NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 July 2024

    Cyber Security News
    2
    1
    55
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Delta Electronics CNCSoft-G2
        "Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01

      • Mitsubishi Electric MELIPC Series MI5122-VW
        "Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02

      • Johnson Controls Illustra Pro Gen 4
        "Successful exploitation of this vulnerability could impact confidentiality and integrity of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03

      • Johnson Controls Software House C●CURE 9000
        "Successful exploitations of this vulnerability could allow an attacker to gain administrative access."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-04

      • Johnson Controls Software House C●CURE 9000
        "Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05

      Vulnerabilities

      • Microsoft July 2024 Patch Tuesday Fixes 142 Flaws, 4 Zero-Days
        "Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days/
        https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates
        https://www.darkreading.com/application-security/attackers-already-exploiting-flaws-in-microsofts-july-security-update
        https://www.tripwire.com/state-of-security/vert-threat-alert-july-2024-patch-tuesday-analysis
        https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2024/
        https://www.helpnetsecurity.com/2024/07/09/microsoft-fixes-two-zero-days-exploited-by-attackers-cve-2024-38080-cve-2024-38112/
        https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
        https://hackread.com/microsoft-patch-tuesday-microsoft-patches-vulnerabilities/
        https://www.theregister.com/2024/07/10/july_2024_patch_tuesday/

      • Hackers Target WordPress Calendar Plugin Used By 150,000 Sites
        "Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. The plugin is developed by Webnus and is used to organize and manage in-person, virtual, or hybrid events. The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). It was discovered and reported responsibly on May 20 by Friderika Baranyai during Wordfence's Bug Bounty Extravaganza."
        https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/
        https://www.wordfence.com/threat-intel/vulnerabilities/detail/modern-events-calendar-7110-authenticated-subscriber-arbitrary-file-upload

      • Citrix Releases Security Updates For Multiple Products
        "Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products

      • Adobe Issues Critical Patches For Multiple Products, Warns Of Code Execution Risks
        "Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks. As part of its scheduled batch of Patch Tuesday releases, the company documented at least seven vulnerabilities affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge and urged users to immediately install available patches."
        https://www.securityweek.com/adobe-issues-critical-patches-for-multiple-products-warns-of-code-execution-risks/

      • SAP Patches High-Severity Vulnerabilities In PDCE, Commerce
        "Enterprise software maker SAP on Tuesday announced the release of 16 new and two updated security notes as part of its July 2024 patch day, including two notes dealing with high-severity vulnerabilities. The most severe of the issues is a missing authorization check in PDCE (Product Design Cost Estimating), a lifecycle costing tool. Tracked as CVE-2024-39592 (CVSS score of 7.7/10), the bug could allow an attacker to read generic table data, according to SAP."
        https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-pdce-commerce/

      • New Blast-RADIUS Attack Bypasses Widely-Used RADIUS Authentication
        "Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. Many networked devices (including switches, routers, and other routing infrastructure) on enterprise and telecommunication networks use the authentication and authorization RADIUS (Remote Authentication Dial-In User Service) protocol, sometimes tens of thousands of devices on a single network."
        https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/
        https://www.blastradius.fail/
        https://www.blastradius.fail/attack-details
        https://www.blastradius.fail/pdf/radius.pdf
        https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
        https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/
        https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/

      • Apple Geolocation API Exposes Wi-Fi Access Points Worldwide
        "Apple's Wi-Fi Positioning System (WPS) can be used to map and track Wi-Fi access points (APs) around the globe. But in a presentation at Black Hat 2024, University of Maryland researcher Erik Rye will demonstrate how he mapped hundreds of millions of APs in a matter of days, without even needing an Apple device or any kind of permissions along the way."
        https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide

      • CVE-2024-38021: Moniker RCE Vulnerability Uncovered In Microsoft Outlook
        "Morphisec researchers have identified a significant vulnerability, CVE-2024-38021 — a zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications. Unlike the previously discovered vulnerability CVE-2024-30103 disclosed in June —which required authentication (at least an NTLM token)— this new vulnerability does not require any authentication."
        https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

      Malware

      • Persistent Npm Campaign Shipping Trojanized jQuery
        "Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on jsDelivr."
        https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/
        https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html
        https://www.darkreading.com/cyberattacks-data-breaches/trojanized-jquery-packages-complex-supply-chain-attack
        https://hackread.com/trojanized-jquery-threatens-npm-github-and-cdns/

      • Criminals Targeting Victims Of Previous Scams Promising Financial Recovery
        "The National Anti-Scam Centre is urging Australians who have had money stolen by scammers to be wary of offers to recover their money for an upfront fee. Reports that involve a money recovery element are on the rise. Between December 2023 and May 2024, Scamwatch received 158 reports with total losses of over $2.9 million, including losses from the original scam."
        https://www.accc.gov.au/media-release/criminals-targeting-victims-of-previous-scams-promising-financial-recovery
        https://www.theregister.com/2024/07/09/australia_rescam_warning/

      • CPR Warns Threat Actors Are Leveraging Internet Explorer In New Zero-Day Spoofing Attack (CVE-2024-38112)
        "Check Point Research (CPR) warns of a new spoofing attack from threat actors using Internet Explorer shortcut files to lure Windows 10/11 users for remote code execution. CPR recommends Microsoft customers patch immediately."
        https://blog.checkpoint.com/research/cpr-warns-threat-actors-are-leveraging-internet-explorer-in-new-zero-day-spoofing-attack-cve-2024-38112/

      • Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries
        "In October 2022, Lookout researchers initially discovered a surveillanceware that is still being used to target military personnel from Middle Eastern countries. The surveillanceware, dubbed GuardZoo by Lookout, is based on a commodity spyware named Dendroid RAT, which Lookout protected against since before 2022. Lookout attributes this activity to a Yemeni Houthi-aligned group based on targeting aligned with Houthi interests."
        https://www.lookout.com/threat-intelligence/article/guardzoo-houthi-android-surveillanceware
        https://therecord.media/pro-houthi-hackers-yemen-spyware-middle-east-militaries
        https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html
        https://cyberscoop.com/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones/
        https://www.helpnetsecurity.com/2024/07/09/guardzoo-spyware-target-military-personnel/
        https://www.theregister.com/2024/07/09/houthi_rebels_malware/

      • Distribution Of AsyncRAT Disguised As Ebook
        "AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook."
        https://asec.ahnlab.com/en/67861/

      Breaches/Hacks/Leaks

      • Fujitsu Confirms Customer Data Exposed In March Cyberattack
        "Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. The Japanese tech giant states that the attack did not involve ransomware but relied on a sophisticated mechanism to evade detection while exfiltrating the details. In March, the company discovered that several of its systems had been infected with malware and noted the possibility of sensitive customer information being compromised."
        https://www.bleepingcomputer.com/news/security/fujitsu-confirms-customer-data-exposed-in-march-cyberattack/

      • City Of Philadelphia Says Over 35,000 Hit In May 2023 Breach
        "The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. The investigation found that attackers gained access to multiple email accounts between May 26, 2023, and July 28, 2023."
        https://www.bleepingcomputer.com/news/security/city-of-philadelphia-says-over-35-000-hit-in-may-2023-breach/

      • Evolve Bank Says Data Breach Impacts 7.6 Million Americans
        "Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. In June, LockBit published false claims that it breached the U.S. Federal Reserve. It was later determined that the leaked data actually belonged to Evolve Bank & Trust. Evolve confirmed to BleepingComputer that the data belonged to them and launched an investigation to determine the scope and extent of the data breach."
        https://www.bleepingcomputer.com/news/security/evolve-bank-says-data-breach-impacts-76-million-americans/
        https://www.darkreading.com/cyberattacks-data-breaches/evolve-bank-and-trust-reveals-7m-impacted-in-lockbit-breach
        https://www.bankinfosecurity.com/evolve-discloses-that-hackers-stole-data-76m-individuals-a-25732
        https://www.infosecurity-magazine.com/news/cyber-attack-evolve-bank-exposed/
        https://securityaffairs.com/165504/cyber-crime/evolve-bank-data-breach-7-6m-people.html
        https://www.securityweek.com/evolve-bank-data-breach-impacts-7-6-million-people/
        https://www.theregister.com/2024/07/09/evolve_lockbit_attack/

      • Hackvists Release Two Gigabytes Of Heritage Foundation Data
        "An established cybercrime group with a track record of attacking political targets posted on Tuesday roughly two gigabytes of data from the Heritage Foundation, a prominent conservative think tank based in Washington, D.C. Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”"
        https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

      • Debt Collection Agency Says Data Breach Affected More Than 4 Million People
        "A data breach discovered in February potentially exposed information on more than 4 million people, debt collection agency Financial Business and Consumer Solutions (FBCS) said in an updated regulatory filing Monday. The Pennsylvania-based company has steadily revised its assessment of the potential impact of the breach since it first began notifying customers in April. The latest filing with Maine regulators — the fifth since April 26 — said the incident affected 4,050,711 people, more than double what was originally reported."
        Priority: 3 - Important
        Relevance: General
        https://therecord.media/debt-collection-agency-data-breach-fbcs
        https://www.bankinfosecurity.com/4-million-people-affected-by-debt-collector-data-theft-hack-a-25730

      General News

      • Microsoft’s Cybersecurity Dilemma: An Open Letter To Satya Nadella
        "Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with cloud and email environments being compromised. In some cases, customers were kept in the dark, giving attackers additional time to exploit victims and entrench themselves deeper to the detriment of those affected."
        https://www.helpnetsecurity.com/2024/07/09/microsoft-cybersecurity-dilemma/

      • Exploring The Root Causes Of The Cybersecurity Skills Gap
        "In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy advocates training that combines technical expertise with essential power skills to meet evolving industry demands and secure future career opportunities in cybersecurity."
        https://www.helpnetsecurity.com/2024/07/09/koma-gandy-skillsoft-cybersecurity-skills-gap/

      • Justice Department Leads Efforts Among Federal, International, And Private Sector Partners To Disrupt Covert Russian Government-Operated Social Media Bot Farm
        "The Justice Department today announced the seizure of two domain names and the search of 968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad. The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
        https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners
        https://www.ic3.gov/Media/News/2024/240709.pdf
        https://www.bleepingcomputer.com/news/security/us-disrupts-ai-powered-bot-farm-pushing-russian-propaganda-on-x/
        https://therecord.media/russia-disinformation-bots-social-media-us-canada-netherlands-alert
        https://www.bankinfosecurity.com/us-busts-russian-ai-driven-disinformation-operation-a-25729
        https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/
        https://www.theregister.com/2024/07/09/russian_ai_bot_farm/

      • How Do Cryptocurrency Drainer Phishing Scams Work?
        "Cryptodrainer scams have emerged as a significant threat in the cryptocurrency ecosystem, targeting unsuspecting individuals with the promise of easy profits while covertly siphoning their digital assets. Initially, cryptodrainer scams primarily manifested as fraudulent investment schemes, promising high returns on investments in dubious projects or fake initial coin offerings (ICOs). These scams exploited the speculative nature of cryptocurrency markets, luring investors with the allure of quick riches and revolutionary technology. However, instead of delivering on their promises, scammers absconded with investors' funds."
        https://blog.talosintelligence.com/how-do-cryptocurrency-drainer-phishing-scams-work/

      • 5 Tips To Minimize The Costly Effects Of Data Exfiltration
        "No matter the status of your organization, it may be the victim of a cyberbreach. Cases in point: In February, the US Cybersecurity and Infrastructure Security Agency (CISA) was hacked via the exploitation of vulnerabilities in Ivanti products the agency uses. The International Monetary Fund (IMF) was also attacked that month, which resulted in the compromise of at least 11 IMF email accounts. In March, multinational technology giant Fujitsu confirmed it was the victim of a cyberattack, where hackers used malware to exfiltrate personal and customer information."
        https://www.darkreading.com/cyber-risk/5-tips-to-minimize-data-exfiltration-before-it-happens

      • CISA Takedown Of Ivanti Systems Is a Wake-Up Call
        "The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets."
        https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call

      • Just a Fifth Of Manufacturers Have Strongest Anti-Phishing Protection
        "A majority of global manufacturers are inviting unnecessary extra cyber risk by failing to properly implement the DMARC email security protocol, according to new research from EasyDMARC. The security vendor analyzed over 4700 domains belonging to some of the world’s biggest manufacturers. The good news is that three-fifths (61%) had implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. It’s designed to prevent phishing by automatically flagging and blocking any incoming emails thought to be spoofed."
        https://www.infosecurity-magazine.com/news/fifth-manufacturers-strongest/

      • Developing And Prioritizing a Detection Engineering Backlog Based On MITRE ATT&CK
        "Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for ideas on creating detection scenarios."
        https://securelist.com/detection-engineering-backlog-prioritization/113099/

      • A Decade Of Global Cyberattacks, And Where They Left Us
        "The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now feel like an everyday occurrence.”"
        https://securityintelligence.com/articles/decade-global-cyberattacks-where-they-left-us/

      • How To Fix a Dysfunctional Security Culture
        "There’s an old business saying that goes: “Culture eats strategy for breakfast,” that’s often attributed to Peter Drucker. While it is debatable whether he said it or not, the sentiment is clear—without a strong culture, organizations will be unable to execute on their strategies."
        https://www.securityweek.com/how-to-fix-a-dysfunctional-security-culture/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 631c0d80-51c1-451a-a5ba-0d564556bad0-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post