NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 08 July 2024

    Cyber Security News
    2
    1
    46
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • CVE-2024-29510 – Exploiting Ghostscript Using Format Strings
        "This is a write-up for CVE-2024-29510, a format string vulnerability in Ghostscript ≤ 10.03.0. We show how this can be exploited to bypass the -dSAFER sandbox and gain code execution. This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version."
        https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation
        https://www.theregister.com/2024/07/05/ghostscript_vulnerability_severity

      • Apache Fixed a Source Code Disclosure Flaw In Apache HTTP Server
        "The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as CVE-2024-39884."
        https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html

      Malware

      • Cloudflare Blames Recent Outage On BGP Hijacking Incident
        "Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. The incident occurred last week and affected 300 networks in 70 countries. Despite these numbers, the company says that the impact was "quite low" and in some countries users did not even notice it."
        https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident

      • Eldorado Ransomware: The New Golden Empire Of Cybercrime?
        "Partner programs for cybercriminals, also known as Ransomware-as-a-Service (RaaS), have evolved into sophisticated operations resembling large-scale enterprises. These partner programs recruit affiliates to execute specific roles in cybercriminal networks, particularly focusing on the delivery and execution of ransomware attacks on companies. Over the years, the selection process for affiliates has shifted from a focus on individual experience and network access to a more systematic approach."
        https://www.group-ib.com/blog/eldorado-ransomware
        https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms

      • New Threat: A Deep Dive Into The Zergeca Botnet
        "On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was uploaded from Russia to VirusTotal, where it was not detected as malicious by any antivirus engine."
        https://blog.xlab.qianxin.com/a-deep-dive-into-the-zergeca-botnet
        https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html
        https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html

      • Turning Jenkins Into a Cryptomining Machine From An Attacker's Perspective****
        "Jenkins is an open-source solution that enables continuous integration and continuous delivery (CI/CD), allowing for the automation of the various stages of software development such as the test, build, and deployment phases. While it offers many benefits to users, it can also be used as an attack vector by malicious actors that can exploit misconfigured servers and unpatched Jenkins versions to deploy cryptocurrency miners and backdoors, as well as to gather sensitive information. In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly."
        <https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html

      • Mallox Ransomware Variant Targets Linux: Decryptor Discovered
        "Mallox ransomware, which is also known as Fargo, TargetCompany, Mawahelper, and so on, has been active since mid-2021. Their operation was also observed in transitioning into the Ransomware-as-a-Service distribution model from mid-2022. Mallox group focuses on multi-extortion, encrypting their victims’ data and threatening to post it on their public TOR-based sites."
        https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered
        https://hackread.com/mallox-ransomware-variant-targets-linux-systems

      Breaches/Hacks/Leaks

      • New Zealand Fitness Retailer Hit By DragonForce Ransomware
        "A ransomware group that uses locker malware based on the leaked LockBit 3.0 ransomware builder compromised New Zealand's leading fitness equipment retailer. The DragonForce ransomware group, first observed in November 2023, on Tuesday said on its leak site that it stole 5.31 gigabytes of data Elite Fitness."
        https://www.bankinfosecurity.com/new-zealand-fitness-retailer-hit-by-dragonforce-ransomware-a-25718

      • A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
        "Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence."
        https://www.nytimes.com/2024/07/04/technology/openai-hack.html
        https://hackread.com/openai-kept-mum-of-sensitive-ai-research-hack
        https://www.securityweek.com/hackers-stole-secrets-from-openai
        https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html
        https://www.itnews.com.au/news/openais-internal-ai-details-stolen-in-2023-breach-609524

      • Alabama Department Of Education Stops Ransomware Attack But Confirms Data Stolen
        "The Alabama State Department of Education said it stopped a ransomware attack last month but hackers were still able to access some data and disrupt services. On June 17, hackers attempted to target servers and lock down the agency’s computer systems, but were prevented from doing so. “However, the hackers were able to breach some data and disrupt our services before our staff interrupted and stopped the attack,” the department said in a statement on Wednesday."
        https://therecord.media/alabama-education-department-data-breach
        https://www.securityweek.com/some-data-is-breached-during-a-hacking-attack-on-the-alabama-education-department
        https://securityaffairs.com/165389/uncategorized/alabama-state-department-of-education-data-breach.html

      • RansomHub Says It Published Florida Health Department Data
        "The hacking group RansomHub this week claimed it exfiltrated and published 100 gigabytes of sensitive data from the Florida Department of Health because the department refused to meet its ransom demands. According to a July 1 post on X by HackManac, a company that tracks cyberattacks, RansomHub threatened to release the stolen health department data in a post on the dark web unless the state paid an undisclosed amount of money by Friday."
        Priority: 3 - Important
        Relevance: General
        https://statescoop.com/florida-health-department-data-ransomhub-data

      • Shopify Denies It Was Hacked, Links Stolen Data To Third-Party App
        "E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. "Shopify systems have not experienced a security incident," Shopify told BleepingComputer. "The data loss reported was caused by a third-party app. The app developer intends to notify affected customers." This statement comes after a threat actor known as '888' began selling data earlier this week that they claim was stolen from Shopify in 2024."
        https://www.bleepingcomputer.com/news/security/shopify-denies-it-was-hacked-links-stolen-data-to-third-party-app

      General News

      • Why Cyber Teams Should Invest In Strong Communicators
        "Cybersecurity is a discipline filled with hard problems. Cybersecurity professionals are charged with protecting a rapidly evolving technology landscape from adversaries that are not constrained by profitability, productivity or employee privacy — and they need only a single security control to fail for them to be successful."
        https://www.darkreading.com/cybersecurity-operations/why-cyber-teams-should-invest-in-strong-communicators

      • Are SOC 2 Reports Sufficient For Vendor Risk Management?
        "Businesses rely heavily on third-party vendors for a wide range of services. This dependence introduces vulnerabilities, as a security breach at a vendor can have cascading effects on your organization. Cybercriminals are constantly innovating, making robust vendor risk management a critical component of any cybersecurity strategy. Third-party cyberattacks in 2023 included a diverse range of organizations."
        https://www.darkreading.com/cybersecurity-operations/are-soc-2-reports-sufficient-for-vendor-risk-management

      • Euro 2024 Becomes Latest Sporting Event To Attract Cyberattacks
        "With the Euro 2024 football tournament — soccer, to our US readers — reaching the final eight teams in the quarterfinals, cybercriminal activity has ramped up around the tournament and is posing risks for fans and their employers."
        https://www.darkreading.com/cloud-security/euro-2024-becomes-latest-sporting-event-to-attract-cyberattacks

      • A CISO's Guide To Avoiding Jail After a Breach
        "Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?"
        https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach

      • 99% Of IoT Exploitation Attempts Rely On Previously Known CVEs
        "The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million IoT devices that generated 9.1 billion security events over the course of 12 months."
        https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges

      • 47% Of Corporate Data Stored In The Cloud Is Sensitive
        "As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the leading categories of attack, according to Thales."
        https://www.helpnetsecurity.com/2024/07/05/cloud-environments-security-priority

      • Organizations Weigh The Risks And Rewards Of Using AI
        "78% of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves, according to AuditBoard."
        https://www.helpnetsecurity.com/2024/07/05/digital-risk-management-approach

      • How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events On Track
        "Major worldwide sporting events like the Olympics or the FIFA World Cup attract global interest as people follow their national teams and hope for success. To put this into context, the Olympic Games are one of the most widely covered sporting events in the world, with an audience of more than 4 billion viewers. Probably owing to the sheer scale of such events, not to mention their high profile, they also attract bad actors looking to disrupt them for ideological reasons or illegal profit."
        https://www.securityweek.com/how-intelligence-sharing-can-help-keep-major-worldwide-sporting-events-on-track

      • Russian-Linked Cybercampaigns Put a Bull’s-Eye On France. Their Focus? The Olympics And Elections
        "Photos of blood-red hands on a Holocaust memorial. Caskets at the Eiffel Tower. A fake French military recruitment drive calling for soldiers in Ukraine, and major French news sites improbably registered in an obscure Pacific territory, population 15,000. All are part of disinformation campaigns orchestrated out of Russia and targeting France, according to French officials and cybersecurity experts in Europe and the United States. France’s legislative elections and the Paris Olympics sent them into overdrive."
        https://www.securityweek.com/russian-linked-cybercampaigns-put-a-bulls-eye-on-france-their-focus-the-olympics-and-elections

      • Crypto Hacking Thefts Double To US$1.4 Billion
        "The amount of cryptocurrency stolen in hacks globally more than doubled in the first six months of 2024 from a year earlier, driven by a small number of large attacks and rising crypto prices, blockchain researchers TRM Labs said."
        https://www.itnews.com.au/news/crypto-hacking-thefts-double-to-us14-billion-609523

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) c3471ab2-b6fb-4cd6-992b-daea94ce5aac-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post