NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 30 December 2024

    Cyber Security News
    1
    1
    78
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Hackers Are Hot For Water Utilities
        "The US water sector suffered a stream of cyberattacks over the past year and half, from a mix of cybercriminals, hacktivists, and nation-state hacking teams. Here's how the industry and ICS/OT security experts are working to better secure vulnerable drinking and wastewater utilities."
        https://www.darkreading.com/ics-ot-security/hackers-hot-water-utilities
      • Threat Landscape For Industrial Automation Systems In Q3 2024
        "In the third quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp to 22% when compared to the previous quarter. Compared to the third quarter of 2023, the percentage decreased by 1.7 pp. The percentage of ICS computers on which malicious objects were blocked during the third quarter of 2024 was highest in July and September, and lowest in August. In fact, the percentage in August 2024 was the lowest of any month in the observation period."
        https://securelist.com/ics-cert-q3-2024-report/115182/

      Vulnerabilities

      • Hackers Exploit DoS Flaw To Disable Palo Alto Networks Firewalls
        "Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations. "A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall," reads the advisory."
        https://www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/
        https://security.paloaltonetworks.com/CVE-2024-3393
        https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
        https://www.bankinfosecurity.com/palo-alto-patches-exploited-firewall-denial-of-service-flaw-a-27163
        https://securityaffairs.com/172370/security/palo-alto-networks-high-severity-pan-os-flaw.html
      • Four-Faith Industrial Router CVE-2024-12856 Exploited In The Wild
        "VulnCheck observed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the wild. The attacker leveraged the router’s default credentials, effectively resulting in unauthenticated remote command injection. VulnCheck has assigned this issue CVE-2024-12856."
        https://vulncheck.com/blog/four-faith-cve-2024-12856
        https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html

      Malware

      • Cybersecurity Firm's Chrome Extension Hijacked To Steal Users' Data
        "At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. Among Cyberhaven's customers are Snowflake, Motorola, Canon, Reddit, AmeriHealth, Cooley, IVP, Navan, DBS, Upstart, and Kirkland & Ellis."
        https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/
        https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it
        https://therecord.media/cyberhaven-hack-google-chrome-extension
        https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html
        https://www.itnews.com.au/news/hackers-hijack-a-wide-range-of-companies-chrome-extensions-614119
      • Analysis Of Attack Cases Against Korean Solutions By The Andariel Group (SmallTiger)
        "The Andariel group has been attacking various software used by South Korean companies since the past [1]. Notably, these include asset management solutions and data loss prevention (DLP) solutions, and vulnerability attack cases have also been identified in various other solutions. Attack cases by the Andariel group are continuing in the second half of 2024, primarily installing SmallTiger. [2] A major example of software targeted for exploitation is Korean asset management solutions that have been exploited for years, and there are also indications of exploitation involving a document centralization solution."
        https://asec.ahnlab.com/en/85400/
      • Pro-Russia Group NoName Targeted The Websites Of Italian Airports
        "The pro-Russia group NoName57 continues its campaign of DDoS attacks against Italian infrastructure. This time, the group of alleged hacktivists targeted multiple websites, include the sites of Malpensa and Linate airports, as well as the site of the Ministry of Foreign Affairs (Farnesina) and the Turin Transport Group (GTT). The Italian Cnaipic (National Cybercrime Center for the Protection of Critical Infrastructure) of the Postal Police is investigating the cyberattacks and is helping victims into mitigating the offensive."
        https://securityaffairs.com/172395/security/pro-russia-group-noname057-targets-italian-airports.html
        https://www.itnews.com.au/news/cyber-attack-on-italys-foreign-ministry-airports-claimed-by-pro-russian-hacker-group-614118

      Breaches/Hacks/Leaks

      • White House Links Ninth Telecom Breach To Chinese Hackers
        "A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. The Salt Typhoon Chinese cyber-espionage group who orchestrated these attacks (also tracked as Earth Estries, FamousSparrow, Ghost Emperor, and UNC2286) is known for breaching government entities and telecom companies throughout Southeast Asia and has been active since at least 2019. The White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters today that this new victim was discovered after the Biden administration released guidance to help defenders spot Chinese hackers' activity in their networks."
        https://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/
        https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage
        https://www.bankinfosecurity.com/feds-identify-ninth-telecom-victim-in-salt-typhoon-hack-a-27167
        https://cyberscoop.com/salt-typhoon-telecom-cybersecurity-gaps-white-house-response/
        https://www.securityweek.com/a-9th-telecoms-firm-has-been-hit-by-a-massive-chinese-espionage-campaign-the-white-house-says/
        https://securityaffairs.com/172425/apt/salt-typhoon-breached-ninth-u-s-telco.html
      • Hackers Release Second Batch Of Stolen Cisco Data
        "Hackers have released what they claim to be the second batch of data stolen in the alleged Cisco data incident from October 2024. According to IntelBroker, the hacker behind the breach, the latest leak, published on Christmas Eve on Breach Forums, contains 4.84 GB of data, part of an allegedly stolen 4.5 TB."
        https://hackread.com/hackers-release-second-batch-of-stolen-cisco-data/
      • Blue Yonder Says November Ransomware Attack Not Connected To Cleo Vulnerability
        "Blue Yonder, the supply chain management giant that was hit by a ransomware attack last month that caused ripples throughout the retail sector, said it is investigating claims of data theft made by a ransomware gang on Christmas Eve. The Clop ransomware operation said it stole information from Blue Yonder and dozens of other companies through a recently-discovered zero-day vulnerability in file sharing software from a company named Cleo."
        https://therecord.media/blue-yonder-ransomware-attack-not-connected-to-cleo-vulnerability
      • Hackers Steal ZAGG Customers' Credit Cards In Third-Party Breach
        "ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company's e-commerce provider, BigCommerce. ZAGG is a consumer electronics accessories maker known for its mobile accessories, such as screen protectors, phone cases, keyboards, and power banks. The Utah-based company has an annual revenue of $600 million."
        https://www.bleepingcomputer.com/news/security/hackers-steal-zagg-customers-credit-cards-in-third-party-breach/
        https://securityaffairs.com/172434/data-breach/zagg-credit-card-data-data-breach.html
      • Customer Data From 800,000 Electric Cars And Owners Exposed Online
        "Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. Terabytes of Volkswagen customer details in Amazon cloud storage remained unprotected for months, allowing anyone with little technical knowledge to track drivers’ movement or gather personal information. The exposed databases include details for VW, Seat, Audi, and Skoda vehicles, with geo-location data for some of them being as precise as a few centimeters."
        https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-electric-cars-and-owners-exposed-online/

      General News

      • Defining & Defying Cybersecurity Staff Burnout
        "A quarter of cybersecurity leaders want to quit," hollered the headline of a study sponsored by global cybersecurity company Black Fog. While that is suggestive of stress or morale problems at the higher levels of security teams, the more alarming numbers came later in the press release, below the graphic: 45% of security leaders have used drugs or alcohol to relieve work pressure in the past year, and 69% have "withdrawn from social activities."
        https://www.darkreading.com/vulnerabilities-threats/defining-defying-cybersecurity-staff-burnout
      • Quantum Computing Advances In 2024 Put Security In Spotlight
        "The quest to create a useful quantum computer reached a significant milestone at the end of 2024 with Google's announcement of its Willow chip. The chip promises reduced noise and fewer errors as the number of qubits grows — a necessary step to advance toward advanced quantum computing. Despite some debate on when these systems will actually become available, experts still advise making plans and migrating to post-quantum technologies."
        https://www.darkreading.com/cyber-risk/quantum-computing-advances-2024-security-spotlight
      • These Were The Badly Handled Data Breaches Of 2024
        "For the past few years, TechCrunch has looked back at some of the worst, badly handled data breaches and security incidents in the hope — maybe! — other corporate giants would take heed and avoid making some of the same calamities of yesteryear. To absolutely nobody’s surprise, here we are again this year listing much of the same bad behavior from an entirely new class of companies."
        https://techcrunch.com/2024/12/26/badly-handled-data-breaches-2024/
      • The Future Of Data And AI: Seven Trends Shaping 2025 And Beyond
        "In 2025, seven trends will shape the future of data and AI, offering advantages for those who see these changes not as challenges but as opportunities to innovate and excel."
        https://www.helpnetsecurity.com/2024/12/27/data-ai-2025-trends/
      • Overwhelmed By Fraud? Here’s How Financial Pros Fight Back
        "In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the growing threat of deepfake-related fraud and its impact on financial security. He also discusses overlooked vulnerabilities in digital banking and offers advice for organizations to protect themselves from fraud in the coming years."
        https://www.helpnetsecurity.com/2024/12/27/patrick-harding-ping-identity-financial-fraud-future/
      • Law Enforcement Agencies See AI As a Key Tool For Reducing Crime
        "A U.S. national survey of first responders reveals strong support for AI adoption, cybersecurity concerns, and increasing demand for cloud-native, data-driven, and interoperable CAD and RMS systems to improve efficiency and public safety outcomes, according to Mark43."
        https://www.helpnetsecurity.com/2024/12/27/first-responders-efficiency/
      • 2024 Year In Review Highlights CISA’s Achievements In Reducing Risk And Building Resilience In Cybersecurity And Critical Infrastructure Security
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2024 Year in Review, which reflects accomplishments across the agency’s broad cybersecurity, infrastructure security and emergency communications missions. “I’m proud of what we’ve accomplished this year,” said CISA Director Jen Easterly. “The risk environment continues to change, and CISA continues to grow and rise to the occasion. It’s been a great honor to lead CISA the past three and a half years. I’d like to thank our incredible staff as well as our government, private sector, and international partners for helping us build resilience, reduce risk, and make our country more secure.”"
        https://www.cisa.gov/news-events/news/2024-year-review-highlights-cisas-achievements-reducing-risk-and-building-resilience-cybersecurity
        https://www.cisa.gov/about/2024YIR
        https://www.infosecurity-magazine.com/news/cisa-2024-review-cyber-industry/
      • 2024 In AI: It’s Changed The World, But It’s Not All Good
        "A popular saying is: “To err is human, but to really foul things up you need a computer.” Even though the saying is older than you might think, it did not come about earlier than the concept of artificial intelligence (AI). And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then it’s that when humans and AI cooperate, amazing things can happen. But amazing is not always positive."
        https://www.malwarebytes.com/blog/news/2024/12/2024-in-ai-its-changed-the-world-but-its-not-all-good
      • How Cops Taking Down LockBit, ALPHV Led To RansomHub's Meteoric Rise
        "RansomHub, the ransomware collective that emerged earlier this year, quickly gained momentum, outpacing its criminal colleagues and hitting its victims especially hard. The group named and shamed hundreds of organizations on its leak site, while demanding exorbitant payments across various industries."
        https://www.theregister.com/2024/12/28/lockbit_alphv_disruptions_ransomhub_rise/
      • How Fast Can AI Recover Your Seed Phrase?
        "We analyzed 85,714,285 seed phrase combinations using 2048 words from BIP39 Word List to estimate how quickly AI could recover lost or incomplete crypto seed phrases."
        https://nftevening.com/crypto-seed-phrase-recovery/
        https://hackread.com/study-ai-guess-crypto-seed-phrases-in-seconds/
      • It's Only a Matter Of Time Before LLMs Jump Start Supply-Chain Attacks
        "Now that criminals have realized there's no need to train their own LLMs for any nefarious purposes - it's much cheaper and easier to steal credentials and then jailbreak existing ones - the threat of a large-scale supply chain attack using generative AI becomes more real. No, we're not talking about a fully AI-generated attack from the initial access to the business operations shutdown. Technologically, the criminals aren't there yet. But one thing LLMs are getting very good at is assisting in social engineering campaigns."
        https://www.theregister.com/2024/12/29/llm_supply_chain_attacks/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) a3c53c94-455f-45d5-84aa-7affeb10d5e1-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post