug Dealing
        "Earlier this month, the United Kingdom’s National Crime Agency (NCA) unveiled the most complex investigation that staff can remember. Over nearly four years, Operation Destabilise involved almost everyone at the agency. What those staff uncovered was unprecedented for law enforcement: the complete financial chain connecting street-level drug dealing to the multibillion-dollar money-laundering operations that underpin criminal activities on a global scale."
        https://therecord.media/operation-destabilise-money-laundering-investigation-uk-nca

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 47fdb661-9db1-4d6e-a520-f4f6ed0406fa-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post