NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 May 2024

    Cyber Security News
    2
    1
    74
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector
      • Exploiting Honeywell ControlEdge VirtualUOC
        "Team82 has researched Honeywell ControlEdge Virtual Unit Operations Center (UOC) and found multiple vulnerabilities in the EpicMo protocol implementation within ControlEdge Virtual UOC instances. These vulnerabilities are exploitable and can lead to unauthenticated remote code execution."
        https://claroty.com/team82/research/exploiting-honeywell-controledge-virtualuoc
        https://www.securityweek.com/critical-vulnerability-in-honeywell-virtual-controller-allows-remote-code-execution/
      New Tooling
      • Authelia: Open-Source Authentication And Authorization Server
        "Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests."
        https://www.helpnetsecurity.com/2024/05/22/authelia-open-source-authentication-authorization-server/
        https://github.com/authelia/authelia
      Vulnerabilities

      • Critical Netflix Genie Bug Opens Big Data Orchestration To RCE
        "A critical vulnerability in the open source version of Netflix' Genie job orchestration engine for big data applications gives remote attackers a way to potentially execute arbitrary code on systems running affected versions of the software. The bug, designated as CVE-2024-4701, carries a near-max critical score of 9.9 out of 10 on the CVSS vulnerability-severity scale. It attacks organizations running their own instance of Genie OSS, using the underlying local file system to upload and store user-submitted file attachments."
        https://www.darkreading.com/application-security/netflix-fixes-critical-vulnerability-on-big-data-orchestration-service
        https://github.com/Netflix/genie/security/advisories/GHSA-wpcv-5jgp-69f3

      • Critical Vulnerability Patched In UserPro Plugin
        "This plugin suffers from an unauthenticated account takeover vulnerability. This allows any unauthenticated users to change the password of any users with certain conditions. The described vulnerability was fixed in version 5.1.9 and assigned CVE-2024-35700."
        https://patchstack.com/articles/critical-vulnerability-patched-in-userpro-plugin/
        https://www.infosecurity-magazine.com/news/userpro-plugin-flaw-allows-account/

      • Ivanti Patches Critical Code Execution Vulnerabilities In Endpoint Manager
        "IT software company Ivanti on Tuesday announced patches for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs that could allow an unauthenticated attacker on the network to execute arbitrary code, Ivanti says."
        https://www.securityweek.com/ivanti-patches-critical-code-execution-vulnerabilities-in-endpoint-manager/
        https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024

      • Chrome 125 Update Patches High-Severity Vulnerabilities
        "Google on Tuesday announced a Chrome 125 update that resolves six vulnerabilities, including four high-severity bugs reported by external researchers. The first issue, tracked as CVE-2024-5157, is a use-after-free flaw in Scheduling that was reported by Looben Yang a month ago. The researcher received an $11,000 bug bounty reward for the discovery."
        https://www.securityweek.com/chrome-125-update-patches-high-severity-vulnerabilities/

      • Beware – Your Customer Chatbot Is Almost Certainly Insecure: Report
        "Customer chatbots built on top of general purpose gen-AI engines are proliferating. They are easy to develop but hard to secure. In January 2024, Ashley Beauchamp ‘tricked’ DPD’s chatbot into behaving unconventionally. The chatbot told him how bad DPD’s service is, swore, and even composed a disparaging haiku about its owner:"
        https://www.securityweek.com/beware-your-customer-chatbot-is-almost-certainly-insecure-report/
        https://www.immersivelabs.com/wp-content/uploads/2024/05/Study_Dark_Side_of_GenAI.pdf

      • This Undisclosed WhatsApp Vulnerability Lets Governments See Who You Message
        "In March, WhatsApp’s security team issued an internal warning to their colleagues: Despite the software’s powerful encryption, users remained vulnerable to a dangerous form of government surveillance. According to the previously unreported threat assessment obtained by The Intercept, the contents of conversations among the app’s 2 billion users remain secure. But government agencies, the engineers wrote, were “bypassing our encryption” to figure out which users communicate with each other, the membership of private groups, and perhaps even their locations."
        https://theintercept.com/2024/05/22/whatsapp-security-vulnerability-meta-israel-palestine/

      Malware

      • Positive Technologies Detects a Series Of Attacks Via Microsoft Exchange Server
        "While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 victims, most of whom were linked to government agencies across various countries. According to our data, the first compromise occurred in 2021. Without additional data, we can't attribute these attacks to a specific group; however, most victims are located in Africa and the Middle East."
        https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/positive-technologies-detects-a-series-of-attacks-via-microsoft-exchange-server/
        https://thehackernews.com/2024/05/ms-exchange-server-flaws-exploited-to.html
        https://securityaffairs.com/163521/breaking-news/microsoft-exchange-server-flaws-attacks.html

      • IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks To Raise Cost On Defenders
        "Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life or unsupported by their manufacturers."
        https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks
        https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/
        https://www.darkreading.com/cybersecurity-operations/chinese-orb-networks-conceal-apts-make-tracking-iocs-irrelevant
        https://www.infosecurity-magazine.com/news/chinese-apt-orb-networks/
        https://www.bankinfosecurity.com/chinese-cyber-espionage-groups-tied-to-orb-network-attacks-a-25292
        https://cyberscoop.com/china-hacking-operational-relay-box-networks/

      • Deep Dive Into Unfading Sea Haze: A New Threat Actor In The South China Sea
        "In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We've designated this group "Unfading Sea Haze" based on their persistence and focus on the region. The targets and nature of the attacks suggest alignment with Chinese interests."
        https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/
        https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/
        https://therecord.media/chinese-hackers-compromising-south-china-sea-targets
        https://thehackernews.com/2024/05/researchers-warn-of-chinese-aligned.html
        https://www.bankinfosecurity.com/unfading-sea-haze-apt-targeting-south-china-sea-governments-a-25289
        https://www.hackread.com/unfading-sea-haze-military-target-south-china-sea/

      • Transparent Tribe Targets Indian Government, Defense, And Aerospace Sectors Leveraging Cross-Platform Programming Languages
        "As part of our continuous hunting efforts across the Asia-Pacific region, BlackBerry discovered Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the government, defense and aerospace sectors of India. This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist."
        https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors
        https://www.bankinfosecurity.com/pakistani-aligned-apt36-targets-indian-defense-organizations-a-25296

      • From Trust To Trickery: Brand Impersonation Over The Email Attack Vector
        "Brand impersonation could happen on many online platforms, including social media, websites, emails and mobile applications. This type of threat exploits the familiarity and legitimacy of popular brand logos to solicit sensitive information from victims. In the context of email security, brand impersonation is commonly observed in phishing emails. Threat actors want to deceive their victims into giving up their credentials or other sensitive information by abusing the popularity of well-known brands."
        https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/

      • Behind The Advisory: Decoding Apple’s Alert And Spyware Dilemma
        "On April 10, 2024, Apple issued an advisory regarding threat notifications and defense against mercenary spyware attacks affecting iPhone users in 92 countries. The advisory also noted that, based on public reports and research conducted by civil society organizations, technology companies, and journalists, attacks of such extraordinary cost and complexity have typically been linked to state actors or private companies that create mercenary spyware for them, like Pegasus from the NSO Group. This announcement has attracted widespread attention and media coverage worldwide."
        https://www.cloudsek.com/blog/behind-the-advisory-decoding-apples-alert-and-spyware-dilemma
        https://www.hackread.com/threat-actors-spoofing-pegasus-spyware-fake-code/

      • Stealers, Stealers And More Stealers
        "Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here, here and here), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a new stealer), ScarletStealer (another new stealer) and Sys01, which had been updated quite a bit since the previous public analysis."
        https://securelist.com/crimeware-report-stealers/112633/

      Breaches/Hacks/Leaks

      Criminal Record Database Of Millions Of Americans Dumped Online
      "A cybercriminal going by the names of EquationCorp and USDoD has released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data."
      https://www.malwarebytes.com/blog/news/2024/05/criminal-record-database-of-millions-of-americans-dumped-online

      • Spyware Found On US Hotel Check-In Computers
        "A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch has learned. The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in the spyware, these screenshots are available to anyone on the internet, not just the spyware’s intended users."
        https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/
      General News

      • Outsourcing Security Without Increasing Risk
        "The growing number of cybersecurity incidents and wave of data privacy laws and regulations combined is behind the current boost in demand for cybersecurity. Consider a recent survey from management consulting firm McKinsey that forecasts a 13% annual increase in cybersecurity spending through at least 2025."
        https://www.darkreading.com/cybersecurity-operations/outsourcing-security-without-increasing-risk

      • Picking The Right Database Tech For Cybersecurity Defense
        "Modern cybersecurity technologies produce massive quantities of data, which requires rethinking how to store and manage all the different types of information being generated. Many cybersecurity platforms are increasingly relying on one of two database technologies — graph or streaming databases — to efficiently represent and query databases of threat indicators, asset inventories, and other critical cybersecurity information."
        https://www.darkreading.com/cybersecurity-analytics/picking-right-database-tech-cybersecurity-defense

      • CEOs Accelerate GenAI Adoption Despite Workforce Resistance
        "CEOs are facing workforce, culture and governance challenges as they act quickly to implement and scale generative AI across their organizations, according to IBM. The annual global study of 3,000 CEOs from over 30 countries and 26 industries found that 64% of those surveyed say succeeding with generative AI will depend more on people’s adoption than the technology itself. However, 61% of respondents say they are pushing their organization to adopt generative AI more quickly than some people are comfortable with."
        https://www.helpnetsecurity.com/2024/05/22/ceos-generative-ai-adoption/

      • Technological Complexity Drives New Wave Of Identity Risks
        "Security leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne."
        https://www.helpnetsecurity.com/2024/05/22/identity-risks-complexity-for-organizations/

      • Top 7 Cybersecurity Trends For Enterprises In 2024
        "How can an organization prepare to be cyber-resilient in 2024? The major trends to look out for seem to focus mainly on AI. While the rise of generative AI indeed poses challenges, executives should be cautious not to miss other critical trends that will shape the cybersecurity landscape this year."
        https://www.tripwire.com/state-of-security/top-cybersecurity-trends-enterprises

      • Annual Fraud Report 2024
        "UK Finance publishes both the value of fraud losses and the number of cases. The data is reported to us by our members which include financial providers, credit, debit and charge card issuers, and card payment acquirers. Each incident of fraud does not equal one person being defrauded, but instead refers to the number of cards or accounts defrauded. For example, if a fraud was carried out on two cards, but they both belonged to the same person, this would represent two instances of fraud, not one."
        https://www.ukfinance.org.uk/policy-and-guidance/reports-and-publications/annual-fraud-report-2024
        https://www.ukfinance.org.uk/system/files/2024-05/Annual Fraud Report 2024_0.pdf
        https://www.infosecurity-magazine.com/news/authorized-push-payment-fraud/

      • Report Reveals 341% Rise In Advanced Phishing Attacks
        "Security experts have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months. This data comes from SlashNext’s mid-year The State of Phishing 2024 report, which also identified an 856% increase in malicious email and messaging threats over the previous 12 months. Since the launch of ChatGPT in November 2022, there has been a 4151% surge in malicious phishing messages."
        https://www.infosecurity-magazine.com/news/341-rise-advanced-phishing-attacks/
        https://slashnext.com/the-state-of-phishing-2024/

      • NIST Quantum-Resistant Algorithms To Be Published Within Weeks, Top White House Advisor Says
        "The U.S. National Institute of Standards and Technology (NIST) will release four post-quantum cryptographic algorithms in the next few weeks, a senior White House official said on Monday. Anne Neuberger, the White House’s top cyber advisor, told an audience at the Royal United Services Institute (RUSI) in London that the release of the algorithms was “a momentous moment,” as they marked a major step in the transition to the next generation of cryptography."
        https://therecord.media/nist-post-quantum-cryptography-standards-publishing-soon

      • LockBit Dethroned As Leading Ransomware Gang For First Time Post-Takedown
        "The takedown of LockBit in February is starting to bear fruit for rival gangs with Play overtaking it after an eight-month period of LockBit topping the attack charts. For the first time since the National Crime Agency-led takedown of LockBit, the gang didn't register the most number of attacks across a single month, suggesting that law enforcement's claims of a successful disruption were valid."
        https://www.theregister.com/2024/05/22/lockbit_dethroned_as_leading_ransomware/

      • Microsoft's Recall Stokes Security And Privacy Concerns
        "Microsoft's new automatic screenshot retrieval feature could enable hackers to steal sensitive information such as online banking credentials, security experts warned. Additionally, the U.K. data regulator will probe Recall for compliance with privacy law."
        https://www.bankinfosecurity.com/microsofts-recall-stokes-security-privacy-concerns-a-25299
        https://www.helpnetsecurity.com/2024/05/22/windows-recall-security-privacy/
        https://www.bleepingcomputer.com/news/microsoft/windows-11-recall-ai-feature-will-record-everything-you-do-on-your-pc/
        https://tech.slashdot.org/story/24/05/20/180204/with-recall-microsoft-is-using-ai-to-fix-windows-eternally-broken-search

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       c51ecf94-aba2-4304-9ea3-8253c653bc55-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post