NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 January 2025

    Cyber Security News
    1
    1
    351
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Account Compromise And Phishing Top Healthcare Security Incidents
        "The vast majority (84%) of healthcare organizations (HCOs) detected a cyber-attack or intrusion in 2024, with account hijacking and phishing the most common incidents, according to Netwrix. The cybersecurity software vendor polled IT and security professionals working in the sector globally as part of a wider study into hybrid cloud trends. It revealed that certain threats are more likely than others, depending on the IT environment."
        https://www.infosecurity-magazine.com/news/account-compromise-phishing/

      New Tooling

      • Stratoshark: Wireshark For The Cloud – Now Available!
        "Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will feel instantly recognizable for those already acquainted with Wireshark."
        https://www.helpnetsecurity.com/2025/01/22/stratoshark-wireshark-cloud/
        https://stratoshark.org/

      Vulnerabilities

      • Unauthenticated Privilege Escalation Vulnerability In RH – Real Estate Theme
        "This blog post discusses about the findings on the RealHome theme and the plugin that is installed with it Easy Real Estate. Currently there are no known updates to fix this issue so if you are a user of the theme and plugin disabling them temporarily is recommended until the issues are fixed."
        https://patchstack.com/articles/unauthenticated-privilege-escalation-vulnerability-patched-in-real-home-theme/
        https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/
      • Researcher Says ABB Building Control Products Affected By 1,000 Vulnerabilities
        "A researcher claims to have found over 1,000 vulnerabilities in products made by electrification and automation solutions provider ABB, including flaws that can expose facilities to remote hacking. The vendor has released patches. The vulnerabilities were discovered by Gjoko Krstic, who is known for security research aimed at building management and access control systems, in ABB Cylon FLXeon and ABB Cylon Aspect building energy management and control solutions. Krstic told SecurityWeek that he uncovered just over 1,000 vulnerabilities in the Aspect product (including many with ‘critical’ and ‘high’ severity ratings), and 35 security holes in the FLXeon product."
        https://www.securityweek.com/researcher-says-abb-building-control-products-affected-by-1000-vulnerabilities/
      • 48,000+ Internet-Facing Fortinet Firewalls Still Open To Attack
        "Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation."
        https://www.helpnetsecurity.com/2025/01/22/48000-internet-facing-fortinet-firewalls-still-open-to-attack/
      • Cloudflare CDN Flaw Leaks User Location Data, Even Through Secure Chat Apps
        "A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), which could expose a person's general location by simply sending them an image on platforms like Signal and Discord. While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what geographic region a person lives in and monitor their movements. Daniel's finding is particularly concerning for people who are highly concerned about their privacy, like journalists, activists, dissidents, and even cybercriminals."
        https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/
        https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
      • Cisco Warns Of Denial Of Service Flaw With PoC Exploit Code
        "Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflow weakness in the Object Linking and Embedding 2 (OLE2) decryption routine, allowing unauthenticated, remote attackers to trigger a DoS condition on vulnerable devices. If this vulnerability is successfully exploited, it could cause the ClamAV antivirus scanning process to crash, preventing or delaying further scanning operations."
        https://www.bleepingcomputer.com/news/security/cisco-warns-of-denial-of-service-flaw-with-poc-exploit-code/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
      • Invisible Prompt Injection: A Threat To AI Security
        "Large language models (LLMs) are vulnerable to prompt injection, where users can manipulate inputs to redirect the model's behavior, potentially leading to misleading information, guideline violations, or exposure of sensitive data. To illustrate, consider the conversation with an LLM shown below. Why can’t the LLM provide an adequate response to such a simple question? This happens because it is attacked by invisible prompt injection."
        https://www.trendmicro.com/en_us/research/25/a/invisible-prompt-injection-secure-ai.html

      Malware

      • PlushDaemon Compromises Supply Chain Of Korean VPN Service
        "ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN software developed by a South Korean company, where the attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have named SlowStepper – a feature-rich backdoor with a toolkit of more than 30 components."
        https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
        https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html
        https://www.bleepingcomputer.com/news/security/ipany-vpn-breached-in-supply-chain-attack-to-push-custom-malware/
        https://www.darkreading.com/threat-intelligence/chinese-cyberspies-target-south-korean-vpn-supply-chain-attack
        https://therecord.media/china-hacker-group-vpns-backdoor
        https://www.helpnetsecurity.com/2025/01/22/plushdaemon-apt-slowstepper-supply-chain-compromise/
        https://www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/
      • CISA And FBI Release Advisory On How Threat Actors Chained Vulnerabilities In Ivanti Cloud Service Applications
        "CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September 2024."
        https://www.cisa.gov/news-events/alerts/2025/01/22/cisa-and-fbi-release-advisory-how-threat-actors-chained-vulnerabilities-ivanti-cloud-service
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
        https://www.securityweek.com/fbi-cisa-share-details-on-ivanti-exploits-chains-what-network-defenders-need-to-know/
      • Telegram Captcha Tricks You Into Running Malicious PowerShell Scripts
        "Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware. The attack, spotted by vx-underground, is a new variant of the "Click-Fix" tactic that has become very popular among threat actors to distribute malware over the past year. However, instead of being fixes for common errors, this variant pretends to be a captcha or verification system that users must run to join the channel."
        https://www.bleepingcomputer.com/news/security/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/
      • Threat Spotlight: Tycoon 2FA Phishing Kit Updated To Evade Inspection
        "Phishing-as-a-Service (PhaaS) provides attackers with advanced toolsets and templates that enable them to quickly deploy phishing campaigns. The rapid rise and evolution of PhaaS is driving a fundamental change in the phishing ecosystem, making the threat increasingly complex and sophisticated. The developers behind these phishing kits invest considerable resources in their creation and continuous enhancement. According to Barracuda threat analysts, around 30% of the credential attacks seen in 2024 made use of PhaaS, and this is expected to rise to 50% in 2025."
        https://blog.barracuda.com/2025/01/22/threat-spotlight-tycoon-2fa-phishing-kit
        https://www.infosecurity-magazine.com/news/tycoon-2fa-phishing-kit-upgraded/
      • Botnets Never Die: An Analysis Of The Large Scale Botnet AIRASHI
        "In August 2024, XLab observed a premeditated large-scale DDoS attack targeting the distribution platforms of the chinese game Black Myth: Wukong, namely Steam and Perfect World.This attack operation was divided into four waves, with the attackers carefully selecting the peak online hours of gamers in various time zones to launch sustained attacks lasting several hours. They simultaneously targeted hundreds of servers distributed across 13 global regions belonging to Steam and Perfect World, aiming to achieve maximum destructive impact. The botnet involved in this attack operation referred to itself as AISURU at the time. This article will analyze the variants of the AISURU botnet, known as AIRASHI."
        https://blog.xlab.qianxin.com/large-scale-botnet-airashi-en/
        https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html
      • Supply Chain Attack Hits Chrome Extensions, Could Expose Millions
        "Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already. Dozens of Chrome extension developers have fallen victim to the attacks thus far, which aimed to lift API keys, session cookies, and other authentication tokens from websites such as ChatGPT and Facebook for Business."
        https://www.theregister.com/2025/01/22/supply_chain_attack_chrome_extension/

      Breaches/Hacks/Leaks

      • Cyble Finds Thousands Of Security Vendor Credentials On Dark Web
        "Account credentials from some of the largest cybersecurity vendors can be found on the dark web, a result of the growing problem of infostealers, according to an analysis of Cyble threat intelligence data. The credentials – available for as little as $10 in cybercrime marketplaces – span internal accounts and customer access across web and cloud environments, including internal security company enterprise and development environments that could pose substantial risks."
        https://cyble.com/blog/thousands-of-security-vendor-credentials-found-on-dark-web/
        https://www.infosecurity-magazine.com/news/cybersecurity-vendors-credentials/

      General News

      • Acronis CISO On Why Backup Strategies Fail And How To Make Them Resilient
        "In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery processes."
        https://www.helpnetsecurity.com/2025/01/22/gerald-beuchelt-acronis-backup-strategy/
      • Privacy Professionals Feel More Stressed Than Ever
        "Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA. ISACA’s State of Privacy 2025 survey report, reflecting insights from more than 1,600 global professionals worldwide, found that 63% of privacy professionals say their role is more stressful now than it was five years ago, with 34% indicating it is significantly more stressful."
        https://www.helpnetsecurity.com/2025/01/22/privacy-professionals-job-stress/
      • Understanding Microsoft's CVSS v3.1 Ratings And Severity Scores
        "Recently, I looked at Microsoft’s assigned CVSS v3.1 scores for Patch Tuesday vulnerabilities alongside the Microsoft assigned severity ratings. I wanted to revisit these numbers and see just how closely CVSS aligns with Microsoft’s opinion of severity. Disclaimer: I’m aware that CVSS v4.0 exists. However, Microsoft has not yet adopted it, and I wanted an apples-to-apples comparison."
        https://www.tripwire.com/state-of-security/understanding-microsofts-cvss-v31-ratings-and-severity-scores
      • Government Battles Against Tech Could Leave Consumers Less Secure
        "Regulators around the globe are seeing the market power of consumer-facing tech companies and bringing cases against some of the industry’s biggest household names. They portray these legal fights as the conflicts of giants: the companies versus government regulators. Regulators have an essential mission to ensure companies play by the rules, preserving competition and giving people choices within those markets. Companies counter that they need to constantly innovate to create new products that capture consumer attention, while avoiding any perception they’re abusing their size."
        https://cyberscoop.com/federal-government-regulators-tech-companies-consumers/
      • Exploring Q4 2024 Brand Phishing Trends: Microsoft Remains The Top Target As LinkedIn Makes a Comeback
        "Cyber criminals continue to refine their phishing tactics, targeting trusted global brands to deceive users and steal sensitive information. Check Point Research (CPR), the intelligence arm of Check Point® Software, has unveiled its latest findings for Q4 2024, revealing key trends in brand phishing attacks."
        https://blog.checkpoint.com/research/exploring-q4-2024-brand-phishing-trends-microsoft-remains-the-top-target-as-linkedin-makes-a-comeback/
      • Cisco Previews AI Defenses To Cloud Security Platform
        "Cisco is expanding its cloud security platform with new technology that will let developers detect and mitigate vulnerabilities in AI applications and their underlying models. The new Cisco AI Defense offering, introduced Jan. 15, is also designed to prevent data leakage by employees who use services like ChatGPT, Anthropic and Copilot. The networking giant already offers AI Defense to early access customers and plans to release it for general availability in March."
        https://www.darkreading.com/cloud-security/cisco-previews-ai-defense-cloud-security
      • Ransomware Attacks Surge To Record High In December 2024
        "The highest monthly volume of global ransomware attacks ever recorded occurred in December 2024, according to NCC Group’s latest Threat Pulse report. The security firm detected 574 ransomware attacks during the month, which is the highest number since it began monitoring ransomware activity in 2021. NCC Group noted that there is traditionally a drop-off in the ransomware attacks in December, likely due to the holiday season."
        https://www.infosecurity-magazine.com/news/ransomware-record-high-december/
      • Questions Grow Over Whether Baltic Sea Cable Damage Was Sabotage Or Accidental
        "Reports citing anonymous intelligence officials have suggested Western authorities are assessing the recent spate of cable breakages in the Baltic Sea to be accidents rather than acts of sabotage, despite widespread concern to the contrary. These assessments, which were revealed by The Washington Post and Norwegian newspaper Verdens Gang, have prompted strong criticisms from onlookers who argue that the nature of the incidents and their repeat occurrence indicate a pattern of behavior."
        https://therecord.media/finland-eagle-s-tanker-questions-over-alleged-sabotage
      • Hackers Exploit 16 Zero-Days On First Day Of Pwn2Own Automotive 2025
        "On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards. Fuzzware.io is leading the competition after hacking the Autel MaxiCharger and Phoenix Contact CHARX SEC-3150 electric vehicle chargers using a stack-based buffer overflow and an origin validation error bug. This earned them $50,000 and 10 Master of Pwn points. Sina Kheirkhah of Summoning Team also earned $91,750 and 9.25 Master of Pwn points after hacking the Ubiquiti and Phoenix Contact CHARX SEC-3150 EV chargers using a hard-coded cryptographic key bug and a combo of three zero-days (one of them previously known)."
        https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/
        https://securityaffairs.com/173344/hacking/pwn2own-automotive-2025-day-1.html
        https://www.securityweek.com/over-380000-paid-out-on-first-day-of-pwn2own-automotive-2025/
      • Will 2025 See a Rise Of NHI Attacks?
        "A look back at 2024's top non-human identity (NHI) attacks and their year-end explosion sends a worrying signal that 2025 is going to be a tough year for machine-to-machine identity theft. One year ago, NHI burst onto the scene with a big warning flare, when Cloudflare disclosed that NHI mismanagement caused a massive breach, stemming from the failure to rotate an access token and account credentials exposed in the 2023 Okta compromise."
        https://www.darkreading.com/vulnerabilities-threats/will-2025-see-rise-nhi-attacks
      • 73% Of UK Education Sector Hit By Cyber-Attacks In Past Five Years
        "The UK education sector is a key target for cyber-attacks, with 73% of institutions having experienced at least one cyber-attack or breach in the past five years, according to new ESET research. The cybersecurity firm said that a fifth of institutions surveyed reported three or more cyber incidents. This comes as a UK school in Cheshier, Blacon High School, was forced to temporarily close after falling victim to a ransomware attack on January 17."
        https://www.infosecurity-magazine.com/news/schools-hit-by-cyberattacks-in/
      • Cyber Insights 2025: APIs – The Threat Continues
        "APIs are easy to develop, simple to implement, and frequently attacked. They are prime and lucrative targets for cybercriminals. If this is the connected world, it is APIs that provide the connection points. Application programming interfaces allow different applications to share and reuse data. Since both connecting and sharing are increasing, so too is the use of APIs."
        https://www.securityweek.com/cyber-insights-2025-apis-the-threat-continues/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c555c9f2-b4fc-4428-97d3-01e7986fb5fd-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post