NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 May 2024

    Cyber Security News
    2
    1
    70
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector
      • Research From Claroty's Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets
        "Claroty, the cyber-physical systems (CPS) protection company, today announced new proprietary data revealing that 13% of the most mission-critical operational technology (OT) assets have an insecure internet connection, and 36% of those contain at least one Known Exploited Vulnerability (KEV), making them both remotely accessible and readily exploitable entry points for threat actors to disrupt operations."
        https://www.darkreading.com/ics-ot-security/research-from-claroty-s-team82-highlights-remote-access-risks-facing-mission-critical-ot-assets
        https://claroty.com/resources/reports/an-open-door
      New Tooling
      • Introducing Nimfilt: A Reverse-Engineering Tool For Nim-Compiled Binaries
        "Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings"
        https://www.welivesecurity.com/en/eset-research/introducing-nimfilt-reverse-engineering-tool-nim-compiled-binaries/
        https://github.com/eset/nimfilt
      Vulnerabilities

      • Cisco Releases May 2024 Cisco ASA, FMC, And FTD Software Security Publication
        "Cisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/05/24/cisco-releases-may-2024-cisco-asa-fmc-and-ftd-software-security-publication
        https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75298

      • Google Fixes Eighth Actively Exploited Chrome Zero-Day This Year
        "Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. The security issue was discovered internally by Google's Clément Lecigne and is tracked as CVE-2024-5274. It is a high-severity 'type confusion' in V8, Chrome's JavaScript engine responsible for executing JS code."
        https://www.bleepingcomputer.com/news/security/google-fixes-eighth-actively-exploited-chrome-zero-day-this-year/
        https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html
        https://www.darkreading.com/vulnerabilities-threats/google-discovers-fourth-zero-day-in-less-than-a-month
        https://www.securityweek.com/google-patches-fourth-chrome-zero-day-in-two-weeks/
        https://securityaffairs.com/163642/hacking/8th-chrome-zero-day-2024-html.html
        https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/

      • Usage Of TLS In DDNS Services Leads To Information Disclosure In Multiple Vendors
        "The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related to the use of TLS in proprietary vendor Dynamic DNS (DDNS) services."
        https://www.ush.it/2024/05/23/tls-ddns-multiple-vendor-information-disclosure/

      Malware

      • Potent Youth Cybercrime Ring Made Up Of 1,000 People, FBI Official Says
        "An aggressive, nebulous ring of young cybercriminals linked to a string of recent high-profile breaches is made up of approximately 1,000 people, a senior FBI official said Friday. In remarks Friday at the cybercrime-focused Sleuthcon conference, Bryan Vorndran, assistant director of the FBI’s Cyber Division, described the group best known as Scattered Spider as a “very, very large, expansive, disbursed group of individuals,” many of whom don’t know each other directly."
        https://cyberscoop.com/potent-youth-cybercrime-ring-made-up-of-1000-people-fbi-official-says/

      • Malware Transmutation! - Unveiling The Hidden Traces Of BloodAlchemy
        "This article examines the analysis of a malware called "BloodAlchemy" that we observed in an attack campaign. In October 2023, BloodAlchemy was named by Elastic Security Lab 1 as a new RAT (Remote Access Trojan). However, our investigation has revealed that BloodAlchemy is not an entirely new malware but an evolved version of Deed RAT, the successor to ShadowPad."
        https://blog-en.itochuci.co.jp/entry/2024/05/23/090000
        https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html

      • A Catalog Of Hazardous AV Sites – A Tale Of Malware Hosting
        "In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below."
        https://www.trellix.com/blogs/research/a-catalog-of-hazardous-av-sites-a-tale-of-malware-hosting/
        https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html
        https://securityaffairs.com/163673/cyber-crime/fake-av-websites-distribute-malware.html

      • Threat Actors Ride The Hype For Newly Released Arc Browser
        "Google Chrome has been the dominant web browser for years now, which is why it may come as a surprise to hear of a startup, not even based in Silicon Valley, called The Browser Company offering a new take on the “window to the internet”. The Arc browser has been available for MacOS since July 2023, but the Windows version was only released a couple of weeks ago. What’s unique is the hype around Arc, but also the glowing reviews it has earned in a relatively short time span."
        https://www.threatdown.com/blog/threat-actors-ride-the-hype-for-newly-released-arc-browser/
        https://www.bleepingcomputer.com/news/security/arc-browsers-windows-launch-targeted-by-google-ads-malvertising/

      • CERT-UA Warns: Ukrainian Finances Targeted With SmokeLoader Malware
        "The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a sharp increase in cyberattacks, associated with the financially-motivated threat actor UAC-0006. Starting from May 20th, hackers have launched at least two massive campaigns with emails containing the SmokeLoader malware."
        https://cip.gov.ua/en/news/cert-ua-poperedzhaye-pro-zbilshennya-kilkosti-kiberatak-proti-bukhgalteriv
        https://securityaffairs.com/163711/cyber-warfare-2/cert-ua-warns-uac-0006-massive-campaigns.html

      Breaches/Hacks/Leaks

      • PCTattletale Leaks Victims' Screen Recordings To Entire Internet
        "PCTattletale is a simple stalkerware app. Rather than the sophisticated monitoring of many similarly insecure competitors it simply asks for permission to record the targeted device (Android and Windows are supported) on infection. Afterward the observer can log in to an online portal and activate recording, at which point a screen capture is taken on the device and played on the target's browser."
        https://www.ericdaigle.ca/pctattletale-leaking-screen-captures/
        https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/

      • Cencora Data Breach Exposes US Patient Info From 11 Drug Companies
        "Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. Cencora, formerly AmerisourceBergen, is a pharmaceutical services provider specializing in drug distribution, specialty pharmacy, consulting, and clinical trial support."
        https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/

      • New York's Albany County Investigating 'cybersecurity Breach' Ahead Of Holiday Weekend
        "Officials in New York’s state capital region said they are investigating a cyberattack ahead of the Memorial Day weekend. Albany County Executive Daniel McCoy told Recorded Future News in a statement that they are working with the state Division of Homeland Security and the Emergency Services Cyber Incident Response Team after discovering the potential issue in county networks."
        https://therecord.media/albany-county-new-york-government-cybersecurity-incident

      • Indian Military & Police Biometrics Exposed In Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password-protected database that contained over 1.6 million documents belonging to an Indian leading provider of biometric authentication solutions, with offices in the USA and Australia. The exposed records included the biometric identity information of members of the police, army, teachers, and railway workers. In parallel, it appeared that the data might have been for sale on a dark web related Telegram group."
        https://www.websiteplanet.com/news/india-biometric-breach-report/
        https://www.hackread.com/data-leak-indian-police-military-biometric-data/

      General News

      • Despite Increased Budgets, Organizations Struggle With Compliance
        "Only 40% of organizations feel fully prepared to meet the compliance demands of rising cybersecurity regulations, according to a new Swimlane report. Organizations still feel unprepared for new regulations despite 93% of organizations rethinking their strategies and 92% increasing budgets."
        https://www.helpnetsecurity.com/2024/05/24/organizations-cybersecurity-compliance-demands-readiness/

      • Worried About Job Security, Cyber Teams Hide Security Incidents
        "The frequency and severity of cyberattacks are increasing—yet most businesses remain unprepared, according to VikingCloud. Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever."
        https://www.helpnetsecurity.com/2024/05/24/cyber-teams-major-challenges/

      • Effective GRC Programs Rely On Team Collaboration
        "One in three organizations are not currently able to proactively identify, assess, and mitigate risk with their GRC program, nor are they able to ensure compliance with regulations and frameworks – both key aspects of a mature, holistic GRC program, according to LogicGate’s 2024 GRC Strategies, Teams and Outcomes Report."
        https://www.helpnetsecurity.com/2024/05/24/grc-program-spending/

      • When 'No' & 'Good Enough' Challenge Cybersecurity
        "In the realm of cybersecurity, the path to securing necessary resources often is strewn with obstacles, chief among them hearing the word "no." This response is not just about budgets, although financial constraints play a significant role; it's also about convincing leadership of the indispensable value of comprehensive cyber defense strategies. The reality is, every chief information security officer (CISO) will, at some point, face pushback — be it from a chief financial officer (CFO) who is skeptical about the return on investment of a new cyber platform, or a CEO who underestimates the vulnerability of the enterprise, believing a "good enough" EDR or SIEM solution will suffice."
        https://www.darkreading.com/vulnerabilities-threats/when-no-and-good-enough-challenge-cybersecurity

      • DevOps Dilemma: How Can CISOs Regain Control In The Age Of Speed?
        "The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps."
        https://thehackernews.com/2024/05/devops-dilemma-how-can-cisos-regain.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       b162136b-523b-47f5-956d-81a08d7a7f7b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post