NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    ETDA Cyber Threat Intelligence 12 July 2024

    Cyber Security News
    2
    1
    62
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector

      • Major Health Data Breaches: How Are Trends Shifting In 2024?
        "Hacks and vendor incidents continue to dominate major health data breach trends in 2024, but a handful of large incidents involving "unauthorized access or disclosure" also top the list of major health data breaches reported to federal regulators so far this year."
        https://www.bankinfosecurity.com/major-health-data-breaches-how-are-trends-shifting-in-2024-a-25749

      Industrial Sector

      • CISA Releases Twenty-One Industrial Control Systems Advisories
        "CISA released twenty-one Industrial Control Systems (ICS) advisories on July 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS."
        https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories

      Vulnerabilities

      • Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug In Expedition Tool
        "Palo Alto Networks on Wednesday released patches for multiple vulnerabilities, including a critical-severity bug in its Expedition migration tool. Tracked as CVE-2024-5910 (CVSS score of 9.3), the security defect is described as a missing authentication for a critical function, which could allow attackers to take over administrative accounts. Palo Alto Networks addressed the flaw in Expedition version 1.2.92."
        https://www.securityweek.com/palo-alto-networks-addresses-blastradius-vulnerability-fixes-critical-bug-in-expedition-tool/
        https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html

      • Signal Downplays Encryption Key Flaw, Fixes It After X Drama
        "Signal is finally tightening its desktop client’s security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. As reported by BleepingComputer in 2018, when Signal Desktop for Windows or Mac is installed, it creates an encrypted SQLite database to store a user's messages. This database is encrypted using a key generated by the program and without input from the user."
        https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/

      Malware

      • CVE-2024-4577 Exploits In The Wild One Day After Disclosure
        "The time from disclosure to exploitation has significantly shortened in recent years — in fact, most malicious activity takes place in the first month following the patch. As of May 2024, the average time for exploitation to begin is approximately 4 days after a vulnerability is made public, which leaves hardly any time at all for defenders to prepare. That’s only one part of the vulnerability onslaught — attackers are also continuously abusing one-day vulnerabilities (even some that are several years old) to ensure that their efforts are rewarded."
        https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure
        https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html
        https://www.bankinfosecurity.com/multiple-threat-actors-moving-quickly-to-exploit-php-flaw-a-25748
        https://securityaffairs.com/165586/hacking/php-flaw-cve-2024-4577-actively-exploited.html

      • Japanese Space Agency Spotted Zero-Day Attacks While Cleaning Up Attack On M365
        "The Japanese Space Exploration Agency (JAXA) discovered it was under attack using zero-day exploits while working with Microsoft to probe a 2023 cyberattack on its systems. JAXA’s systems came under in attack in late 2023, with its Active Directory implementation taking the brunt of it."
        https://www.theregister.com/2024/07/11/jaxa_m365_zeroday_attacks/
        https://global.jaxa.jp/press/2024/07/20240705-2_e.html

      • CRYSTALRAY: Inside The Operations Of a Rising Threat Actor Exploiting OSS Tools
        "The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities."
        https://sysdig.com/blog/crystalray-rising-threat-actor-exploiting-oss-tools/
        https://www.bleepingcomputer.com/news/security/crystalray-hacker-expands-to-1-500-breached-systems-using-ssh-snake-tool/
        https://www.darkreading.com/threat-intelligence/-crystalray-attacks-jump-10x-using-only-oss-steal-credentials
        https://www.securityweek.com/crystalray-expands-arsenal-hits-1500-targets-with-ssh-snake-and-open-source-tools/
        https://securityaffairs.com/165607/cyber-crime/crystalray-operations-scaled-10x.html

      • Checking In On The State Of Cybersecurity And The Olympics
        "With the 2024 Olympics’ Opening Ceremony only two weeks away now, there is one thing that’s an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks. Every time there is a new Olympic Games, there’s a renewed discussion about how threat actors, hacktivists and state-sponsored groups are all gearing up to try to disrupt the games in some way. The Opening Ceremony at the 2018 Olympic Games in South Korea was disrupted by a major cyber attack called Olympic Destroyer, briefly pausing ticket-taking operations and taking down several Olympics-related websites."
        https://blog.talosintelligence.com/threat-source-newsletter-july-12-2024/

      • Impact Of Data Breaches Is Fueling Scam Campaigns
        "Over the years, data breaches have played a pivotal role in facilitating various forms of cyber-attacks. Adversaries are leveraging on stolen data to execute more sophisticated and damaging attacks to materialize their malicious intents. The significance of data breaches extends far beyond the immediate loss of data with the implications for security, reputation and financial stability of individuals and organizations."
        https://blog.talosintelligence.com/data-breaches-fueling-scam-campaigns/

      • Akira Ransomware: Lightning-Fast Data Exfiltration In 2-Ish Hours
        "The gang's time from initial access to draining data out of a Veeam server is shockingly fast; after which the attackers went on to deploy actual ransomware in less than a day."
        https://www.darkreading.com/endpoint-security/akira-ransomware-lightning-fast-data-exfiltration-2-hours

      • Apple Warns iPhone Users In 98 Countries Of Spyware Attacks
        "Apple has issued a new round of threat notifications to iPhone users across 98 countries, warning them of potential mercenary spyware attacks. It’s the second such alert campaign from the company this year, following a similar notification sent to users in 92 nations in April."
        https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/
        https://therecord.media/apple-warns-indian-iphone-users-spyware
        https://www.darkreading.com/endpoint-security/apple-warns-iphone-users-in-98-countries-of-more-spyware-attacks

      • New FishXProxy Phishing Kit Lowers Barriers For Cybercriminals
        "Imagine receiving an email that looks perfectly legitimate, down to the last detail. This is the deceptive power of new FishXProxy Phishing Kit, a new phishing toolkit emerging from the cybercrime underground. With its array of advanced features, FishXProxy dismantles the technical barriers traditionally associated with phishing campaigns, making it alarmingly simple for attackers to deceive and exploit unsuspecting victims."
        https://slashnext.com/blog/new-fishxproxy-phishing-kit-lowers-barriers-for-cybercriminals/
        https://www.darkreading.com/endpoint-security/fishxproxy-phishing-kit-cybercriminals-success
        https://hackread.com/new-fishxproxy-phishing-kit-script-kiddies/

      • Deep Dive On Supplement Scams: How AI Drives ‘Miracle Cures’ And Sponsored Health-Related Scams On Social Media
        "Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers."
        https://www.bitdefender.com/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
        https://hackread.com/aiscam-ads-deepfake-tech-bogus-health-products/

      • ClickFix Deception: A Social Engineering Tactic To Deploy Malware
        "McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/

      • When Spear Phishing Met Mass Phishing
        "Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like something you’d get from your employer or a customer. Adopting that approach on a larger scale is a pricey endeavor. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. This story looks at some real-life examples that illustrate the trend."
        https://securelist.com/spear-phishing-meets-mass/113125/

      • Malicious NuGet Campaign Uses Homoglyphs And IL Weaving To Fool Devs
        "ReversingLabs has been actively tracking a malicious campaign targeting the NuGet package manager since the beginning of August, 2023. This report presents the findings of that research, which shows how malicious actors are continuously improving their techniques and responding to disruption of their campaigns."
        https://www.reversinglabs.com/blog/malicious-nuget-campaign-uses-homoglyphs-and-il-weaving-to-fool-devs
        https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html

      • DodgeBox: A Deep Dive Into The Updated Arsenal Of APT41 | Part 1
        "In April 2024, Zscaler ThreatLabz uncovered a previously unknown loader called DodgeBox. Upon further analysis, striking similarities were found between DodgeBox and variants of StealthVector, a tool associated with the China-based advanced persistent threat (APT) actor APT41 / Earth Baku. DodgeBox is a loader that proceeds to load a new backdoor named MoonWalk. MoonWalk shares many evasion techniques implemented in DodgeBox and utilizes Google Drive for command-and-control (C2) communication."
        https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1
        https://thehackernews.com/2024/07/chinese-apt41-upgrades-malware-arsenal.html
        https://www.theregister.com/2024/07/12/china_apt41_malware/

      • Russian Disinformation Network’s Infrastructure Is Spread Across Europe, Report Says
        "Researchers have uncovered infrastructure located or registered in Europe that is used by a prolific Russian-language disinformation network dubbed Doppelgänger, as well as by cybercriminals. Researchers at digital rights nonprofits Qurium and EU DisinfoLab — who first exposed Doppelgänger in 2022 — say the group is doing business in at least 10 countries across Europe, including Germany, the U.K., and the Czech Republic."
        https://therecord.media/doppelganger-disinformation-infrastructure-european-companies

      Breaches/Hacks/Leaks

      • ARRL Finally Confirms Ransomware Gang Stole Data In Cyberattack
        "The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." ARRL, the National Association for Amateur Radio, said in data breach notifications recently sent to impacted individuals that it detected the "sophisticated ransomware incident" after the attackers breached and encrypted its computer systems on May 14."
        https://www.bleepingcomputer.com/news/security/arrl-finally-confirms-ransomware-gang-stole-data-in-cyberattack/

      • Dallas County: Data Of 200,000 Exposed In 2023 Ransomware Attack
        "Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. Dallas County is the second largest county in Texas, with over 2.6 million residents. In October 2023, the Play ransomware gang added Dallas to its extortion portal on the dark web, threatening to leak data it stole during an attack on its systems, including private documents from various departments."
        https://www.bleepingcomputer.com/news/security/dallas-county-data-of-200-000-exposed-in-2023-ransomware-attack/

      • Advance Auto Parts Data Breach Impacts 2.3 Million People
        "Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. Advance operates 4,777 stores and 320 Worldpac branches, serving 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands."
        https://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/
        https://www.darkreading.com/cyberattacks-data-breaches/advance-auto-parts-data-breach-affects-2m-customers
        https://therecord.media/advance-auto-parts-data-breach-2million
        https://www.theregister.com/2024/07/11/advance_auto_parts_confirms_23/

      • Indiana County Files Disaster Declaration Following Ransomware Attack
        "Multiple governments across the U.S. are dealing with the after effects of ransomware attacks — with one issuing a disaster declaration after services were knocked offline. In a statement on Thursday, officials in charge of Clay County, Indiana filed a local disaster declaration following a ransomware attack that “resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation.”"
        https://therecord.media/indiana-county-disaster-declaration-ransomware-attack-dallas

      • Macau Government Websites Hit With Cyberattack By Suspected Foreign Hackers
        "At least five Macau government websites were knocked offline by suspected foreign hackers for almost an hour earlier this week, several Chinese media outlets reported, citing local security officials. A distributed denial-of-service attack (DDoS) affected, among others, the websites of Macau’s security service, police force, fire and rescue services, and the academy for public security forces."
        https://therecord.media/macau-government-websites-hit-with-cyberattack

      General News

      • How AI Helps Decode Cybercriminal Strategies
        "With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology."
        https://www.helpnetsecurity.com/2024/07/11/ai-dark-web/

      • Strengthening Cybersecurity Preparedness With Defense In Depth
        "In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity."
        https://www.helpnetsecurity.com/2024/07/11/chaim-mazal-gigamon-cybersecurity-preparedness/

      • CISA Releases Advisory Detailing Red Team Activity During Assessment Of US FCEB Organization, Highlighting Necessity Of Defense-In-Depth
        "Today, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory (CSA) details key findings and lessons learned from a 2023 assessment, along with the red team’s tactics, techniques, and procedures (TTPs) and associated network defense activity."
        https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-advisory-detailing-red-team-activity-during-assessment-us-fceb-organization

      • Trade The Comfort Of Security Theater For True Security
        "With all the recent cyberattacks, data breaches, lawsuits, enforcement actions, and regulatory investigations, I am often surprised by the number of companies I see engaging in security practices that are more focused on a compelling marketing campaign than on mitigating business, financial, and legal risks. This is "security theater," a program that gives the illusion of security without meaningful defensive substance. It is meticulously crafted for C-suite executives and leaders who demand a feel-good performance at bargain-basement production costs, often led by a cast of actors more concerned with the audience than the substance."
        https://www.darkreading.com/cyber-risk/trade-the-comfort-of-security-theater-for-true-security

      • Centralized Cyber-Incident Reporting Can Improve Effectiveness
        "UnitedHealth CEO Andrew Witty addressed separate hearings in the Senate and House on May 1 to testify about the devastating Change Healthcare cyberattack in February that affected millions of Americans and incurred nearly $1 billion in costs."
        https://www.darkreading.com/cybersecurity-operations/centralized-cyber-incident-reporting-can-improve-effectiveness

      • Ransomware Surges Annually Despite Law Enforcement Takedowns
        "The number of successful ransomware attacks advertised on leak sites increased 9% year-on-year (YoY) in the first quarter of 2024 despite high-profile law enforcement disruption of major groups, Symantec has claimed. The security vendor said it recorded 962 claimed attacks in the first quarter of 2024 – down from the 1190 attacks of the previous three months, but still more than the 886 claimed in the first quarter of 2023."
        https://www.infosecurity-magazine.com/news/ransomware-surges-2024-law/

      • 39% Of MSPs Report Major Setbacks When Adapting To Advanced Security Technologies
        "SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry."
        https://securityintelligence.com/articles/msps-report-setbacks-adapting-advanced-security-technologies/

      • Hacker ‘Tank’ Gets Prison Sentence For Connections To Zeus And IcedID Malware
        "The U.S. justice system closed the book on a long-running criminal hacking case Thursday, as a Nebraska federal judge sentenced a Ukrainian national to prison and ordered him to pay millions of dollars in restitution for participating in two notorious malware schemes. Vyacheslav Igorevich Penchukov, 37, had pleaded guilty in February to charges associated with helping operate the Zeus banking malware in the 2010s and later the IcedID infostealer, also known as Bokbot."
        https://therecord.media/hacker-tank-sentenced-zeus-icedid

      • An In-Depth Look At Crypto-Crime In 2023 Part 2
        "In the second part of our series, we delve deeper into the specific types of crypto-crimes prevalent in 2023 and their impact on the industry and its users. Based on Chainanlysis’s 2024 Crypto Crime Report, we explore various trends in crypto-crime."
        https://www.trendmicro.com/en_us/research/24/g/crypto-crime-2024-report-part-ii.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) d046aa43-254e-429c-aa1b-77e6e87913c4-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post