NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 July 2024

    Cyber Security News
    2
    1
    89
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment
        "Siemens this week published an out-of-band security advisory to announce the availability of patches for a couple of potentially serious vulnerabilities affecting some of its Sicam power grid products. The industrial giant informed customers that its Sicam A8000 product, which is a remote terminal unit (RTU) designed for telecontrol and automation in the energy supply sector, as well as the Sicam Enhanced Grid Sensor (EGS), and the Sicam 8 software are impacted."
        https://www.securityweek.com/siemens-patches-power-grid-product-flaw-allowing-backdoor-deployment/
        https://cert-portal.siemens.com/productcert/html/ssa-071402.html

      New Tooling

      • Infisical: Open-Source Secret Management Platform
        "Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI."
        https://www.helpnetsecurity.com/2024/07/24/infisical-open-source-secret-management-platform/
        https://github.com/Infisical/infisical

      Vulnerabilities

      • Docker Fixes Critical 5-Year Old Authentication Bypass Flaw
        "Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn't carried forward in later versions, so the flaw resurfaced."
        https://www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/
        https://www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
      • Chrome 127 Patches 24 Vulnerabilities
        "Google on Tuesday announced the release of Chrome 127 to the stable channel with patches for 24 vulnerabilities, including 16 reported by external researchers. Memory safety bugs once again were the predominant types of security defects addressed in the popular browser, accounting for half of the externally reported issues, including four high-severity ones."
        https://www.securityweek.com/chrome-127-patches-24-vulnerabilities/
      • ISC Releases Security Advisories For BIND 9
        "The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition."
        https://www.cisa.gov/news-events/alerts/2024/07/24/isc-releases-security-advisories-bind-9

      Malware

      • How a North Korean Fake IT Worker Tried To Infiltrate Us
        "KnowBe4 needed a software engineer for our internal IT AI team. We posted the job, received resumes, conducted interviews, performed background checks, verified references, and hired the person. Our HR team conducted four video conference based interviews on separate occasions, confirming the individual matched the photo provided on their application."
        https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
        https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/
        https://www.theregister.com/2024/07/24/knowbe4_north_korean/
        https://www.securityweek.com/knowbe4-hires-fake-north-korean-it-worker-catches-new-employee-planting-malware/
        https://cyberscoop.com/cyber-firm-knowbe4-hired-a-fake-it-worker-from-north-korea/
        https://www.infosecurity-magazine.com/news/north-korean-hackers-targeted/
        https://hackread.com/cybersecurity-firm-knowbe4-hire-north-korean-hacker/
      • The Hidden Menace Of Phantom Attackers On GitHub By Stargazers Ghost Network
        "The cyber-crime landscape is constantly evolving, threat actors find new sophisticated ways to infect victims, get access to sensitive information, and cause harm. GitHub is a platform owned by Microsoft which is commonly used to host open-source software development projects. It is the world’s largest source code host with over 100 million developers, more than 420 million repositories, and 14 million visitors per day. GitHub is a crucial tool for a variety of users – from government agencies at the state and local level to collaborate, software engineers, programmers to developers and coding students."
        https://blog.checkpoint.com/security/the-hidden-menace-of-phantom-attackers-on-github-by-stargazers-ghost-network/
        https://research.checkpoint.com/2024/stargazers-ghost-network/
        https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/
        https://www.darkreading.com/application-security/stargazer-goblin-amasses-rogue-github-accounts-to-spread-malware
        https://www.helpnetsecurity.com/2024/07/24/github-accounts-malware-distribution/
      • Malware Exploit Bypasses SEGs Leaving Organizations At Risk
        "Threat actors continually leverage and create a plethora of tactics to bypass Secure Email Gateways (SEGs). These include encoding malicious URLs with other SEG protection tools, obfuscating file contents, and abusing SEG treatment of “legitimate” files. Recently, threat actors appear to be abusing how SEGs scan the contents of archive type file attachments. The threat actors utilized a .zip archive attachment and when the SEG scanned the file contents, the archive was detected as containing a .Mpeg video file and was not blocked or filtered."
        https://cofense.com/blog/malware-exploit-bypasses-segs-leaving-organizations-at-risk/
        https://www.bankinfosecurity.com/email-gateway-security-gaps-enable-new-malware-tactics-a-25839
      • The Patchwork Group Has Updated Its Arsenal, Launching Attacks For The First Time Using Brute Ratel C4 And An Enhanced Version Of PGoShell
        "Recently, Knownsec 404 Advanced Threat Intelligence Team has detected a suspected attack by the Patchwork group targeting Bhutan. This sample not only loads the repeatedly discovered Go language backdoor (referred to as “PGoShell”) but also significantly enhances its functionality. Additionally, for the first time, the sample uses the red team tool Brute Ratel C4, marking a notable recent update to their arsenal. Over the past two years, the Patchwork group has demonstrated greater enthusiasm for technological advancements compared to other similar groups, continually updating its arsenal and loading methods. To date, over 10 different types of trojans and loading methods used by the group have been identified. The following is an analysis and description of this recent discovery."
        https://medium.com/@knownsec404team/the-patchwork-group-has-updated-its-arsenal-launching-attacks-for-the-first-time-using-brute-ratel-175741987d87
        https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html
      • Accelerating Analysis When It Matters
        "In this post, we share information about how security professionals can take analysis shortcuts to quickly triage and analyze multiple malware samples. Within minutes, we can determine the malware families from a group of samples, parse the embedded configuration and extract the associated network indicators of compromise (IoCs)."
        https://unit42.paloaltonetworks.com/accelerating-malware-analysis/

      Breaches/Hacks/Leaks

      • Daixin Gang Threatening To Leak 10 Million Ambulance Records
        "Ransomware group Daixin is threatening to leak sensitive medical information of 10 million patients on the dark web. The group claims to have stolen the data in an attack on Louisiana-based Acadian Ambulance - the latest in a string of incidents targeting emergency medical services."
        https://www.bankinfosecurity.com/daixin-gang-threatening-to-leak-10-million-ambulance-records-a-25837
      • 57,000 Patients Impacted By Michigan Medicine Data Breach
        "Michigan Medicine, the academic medical center of the University of Michigan, is notifying roughly 57,000 individuals that their personal and health information might have been compromised in a data breach. The incident, Michigan Medicine says, resulted from threat actors gaining access to employee email accounts on May 23 and May 29. The compromised accounts were disabled as soon as the data breach was discovered."
        https://www.securityweek.com/57000-patients-impacted-by-michigan-medicine-data-breach/
        https://securityaffairs.com/166138/cyber-crime/michigan-medicine-data-breach.html
      • Data Pilfered From Pentagon IT Supplier Leidos
        "Internal documents stolen from Leidos Holdings, an IT services provider contracted with the Department of Defense and other US government agencies, have been leaked on the dark web. The Leidos files that have made their way into the wild are claimed not to hold any "sensitive customer data," but the incident highlights the need for greater security awareness."
        https://www.theregister.com/2024/07/24/leidos_data_leak/

      General News

      • Phish-Friendly Domain Registry “.top” Put On Notice
        "The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”"
        https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/
      • Cybersecurity ROI: Top Metrics And KPIs
        "In this Help Net Security interview, Karthik Swarnam, Chief Security and Trust Officer at ArmorCode, discusses key metrics and KPIs to measure cybersecurity ROI. Swarnam shares strategies for enhancing ROI through proactive measures and effective communication with executive leadership."
        https://www.helpnetsecurity.com/2024/07/24/karthik-swarnam-armorcode-cybersecurity-roi/
      • AI Accelerates Code Development Faster Than Security Teams Can Keep Up
        "91% of respondents say their security budget is increasing this year, demonstrating a growing recognition of the importance of cybersecurity within organizations, according to Seemplicity."
        https://www.helpnetsecurity.com/2024/07/24/vulnerability-management-automation/
      • CrowdStrike Explains Friday Incident Crashing Millions Of Windows Devices
        "Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company said in its Preliminary Post Incident Review (PIR)."
        https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html
        https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
        https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass-checks/
        https://www.darkreading.com/endpoint-security/crowdstrike-crash-buggy-security-content-update
        https://www.theregister.com/2024/07/24/crowdstrike_preliminary_incident_report/
        https://www.infosecurity-magazine.com/news/crowdstrike-response-update-outage/
        https://www.bankinfosecurity.com/crowdstrike-says-code-testing-bugs-failed-to-prevent-outage-a-25833
        https://www.securityweek.com/crowdstrike-explains-why-bad-update-was-not-properly-tested/
        https://www.helpnetsecurity.com/2024/07/24/crowdstrike-update-testing/
      • Check Point Research Reveals Q2 2024 Brand Phishing Trends: Microsoft Tops List While New Entries Signal Shifting Threat Landscape
        "Phishing attacks remain one of the most pervasive cyber threats and are often the entry point for much larger scale campaigns in a supply chain. Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., has recently released its latest Brand Phishing Ranking for the second quarter of 2024. The ranking highlights the brands most frequently imitated by cybercriminals in their attempts to deceive individuals and steal personal information or payment credentials."
        https://blog.checkpoint.com/research/check-point-research-reveals-q2-2024-brand-phishing-trends-microsoft-tops-list-while-new-entries-signal-shifting-threat-landscape/
      • Navigating The Complex Landscape Of Web Browser Security
        "With an increasing reliance on the cloud, Web browsers are mission-critical applications for organizations. This not only means that people and organizations are using browsers more frequently and intensively than before, but also that more critical systems and data are accessed through browsers. All of this puts Web browser security at the forefront of organizational cybersecurity concerns. Despite well-known IT security practices, browsers remain one of the most problematic application categories in terms of vulnerability management. Let's explore why."
        https://www.darkreading.com/vulnerabilities-threats/navigating-complex-landscape-web-browser-security
      • Small Businesses Need Default Security In Products Now
        "Small and medium businesses are more vulnerable to attacks because software companies, cloud service providers, and technology makers either charge for safety features that should be offered at every service tier or fail to offer the features at all."
        https://www.darkreading.com/endpoint-security/small-businesses-need-default-security-in-products-now
      • Crisis Communication: What NOT To Do
        "When an organization experiences a cyberattack, tensions are high, customers are concerned and the business is typically not operating at full capacity. Every move you make at this point makes a difference to your company’s future, and even a seemingly small mistake can cause permanent reputational damage. Because of the stress and many moving parts that are involved, businesses often fall short when it comes to communication in a crisis. Here are seven common crisis communication mistakes that occur amid a cyberattack or data breach and how to address them."
        https://securityintelligence.com/articles/crisis-communication-what-not-to-do/
      • Intent To End OCSP Service
        "Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages over OCSP. Let’s Encrypt has been providing an OCSP responder since our launch nearly ten years ago. We added support for CRLs in 2022."
        https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) ea917fd4-1091-45a7-afc9-8b38ea242507-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post