NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 9 May 2024

    Cyber Security News
    2
    1
    63
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling
      • Pktstat: Open-Source Ethernet Interface Traffic Monitor
        "Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture."
        https://www.helpnetsecurity.com/2024/05/08/pktstat-open-source-ethernet-interface-traffic-monitor/
      Vulnerabilities

      • Big Vulnerabilities In Next-Gen BIG-IP
        "Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager. These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment."
        https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
        https://www.bleepingcomputer.com/news/security/new-big-ip-next-central-manager-bugs-allow-device-takeover/
        https://www.bankinfosecurity.com/report-undetectable-threats-found-in-f5s-central-manager-a-25152

      • Veeam Fixes RCE Flaw In Backup Management Platform (CVE-2024-29212)
        "Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch."
        https://www.helpnetsecurity.com/2024/05/08/cve-2024-29212/

      • Android Update Patches Critical Vulnerability
        "Google this week announced a fresh batch of security updates for Android, to address a total of 26 vulnerabilities, including a critical-severity flaw in the System component. The bug, tracked as CVE-2024-23706 and impacting Android 14, could allow attackers to escalate their privileges on vulnerable devices, Google notes in its advisory."
        https://www.securityweek.com/android-update-patches-critical-vulnerability/

      • Talos Discloses Multiple Zero-Day Vulnerabilities, Two Of Which Could Lead To Code Execution
        "Cisco Talos’ Vulnerability Research team recently disclosed three zero-day vulnerabilities that are still unpatched as of Wednesday, May 8. Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. While we were unable to reach the maintainers, the Tinyroxy maintainers have since patched the issue. Another zero-day exists in the Milesight UR32L wireless router."
        https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

      Bypassing MFA On Microsoft Azure Entra ID
      "On a recent Red Team engagement we got Domain Admin privileges on the on-premises Active Directory (AD) network. But we had not yet gained access to their cloud estate, which was hosted in Azure. Our level of access to on-prem AD gave us access to a large number of resources, many containing sensitive data. But it did not allow us to access the goldmine of data stored in the cloud. This required us to authenticate with Azure Entra ID."
      https://www.pentestpartners.com/security-blog/bypassing-mfa-on-microsoft-azure-entra-id/
      https://www.hackread.com/mfa-bypass-microsoft-azure-entra-id-sso/

      • New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys And Data
        "Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google."
        https://thehackernews.com/2024/05/new-spectre-style-pathfinder-attack.html
        https://dl.acm.org/doi/10.1145/3620666.3651382
      Malware

      • FBI Warns Of Gift Card Fraud Ring Targeting Retail Companies
        "The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this hacking group targets the personal and work mobile devices of retail department staff using a sophisticated phishing kit that enables them to bypass multi-factor authentication."
        https://www.bleepingcomputer.com/news/security/fbi-warns-of-gift-card-fraud-ring-targeting-retail-companies/

      • BogusBazaar: A Criminal Network Of Webshop Fraudsters
        "We investigated a sprawling criminal e-commerce network that operates fake webshops. The fake shops processed over a million orders with an aggregate order volume of USD 50 million over the past three years."
        https://www.srlabs.de/blog-post/bogusbazaar
        https://www.bleepingcomputer.com/news/security/massive-webshop-fraud-ring-steals-credit-cards-from-850-000-people/
        https://www.theregister.com/2024/05/08/bogusbazaar_fraud_china/

      • Iran-Aligned Emerald Divide Influence Campaign Evolves To Exploit Israel-Hamas Conflict
        "New research from Recorded Future’s Insikt Group describes a complex influence campaign known as Emerald Divide, believed to be conducted by Iranian-aligned actors and active since 2021. The campaign aims to manipulate Israeli society by amplifying ideological divisions and diminishing trust in the Israeli government, particularly by capitalizing on reactions to the Israel-Hamas conflict and other social and political issues."
        https://www.recordedfuture.com/iran-aligned-emerald-divide-influence-campaign-evolves-to-exploit-israel-hamas-conflict
        https://go.recordedfuture.com/hubfs/reports/ta-2024-0508.pdf
        https://www.darkreading.com/threat-intelligence/three-year-iranian-influence-op-preys-divides-israeli-society
        https://cyberscoop.com/how-an-iranian-linked-influence-campaign-pivoted-after-oct-7-attack-on-israel/

      • From Spam To AsyncRAT: Tracking The Surge In Non-PE Cyber Threats
        "AsyncRAT, also known as “Asynchronous Remote Access Trojan,” represents a highly sophisticated malware variant meticulously crafted to breach computer systems security and steal confidential data. McAfee Labs has recently uncovered a novel infection chain, shedding light on its potent lethality and the various security bypass mechanisms it employs."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-spam-to-asyncrat-tracking-the-surge-in-non-pe-cyber-threats/

      • HijackLoader Updates
        "HijackLoader (a.k.a. IDAT Loader) is a malware loader initially spotted in 2023 that is capable of using a variety of modules for code injection and execution. It uses a modular architecture, a feature that most loaders do not have – which we discussed in a previous HijackLoader blog. ThreatLabz researchers recently analyzed a new HijackLoader sample that has updated evasion techniques."
        https://www.zscaler.com/blogs/security-research/hijackloader-updates
        https://thehackernews.com/2024/05/hijack-loader-malware-employs-process.html

      • Final Fantasy Game Servers Hit By Multiple DDoS Attacks
        "Players of the popular video game series Final Fantasy have had trouble logging in this week due to a series of ongoing DDoS attacks flooding its servers with a large volume of junk traffic. The first attack on Final Fantasy 14 started on Monday and lasted over 24 hours, impacting players around the world. At that time, the game’s publisher, a Japanese company Square Enix, said that it was “investigating the attack and taking countermeasures.”"
        https://therecord.media/final-fantasy-game-ddos-incident-square-enix

      Breaches/Hacks/Leaks

      • Ascension Healthcare Takes Systems Offline After Cyberattack
        "Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." As a major U.S. nonprofit health system, Ascension operates 140 hospitals and 40 senior care facilities across 19 states and the District of Columbia."
        https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/
        https://therecord.media/ascension-catholic-health-system-disrupted-cyberattack

      • University System Of Georgia: 800K Exposed In 2023 MOVEit Attack
        "The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. USG is a state government agency that operates 26 public colleges and universities in Georgia with over 340,000 students."
        https://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/
        https://www.securityweek.com/university-system-of-georgia-says-800000-impacted-by-moveit-hack/
        https://www.theregister.com/2024/05/08/georgia_state_education_moveit/

      • Zscaler Takes "test Environment" Offline After Rumors Of a Breach
        "Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. In a Wednesday afternoon post, Zscaler initially stated that its ongoing investigation showed no evidence that its customer or production environments were breached."
        https://www.bleepingcomputer.com/news/security/zscaler-takes-test-environment-offline-after-rumors-of-a-breach/
        https://www.hackread.com/intelbroker-hacker-cybersecurity-firm-breach/

      • City Of Wichita Breach Claimed By LockBit Ransomware Gang
        "The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. Wichita, Kansas, is the largest city in the state, with a population of nearly 400,000. It serves as a major cultural, economic, and transportation hub in the region and is home to several aircraft factories."
        https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/
        https://therecord.media/wichita-kansas-ransomware-attack-claimed-by-lockbit
        https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html

      • Brandywine Realty Trust Hit By Ransomware
        "Philadelphia-based real estate company Brandywine Realty Trust (NYSE: BDN) last week fell victim to a ransomware attack that disrupted some of its business applications. In a filing with the US Securities and Exchange Commission (SEC) on Monday, the real estate investment trust revealed that the incident occurred on May 1 and involved unauthorized access to portions of its IT environment."
        https://www.securityweek.com/brandywine-realty-trust-hit-by-ransomware/

      • Patient Appointments Imperiled By Cyberattack On French Radiologist
        "Coradix-Magnescan, a French company that provides medical radiological imaging, has warned patients it is currently dealing with a cyberattack that risks “complicating” their appointments. Based in Perpignan in southern France, just north of the Pyrenees mountains and close to the Mediterranean Sea, the company said at this point there is no evidence of any data theft."
        https://therecord.media/france-radiology-company-cyberattack-coradix-magnescan

      • Stolen Children’s Health Records Posted Online In Extortion Bid
        "Another batch of sensitive patient data stolen from NHS Dumfries and Galloway, part of the Scottish healthcare system, has been published by criminals demanding an extortion payment from the local health board. The newest tranche of data includes children’s health records. Julie White, the health board’s chief executive, described the release as “an utterly abhorrent criminal act.”"
        https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware

      General News

      • CISOs Are Worried About Their Jobs & Dissatisfied With Their Incomes
        "The research shows a significant drop in the number of tech CISOs that got a base salary increase in the past year — roughly 18% year-over-year."
        https://www.darkreading.com/cybersecurity-operations/cisos-are-worried-about-their-jobs-and-dissatisfied-with-their-incomes
        https://cdn.iansresearch.com/Files/Marketing/2024/The_Compensation_Budget_and_Satisfaction_Benchmark_for_Tech_CISOs_05062024.pdf
        https://www.infosecurity-magazine.com/news/third-tech-cisos-unhappy-income/

      • 97% Of Organizations Hit By Ransomware Turn To Law Enforcement
        "Sophos has released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies for help with the attack."
        https://www.helpnetsecurity.com/2024/05/08/ransomware-law-enforcement-help/

      • Security Tools Fail To Translate Risks For Executives
        "Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace."
        https://www.helpnetsecurity.com/2024/05/08/cisos-c-suite-challenges/

      • How Workforce Reductions Affect Cybersecurity Postures
        "In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints."
        https://www.helpnetsecurity.com/2024/05/08/pentesting-cybersecurity-importance/

      • RSAC: Researchers Share Lessons From The World's First AI Security Incident Response Team
        "As the use of AI explodes in sensitive sectors like infrastructure and national security, a team at Carnegie Mellon University is pioneering the field of AI security response. In the summer of 2023, researchers at the University’s Software Engineering Institute, the birthplace of the first Computer Emergency and Response Team (CERT), believed there was an urgent need to charter a new entity to lead research and development efforts to define incident response tactics, techniques, and procedures for AI and machine learning (ML) systems and coordinate community response actions."
        https://www.infosecurity-magazine.com/news/worlds-first-ai-security-incident/

      • Austrian Scammers Escape Investors, But Not Law Enforcement
        "Law enforcement agencies from Austria, Cyprus and Czechia have arrested six Austrians responsible for an online cryptocurrency scam. Europol and Eurojust supported this investigation targeting the creators of a seemingly new cryptocurrency launched in December 2017. After performing six house searches, law enforcement seized over EUR 500 000 in cryptocurrencies and EUR 250 000 in fiat currency, and froze dozens of bank accounts. Furthermore, two cars and a luxury property worth EUR 1 400 000 were seized."
        https://www.europol.europa.eu/media-press/newsroom/news/austrian-scammers-escape-investors-not-law-enforcement
        https://www.infosecurity-magazine.com/news/six-arrested-million-euro-crypto/

      • 10,000 Customers’ Data Exposed In UK Government Breaches
        "Data breaches and device losses within UK government departments have potentially put the information of over 10,000 customers at risk. The findings come from Apricorn, a manufacturer of hardware-encrypted USB drives, based on a compilation of annual Freedom of Information (FOI) responses."
        https://www.infosecurity-magazine.com/news/10000-customers-data-exposed-uk-gov/

      • State Of Ransomware In 2024
        "Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – to attacks on small businesses that have become relatively easy targets, ransomware actors are expanding their sphere of influence."
        https://securelist.com/state-of-ransomware-2023/112590/

      • Shields Up: How To Minimize Ransomware Exposure
        "The ransomware attack on UnitedHealth subsidiary Change Healthcare has remained top of mind since its disclosure in February 2024. This incident highlights the attractiveness of data-rich healthcare firms to hackers and the increasing sophistication of cybercriminals. However, the Change Healthcare attack is merely the tip of the iceberg, with numerous ransomware attacks staying underreported in the media."
        https://www.securityweek.com/shields-up-how-to-minimize-ransomware-exposure/

      • Any Number Given Of Volt Typhoon Victims ‘likely An Underestimate,’ CISA Says
        "The government of China’s objective in deploying Volt Typhoon hackers to break into U.S. critical infrastructure is to “cause disruption and sow societal panic,” a senior cybersecurity official said Tuesday. As China has increased its aggressiveness toward Taiwan, Volt Typhoon hackers have pre-positioned themselves in U.S. critical infrastructure in Guam and elsewhere with the intent of slowing any potential mobilization of forces."
        https://therecord.media/volt-typhoon-targets-underestimated-cisa-says

      • Ten Years Since The First Corp Ransomware, Mikko Hyppönen Sees No End In Sight
        "This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations. Extortionists had been hitting normal folk in the early 2010s with file-scrambling malware. Eventually criminals figured out that there was much more money to be made hitting business networks and demanding big bucks. Since then, attacks have soared, show no sign of letting up, and the computer security industry still hasn't found a full and final fix."
        https://www.theregister.com/2024/05/08/mikko_ransomware_decade/

      • The Hacker’s Toolkit: 4 Gadgets That Could Spell Security Trouble
        "Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?"
        https://www.welivesecurity.com/en/cybersecurity/hackers-toolkit-gadgets-security-trouble/

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post