NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 July 2024

    Cyber Security News
    2
    1
    115
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Siemens SICAM Products
        "Successful exploitation of these vulnerabilities could allow an attacker to perform an unauthorized password reset which could lead to privilege escalation and potential leak of information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-01
      • Positron Broadcast Signal Processor
        "Successful exploitation of this vulnerability could allow an attacker to bypass authentication and access unauthorized protected areas of the application."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02
      • Is Our Water Safe To Drink? Securing Our Critical Infrastructure
        "In the realm of cybersecurity risk, the obscure dark corner of the room is operational technology (OT). This is the space where computers and physical function come together, opening and closing valves, flipping breakers, stamping metal, and changing the temperature in your home from an app on your phone. This is also a place that most IT professionals and cybersecurity practitioners shy away from and look to as "that stuff over there we don't really understand.""
        https://www.darkreading.com/ics-ot-security/is-our-water-safe-to-drink-securing-our-critical-infrastructure

      Vulnerabilities

      • Progress Warns Of Critical RCE Bug In Telerik Report Server
        "Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. As a server-based reporting platform, Telerik Report Server provides centralized storage for reports and the tools needed to create, deploy, deliver, and manage them across an organization. Tracked as CVE-2024-6327, the vulnerability is due to a deserialization of untrusted data weakness that attackers can exploit to gain remote code execution on unpatched servers."
        https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
        https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
        https://securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
      • PKfail: Untrusted Platform Keys Undermine Secure Boot On UEFI Ecosystem
        "Secure Boot has always been the holy grail of platform security, and many security features at the operating system layer depend on its integrity. The first implementations originally appeared as a proposal in UEFI reference code called Tianocore EDK2 in the early 2000’s but have been easily circumvented due to weak designs. In 2014, additional security technologies like Intel Boot Guard were introduced to anchor secure boot security to the hardware but the high-level components of the original EDK2 implementation have not evolved significantly, leaving us with a major weakness in platform security."
        https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
        https://22222483.fs1.hubspotusercontent-na1.net/hubfs/22222483/Reports/PKfail - Binarly Research Report July 25 2024.pdf
        https://www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/
        https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
      • Anyone Can Access Deleted And Private Repository Data On GitHub
        "You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way. This is such an enormous attack vector for all organizations that use GitHub that we’re introducing a new term: Cross Fork Object Reference (CFOR). A CFOR vulnerability occurs when one repository fork can access sensitive data from another fork (including data from private and deleted forks). Similar to an Insecure Direct Object Reference, in CFOR users supply commit hashes to directly access commit data that otherwise would not be visible to them."
        https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
        https://hackread.com/anyone-access-deleted-private-github-repository-data/
        https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/
      • Nvidia Patches High-Severity Vulnerabilities In AI, Networking Products
        "Nvidia this week announced patches for vulnerabilities affecting several of its artificial intelligence and networking products. The chip giant has published two security bulletins. One of them covers CVE-2024-0108, a high-severity flaw affecting Jetson products, which are designed for robotics and embedded edge AI applications."
        https://www.securityweek.com/nvidia-patches-high-severity-vulnerabilities-in-ai-networking-products/
        https://nvidia.custhelp.com/app/answers/detail/a_id/5555
        https://nvidia.custhelp.com/app/answers/detail/a_id/5559
      • ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
        "Organizations that have used Google Cloud Platform’s Cloud Functions – a serverless execution environment – could be impacted by a privilege escalation vulnerability discovered by Tenable and dubbed as “ConfusedFunction.” Read on to learn all about the vulnerability and what your organization needs to do to protect itself. Tenable Research has discovered a vulnerability in Google Cloud Platform involving its Cloud Functions serverless compute service and its Cloud Build CI/CD pipeline service."
        https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions
        https://thehackernews.com/2024/07/experts-expose-confusedfunction.html
      • AI Tool Identifies BOLA Vulnerabilities In Easy!Appointments
        "Palo Alto Networks has been actively researching and developing security capabilities using AI. In an effort to audit web applications for Broken Object-Level Authorization (BOLA) vulnerabilities, Unit 42 researchers developed an automated BOLA detection tool leveraging GenAI. In 2023, we used our tool to test an open-source project, Easy!Appointments, and found 15 BOLA vulnerabilities. We notified the vendor, who has since patched the vulnerabilities. The number of issues we found highlights the prevalence of BOLA vulnerabilities in API applications and underscores the importance of continuously scrutinizing software for these potentially severe issues."
        https://unit42.paloaltonetworks.com/bola-vulnerabilities-easyappointments/

      Malware

      • FBI, CISA, And Partners Release Advisory Highlighting North Korean Cyber Espionage Activity
        "Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs."
        https://www.cisa.gov/news-events/alerts/2024/07/25/fbi-cisa-and-partners-release-advisory-highlighting-north-korean-cyber-espionage-activity
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
        https://media.defense.gov/2024/Jul/25/2003510137/-1/-1/0/Joint-CSA-North-Korea-Cyber-Espionage-Advance-Military-Nuclear-Programs.PDF
        https://www.darkreading.com/cyberattacks-data-breaches/feds-warn-of-north-korean-cyberattacks-on-us-critical-infrastructure
        https://www.itnews.com.au/news/north-korean-hackers-stealing-military-secrets-say-us-and-allies-610120
      • CVE-2024-4879 And CVE-2024-5217 (ServiceNow RCE) Exploitation In a Global Reconnaissance Campaign
        "ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, affect various versions of the Now Platform, including Washington D.C., Vancouver, and Utah releases."
        https://www.resecurity.com/blog/article/cve-2024-4879-and-cve-2024-5217-servicenow-rce-exploitation-in-a-global-reconnaissance-campaign
        https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
      • APT45: North Korea’s Digital Military Machine
        "Mandiant assesses with high confidence that APT45 is a moderately sophisticated cyber operator that supports the interests of the DPRK. Since at least 2009, APT45 has carried out a range of cyber operations aligned with the shifting geopolitical interests of the North Korean state. Although the group's earliest observed activities consisted of espionage campaigns against government agencies and defense industries, APT45 has expanded its remit to financially-motivated operations, including targeting of the financial vertical; we also assess with moderate confidence that APT45 has engaged in the development of ransomware."
        https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
        https://www.bankinfosecurity.com/mandiant-north-korean-hackers-targeting-healthcare-energy-a-25845
        https://thehackernews.com/2024/07/north-korean-hackers-shift-from-cyber.html
        https://cyberscoop.com/north-korean-hacking-group-makes-waves-to-gain-mandiant-fbi-spotlight/
        https://www.securityweek.com/mandiant-shines-spotlight-on-apt45-behind-north-koreas-digital-military-machine/
      • Six-Day, 14.7 Million RPS Web DDoS Attack Campaign Attributed To SN_BLACKMETA
        "This year has been marked by a record-breaking six-day attack campaign consisting of multiple four to 20-hour Web DDoS waves, amounting to a total of 100 hours of attack time and sustaining an average of 4.5 million RPS with a peak of 14.7 million RPS."l
        https://www.radware.com/security/threat-advisories-and-attack-reports/six-day-web-ddos-attack-campaign/
        https://www.darkreading.com/cyberattacks-data-breaches/pro-palestinian-actor-levels-six-day-ddos-on-uae-bank
      • Combating Financial Sextortion Scams From Nigeria
        "Financial sextortion is a horrific crime that can have devastating consequences. Our teams have deep experience in fighting this crime and work closely with experts to recognize the tactics scammers use, understand how they evolve and develop effective ways to help stop them. Like many crimes, financial sextortion crosses borders, and over recent years there’s been a growing trend of scammers — largely driven by cybercriminals known as Yahoo Boys — targeting people across the internet, both with these and other types of scams."
        https://about.fb.com/news/2024/07/combating-financial-sextortion-scams-from-nigeria/
        https://www.bleepingcomputer.com/news/security/meta-nukes-massive-instagram-sextortion-network-of-63-000-accounts/
        https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html
      • French Police Push PlugX Malware Self-Destruct Payload To Clean PCs
        "The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. The operation is conducted by the Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie with assistance by French cybersecurity firm Sekoia, which sinkholed a command and control server for a widely distributed PlugX variant last April."
        https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/
      • Cuckoo Spear – The Latest Nation-State Threat Actor Targeting Japanese Companies
        "Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. Government agencies or state-sponsored groups, are engaging in cyber-attacks for various reasons, including espionage, sabotage, or for political influence."
        https://www.cybereason.com/blog/cuckoo-spear
      • Phishing Campaign Targeting Mobile Users In India Using India Post Lures
        "The FortiGuard Labs Threat Research team recently observed a number of social media posts commenting on a fraud campaign targeting India Post users. India Post is India’s government-operated postal system. It is part of the Ministry of Communications and has a vast network of over 150,000 post offices across the country, making it one of the largest postal systems in the world."
        https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-mobile-users-in-india-using-india-post-lures
        https://hackread.com/chinese-sms-phishing-group-iphone-users-india-post-scam/
      • Unveiling The Latest Banking Trojan Threats In LATAM
        "In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions. In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and how Telegram is utilized to transmit data about the compromised machines and share more about the campaign."
        https://securityintelligence.com/posts/unveiling-latest-banking-trojan-threats-latam/
      • LummaC2 Malware Abusing The Game Platform ‘Steam’
        "LummaC2 is an Infostealer that is being actively distributed, disguised as illegal programs (e.g. cracks, keygens, and game hacking programs) available from distribution websites, YouTube, and LinkedIn using the SEO poisoning technique. Recently, it has also been distributed via search engine ads, posing as web pages of Notion, Slack, Capcut, etc."
        https://asec.ahnlab.com/en/68309/
      • Data Breach Exposes US Spyware Maker Behind Windows, Mac, Android And Chromebook Malware
        "A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance. A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company’s servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June."
        https://techcrunch.com/2024/07/25/spytech-data-breach-windows-mac-android-chromebook-spyware/

      General News

      • How CISOs Enable ITDR Approach Through The Principle Of Least Privilege
        "Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion."
        https://www.helpnetsecurity.com/2024/07/25/itdr-least-privilege/
      • Cloud Security Threats CISOs Need To Know About
        "In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024. These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities."
        https://www.helpnetsecurity.com/2024/07/25/ava-chawla-algosec-cloud-security-threats/
      • The Most Urgent Security Risks For GenAI Users Are All Data-Related
        "Regulated data (data that organizations have a legal duty to protect) makes up more than a third of the sensitive data being shared with GenAI applications—presenting a potential risk to businesses of costly data breaches, according to Netskope."
        https://www.helpnetsecurity.com/2024/07/25/genai-data-security-risks/
      • Patch Management Still Seemingly Abysmal Because No One Wants The Job
        "Patching: The bane of every IT professional's existence. It's a thankless, laborious job that no one wants to do, goes unappreciated when it interrupts work, and yet it's more critical than ever in this modern threat landscape. So color this vulture surprised to learn that, in the decade since he left an IT career for wordier pastures, things haven't really improved much – either in terms of patching rates or how rough it is for the people doing it."
        https://www.theregister.com/2024/07/25/patch_management_study/
      • How a Cheap Barcode Scanner Helped Fix CrowdStrike'd Windows PCs In a Flash
        "Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards."
        https://www.theregister.com/2024/07/25/crowdstrike_remediation_with_barcode_scanner/
      • Most IT Leaders Say Severity Of Cyber-Attacks Has Increased
        "Nine in 10 of IT leaders have said that the risk and severity of cyber-attacks has increased over the past year, while 61% believe the attack surface is now ‘impossible to control’, according to a new report from Appsbroker CTS. The report, titled Tipping the cyber scales: How defenders can get back in the game, found that the top five threats IT leaders are concerned about include:"
        https://www.infosecurity-magazine.com/news/severity-of-cyberattacks-has/
      • Rewards For Justice – Reward Offer For Information On North Korean Malicious Cyber Actor Targeting U.S. Critical Infrastructure
        "The U.S. Department of State’s Rewards for Justice (RFJ) program, administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act."
        https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-north-korean-malicious-cyber-actor-targeting-u-s-critical-infrastructure/
        https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-dprk-hacker-linked-to-maui-ransomware-attacks/
        https://www.bankinfosecurity.com/us-indicts-alleged-north-korean-ransomware-attacker-a-25849
        https://cyberscoop.com/north-korea-hacking-indictment-fbi-apt-45/
        https://www.securityweek.com/north-korean-charged-in-ransomware-attacks-on-american-hospitals/
      • IR Trends: Ransomware On The Rise, While Technology Becomes Most Targeted Sector
        "Business email compromise (BEC) and ransomware were the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024, together accounting for 60 percent of engagements. Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row. There was a slight increase in ransomware where Talos IR responded to Mallox and Underground Team ransomware for the first time this quarter, as well as the previously seen Black Basta and BlackSuit ransomware operations."
        https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/
        https://www.infosecurity-magazine.com/news/ransomware-bec-cyber-incidents/
      • Unexpected Lessons Learned From The CrowdStrike Event
        "In the wake of global IT issues caused by a defect in a content update for CrowdStrike's Falcon sensor, many organizations engaged in executing business continuity plans (BCPs), recovering systems, and restoring from backups. In the throes of these activities, it's easy to overlook the similarity with the playbook for ransomware recovery and miss how organizations of all sizes can leverage this event to identify gaps in their capabilities to respond to and recover from ransomware or other disruptive cyberattacks."
        https://www.darkreading.com/vulnerabilities-threats/unexpected-lessons-learned-from-the-crowdstrike-event

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)98494dcb-dc2c-4572-9ba6-4c2edd95d925-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post