NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 09 July 2024

    Cyber Security News
    2
    1
    28
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      New Tooling

      • Avast Releases Free Decryptor For DoNex Ransomware And Past Variants
        "Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. The company says it has been working with law enforcement to privately provide the decryptor to DoNex ransomware victims since March 2024. Cybersecurity vendors commonly distribute decryptors in this manner to prevent the threat actors from learning about the bug and fixing it. The flaw was publicly disclosed at last month's Recon 2024 cybersecurity conference, so Avast has decided to release the decryptor."
        https://www.bleepingcomputer.com/news/security/avast-releases-free-decryptor-for-donex-ransomware-and-past-variants/
        https://www.helpnetsecurity.com/2024/07/08/decryptor-donex-muse-darkrace-fake-lockbit-3-0
        https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware

      • Monocle: Open-Source LLM For Binary Analysis Search
        "Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile the binary to identify and score areas of the code that meet the criteria."
        https://www.helpnetsecurity.com/2024/07/08/monocle-open-source-llm-binary-analysis-search/
        https://github.com/user1342/Monocle

      Vulnerabilities

      • Securing Developer Tools: Unpatched Code Vulnerabilities In Gogs (1/2)
        "Most companies today value their source code as an important asset and rely on cloud services like GitHub or operate their own source code hosting platform to manage this asset. One option for this is Gogs, an open-source solution for self-hosting source code. With over 44.000 stars on GitHub, Gogs is among the most popular Go projects. Its Docker image has been downloaded over 90 million times, indicating that many developers use it. In light of our blog post series on securing developer tools, we investigated the code base of Gogs for security vulnerabilities."
        https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-
        https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html

      • Adobe Commerce Unauthorized XXE Vulnerability
        "The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation."
        https://blog.sonicwall.com/en-us/2024/07/adobe-commerce-unauthorized-xxe-vulnerability

      Malware

      • CloudSorcerer – A New APT Targeting Russian Government Entities
        "In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server."
        https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/
        https://www.bleepingcomputer.com/news/security/cloudsorcerer-hackers-abuse-cloud-services-to-steal-russian-govt-data/
        https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html
        https://www.darkreading.com/cloud-security/cloudsorceror-public-cloud-cyberespionage-campaign
        https://www.infosecurity-magazine.com/news/cloudsorcerer-malware-hits-russian/>
        https://www.securityweek.com/kaspersky-flags-cyberespionage-apt-cloudsorcerer-targeting-russian-government/

      • CISA And Partners Join ASD’S ACSC To Release Advisory On PRC State-Sponsored Group, APT 40
        "CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber group’s activity."
        https://www.cisa.gov/news-events/alerts/2024/07/08/cisa-and-partners-join-asds-acsc-release-advisory-prc-state-sponsored-group-apt-40
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
        https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action
        https://www.itnews.com.au/news/asd-hack-forensics-underpin-global-apt40-threat-warning-609570

      • Emboldened And Evolving: A Snapshot Of Cyber Threats Facing NATO
        "As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable."
        https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato
        https://www.securityweek.com/mandiant-highlights-russian-and-chinese-cyber-threats-to-nato-on-eve-of-75th-anniversary-summit/

      Breaches/Hacks/Leaks

      • ‘RockYou2024’: Nearly 10 Billion Passwords Leaked Online
        "On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename, rockyou.txt."
        https://www.malwarebytes.com/blog/news/2024/07/rockyou2024-nearly-10-billion-passwords-leaked-online
        https://www.darkreading.com/cyberattacks-data-breaches/10b-passwords-pop-up-on-dark-web-rockyou2024-release
        https://www.infosecurity-magazine.com/news/10-billion-passwords-leaked/
        https://securityaffairs.com/165460/data-breach/rockyou2024-compilation-10b-passwords.html

      • Roblox Vendor Data Breach Exposes Dev Conference Attendee Info
        "Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. Roblox is an online gaming and game creation platform popular among younger audiences that design, create, and share games with a large community of over 200 million active users."
        https://www.bleepingcomputer.com/news/security/roblox-vendor-data-breach-exposes-dev-conference-attendee-info/

      • Neiman Marcus Data Breach: 31 Million Email Addresses Found Exposed
        "A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. Hunt's findings come after the company filed a breach notification with the Office of the Maine Attorney General, stating that the breach only impacted 64,472 people."
        https://www.bleepingcomputer.com/news/security/neiman-marcus-data-breach-31-million-email-addresses-found-exposed/

      • Computer Maker Zotac Exposed Customers' RMA Info On Google Search
        "Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. Zotac, known for its range of compact and mini PCs, high-performance graphics cards, motherboards, and computer accessories, has misconfigured the web folders that hold RMA data, resulting in them being indexed by search engines."
        https://www.bleepingcomputer.com/news/security/computer-maker-zotac-exposed-customers-rma-info-on-google-search/

      • Hackers Leak 39,000 Print-At-Home Ticketmaster Tickets For 154 Events
        "In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. The tickets were leaked by a threat actor known as 'Sp1derHunters,' who is selling data stolen in recent data theft attacks from Snowflake accounts."
        https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/
        https://hackread.com/ticketmaster-hackers-leak-ticket-barcodes-tutorial/

      • Serious Hacker Attack’ Forces Frankfurt University To Shut Down IT Systems
        "The Frankfurt University of Applied Sciences announced on Monday it was targeted by “a serious hacker attack” that has led to a total shutdown of its IT systems. It is the latest in a string of disruptive cyber incidents to have affected German universities, particularly those specializing in applied sciences. The nature of the attack has not yet been confirmed. The university stated it took place “around 8pm” on Saturday on a post replacing its normal homepage."
        https://therecord.media/serious-hacker-attack-shutdown-frankfurt

      General News

      • How Nation-State Cyber Attacks Disrupt Public Services And Undermine Citizen Trust
        "In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for trust and infrastructure. Greer also discusses common vulnerabilities in government IT systems and the potential of AI and public-private collaborations to enhance cybersecurity defenses."
        https://www.helpnetsecurity.com/2024/07/08/rob-greer-broadcom-nation-state-attacks/

      • Organizations Change Recruitment Strategies To Find Cyber Talent
        "An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap, according to Fortinet. At the same time, Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates additional risks for their organizations."
        https://www.helpnetsecurity.com/2024/07/08/cybersecurity-skills-shortage-risks-for-organizations/

      • Deconstructing Security Assumptions To Ensure Future Resilience
        "Achieving security in a future of "unseen until it's too late" threats forces us to look beyond the endless cycles of discover and patch, identify and neutralize, and sense and respond, to build resilience by stress-testing assumptions and preparing for a future in which those assumptions have become unsustainable."
        https://www.darkreading.com/cyber-risk/deconstructing-security-assumptions-to-ensure-future-resilience

      • 5 Ways To Run Security As a Meritocracy
        "I remember watching the space shuttle Challenger launch as a child. The launch was highly anticipated, and my fellow classmates and I gathered in the school cafeteria to watch the one television that had been placed there and connected to broadcast signals. In 73 seconds, wonder turned to amazement, which turned to confusion, which turned to horror. I will never forget it."
        https://www.darkreading.com/cybersecurity-operations/5-ways-to-run-security-as-a-meritocracy

      • Cloudy With a Chance Of Cyberattack: Understanding LOTC Attacks And How ZTNA Can Prevent Them
        "Living Off The Land (LOTL) attacks are nothing new to cybersecurity. For nearly two decades or more, cybercriminals have been using pre-installed or off-the-shelf applications like PowerShell, PsExec, and windows management instrumentation to do all sorts of bad things. Now cybercriminals are applying a similar approach to the cloud."
        https://www.securityweek.com/cloudy-with-a-chance-of-cyberattack-understanding-lotc-attacks-and-how-ztna-can-prevent-them/

      • Navigating Europe’s Digital Identity Crossroads
        "Opening a bank account, making or receiving a payment, instructing an accountant or booking a doctor's appointment. These everyday tasks depend on identity, either proving who you are or verifying who you're dealing with. The trouble is that while we think of the world as a digital one, digital identity is a problem yet to be solved. Some EU member states have come close within their own national borders, as we'll discuss in this article. But for the most part, the caption to the 1993 cartoon still holds true: on the internet, nobody knows you're a dog."
        https://www.theregister.com/2024/07/08/navigating_europes_digital_identity_crossroads/

      • An In-Depth Look At Crypto-Crime In 2023 Part 1
        "Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses."

      https://www.trendmicro.com/en_us/research/24/g/crypto-crime-2024-report-part-i.html

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 20ea6a0e-7242-4e34-8985-f0ae6d5734c2-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post