NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 01 May 2024

    Cyber Security News
    1
    1
    30
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Delta Electronics CNCSoft-G2 DOPSoft
        "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-121-01

      • Exploiting a Classic Deserialization Vulnerability In Siemens SIMATIC Energy Manager
        "Even though many think deserialization vulnerabilities are a thing of the past, we still see them pop-up every now and then, affecting popular applications. These vulnerabilities stem from the insecure process of object serialization/deserialization—the process of converting objects from their in-memory representation to a binary format that can be transferred remotely (and the opposite for deserialization). However, if a server does not correctly limit the types of classes users can create during the deserialization process, it is possible to exploit this into a full-pledged remote code execution (RCE) vulnerability."
        https://claroty.com/team82/research/exploiting-a-classic-deserialization-vulnerability-in-siemens-simatic-energy-manager
        https://www.bankinfosecurity.com/patched-deserialization-flaw-in-siemens-product-allows-rce-a-24980

      New Tooling
      • Tracecat: Open-Source SOAR
        "Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams."
        https://www.helpnetsecurity.com/2024/04/30/tracecat-open-source-automation-platform-soar/
        https://github.com/TracecatHQ/tracecat
      Malware

      • JFrog Research Discovers Coordinated Attacks On Docker Hub That Planted Millions Of Malicious Repositories
        "As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog’s security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats."
        https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
        https://www.bleepingcomputer.com/news/security/millions-of-docker-repos-found-pushing-malware-phishing-sites/
        https://thehackernews.com/2024/04/millions-of-malicious-imageless.html
        https://www.darkreading.com/cyber-risk/attackers-planted-millions-of-imageless-repositories-on-docker-hub
        https://www.infosecurity-magazine.com/news/malicious-containers-found-docker/
        https://www.securityweek.com/docker-hub-users-targeted-with-imageless-malicious-repositories/

      • New Latrodectus Malware Attacks Use Microsoft, Cloudflare Themes
        "Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. Latrodectus (aka Unidentified 111 and IceNova) is an increasingly distributed Windows malware downloader first discovered by Walmart's security team and later analyzed by ProofPoint and Team Cymru that acts as a backdoor, downloading additional EXE and DLL payloads or executing commands."
        https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-cloudflare-themes/

      • Playing Possum: What's The Wpeeper Backdoor Up To?
        "On April 18, 2024, XLab's threat hunting system detected an ELF file with zero detections on VirusTotal being distributed through two different domains. One of the domains was marked as malicious by three security firms, while the other was recently registered and had no detections, drawing our attention. Upon analysis, we confirmed that this ELF was malware targeting Android systems, utilizing compromised WordPress sites as relay C2 servers, and we named it Wpeeper."
        https://blog.xlab.qianxin.com/playing-possum-whats-the-wpeeper-backdoor-up-to/
        https://www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/

      Breaches/Hacks/Leaks

      • Philadelphia Inquirer: Data Of Over 25,000 People Stolen In 2023 Breach
        "Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. The Inquirer is Philadelphia's largest newspaper by circulation and has won 20 Pulitzer Prizes since it was founded in 1829. It's also the third-longest operating daily newspaper in the United States."
        https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/

      • Change Healthcare Hacked Using Stolen Citrix Account With No MFA
        "UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. This was revealed in UnitedHealth CEO Andrew Witty's written testimony published ahead of a House Energy and Commerce subcommittee hearing scheduled for tomorrow."
        https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/
        https://www.itnews.com.au/news/unitedhealth-hackers-used-citrix-vulnerability-to-break-in-607552
        https://therecord.media/unitedhealth-group-change-healthcare-ransomware-congress
        https://www.theregister.com/2024/04/30/unitedhealth_ceo_ransom/

      General News

      • Triangulation Fraud: The Costly Scam Hitting Online Retailers
        "In this Help Net Security interview, Mike Lemberger, Visa’s SVP, Chief Risk Officer, North America, discusses the severe financial losses resulting from triangulation fraud, estimating monthly losses to range from $660 million to $1 billion among merchants."
        https://www.helpnetsecurity.com/2024/04/30/mike-lemberger-visa-triangulation-fraud-schemes/

      • Security Analysts Believe More Than Half Of Tasks Could Be Automated
        "Security industry leaders believe that AI and automation technologies are critical to addressing the complexities of modern security operations, according to Anomali."
        https://www.helpnetsecurity.com/2024/04/30/ai-automation-technologies-complexities/

      • Ransom Payments Surge By 500% To An Average Of $2m
        "Average ransom payments surged by 500% in the past year to reach $2m per payment, according to Sophos’ The State of Ransomware 2024 report. This compares to an average payment of $400,000 calculated by Sophos in its 2023 study, demonstrating that ransomware operators are seeking increasingly large payoffs from victims. Nearly two thirds (63%) of ransom demands made in the past year were $1m or more, with 30% of demands demanding over $5m."
        https://www.infosecurity-magazine.com/news/ransom-payments-surge-500/

      • Q1 Ransomware Report: Ransomware Groups Don’t Die, They Multiply
        "Despite a record-breaking and tumultuous 2023, the early months of 2024 have not brought respite. With 1,075 leak site victims reported in Q1, this quarter has seen a 21% increase over the same period last year and is the most active first quarter ever recorded on ransomware leak sites. This rise is particularly notable given the expected seasonal downturn and the recent high-profile disruptions of leading groups such as LockBit and BlackCat. Our analysis demonstrates that while the public brands of ransomware groups may change in the face of crackdowns, the threat, like the mythical Hydra with its multiplying heads, only redistributes and continues to grow. Our Hercules has yet to appear."
        https://www.corvusinsurance.com/blog/q1-ransomware-report-ransomware-groups-dont-die-they-multiply
        https://www.infosecurity-magazine.com/news/ransomware-rising-takedowns-corvus/

      • Managed Detection And Response In 2023
        "Alongside other security solutions, we provide Kaspersky Managed Detection and Response (MDR) to organizations worldwide, delivering expert monitoring and incident response 24/7. The task involves collecting telemetry for analysis by both machine-learning (ML) technologies and our dedicated Security Operations Center (SOC). On detection of a security incident, SOC puts forward a response plan, which, if approved by the customer, is actioned at the endpoint protection level. In addition, our experts give recommendations on organizing incident investigation and response."
        https://securelist.com/kaspersky-mdr-report-2023/112411/
        https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2024/04/27161250/Kaspersky_MDR_Report_Eng_2023.pdf

      • Why Using Microsoft Copilot Could Amplify Existing Data Quality And Privacy Issues
        "According to analyst firm Gartner, some 55% of organizations have implemented or are piloting Generative AI. For many of these, Copilot for Microsoft 365 is an obvious starting point given that it’s an easy add-on to the services millions of organizations already use such as M365 and Office365. As well as the ease of purchase there’s also a simplified implementation given that Copilot has plenty of data that it can be trained to work with which is already used by Microsoft services."
        https://www.securityweek.com/why-using-microsoft-copilot-could-amplify-existing-data-quality-and-privacy-issues/

      • Vintage Bugs: Data Shows Old Vulnerabilities Still Menace Small Businesses
        "When you hear phrases like “increasingly sophisticated cyber threats” or “the ever-evolving cyber threat landscape”, it’s easy to glean from that that the most pressing, dangerous threats must be unknown threats. And for many, this may be true. Unknown threats are dangerous because they’re new. We haven’t had years to study these threats, the way they’re used or the best defenses to combat them. But what if I told you that – for small businesses at least – the most likely attacks used against them are several years old or older?"
        https://blog.sonicwall.com/en-us/2024/04/data-shows-old-vulnerabilities-still-menace-small-businesses/

      • Hacker Who Blackmailed Psychotherapy Patients Sentenced To Six Years In Prison
        "Aleksanteri Kivimäki, the hacker charged with more than 30,000 counts of attempted extortion after breaching a psychotherapy center, has been sentenced to more than six years in prison, according to local media reports. Formerly known by the first name Julius and the hacker handle Zeekill, Kivimäki, now 26, was notorious for his previous participation in the adolescent cyber griefing collective Lizard Squad."
        https://therecord.media/julius-kivimaki-hacker-finland-psychotherapy-center-sentencing
        https://www.securityweek.com/finnish-hacker-gets-prison-for-accessing-thousands-of-psychotherapy-records-and-demanding-ransoms/
        https://securityaffairs.com/162571/cyber-crime/finnish-hacker-sentenced-6-years-prison.html
        https://www.theregister.com/2024/04/30/finnish_psychotherapy_center_crook_sentenced/
        https://www.bbc.com/news/articles/c97znd00q7mo

      อ้างอิง
      Electronic Transactions Development Agency(ETDA       53d5cfdf-01b5-440f-a745-757b68abf672-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post