NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 January 2025

    Cyber Security News
    1
    1
    329
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Unpatched Active Directory Flaw Can Crash Any Microsoft Server
        "One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack chain and can be used to crash multiple, unpatched Windows servers at once. And experts are concerned many organizations remain vulnerable. Researchers at SafeBreach have put together an analysis of the DoS bug, tracked as CVE-2024-49113. This vulnerability, along with a similar remote control execution (RCE) bug, tracked as CVE-2024-49112, with a CVSS score of 9.8, was discovered in Active Directory's Lightweight Directory Access Protocol (LDAP) used to search the databases. Both were patched in December's Microsoft security update."
        https://www.darkreading.com/vulnerabilities-threats/active-directory-flaw-can-crash-any-microsoft-server-connected-to-the-internet
        https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49113/
      • Over 3 Million Mail Servers Without Encryption Exposed To Sniffing Attacks
        "Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. IMAP and POP3 are two methods for accessing email on mail servers. IMAP is recommended for checking emails from multiple devices, such as phones and laptops because it keeps your messages on the server and synchronizes them between devices. POP3, on the other hand, downloads emails from the server, making them accessible only from the device where they were downloaded."
        https://www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/
      • Discovery To Resolution: A Critical Microsoft 365 Vulnerability
        "Our latest exploration has uncovered critical vulnerabilities within Microsoft 365, highlighting significant security risks that could compromise sensitive business data. These vulnerabilities expose a vast array of records—ranging into the tens or even hundreds of millions—across key sectors such as finance, healthcare, and government. This post dives into the details of these vulnerabilities, providing a closer look at how they were discovered and the potential consequences for businesses worldwide."
        https://www.stratussecurity.com/post/critical-microsoft-365-vulnerability
        https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html

      Malware

      • Quasar RAT Disguised As An Npm Package For Detecting Vulnerabilities In Ethereum Smart Contracts
        "Socket’s threat research team has discovered a malicious npm package, ethereumvulncontracthandler, which is posing as a tool for detecting vulnerabilities in Ethereum smart contracts but instead deploys Quasar RAT, a versatile remote access trojan, onto developers’ machines. The malicious package, published on December 18, 2024, by a threat actor using the npm registry alias “solidit-dev-416”, is heavily obfuscated. Upon installation, it retrieves a malicious script from a remote server, executing it silently to deploy the RAT on Windows systems. The package is still live on npm at the time of publishing, but we have petitioned the registry for its removal."
        https://socket.dev/blog/quasar-rat-disguised-as-an-npm-package
        https://thehackernews.com/2025/01/malicious-obfuscated-npm-package.html
      • Global Campaign Targets PlugX Malware With Innovative Portal
        "A groundbreaking malware disinfection campaign targeting the PlugX worm has been executed with the collaboration of international authorities. Led by the Sekoia Threat Detection & Research team, the operation disinfected compromised systems across multiple countries. The PlugX worm, often linked to Mustang Panda, can spread through infected flash drives, making it highly pervasive. After gaining control of a key command-and-control (C2) server in 2023, Sekoia researchers Charles Meslay and Félix Aimé analyzed the malware and proposed two potential disinfection methods."
        https://www.infosecurity-magazine.com/news/global-campaign-targets-plugx/

      Breaches/Hacks/Leaks

      • Ransomware Gang Leaks Data Stolen In Rhode Island's RIBridges Breach
        "The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. RIBridges is an integrated eligibility system (IES) used by the state to manage and deliver social assistance programs, including healthcare, food assistance, child care, and other services. Rhode Island first learned that RIBridges was the target of an attack on December 5 after being notified by its vendor, Deloitte. However, it wasn't until December 10 that it was confirmed that threat actors gained access to the system and likely stole data."
        https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-in-rhode-islands-ribridges-breach/
        https://therecord.media/rhode-island-data-breach-deloitte
        https://securityaffairs.com/172503/cyber-crime/rhode-island-data-breach.html
        https://www.infosecurity-magazine.com/news/hackers-rhode-island-data/
      • Japan's Largest Mobile Carrier Says Cyberattack Disrupted Some Services
        "Japan’s largest mobile carrier, NTT Docomo, reported that it is working to restore services after a cyberattack temporarily disrupted operations on Thursday. The Tokyo-based company said in a statement that its system was targeted by a distributed denial-of-service (DDoS) attack, which floods a network with junk traffic from multiple sources, rendering some services unavailable."
        https://therecord.media/ntt-docomo-japan-mobile-carrier-ddos-incident

      General News

      • When Risky Cybersecurity Behavior Becomes a Habit Among Employees
        "While the majority of employees avoid risky behaviors, a small subset makes them a habit, posing a significant cybersecurity challenge, according to Mimecast. 48% of employees engaged in behaviors that exposed their organizations to cyber risk, with browsing violations being the most common (36% of users). Browsing violations, unlike phishing and malware events, do not directly impact security. However, they can increase the likelihood of encountering malware or online scams."
        https://www.helpnetsecurity.com/2025/01/02/employees-risky-behaviors/
      • CISOs Don’t Invest Enough In Code Security
        "72% of security leaders agree that the age of AI necessitates a complete reset of how organizations approach application security, according to Cycode. This urgency is reinforced by the fact that 93 billion lines of code were generated in the past year alone, driven in large part by GenAI. This explosion of code is clearly overwhelming security teams, with 73% of security leaders confirming that “code is everywhere.”"
        https://www.helpnetsecurity.com/2025/01/02/application-security-approach/
      • Three Russian-German Nationals Charged With Espionage For Russian Secret Service
        "German prosecutors have charged three Russian-German nationals for acting as secret service agents for Russia. The individuals, named Dieter S., Alexander J., and Alex D., have been accused of working for a foreign secret service. Dieter S. is also alleged to have participated in sabotage operations as well as taking pictures of military installations with an aim to endanger national security. Dieter S. was originally arrested by the Federal Criminal Police Office (aka Bundeskriminalamt or BKA) alongside Alexander J. on espionage charges. In late October 2024, Dieter S. was also charged with being a fighter of an armed unit of the Donetsk People's Republic (DPR)."
        https://thehackernews.com/2025/01/three-russian-german-nationals-charged.html
        https://securityaffairs.com/172559/intelligence/russian-german-nationals-charged-secret-service-agent-activity.html
      • Advice For Exponential Organizations: Intersecting Agile And Incident Response
        "While Exponential Organizations (ExOs) are transforming industries beyond the tech space, that doesn’t mean that they are not susceptible to an increasing number of cyber threats. As ExOs harness innovative and cutting-edge technologies to drive transformative growth, the ability to respond effectively and proactively to cyber incidents becomes increasingly vital. Recent statistics from the 2024 IBM Cost of a Data Breach Report point to the global average cost being upwards of $4.88 million, with one in three organizations prone to a cyber attack."
        https://www.tripwire.com/state-of-security/advice-exponential-organizations-intersecting-agile-and-incident-response
      • Understanding AI In Network Security
        "Cyber threats are more sophisticated, pervasive, and frequent than ever before. As a result, traditional methods for network security are becoming obsolete. These solutions simply cannot handle the extraordinary scale and complexity of network traffic inherent in modern IT environments. AI-driven solutions, however, can."
        https://www.tripwire.com/state-of-security/understanding-ai-network-security
      • Chinese Hackers Targeted Sanctions Office In Treasury Attack
        "Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. OFAC was created in December 1950, blocking all Chinese and North Korean assets under U.S. jurisdiction after China entered the Korean War. In a letter sent to Congress this week, the Treasury Department disclosed that Chinese government threat actors hacked its network in what it described as a "major cybersecurity incident" after breaching the BeyondTrust remote support SaaS platform."
        https://www.bleepingcomputer.com/news/security/chinese-hackers-targeted-sanctions-office-in-treasury-attack/
        https://www.theregister.com/2025/01/02/chinese_spies_targeted_sanctions_intel/
      • The Biggest Cybersecurity And Cyberattack Stories Of 2024
        "2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Some stories, though, were more impactful or popular with our 31 million readers than others. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024, with a summary of each. These stories are in no particular order."
        https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/
      • Managing Cloud Risks Gave Security Teams a Big Headache In 2024
        "Enterprise IT and security managers had a lot to worry about in 2024, such as the exploding number of vulnerabilities, increased volume of threats against their organizations, constant drumbeat of data breaches, and steady stream of user errors and behaviors to manage. Also a big concern was the growing risk exposure as a result of their organizations' increased reliance on cloud technologies."
        https://www.darkreading.com/cloud-security/managing-cloud-risks-big-headache-2024

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 309a91d8-9873-4c27-99c7-5cd18ed93072-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post