NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 January 2025

    Cyber Security News
    1
    1
    73
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • 183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report
        "Fortified Health Security (Fortified), a Best in KLAS managed security services provider (MSSP) specializing in healthcare cybersecurity, today released the 2025 Horizon Report, a semiannual publication on cybersecurity news, trends, guidance and solutions for healthcare organizations. Analyzing data from the Office for Civil Rights (OCR), the Horizon Report has served as a free resource for healthcare professionals since 2017. The 2025 edition includes contributions from experts—including internationally recognized cybersecurity expert Paul Connelly—on solutions for some of the acute cybersecurity issues facing healthcare organizations today."
        https://www.darkreading.com/cyberattacks-data-breaches/183m-patient-records-exposed-fortified-health-security-releases-2025-healthcare-cybersecurity-report
        https://fortifiedhealthsecurity.com/horizon-reports/
      • 2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
        "In 2024, organizations informed the US government about more than 580 healthcare data breaches affecting a total of nearly 180 million user records. SecurityWeek has conducted an analysis of the healthcare breach database maintained by the US Department of Health and Human Services Office for Civil Rights (HHS OCR), which stores information on incidents impacting the protected health information of over 500 individuals. The OCR was informed about 585 incidents between January 1, 2024, and December 31, 2024. Adding up the numbers from each breach suggests that roughly 180 million people are impacted."
        https://www.securityweek.com/2024-us-healthcare-data-breaches-585-incidents-180-million-compromised-user-records/

      Industrial Sector

      • CISA Releases Twelve Industrial Control Systems Advisories
        "CISA released twelve Industrial Control Systems (ICS) advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS."
        https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-releases-twelve-industrial-control-systems-advisories

      Vulnerabilities

      • W3 Total Cache <= 2.8.1 - Authenticated (Subscriber+) Missing Authorization To Server-Side Request Forgery
        "The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications."
        https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery
        https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/
      • Under The Cloak Of UEFI Secure Boot: Introducing CVE-2024-7344
        "ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system."
        https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
        https://www.bleepingcomputer.com/news/security/new-uefi-secure-boot-flaw-exposes-systems-to-bootkits-patch-now/
        https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html
        https://www.darkreading.com/vulnerabilities-threats/trusted-apps-bug-uefi-boot-process
        https://www.bankinfosecurity.com/researchers-spot-serious-uefi-secure-boot-bypass-flaw-a-27306
        https://www.helpnetsecurity.com/2025/01/16/uefi-secure-boot-bypass-vulnerability-cve-2024-7344/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-adds-one-known-exploited-vulnerability-catalog
      • If You Think You Blocked NTLMv1 In Your Org, Think Again
        "News: Silverfort’s research team discovered a new way for attackers to use NTLMv1 in attacks, despite efforts to disable it. Using a misconfiguration in on-prem applications, attackers can bypass the Group Policy designed to stop NTLMv1 authentications. Why it matters: 64% of Active Directory user accounts regularly authenticate with NTLM, despite its known weaknesses and being deprecated by Microsoft. Many organizations attempted to solve the NTLMv1 problem with an Active Directory Group Policy. However, we discovered that this policy is flawed and allows NLTMv1 authentications to persist, creating a false sense of security and leaving organizations vulnerable. Attackers know NTLMv1 is a weak authentication protocol and actively seek it out as a method to move laterally or escalate privileges."
        https://www.silverfort.com/blog/ntlmv1-bypass-in-active-directory-technical-deep-dive/
        https://thehackernews.com/2025/01/researchers-find-exploit-allowing.html
      • CISA Warns Of Exploited Fortinet Bugs As Microsoft Issues Its Biggest Patch Tuesday In Years
        "The federal government and multiple cybersecurity firms warned of a zero-day vulnerability in FortiGate firewalls that hackers are actively exploiting. In a sign of the bug’s severity, the Cybersecurity and Infrastructure Security Agency (CISA) ordered all federal civilian agencies to patch the vulnerability by January 21 — one of the shortest deadlines it has ever issued. Fortinet said in an advisory that the bug is being exploited in the wild but did not say how many customers have been impacted. The company said threat actors attacking organizations with the vulnerability are creating administrative accounts on targeted devices and changing settings related to firewall policies."
        https://therecord.media/cisa-warns-fortinet-bugs-microsoft-patch-tuesday

      Malware

      • DigitalPulse Proxyware Being Distributed Through Ad Pages
        "AhnLab SEcurity intelligence Center (ASEC) has recently confirmed that proxyware is being installed through advertisement pages of freeware software sites. The proxyware that is ultimately installed is signed with a Netlink Connect certificate, but according to the AhnLab analysis, it is identical to the DigitalPulse proxyware that was abused in past Proxyjacking attack campaigns. While installing legitimate programs, users may install a disguised program called AutoClicker through ad pages and ultimately have their network bandwidth involuntarily hijacked by the installed proxyware."
        https://asec.ahnlab.com/en/85798/
      • RansomHub Affiliate Leverages Python-Based Backdoor
        "In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024."
        https://www.guidepointsecurity.com/blog/ransomhub-affiliate-leverage-python-based-backdoor/
        https://thehackernews.com/2025/01/python-based-malware-powers-ransomhub.html
      • Cyber Threats Amid Disaster: California Fires Spark New Phishing Scams
        "As California grapples with devastating wildfires, communities rally to protect lives and property. Unfortunately, these disasters also serve as fertile ground for cybercriminals seeking to exploit chaos and uncertainty. The Veriti Research team has identified alarming trends in phishing scams linked to the ongoing disaster, highlighting the need for heightened cybersecurity awareness during these vulnerable times."
        https://veriti.ai/blog/california-fires-spark-new-phishing-scams/
        https://hackread.com/scammers-exploit-california-wildfires-fire-relief-services/
      • Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations
        "Our research team has identified a series of attacks targeting organizations in Chinese-speaking regions like Hong Kong, Taiwan, and China itself. These attacks utilize a multi-stage loader—that we named PNGPlug—to deliver the ValleyRAT payload. A similar attack chain is documented in this report, which sheds light on the infection vector and the method of delivering the malicious files. According to the report, the attack begins with a phishing webpage designed to encourage victims to download a malicious MSI (Microsoft Installer) package disguised as legitimate software."
        https://intezer.com/blog/malware-analysis/weaponized-software-targets-chinese/
      • New Star Blizzard Spear-Phishing Campaign Targets WhatsApp Accounts
        "In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group. This is the first time we have identified a shift in Star Blizzard’s longstanding tactics, techniques, and procedures (TTPs) to leverage a new access vector. Star Blizzard’s targets are most commonly related to government or diplomacy (both incumbent and former position holders), defense policy or international relations researchers whose work touches on Russia, and sources of assistance to Ukraine related to the war with Russia."
        https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
        https://thehackernews.com/2025/01/russian-star-blizzard-shifts-tactics-to.html
        https://cyberscoop.com/star-blizzard-fsb-whatsapp-microsoft-threat-intel/
        https://www.securityweek.com/russian-cyberspies-caught-spear-phishing-with-qr-codes-whatsapp-groups/
        https://www.theregister.com/2025/01/16/russia_star_blizzard_whatsapp/

      Breaches/Hacks/Leaks

      • Wolf Haldenstein Law Firm Says 3.5 Million Impacted By Data Breach
        "Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. The incident took place on December 13, 2023, but the firm says data analysis and digital forensic complications severely delayed the completion of its investigation. Last Friday, Wolf Haldenstein published a data breach notice on its website, while an entry on Maine AG's data breach portal sets the total number of persons affected by it to 3,445,537."
        https://www.bleepingcomputer.com/news/security/wolf-haldenstein-law-firm-says-35-million-impacted-by-data-breach/
        https://securityaffairs.com/173150/data-breach/us-law-firm-wolf-haldenstein-data-breach.html
        https://www.bankinfosecurity.com/law-office-wolf-haldenstein-says-hack-affected-34-million-a-27314
      • Clop Ransomware Exploits Cleo File Transfer Flaw: Dozens Of Claims, Disputed Breaches
        "The Clop ransomware group added 59 new companies to its leak site, the gain claims to have breached them by exploiting a vulnerability ​​in Cleo file transfer products. “We have data of many companies who use cleo. Our teams are reaching and calling your company and provide your special secret chat. If you are not sure if we have your data. emails us here” reads the Cl0p announcement published on its Tor leak site."
        https://securityaffairs.com/173135/cyber-crime/clop-ransomware-gang-claims-hack-of-cleo-file-transfer-customers.html
      • Infoseccer: Private Security Biz Let Guard Down, Exposed 120K+ Files
        "A London-based private security company allegedly left more than 120,000 files available online via an unsecured server, an infoseccer told The Register. The independent security researcher claimed they had found 124,035 exposed files back in October, totalling 46.48 GB in size and containing details such as PII, payroll data, job application forms, TrustID validated documents, Security Industry Authority (SIA) cards, and more."
        https://www.theregister.com/2025/01/16/private_security_biz_lets_guard/

      General News

      • NoName057 Interview «We Can Access Any System In The World.»
        "NoName057 is a pro-Russian hacktivist group active since March 2022, known for carrying out distributed denial-of-service (DDoS) attacks against countries that support Ukraine, especially NATO members. Rafa López, CTO of Miólnir and a member of FIRST, has established contact with the group NoName057 and conducted an interview to gain insight into the motivations behind their actions. This is a unique and exclusive interview, unprecedented in the sector, as no professional has previously managed to interview a threat actor as significant as NoName057."
        https://miolnir.es/noname057-interview/
      • How CISOs Can Elevate Cybersecurity In Boardroom Discussions
        "Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies with business priorities. He also discusses common misconceptions that boards have about cybersecurity and offers practical advice on building lasting relationships with executives to ensure cybersecurity stays front and center in ongoing business discussions."
        https://www.helpnetsecurity.com/2025/01/16/ross-young-team8-cybersecurity-boardroom-discussions/
      • A Humble Proposal: The InfoSec CIA Triad Should Be Expanded
        "The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents. In this article, I will analyze the CIA triad, point out its deficiencies, and propose to standardize the terminology involved and expand it by introducing two additional elements."
        https://www.helpnetsecurity.com/2025/01/16/infosec-cia-triad/
      • Critical Vulnerabilities Remain Unresolved Due To Prioritization Gaps
        "Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing them to manage overwhelming volumes of risk with tools and processes that are no longer adequate."
        https://www.helpnetsecurity.com/2025/01/16/vulnerability-management-complexity/
      • CISA And Partners Release Call To Action To Close The National Software Understanding Gap
        "Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action."
        https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-and-partners-release-call-action-close-national-software-understanding-gap
        https://www.cisa.gov/resources-tools/resources/closing-software-understanding-gap
      • Treasury Targets IT Worker Network Generating Revenue For DPRK Weapons Programs
        "Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning two individuals and four entities for generating illicit revenue for the Democratic People’s Republic of Korea (DPRK) government. The DPRK dispatches thousands of highly skilled information technology (IT) workers around the world with orders to generate revenue for the DPRK government to circumvent U.S. and United Nations (UN) sanctions. These IT workers obfuscate their identities and locations to fraudulently obtain freelance employment contracts from clients around the world for IT projects, such as software and mobile application development."
        https://home.treasury.gov/news/press-releases/jy2790
        https://www.bleepingcomputer.com/news/security/us-cracks-down-on-north-korean-it-worker-army-with-more-sanctions/
        https://therecord.media/us-issues-sanctions-laos-china-north-korean-worker-scheme
        https://www.bankinfosecurity.com/us-sanctions-north-korean-remote-worker-front-companies-a-27310
        https://cyberscoop.com/treasury-sanctions-north-korea-over-remote-it-worker-schemes/
      • FunkSec: The Rising Yet Controversial Ransomware Threat Actor Dominating December 2024
        "As 2024 ended, a new name surged to the top of the cyber threat charts: FunkSec. Emerging as a leading ransomware-as-a-service (RaaS) actor, FunkSec made waves in December by publishing over 85 victim profiles on its Data Leak Site (DLS). However, beneath its apparent dominance lies a more complex and controversial story, as uncovered in Check Point Research’s (CPR) Global Threat Index for December 2024."
        https://blog.checkpoint.com/research/funksec-the-rising-yet-controversial-ransomware-threat-actor-dominating-december-2024/
      • Strategic Approaches To Threat Detection, Investigation & Response
        "The digital era has revolutionized how businesses operate, bringing unprecedented opportunities and challenges. Among the most pressing challenges are the ever-growing and sophisticated cyber threats. From crippling ransomware attacks to insidious phishing campaigns, organizations face a mounting need to defend their digital assets effectively."
        https://www.darkreading.com/vulnerabilities-threats/strategic-approaches-threat-detection-investigation-response
      • Risk, Reputational Scores Enjoy Mixed Success As Security Tools
        "As companies seek to improve their cybersecurity postures, they are increasingly using a variety of metrics, scoring systems, and reputational rankings to measure their efforts. But in many cases, businesses are asking too much of the various systems that attempt to measure security. The old saw says that you need to measure something to manage it, but many systems that have flourished — from the Common Vulnerability Scoring System (CVSS) to organizational security posture scoring and ratings for software development projects — are sometimes only successful at expressing measurable risk."
        https://www.darkreading.com/cyber-risk/risk-reputational-scoring-services-enjoy-mixed-success
      • The Reality Of Deception: Real Estate Scams Uncovered In The Middle East
        "Real estate scams are growing in popularity due to the trust people place in online listings and the urgency often involved in securing a home. With the expansion of digital platforms for property searches, users are overlooking essential verification steps in their rush to close a deal, making them easy targets. Scammers usually target specific groups like expatriates or people relocating to new cities, as they tend to be less familiar with local practices and may skip critical background checks. The ease of online transactions, the anonymity provided by messaging apps, and the quick transfer of funds make it easier for fraudsters to exploit their victims."
        https://www.group-ib.com/blog/the-reality-of-deception-real-estate-scams/
        https://www.infosecurity-magazine.com/news/middle-east-real-estate-fraud-grows/
      • HP Wolf Security Threat Insights Report: January 2025
        "Welcome to the January 2025 edition of the HP Wolf Security Threat Insights Report. In the report, we review notable malware campaigns, trends and techniques identified from HP Wolf Security’s customer telemetry in calendar Q3 2024."
        https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-january-2025/
        https://threatresearch.ext.hp.com/wp-content/uploads/2025/01/HP_Wolf_Security_Threat_Insights_Report_January_2025.pdf
        https://thehackernews.com/2025/01/hackers-hide-malware-in-images-to.html
        https://www.infosecurity-magazine.com/news/hackers-image-malware-genai-evade/
      • Cyber Insights 2025: Identities
        "Strictly speaking, the identity is the entity, while credentials are proof of the identity. In practice, there is little distinction between the two terms and their use, and we will use them indiscriminately in our discussion here. The foundational purpose of security is to ensure that only authorized and authenticated identities should access computers, their functions and their data. It is not a stretch to suggest that secure computing is based on secure identities, and that failure to secure identities is the root cause of most computer compromise."
        https://www.securityweek.com/cyber-insights-2025-identities/
      • Cybersecurity And AI: What Does 2025 Have In Store?
        "AI has supercharged the cybersecurity arms race over the past year. And the coming 12 months will provide no respite. This has major implications for corporate cybersecurity teams and their employers, as well as everyday web users. While AI technology helps defenders to improve security, malicious actors are wasting no time in tapping into AI-powered tools, so we can expect an uptick in scams, social engineering, account fraud, disinformation and other threats. Here’s what you can expect from 2025."
        https://www.welivesecurity.com/en/cybersecurity/cybersecurity-ai-what-2025-have-store/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 6e2b7b6a-4c80-4079-b867-45525b65bfbd-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post