NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 June 2024

    Cyber Security News
    2
    1
    49
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector
      • B+ Security Rating Masks Healthcare Supply Chain Risks
        "While the healthcare sector gets a “B+” security rating for the first half of 2024, it faces a critical vulnerability: supply chain cyber risk, according to SecurityScorecard. The US healthcare industry’s security ratings were better than expected, with an average score of 88. However, there is still room for improvement: Organizations with a B rating are 2.9x times more likely to be victims of data breaches than those with an A rating."
        https://www.helpnetsecurity.com/2024/06/26/healthcare-security-ratings/
      Industrial Sector
      • Siemens Sicam Vulnerabilities Could Facilitate Attacks On Energy Sector
        "Several vulnerabilities patched recently by Siemens in some of its Sicam products could be exploited in attacks aimed at the energy sector. Siemens informed customers in May that updates released for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software address two high-severity and one medium-severity flaws."
        https://www.securityweek.com/siemens-sicam-vulnerabilities-could-facilitate-attacks-on-energy-sector/
        https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-siemens-power-automation-products-cp-8000-cp-8021-cp8-022-cp-8031-cp-8050-sicore/
      Vulnerabilities

      • Exploit For Critical Fortra FileCatalyst Workflow SQLi Flaw Released
        "The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. FileCatalyst Workflow is a web-based file exchange and sharing platform supporting large file sizes. It's used by organizations worldwide to accelerate data transfers and collaborate in private cloud spaces. The critical (CVSS v3.1: 9.8) vulnerability, tracked as CVE-2024-5276, was discovered on June 18, 2024, by Tenable researchers, but was made public only yesterday."
        https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-filecatalyst-workflow-sqli-flaw-released/
        https://www.fortra.com/security/advisory/fi-2024-008
        https://www.tenable.com/security/research/tra-2024-25

      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
        CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
        CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog

      • Multiple Vulnerabilities In TP-Link Omada System Could Lead To Root Access
        "The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN devices and hardware controllers for the Omada software. Cisco Talos researchers have discovered and helped to patch several vulnerabilities in the Omada system, focusing on a small subset of the available devices, including the EAP 115 and EAP 225 wireless access points, the ER7206 gigabit VPN router, and the Omada software controller."
        https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/

      • Mitigating Skeleton Key, a New Type Of Generative AI Jailbreak Technique
        "In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an AI model’s intended behavior. A successful jailbreak has potential to subvert all or most responsible AI (RAI) guardrails built into the model through its training by the AI vendor, making risk mitigations across other layers of the AI stack a critical design choice as part of defense in depth."
        https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/
        https://www.darkreading.com/application-security/dangerous-ai-workaround-skeleton-key-unlocks-malicious-content

      • Apple AirPods Bug Allows Eavesdropping
        "Apple released its latest firmware update for its AirPods products to address a vulnerability that could give a threat actor unauthorized access.The vulnerability is tracked as CVE-2024-27867 and affects AirPods (second generation and later) and AirPods Pro (all models), as well as AirPods Max, Powerbeats Pro, and Beats Fit Pro."
        https://www.darkreading.com/vulnerabilities-threats/apple-airpods-bug-allows-eavesdropping
        https://thehackernews.com/2024/06/apple-patches-airpods-bluetooth.html

      Malware

      • Beware Of Snowblind: A New Android Malware
        "Promon’s App Threat Reports have traditionally reviewed apps against common malware attack vectors. This report explores a unique attack vector used by a new malware targeting banks in Southeast Asia. In early 2024, our partner i-Sprint provided a sample of a new Android banking trojan we have named Snowblind. Our analysis of Snowblind found that it uses a novel technique to attack Android apps based on the Linux kernel feature seccomp."
        https://promon.co/app-threat-reports/snowblind
        https://www.bleepingcomputer.com/news/security/snowblind-malware-abuses-android-security-feature-to-bypass-security/
        https://www.darkreading.com/remote-workforce/snowblind-tampering-technique-may-drive-android-users-adrift
        https://hackread.com/snowblind-android-malware-steals-bypasses-security/
        https://www.infosecurity-magazine.com/news/novel-banking-malware-asia/

      • Novel Technique Combination Used In IDATLOADER Distribution
        "Kroll’s Managed Detection and Response (MDR) team responded to an incident in which suspected malware was exhibiting strange download behavior. After successfully containing and resolving the incident, Kroll’s Cyber Threat Intelligence (CTI) team investigated further. The investigation uncovered a complex infection chain involving many layers of obfuscation being used to deliver IDATLOADER. Ultimately this would result in the deployment of information stealing malware."
        https://www.kroll.com/en/insights/publications/cyber/idatloader-distribution
        https://www.helpnetsecurity.com/2024/06/26/malware-bpl-sideloading/

      • Decoding The Caesar Cipher Skimmer
        "Over the last several weeks we’ve observed an interesting new variation of “gtag” credit card skimming attack with a surprisingly high number of detections so far. As of the time of writing this article we have seen nearly 80 detections altogether in the first two weeks alone."
        https://blog.sucuri.net/2024/06/caesar-cipher-skimmer.html
        https://thehackernews.com/2024/06/new-credit-card-skimmer-targets.html
        https://securityaffairs.com/164937/malware/caesar-cipher-skimmer-targets-popolar-cms-used-by-e-stores.html

      • ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure With Ransomware
        "In collaboration with Recorded Future, SentinelLabs has been tracking two distinct activity clusters targeting government and critical infrastructure sectors globally between 2021 and 2023. We associate one activity cluster with the suspected Chinese APT group ChamelGang (also known as CamoFei), while the second cluster resembles previous intrusions involving artifacts linked to suspected Chinese and North Korean APT groups. The majority of the activities we analyzed involve ransomware or data encryption tooling."
        https://www.sentinelone.com/labs/chamelgang-attacking-critical-infrastructure-with-ransomware/
        https://assets.sentinelone.com/sentinellabs/chamelgang-friends-en
        https://thehackernews.com/2024/06/chinese-and-n-korean-hackers-target.html
        https://www.darkreading.com/ics-ot-security/china-nexus-group-using-ransomware-to-disguise-cyber-espionage-activities
        https://cyberscoop.com/chinese-hackers-are-increasingly-deploying-ransomware-researchers-say/
        https://hackread.com/chinese-espionage-group-chamelgang-data-theft/

      • Attackers In Profile: MenuPass And ALPHV/BlackCat
        "To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what makes them threats to be reckoned with."
        https://www.trendmicro.com/en_us/research/24/f/menupass-alphv-blackcat-threats.html

      • Attackers Exploiting Public Cobalt Strike Profiles
        "In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository."
        https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles/

      • New InnoSetup Malware Created Upon Each Download Attempt
        "AhnLab SEcurity intelligence Center (ASEC) has discovered the distribution of a new type of malware that is disguised as cracks and commercial tools. Unlike past malware which performed malicious behaviors immediately upon being executed, this malware displays an installer UI and malicious behaviors are executed upon clicking buttons during the installation process."
        https://asec.ahnlab.com/en/67502/

      • DBatLoader Distributed Via CMD Files
        "AhnLab SEcurity intelligence Center (ASEC) has recently discovered malware being distributed through CMD files and identified it as a downloader called DBatLoader (ModiLoader) that had been distributed before via phishing emails in RAR file format containing an EXE file."
        https://asec.ahnlab.com/en/67468/

      Breaches/Hacks/Leaks
      • LockBit Lied: Stolen Data Is From a Bank, Not US Federal Reserve
        "Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. The tall claim was followed up with LockBit stating it had stolen 33 terabytes of sensitive banking information belonging to Americans and that negotiations were ongoing. Except, the rumor has been quashed. Turns out, the threat actor hit an individual bank, and not the Fed."
        https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/
        https://therecord.media/evolve-bank-data-breach-lockbit
        https://www.bankinfosecurity.com/blogs/bogus-lockbits-claimed-federal-reserve-ransomware-hit-p-3653
        https://www.malwarebytes.com/blog/news/2024/06/federal-reserve-breached-data-may-actually-belong-to-evolve-bank
      General News

      • Future Trends In Cyber Warfare: Predictions For AI Integration And Space-Based Operations
        "In this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors."
        https://www.helpnetsecurity.com/2024/06/26/morgan-wright-sentinelone-ai-cyber-warfare/

      • Organized Crime And Domestic Violence Perps Are Big Buyers Of Tracking Devices
        "Tracking devices are in demand from organized crime groups and known perpetrators of domestic violence, according to an Australian study. The headline findings of Project Hakea – conducted by the Crime Commission in the Australian State of New South Wales and released yesterday – were that the top 100 purchasers of tracking devices are twice as likely as other buyers to have been the subject of Apprehended Violence Orders (AVOs) that require them not to harass, intimidate or stalk a protected person, and 2.4 times more likely to be known for serious and organized crime offending."
        https://www.theregister.com/2024/06/26/criminals_use_gps_bluetooth_trackers/

      • CISA And Partners Release Guidance For Exploring Memory Safety In Critical Open Source Projects
        "Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS)."
        https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-and-partners-release-guidance-exploring-memory-safety-critical-open-source-projects
        https://www.cisa.gov/resources-tools/resources/exploring-memory-safety-critical-open-source-projects
        https://www.cisa.gov/sites/default/files/2024-06/joint-guidance-exploring-memory-safety-in-critical-open-source-projects-508c.pdf
        https://www.bleepingcomputer.com/news/security/cisa-most-critical-open-source-projects-not-using-memory-safe-code/

      • The 5 Industries Most Vulnerable To Data Breaches In 2024
        "As we pass the halfway mark of 2024, data breaches remain on the rise. Cybercriminals are finding more and more inventive ways to infiltrate organizations, exploiting vulnerabilities in networks, software, and human behavior."
        https://www.tripwire.com/state-of-security/industries-most-vulnerable-data-breaches

      • Digital Forensics For Investigating The Metaverse
        "The intriguing realm of the metaverse should not make us overlook its cybersecurity hazards. Metaverse adoption has been steadily increasing worldwide, with various existing examples such as virtual weddings, auctions, and the establishment of government offices and law enforcement agencies. Prominent organizations like INTERPOL and others are investing considerable time and resources, underscoring the importance of the metaverse."
        https://blogs.cisco.com/security/digital-forensics-for-investigating-the-metaverse

      • Optiv Report Shows Nearly 60% Increase In Security Budgets As Most Organizations Report Cyber Breaches And Incidents
        "Optiv, the cyber advisory and solutions leader, has published its 2024 Threat and Risk Management Report, which examines how organizations’ cybersecurity investments and governance priorities are keeping up with the evolving threat landscape. Based on an independent Ponemon Institute survey, the report reveals a 59% increase in cyber budgets year-over-year. Additionally, 63% of organizations with more than 5,000 employees had an average of $26 million allocated to cybersecurity investments in 2024."
        https://www.darkreading.com/cybersecurity-operations/optiv-report-shows-nearly-60-increase-in-security-budgets-as-most-organizations-report-cyber-breaches-and-incidents
        https://www.optiv.com/insights/discover/downloads/2024-cybersecurity-threat-and-risk-management-report
        https://www.optiv.com/sites/default/files/2024-06/2024-Cybersecurity-Threat-and-Risk-Management-Report.pdf

      • CISOs Growing More Comfortable With Risk, But Better C-Suite Alignment Needed
        "Netskope, a leader in Secure Access Service Edge (SASE), today published new global research that finds that shifts in the cyber threats landscape have changed the way today's Chief Information Security Officers (CISO) evaluate their business' risk appetite. Specifically, 92% of CISOs report that these changes are creating tensions with their CEO and other members of the C-suite, and two-thirds (66%) say they are "walking a tightrope" between what the business wants and what makes sense from a security perspective."
        https://www.darkreading.com/cyber-risk/cisos-growing-more-comfortable-with-risk-but-better-c-suite-alignment-needed
        https://www.netskope.com/resources/reports-guides/the-modern-ciso-bringing-balance

      • Developer Errors Lead To Long-Term Exposure Of Sensitive Data In Git Repos
        "Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub, which collectively includes more than 50,000 publicly accessible repositories, researchers found active secrets from open source organizations and enterprises such as Cisco and Mozilla providing access to sensitive data and software."
        https://www.helpnetsecurity.com/2024/06/26/git-exposed-secrets/

      • 2023 Trends In Identity Report: Identity Theft Resource Center Sees 118 Percent Increase In Job Scams; Google Voice Remains Top Scam
        "The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, has published its third-annual report that looks at the identity crimes committed against individuals as reported by the victims of those crimes – the ITRC’s 2023 Trends in Identity Report. This year’s report is supported by the ITRC’s Alliance for Identity Resilience. In the report, the ITRC outlines the identity crimes reported in 2023 and how criminals convinced people to willingly share information. The report also outlines how stolen information was used to open new accounts and evade law enforcement."
        https://www.idtheftcenter.org/post/2023-trends-in-identity-report-118-percent-job-scam-increase/
        https://www.infosecurity-magazine.com/news/identity-crime-drop-16-annually/

      • The Dangers Of Anthropomorphizing AI: An Infosec Perspective
        "The generative AI revolution is showing no signs of slowing down. Chatbots and AI assistants have become an integral part of the business world, whether for training employees, answering customer queries or something else entirely. We’ve even given them names and genders and, in some cases, distinctive personalities."
        https://securityintelligence.com/articles/anthropomorphizing-ai-danger-infosec-perspective/

      • Google Disrupted Over 10,000 Instances Of DRAGONBRIDGE Activity In Q1 2024
        "Today we are sharing updated insights about DRAGONBRIDGE, the most prolific IO actor Google’s Threat Analysis Group (TAG) tracks. DRAGONBRIDGE, also known as “Spamouflage Dragon,” is a spammy influence network linked to the People’s Republic of China (PRC) that has a presence across multiple platforms. Despite producing a high amount of content, DRAGONBRIDGE still does not get high engagement from users on YouTube or Blogger."
        https://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/
        https://www.securityweek.com/google-disrupts-more-china-linked-dragonbridge-influence-operations/

      • Gaining And Retaining Security Talent: A Cheat Sheet For CISOs
        "A joint study from ISC2 and the Chartered Institute of Information Security (CIISec) offers guidance for CISOs on how to recruit and hold security talent in an age of severe skills shortage. Without specified justification, the report suggests that, globally, the profession needs around 4 million extra people. There will be people who question this figure. Indeed, SecurityWeek recommends its readers should accept very large figures with circumspection (see Beyond the Hype: Questioning FUD in Cybersecurity Marketing). Nevertheless, few will question the difficulties in finding and keeping security talent for the security team. This report provides TTPs for gaining and retaining security talent."
        https://www.securityweek.com/gaining-and-retaining-security-talent-a-cheat-sheet-for-cisos/
        https://www.isc2.org/-/media/Project/ISC2/Main/Media/dei/DEI-ISC2-CIISec-Recruitment-and-Retention-In-Cybersecurity.pdf

      • Practical Guidance For Securing Your Software Supply Chain
        "The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who see opportunities to force-multiply their attacks by orders of magnitude."
        https://thehackernews.com/2024/06/practical-guidance-for-securing-your.html

      • Russian National Charged For Conspiring With Russian Military Intelligence To Destroy Ukrainian Government Computer Systems And Data
        "A federal grand jury in Maryland returned an indictment yesterday charging Amin Timovich Stigal (Амин Тимович Стигал), 22, a Russian citizen, with conspiracy to hack into and destroy computer systems and data. In advance of the full-scale Russian invasion of Ukraine, targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries that were providing support to Ukraine, including the United States. Stigal remains at large."
        https://www.justice.gov/opa/pr/russian-national-charged-conspiring-russia-military-intelligence-destroy-ukrainian
        https://therecord.media/us-accuses-russian-helping-kremlin
        https://www.theregister.com/2024/06/27/whispergate_malware_suspect_bounty/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) e8619cc0-05b5-4368-ab37-0ead33279f8e-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post