NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 เมษายน 2567

    Cyber Security News
    2
    1
    49
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      New Tooling

      • Cloud Console Cartographer: Open-Source Tool Helps Security Teams Transcribe Log Activity
        "Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment."
        https://www.helpnetsecurity.com/2024/04/22/cloud-console-cartographer-open-source-tool/

      Vulnerabilities

      • GitLab Affected By GitHub-Style CDN Flaw Allowing Malware Hosting
        "BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner."
        https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/

      • Dependency Confusion Vulnerability Found In An Archived Apache Project
        "The Legit research team recently discovered a dependency confusion vulnerability in an archived Apache project. This discovery highlights the need to consider third-party projects and dependencies as potential weak links in the software development factory, especially archived open-source projects that may not receive regular updates or security patches."
        Priority: 3 - Important
        Relevance: General
        https://www.legitsecurity.com/blog/dependency-confusion-vulnerability-found-in-an-archived-apache-project
        https://www.infosecurity-magazine.com/news/dependency-confusion-flaw-found/

      Malware

      • Analyzing Forest Blizzard’s Custom Post-Compromise Tool For Exploiting CVE-2022-38028 To Obtain Credentials
        "Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions."
        https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
        https://www.bleepingcomputer.com/news/security/microsoft-russian-apt28-hackers-exploit-windows-flaw-reported-by-nsa-using-gooseegg-tool/
        https://therecord.media/russia-gru-malware-gooseegg-microsoft
        https://securityaffairs.com/162154/apt/apt28-gooseegg-tool-win-bug.html
        https://www.theregister.com/2024/04/23/russia_fancy_bear_goose_egg/

      • Russian Sandworm Hackers Targeted 20 Critical Orgs In Ukraine
        "Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). Also known as BlackEnergy, Seashell Blizzard, Voodoo Bear, and APT44, the hackers are believed to be associated with Russia's Main Directorate of the General Staff of the Armed Forces (the GRU), carrying out cyberespionage and destructive attacks on various targets."
        https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-targeted-20-critical-orgs-in-ukraine/
        https://www.bankinfosecurity.com/report-russian-hackers-targeting-ukrainian-soldiers-on-apps-a-24919

      • ToddyCat Is Making Holes In Your Infrastructure
        "We continue covering the activities of the APT group ToddyCat. In our previous article, we described tools for collecting and exfiltrating files (LoFiSe and PcExter). This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it. ToddyCat is an APT group that predominantly targets governmental organizations, some of them defense related, located in the Asia-Pacific region. One of the group’s main goals is to steal sensitive information from hosts."
        https://securelist.com/toddycat-traffic-tunneling-data-extraction-tools/112443/
        https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html
        https://www.darkreading.com/cyber-risk/-toddycat-apt-is-stealing-data-on-an-industrial-scale-

      • “Buy Toncoin And Invite Your Friends”: How Scammers Promise Big Earnings With Cryptocurrency
        "Making money with cryptocurrency is imagined by many to be a sinecure: one lucky trade and you’re set for life. While theoretically possible, just like winning the lottery, it only happens to an incredibly small number of people. “Getting rich with crypto” is more of a meme than reality. Yet self-proclaimed crypto-millionaires flaunt their Lamborghinis, stacks of cash, and watches the price of an apartment — fueling the dream. However, those cars are often rented, the “money” from a prank store, and the watches cheap knock-offs."
        https://www.kaspersky.com/blog/toncoin-cryptocurrency-scam/51042/
        https://www.infosecurity-magazine.com/news/telegram-exploited-toncoin-scam/

      • The Dark Side Of EDR: Repurpose EDR As An Offensive Tool
        "See how a SafeBreach Labs researcher bypassed the anti-tampering mechanism of a leading EDR to execute malicious code within one of the EDR’s own processes and altered the mechanism to gain unique, persistent, and fully undetectable capabilities."
        https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
        https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
        https://www.securityweek.com/research-shows-how-attackers-can-abuse-edr-security-products/

      • HydraCrypt Ransomware Targets Brazil And Charges $5,000 For Decryption
        "The SonicWall Capture Labs threat research team has recently been tracking ransomware known as HydraCrypt. HydraCrypt originates from the CryptBoss ransomware family and was first seen in early 2016. The sample that we analyzed demands $5,000 in Bitcoin for file retrieval, but no contact information is given to ensure this or to negotiate a price. This variant of HydraCrypt is aimed at Brazil and claims to have successfully attacked many Brazilian firms."
        https://blog.sonicwall.com/en-us/2024/04/hydracrypt-ransomware-targets-brazil-and-charges-5000-for-decryption/

      Breaches/Hacks/Leaks

      • Synlab Italia Suspends Operations Following Ransomware Attack
        "Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. Part of the Synlab group that is present in 30 countries worldwide, the Synlab Italia network operates 380 labs and medical centers across Italy. It has an annual turnover of $426 million and carries out 35 million analyses every year."
        https://www.bleepingcomputer.com/news/security/synlab-italia-suspends-operations-following-ransomware-attack/

      • Rural Texas Towns Report Cyberattacks That Caused One Water System To Overflow
        "A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks."
        https://www.securityweek.com/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/

      • Belarusian Hackers Claim To Breach Fertilizer Plant In Retaliation For Support Of Lukashenko Regime
        "Belarusian politically motivated hackers have claimed to attack the country’s largest state-run manufacturer of fertilizers, Grodno Azot, for its alleged involvement in political repression, sanctions evasion, and human rights violations."
        https://therecord.media/belarus-cyber-partisans-fertilizer-hack-lukashenko

      General News

      • How To Optimize Your Bug Bounty Programs
        "In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. He offers advice to organizations, stressing the importance of clear program policies, swift response times, and competitive bounties to attract and retain top bug hunting talent."
        https://www.helpnetsecurity.com/2024/04/22/roy-davis-zoom-bug-bounty-programs/

      • Uncertainty Is The Most Common Driver Of Noncompliance
        "Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner."
        https://www.helpnetsecurity.com/2024/04/22/employee-noncompliance/

      • Zero-Trust Takes Over: 63% Of Orgs Implementing Globally
        "Though organizations are increasingly incorporating zero-trust strategies, for many, these strategies fail to address the entirety of an operation, according to Gartner."
        https://www.darkreading.com/endpoint-security/zero-trust-takes-over-63-percent-of-orgs-implementing-globally

      • Ransomware Double-Dip: Re-Victimization In Cyber Extortion
        "In our dataset of over 11,000 victim organizations that have experienced a Cyber Extortion / Ransomware attack, we noticed that some victims re-occur. Consequently, the question arises why we observe a re-victimization and whether or not this is an actual second attack, an affiliate crossover (meaning an affiliate has gone to another Cyber Extortion operation with the same victim) or stolen data that has been travelling and re-(mis-)used. Either way, for the victims neither is good news."
        https://thehackernews.com/2024/04/ransomware-double-dip-re-victimization.html

      • Germany Arrests Spies Accused Of Snatching 'special Laser' For China
        "Prosecutors in Britain and Germany announced on Monday the arrests of five people, all domestic nationals, suspected of having worked as Chinese spies. The cases in each country are not believed to be directly related. In the United Kingdom, Christopher Berry, 32, and Christopher Cash, 29, were charged with breaching the Official Secrets Act on behalf of China. They will appear in court on Friday."
        https://therecord.media/germany-arrests-spies-lasers-china
        https://www.theregister.com/2024/04/22/germany_arrests_espionage_suspects/

      • Police Warn Partnership With Tech Industry ‘at Risk’ Over End-To-End Encryption
        "The partnership between law enforcement and the technology industry is “at risk” due to end-to-end encryption, warned a joint declaration on Sunday from European police chiefs. Although the company was not named in the statement, it follows social media giant Meta announcing in December that it had begun rolling out the technology as default across “all personal chats and calls on Messenger and Facebook.”"
        https://therecord.media/european-police-end-to-end-encryption-statement

      อ้างอิง

      Electronic Transactions Development Agency(ETDA)
      1d9c67df-c622-4f1c-98e2-44b8fd800db9-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post