NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 29 April 2024

    Cyber Security News
    2
    1
    52
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Financial Sector
      • PCI Launches Payment Card Cybersecurity Effort In The Middle East
        "The Payment Card Industry (PCI) Security Standards Council plans to extend its role to the Middle East, as the volume of card-based payments continues to climb in the region and, along with it, payment-card fraud."
        https://www.darkreading.com/cyber-risk/pci-launches-payment-card-cybersecurity-effort-in-middle-east
      New Tooling
      • LSA Whisperer: Open-Source Tools For Interacting With Authentication Packages
        "LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages and cloudap’s AzureAD plugin. Partial or unstable support is provided for livessp, negoexts, and the security package manager."
        https://www.helpnetsecurity.com/2024/04/26/lsa-whisperer-open-source-tools-for-interacting-with-authentication-packages/
        https://github.com/EvanMcBroom/lsa-whisperer
      Vulnerabilities

      • GitLab XSS Via Autocomplete Results
        "The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published an advisory on this vulnerability affecting GitLab CE/EE in all versions starting from 16.7 to 16.8.6, 16.9 before 16.9.4 and 16.10 before 16.10.2. Identified as CVE-2024-2279, it allows remote threat actors to perform arbitrary actions on behalf of victims, earning a high CVSS score of 8.7."
        https://blog.sonicwall.com/en-us/2024/04/gitlab-xss-via-autocomplete-results/

      • Sifting Through The Spines: Identifying (potential) Cactus Ransomware Victims
        "This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch special interest group Cyberveilig Nederland"
        https://blog.fox-it.com/2024/04/25/sifting-through-the-spines-identifying-potential-cactus-ransomware-victims/
        https://www.darkreading.com/cyber-risk/more-than-3-000-qlik-sense-servers-vuln-to-cactus-ransomware-attacks

      Malware

      • Analysis Of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors
        "The Securonix Threat Research Team has been monitoring a new ongoing social engineering attack campaign (tracked by STR as DEV#POPPER) likely associated with North Korean threat actors who are targeting developers using fake interviews to deliver a Python-based RAT."
        https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/
        https://www.bleepingcomputer.com/news/security/fake-job-interviews-target-developers-with-new-python-backdoor/
        https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html

      • Uncorking Old Wine: Zero-Day From 2017 + Cobalt Strike Loader In Unholy Alliance
        "Deep Instinct Threat Lab observed a malicious PPSX file uploaded from Ukraine to VirusTotal at the end of 2023. The file name suggests that it was shared via the Signal application; however, this doesn’t necessarily mean the file was initially sent to the victim via the application."
        https://www.deepinstinct.com/blog/uncorking-old-wine-zero-day-cobalt-strike-loader
        https://www.darkreading.com/cyberattacks-data-breaches/military-tank-manual-zero-day-ukraine-cyberattack
        https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html
        https://www.hackread.com/microsoft-office-0-day-exploited-cobalt-strike/
        https://securityaffairs.com/162420/hacking/ukraine-campaign-old-ms-office-bug.html

      • FBI: Fraudsters Using Fake Online Dating Verification Apps To Scam Lovers
        "Cybercriminals are taking advantage of people’s fears about online dating by getting them to download fake “verification” apps that allow them to steal information and money. The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years."
        https://therecord.media/fbi-dating-app-verification-scams-online
        https://www.ic3.gov/Media/Y2024/PSA240426

      • DDoS Attacks Continue, Post-Election, Against Russian Independent Media Site Meduza
        "The Russian independent news website Meduza is facing repeated attempts to disrupt its digital infrastructure, researchers have found. In March, Meduza said that it became the target of "the most intense cyber campaign" in its history, preceding the presidential election in Russia during the same month. The organization attributed the distributed denial-of-service (DDoS) incident to the Russian authorities."
        https://therecord.media/ddos-attacks-meduza-post-election

      • Okta Warns Of "unprecedented" Credential Stuffing Attacks On Customers
        "Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. Threat actors use credential stuffing to compromise user accounts by trying out in an automated manner lists of usernames and passwords typically purchased from cybercriminals."
        https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/
        https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
        https://securityaffairs.com/162464/hacking/okta-warned-spike-credential-stuffing-attacks.html

      Breaches/Hacks/Leaks

      • Health Analytics Firm Reports Breach Affecting 1.1 Million
        "A Maine consulting firm with a medical data analytics business must notify more than 1 million individuals that hackers stole their information from company servers. Berry, Dunn, McNeil & Parker on Thursday submitted a data breach notification to the Maine attorney general's office stating that it is notifying 1.1 million U.S. residents that such information as their name, address and driver's license number or non-driver identification card number was exposed in the data breach."
        https://www.bankinfosecurity.com/health-analytics-firm-reports-breach-affecting-11-million-a-24949

      • Cyberattack Hits Georgia County At Center Of Voting Software Breach
        "The computer infrastructure of a Georgia county at the center of an effort to falsely claim that the state’s 2020 presidential election was marked by fraud was struck by a cyberattack earlier this month that prompted state officials to sever Coffee County’s access to statewide election systems."
        https://cyberscoop.com/cyberattack-hits-georgia-county-at-center-of-voting-software-breach/

      • Hackers Accessed More Than 19,000 Accounts On California State Welfare Platform
        "More than 19,000 online accounts on a California state platform for welfare programs may have been accessed by hackers for nearly a year. Officials at the California Statewide Automated Welfare System filed breach notification documents with state regulators earlier this month, warning participants in the BenefitsCal program about an intruder."
        https://therecord.media/hackers-breached-california-state-welfare
        https://securityaffairs.com/162408/data-breach/california-state-welfare-platform-accounts-compromise.html

      • ICICI Bank Exposed Credit Card Data Of 17000 Customers
        "ICICI Bank, a major private bank in India, mistakenly exposed the sensitive data of thousands of new credit cards to unintended recipients."
        https://securityaffairs.com/162479/security/icici-bank-technical-glitch.html

      • Hackers Claim To Have Infiltrated Belarus’ Main Security Service
        "A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees of the organization, which still goes under its Soviet name."
        https://www.securityweek.com/hackers-claim-to-have-infiltrated-belarus-main-security-service/

      General News

      • Most People Still Rely On Memory Or Pen And Paper For Password Management
        "Bitwarden surveyed 2,400 individuals from the US, UK, Australia, France, Germany, and Japan to investigate current user password practices."
        https://www.helpnetsecurity.com/2024/04/26/current-user-password-practices/

      • 5 Ways Cybercriminals Are Using AI: Content Localization
        "Over the last several weeks we have been exploring artificial intelligence (AI) and how threat actors use it to elevate their attacks. This post takes a closer look at how criminals can improve their cyberattacks through AI-enhanced content localization."
        https://blog.barracuda.com/2024/04/25/5-Ways-cybercriminals-are-using-AI-Content-localization

      • Four Trends To Top The CISO’s Packed Agenda
        "Ever get nostalgic for the good old days of cybersecurity protection? When attacks were for the most part amateurish and infrequent, and perhaps more in the nature of an occasional nuisance rather than a daily existential threat?"
        https://www.theregister.com/2024/04/26/four_trends_to_top_the/
        https://www.sans.org/mlp/ciso-primer-2024/

      • Minimum Viable Compliance: What You Should Care About And Why
        "In the IT security space, we have to care about everything. Any issue, no matter how small, can become the vehicle for remote code execution or, at the very least, a landing point for threat actors to live off the land and turn our own tools against us. It's not surprising that IT security staff face burnout and stress."
        https://www.darkreading.com/cyber-risk/minimum-viable-compliance-what-you-should-care-about-and-why

      • Cryptocurrencies And Cybercrime: A Critical Intermingling
        "Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector."
        https://securityaffairs.com/162358/cyber-crime/cryptocurrencies-and-cybercrime-intermingling.html

      • Japanese Police Create Fake Support Scam Payment Cards To Warn Victims
        "Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism."
        https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       ad797eb4-1c72-4f25-afa3-ac9d7cd0792b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post