NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 December 2024

    Cyber Security News
    1
    1
    41
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Evilginx: Open-Source Man-In-The-Middle Attack Framework
        "Evilginx is an open-source man-in-the-middle attack framework designed to phish login credentials and session cookies, enabling attackers to bypass 2FA safeguards."
        https://www.helpnetsecurity.com/2024/12/23/evilginx-open-source-man-in-the-middle-attack-framework/
        https://github.com/kgretzky/evilginx2

      Vulnerabilities

      • Multiple Critical Vulnerabilities Patched In WPLMS And VibeBP Plugins
        "This blog post is about the WPLMS and VibeBP vulnerabilities. If you’re a WPLMS and VibeBP user, please update the plugin to at least version 1.9.9.5.3 and 1.9.9.7.7 respectively."
        https://patchstack.com/articles/multiple-critical-vulnerabilities-patched-in-wplms-and-vibebp-plugins/
        https://www.bleepingcomputer.com/news/security/premium-wplms-wordpress-plugins-address-seven-critical-flaws/
        https://www.infosecurity-magazine.com/news/flaws-wordpress-plugins-wplms/
      • Adobe Warns Of Critical ColdFusion Bug With PoC Exploit Code
        "Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers."
        https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/
        https://helpx.adobe.com/security/products/coldfusion/apsb24-107.html
      • Apache Fixes Remote Code Execution Bypass In Tomcat Web Server
        "Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. Apache Tomcat is an open-source web server and servlet container widely used to deploy and run Java-based web applications. It provides a runtime environment for Java Servlets, JavaServer Pages (JSP), and Java WebSocket technologies. The product is popular with large enterprises that run custom web apps, SaaS providers that rely on Java for backend services. Cloud and hosting services integrateTomcat for app hosting, and software developers use it to build, test, and deploy web apps."
        https://www.bleepingcomputer.com/news/security/apache-fixes-remote-code-execution-bypass-in-tomcat-web-server/
        https://lists.apache.org/thread/b2b9qrgjrz1kvo4ym8y2wkfdvwoq6qbp
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2021-44207 Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/12/23/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/172255/hacking/u-s-cisa-acclaim-systems-usaherds-flaw-known-exploited-vulnerabilities-catalog.html

      Malware

      • Analyzing Malicious Intent In Python Code: A Case Study
        "Fortinet's AI-driven OSS malware detection system recently identified two malicious packages: Zebo-0.1.0 on November 16, 2024, and Cometlogger-0.1 on November 24, 2024. Malicious software often masquerades as legitimate code, hiding its harmful features behind complex logic and obfuscation. In this analysis, we examine the Python scripts behind these two packages, outline their malicious behaviors, and provide insights into their potential impact."
        https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code
      • Cloud Atlas Seen Using a New Tool In Its Attacks
        "Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We’re shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code. See below for the infection pattern."
        https://securelist.com/cloud-atlas-attacks-with-new-backdoor-vbcloud/115103/

      General News

      • Report On Smishing-Based Mobile Security Threats
        "Smartphones have become an essential tool in modern society and are at the center of everyday life. However, this has led to a continuous increase in mobile malicious crimes. Among them, smishing is a major means of executing various crimes including personal information theft, credential abuse, and sextortion by distributing phishing pages and URLs for downloading malicious apps through text messages. This report covers the seriousness of mobile security threats through the cases of smishing attacks that occurred on the Android platform by 2024."
        https://asec.ahnlab.com/en/85259/
      • Maximizing The Impact Of Cybercrime Intelligence On Business Resilience
        "In this Help Net Security interview, Jason Passwaters, CEO of Intel 471, discusses how integrating cybercrime intelligence into an organization’s security strategy enables proactive threat management and how measuring intelligence efforts can help mitigate risks before they escalate. Passwaters also shares best practices for building a robust intelligence program, focusing on data sources, adversary identification, and collaboration between the private sector and law enforcement."
        https://www.helpnetsecurity.com/2024/12/23/jason-passwaters-intel-471-cybercrime-intelligence-efforts/
      • 2024 Cyber Threat Trends Review & 2025 Outlook
        "AhnLab is Korea’s top cybersecurity company providing the latest cyber threat intelligence and threat detection and response (TDR) capabilities based on advanced technology. We provide optimized solutions and platforms across various cybersecurity areas such as endpoint, network, cloud, security operations, and cyber-physical systems (CPS), ensuring enhanced threat visibility, practical threat intelligence, and optimal threat response capabilities."
        https://asec.ahnlab.com/en/85271/
        https://image.ahnlab.com/atip/content/file/20241223/AhnLab_Annual Threat Analysis and Prediction_2024.pdf
      • The State Of Security In 2024: The Fortra Experts Take a Look
        "At Fortra, we like to encourage a collaborative environment. One of the ways we bring our community together is through our Transformer meetups which aim to provide a positive, energizing, and fun hub for all Fortra employees to learn how to be innovative, get inspired by others, and reach their creative potential. Our most recent meetup was moderated by myself and our panelists were Tyler Reguly, John Wilson, Bob Erdman, and Nathan Ramaker. The conversation was so insightful, that we wanted to share some of the discussion with others in this blog."
        https://www.tripwire.com/state-of-security/state-security-2024-fortra-experts-take-look
      • Non-Human Identities Gain Momentum, Requires Both Management, Security
        "The growth in systems communicating over the internet without human involvement has been dramatic in recent years. The Internet of Things (IoT) is driving more machine-to-machine (M2M) communications without human intervention. There is also an explosion in application development underpinning the need for digital transformation, which is turbocharged by remote working and the ever-increasing adoption of e-commerce. This means that pieces of software code are interacting autonomously across networks as never before."
        https://www.darkreading.com/cybersecurity-operations/non-human-identities-gain-momentum-requires-both-management-security
      • How CISOs Can Communicate With Their Boards Effectively
        "The role of the chief information security officer (CISO) today is not the CISO's role of the past. The ever-evolving threat landscape, adoption of new technologies like generative AI (GenAI), increased regulatory pace, ongoing employee education and training programs, and maintaining operational resilience have found CISOs under increased pressure and stress. On top of this, 49% of CISOs now report to their board on at least a weekly basis, presenting them with a new skill they need to master: the art of communication."
        https://www.darkreading.com/cybersecurity-operations/how-cisos-communicate-boards-effectively
      • Middle East Cyberwar Rages On, With No End In Sight
        "It's been more than a year since the conflict between Hamas and Israel began, and the cyber battle between the two entities rages on, involving a variety of perpetrators and using playbooks of other global conflicts. Here are some of the top developments over the duration of this cyberwar and what we can expect to see in 2025."
        https://www.darkreading.com/cyberattacks-data-breaches/middle-east-cyberwar-rages-no-end-sight
      • Conversation With a “Nam3L3ss” Watchdog
        "This is a multi-part interview with the individual known as “Nam3L3ss,” who leaked more than 100 databases on a popular hacking forum and will soon be leaking many more. In Part 1, he answers some questions about his background and what motivated him to do what he does. In Part 2, we talk a bit about his methods for finding exposed data. In Part 3, we discuss some ethical concerns and the future."
        https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-preface/
        https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-1-background/
        https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-2-methods/
        https://databreaches.net/2024/12/23/conversation-with-a-nam3l3ss-watchdog-part-3-ethics-and-goals/
      • Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother
        "Shadow IT is a fairly well-known problem in the cybersecurity industry. It’s where employees use unsanctioned systems and software as a workaround to bypass official IT processes and restrictions. Similarly, with AI tools popping up for virtually every business use case or function, employees are increasingly using unsanctioned or unauthorized AI tools and applications without the knowledge or approval of IT or security teams – a new phenomenon known as Shadow AI."
        https://www.securityweek.com/beware-of-shadow-ai-shadow-its-less-well-known-brother/
      • Top 10 Cybersecurity Trends To Expect In 2025
        "The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here's a closer look at ten emerging challenges and threats set to shape the coming year."
        https://thehackernews.com/2024/12/top-10-cybersecurity-trends-to-expect.html
      • 'That's Not a Bug, It's a Feature' Takes On a Darker Tone When Malware's Involved
        "One of the charms of coding is that malice can be indistinguishable from incompetence. Last week's Who, Me? story about financial transfer test software running amok is a case in point. The hapless dev left code running overnight that should have moved a single cent in and out of his test account. Instead, it machine-gunned $100 transfers in for hours. It tripped internal security but the temporarily rich kid had told his boss about it and could thus talk his way clear."
        https://www.theregister.com/2024/12/23/firmware_malware_opinion/
      • A Look Back: The Evolution Of Latin American eCrime Malware In 2024
        "The Latin American (LATAM) cybercrime landscape continues to evolve as adversaries refine their tactics, techniques and procedures (TTPs) to bypass defenses and expand their reach. Last year, we wrote a blog detailing our LATAM cybercrime observations throughout 2023. In this blog, we examine the significant updates observed in 2024 across prominent LATAM malware families, including Mispadu, Kiron, Caiman, Culebra, Salve and Astaroth."
        https://www.crowdstrike.com/en-us/blog/latam-ecrime-malware-evolution-2024/
      • Ransomware Empowerment Training
        "The FIRST Multi-Stakeholder Ransomware SIG is very pleased to announce the release of the first version of the Ransomware Empowerment training. This has been a significant undertaking, requiring many months of dedicated effort from our dear SIG members. We have made it our priority to ensure that this training is TLP:CLEAR, so that it can be of benefit to all. The training aims to empower the community with the knowledge and skills to prepare for, handle and respond to ransomware attacks, thereby increasing their cyber resilience. It places a strong focus on the incident response process and real-world application, drawing on the extensive experience of our SIG members."
        https://www.first.org/blog/20241220-FIRST-Ransomware-Training

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 6fc672bc-b280-4d69-a941-f3e4414b2e09-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post