NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 09 August 2024

    Cyber Security News
    2
    1
    715
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • #BHUSA: Ransomware Drill Targets Healthcare In Operation 911
        "Las Vegas law enforcement, the FBI and Semperis conducted a ransomware tabletop exercise targeting the healthcare sector at Black Hat USA 2024 to address the rising threat of attacks like the one on Change Healthcare. The exercise focused on the healthcare sector, which has been subject to a swathe of ransomware attacks in recent months and involved some of Semperis’ customers in the sector."
        https://www.infosecurity-magazine.com/news/ransomware-drill-healthcare/

      Industrial Sector

      • How Network Segmentation Can Strengthen Visibility In OT Networks
        "What role does the firewall play in the protection of operational technology (OT) networks and systems? Many would say that it’s the defensive mechanism to protect that environment from IT and the outside world. For the operators responsible for uptime of that critical system, the firewall is the perimeter protection that keeps others out. It’s also the gateway for information that needs to pass from the OT system to the business networks and for remote access when necessary. The firewall monitors for attempts to break into that network, stop them, and can send alerts when necessary."
        https://www.helpnetsecurity.com/2024/08/08/ot-networks-visibility/
      • Dorsett Controls InfoScan
        "Successful exploitation of these vulnerabilities could allow an attacker to expose sensitive information, resulting in data theft and misuse of credentials."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01

      New Tooling

      • Traceeshark: Open-Source Plugin For Wireshark
        "Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-level event and behavioral detection alongside network traffic."
        https://www.helpnetsecurity.com/2024/08/08/traceeshark-open-source-plugin-wireshark/
        https://github.com/aquasecurity/traceeshark
      • SSHamble: Open-Source Security Testing Of SSH Services
        "runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs."
        https://www.helpnetsecurity.com/2024/08/08/sshamble-test-ssh-services/
        https://github.com/runZeroInc/sshamble

      Vulnerabilities

      • Critical AWS Vulnerabilities Allow S3 Attack Bonanza
        "Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), exfiltration, denial-of-service attacks, or even account takeovers."Most of the vulnerabilities were considered critical because they gave access to other accounts with minimal effort from the attacker perspective," Aqua's lead security researcher Yakir Kadkoda tells Dark Reading."
        https://www.darkreading.com/remote-workforce/critical-aws-vulnerabilities-allow-s3-attack-bonanza
        https://www.securityweek.com/aws-patches-vulnerabilities-potentially-allowing-account-takeovers/
        https://hackread.com/black-hat-usa-2024-aws-bucket-monopoly-account-takeover/
      • 0.0.0.0 Day: Exploiting Localhost APIs From The Browser
        "Oligo Security's research team recently disclosed the “0.0.0.0 Day” vulnerability. This vulnerability allows malicious websites to bypass browser security and interact with services running on an organization’s local network, potentially leading to unauthorized access and remote code execution on local services by attackers outside the network."
        https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
        https://thehackernews.com/2024/08/0000-day-18-year-old-browser.html
        https://cyberscoop.com/browser-zero-day-oligo-security-0-0-0-0-day/
        https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/
        https://www.darkreading.com/cyberattacks-data-breaches/0000-day-flaw-puts-chrome-firefox-mozilla-browsers-at-rce-risk
        https://www.itnews.com.au/news/browser-vulnerability-can-be-used-to-breach-local-networks-610511
        https://securityaffairs.com/166765/hacking/0-0-0-0-day-browsers-attack.html
      • Cisco Warns Of Critical RCE Zero-Days In End Of Life IP Phones
        "Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and actively supported models as soon as possible."
        https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-http-vulns-RJZmX2Xz
      • Hazy Issue In Entra ID Allows Privileged Users To Become Global Admins
        "An obscure issue with Microsoft's Entra ID identity and access management service could allow a hacker to access every corner of an organization's cloud environment.Crucially, the attack requires that a hacker already have access to an admin-level account. With that in hand, though, the possibilities are limitless. At 4:20 p.m. local time today at Black Hat, Eric Woodruff, senior cloud security architect at Semperis, will describe how an attacker in such a position could take advantage of layered authentication mechanisms in Entra ID to gain all-powerful global administrator privileges."
        https://www.darkreading.com/application-security/hazy-issue-entra-id-privileged-users-become-global-admins
      • Using 1Password On Mac? Patch Up If You Don’t Want Your Vaults Raided
        "Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items. 1Password Vaults are essentially mini password managers inside the main app itself. They allow users to separate passwords used for different purposes, like personal accounts, family accounts, work-related credentials, and so on and so forth."
        https://www.theregister.com/2024/08/08/using_1password_on_mac_patch/
      • How To Weaponize Microsoft Copilot For Cyberattackers
        "Enterprises are implementing Microsoft's Copilot AI-based chatbots at a rapid pace, hoping to transform how employees gather data and organize their time and work. But at the same time, Copilot is also an ideal tool for threat actors.Security researcher Michael Bargury, a former senior security architect in Microsoft's Azure Security CTO office and now co-founder and chief technology officer of Zenity, says attackers can use Copilot to search for data, exfiltrate it without producing logs, and socially engineer victims to phishing sites even if they don't open emails or click on links."
        https://www.darkreading.com/application-security/how-to-weaponize-microsoft-copilot-for-cyberattackers

      Malware

      • New CMoon USB Worm Targets Russians In Data Theft Attacks
        "A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. According to Kaspersky researchers who discovered the campaign, CMoon can perform a broad range of functions, including loading additional payloads, snapping screenshots, and launching distributed denial of service (DDoS) attacks."
        https://www.bleepingcomputer.com/news/security/new-cmoon-usb-worm-targets-russians-in-data-theft-attacks/
      • New Malware, FakeBat Loader, Spreads Via Drive-By Download
        "Drive-by download is a well-established technique that cybercriminals use to install malware onto a victim’s computer. And in the first half of 2024 there has been a significant number of campaigns in which this mode of attack has been used to install the FakeBat Loader malware. Today, I’ll provide an overview of how drive-by download works, and then we’ll get into the details of FakeBat Loader and what it reveals about the current state of the cybercrime economy. And we’ll close out with a discussion of how best to combat this type of attack."
        https://blog.barracuda.com/2024/08/07/new-malware-FakeBat-Loader-spreads-via-drive-by-download
      • PureHVNC Deployed Via Python Multi-Stage Loader
        "This past April, FortiGuard Labs uncovered a sophisticated attack that leveraged multiple layers of obfuscation and evasion techniques to distribute and execute VenomRAT via ScrubCrypt. However, this attack campaign didn’t end with VenomRAT, as the subsequently loaded plugin continued to deploy various types of malware into the victim’s environment."
        https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
      • Decoding a Google Drawings And WhatsApp Open Redirection Phish
        "Open Redirect campaigns, like EvilProxy and Browser in the Browser, are an attack type that has been around for years. The threat is based on a user being sent to what appears to be a trusted website, then redirected to a site controlled by attackers. In this case, the attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim’s information. This attack is a great example of a Living Off Trusted Sites (LOTS) threat."
        https://www.menlosecurity.com/blog/google-drawings-and-whatsapp-zero-hour-open-redirection-phish-exposed
        https://thehackernews.com/2024/08/new-phishing-scam-uses-google-drawings.html
        https://www.infosecurity-magazine.com/news/phishing-exploits-google-whatsapp/
      • APT Group Kimsuky Targets University Researchers
        "Kimsuky is a North Korean APT group tasked with global intelligence collection operations aligned with the North Korean government’s interests. The group has been active since at least 2012 and has a particular interest in South Korean think tanks and government entities; however, it also targets the United States, the United Kingdom, and other European countries. Kimsuky specializes in targeted phishing campaigns, leveraging malicious attachments in follow-on emails after establishing trust through email correspondence [1][2]."
        https://www.cyberresilience.com/threatintel/apt-group-kimsuky-targets-university-researchers/
        https://thehackernews.com/2024/08/university-professors-targeted-by-north.html
        https://www.infosecurity-magazine.com/news/north-korea-kimsuky-phishing/
      • Russia's Kursk Region Suffers 'massive' DDoS Attack Amid Ukraine Offensive
        "Russia's Kursk region was hit by a “massive” distributed denial-of-service (DDoS) attack on Thursday amid Ukraine’s surprise cross-border incursion, Kursk state officials said in a statement. The unnamed hackers targeted government and business websites, as well as critical infrastructure services, making some of them temporarily unavailable, state media reported."
        https://therecord.media/kursk-military-offensive-ddos-russia-ukraine
      • Operation “Uncle Scam”: AI-Powered Phishers Abuse Microsoft Dynamics 365 To Target US Government Contractors
        "In a phishing campaign dubbed “Uncle Scam,” threat actors impersonate United States government agencies to deliver fake tender invite emails to hundreds of American enterprises. Prevented by Perception Point’s Advanced Threat Prevention platform, Perception Point security researchers investigated this campaign, uncovering advanced interactive kits, LLMs, and the abuse of Microsoft’s Dynamics 365 marketing platform. This blog explores how attackers created this highly realistic, multi-step phishing operation."
        https://perception-point.io/blog/operation-uncle-scam/

      Breaches/Hacks/Leaks

      • Ronin Network Hacked, $12 Million Returned By "white Hat" Hackers
        "Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. This figure corresponds to the maximum amount of ETH and USDC that can be withdrawn from the bridge via a single transaction, so this critical security measure prevented the theft of potentially astronomical figures."
        https://www.bleepingcomputer.com/news/security/ronin-network-hacked-12-million-returned-by-white-hat-hackers/
        https://hackread.com/nexera-defi-protocol-hacked-smart-contract-exploit/
        https://www.infosecurity-magazine.com/news/ethical-hackers-steal-return-12m/
        https://therecord.media/hackers-return-12-million-taken-from-ronin-network
      • Atari Asteroids Hack Sparks Debate On Blockchain Gaming Transparency
        "Atari’s Asteroids game was exposed as a fake “on-chain” experience. Stackr Labs reveals how the game’s leaderboard was manipulated without actual gameplay, highlighting the importance of true on-chain verification in blockchain gaming."
        https://hackread.com/atari-asteroids-hack-blockchain-gaming-transparency/
      • Rhysida Ransomware Group Claims To Have Breached Bayhealth Hospital In Delaware
        "The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC."
        https://securityaffairs.com/166749/cyber-crime/rhysida-ransomware-bayhealth-hospital.html
      • ADT Confirms Data Breach After Customer Info Leaked On Hacking Forum
        "American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98 billion, and serves approximately 6 million customers across 200 locations in the United States."
        https://www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-customer-info-leaked-on-hacking-forum/
        https://therecord.media/adt-says-hackers-obtained-limited-customer-data
      • Exclusive: Russian Spies Hacked UK Government Systems Earlier This Year, Stole Data And Emails
        "Cyber spies working for Russia’s foreign intelligence service stole internal emails and data on individuals from the British government earlier this year, according to an official description of the incident obtained by Recorded Future News. The breach of the Home Office’s systems has not previously been reported. It followed the Russian hackers initially targeting Microsoft, which supplies corporate systems to the Home Office, before the hackers exploited this access to also compromise several of Microsoft’s clients."
        https://therecord.media/russia-hack-uk-government-home-office-microsoft
      • Stolen Data From Scraping Service National Public Data Leaked Online
        "Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence. The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD. In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million. Then, earlier this week, the 277 GB of data was offered for download for free on the notorious BreachForums by another member of the USDoD group."
        https://www.malwarebytes.com/blog/news/2024/08/stolen-data-from-scraping-service-national-public-data-leaked-online

      General News

      • Monitoring Changes In KEV List Can Guide Security Teams
        "Organizations that use the Known Exploited Vulnerabilities (KEV) catalog to prioritize patching are likely missing silent changes to the list that could indicate that an issue's severity has changed, according to an analysis presented at the BSides Las Vegas conference on Aug. 7."
        https://www.darkreading.com/cybersecurity-analytics/monitoring-kev-list-for-changes-can-guide-security-teams
      • CIS Critical Security Controls v8.1
        "Version 8.1 (v8.1) of the CIS Critical Security Controls® (CIS Controls®) is an iterative update to version 8.0. It offers prescriptive, prioritized, and simplified cybersecurity best practices that provide a clear path for you to improve your organization’s cyber defense program."
        https://www.cisecurity.org/insights/white-papers/cis-critical-security-controls-v8-1
        https://www.helpnetsecurity.com/2024/08/08/download-cis-critical-security-controls-v8-1/
      • CyberAv3ngers
        "Rewards for Justice is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act."
        https://rewardsforjustice.net/rewards/cyberav3ngers/
        https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities
        https://www.securityweek.com/us-offering-10-million-reward-for-iranian-ics-hackers/
      • Building An Effective Strategy To Manage AI Risks
        "AI technology is proliferating at a rapid pace, becoming an essential component of many businesses' operations. While organizations are achieving genuine benefits with them, the rise of AI-based systems does create new obstacles regarding data privacy, reputational risk, and new attack vectors for companies."
        https://www.darkreading.com/cyber-risk/building-an-effective-strategy-to-manage-ai-risks
      • SaaS Apps Present An Abbreviated Kill Chain For Attackers
        "Organizations that are expanding their use of SaaS applications may want to revise their notions of — and approaches to — the cyber kill chain.SaaS applications have transformed the modern organization's attack surface and eliminated — or made easier — several of the steps that adversaries have traditionally needed to execute a successful attack, researchers at AppOmni said in a talk at Black Hat USA 2024. Security teams need to revise and readjust their defenses to keep ahead of the new reality."
        https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers
        https://www.securityweek.com/stolen-credentials-have-turned-saas-apps-into-attackers-playgrounds/
      • Verizon Business 2024 Mobile Security Index Reveals Escalating Risks In Mobile And IoT Security
        "Today, Verizon Business released its 2024 Mobile Security Index (MSI) report outlining the top threats to mobile and IoT device security. This year’s report, in its seventh iteration, goes beyond employee-level mobile usage and extends into the usage of IoT devices and sensors and the security concerns the growth of these devices can present especially as remote work continues to be a trend. This expanded view of mobile security concerns for organizations showcases the evolving threat landscape that CIOs and other IT decision makers must contend with."
        https://www.darkreading.com/endpoint-security/verizon-business-2024-mobile-security-index-reveals-escalating-risks-in-mobile-and-iot-security
      • Cybersecurity Industry Leaders Launch The Cyber Threat Intelligence Capability Maturity Model
        "Today, Intel 471, the premier provider of cyber intelligence-driven solutions worldwide, sponsored a partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community. Together, these professionals volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its kind vendor agnostic and universally applicable resource to support organizations of all shapes and sizes across the CTI industry. In today’s evolving threat landscape, the sign of a successful Cyber Threat Intelligence (CTI) program is a mature program that seamlessly integrates with an organization’s core objectives and key outcomes."
        https://www.darkreading.com/threat-intelligence/cybersecurity-industry-leaders-launch-the-cyber-threat-intelligence-capability-maturity-model
        https://cti-cmm.org/
      • After The Dust Settles: Post-Incident Actions
        "A major cybersecurity incident is an extremely high-pressure situation where rapid action is needed to control and mitigate the immediate effects. But once the dust has settled and the pressure has alleviated a little, what should organizations do to learn from the incident and improve their security posture for the future?"
        https://www.securityweek.com/after-the-dust-settles-post-incident-actions/
      • Immutability In Cybersecurity: A Layer Of Security Amidst Complexity And Misconceptions
        "‘Immutable’ describes something that cannot be changed (the word derives from the Latin ‘mutare’, meaning ‘to change’). Applied to data, immutability provides the Integrity aspect of security’s CIA triad (the others being Confidentiality and Availability). C and A are not inherent to immutability, but may be enhanced."
        https://www.securityweek.com/immutability-in-cybersecurity-a-layer-of-security-amidst-complexity-and-misconceptions/
      • Consumer Reports Study Finds Data Removal Services Are Often Ineffective
        "A new investigation of data removal services — companies that say they will strip consumer information from people-search data broker sites — found that they are for the most part worthless. The nonprofit Consumer Reports found that a sample of 13 of the services, which ranged in cost from $19.99 to $249 per year, failed to get consumers’ data removed quickly or completely."
        https://therecord.media/data-removal-services-mostly-worthless-study
        https://www.documentcloud.org/documents/25034333-evaluating-people-search-site-removal-services_8824-1
      • Excitement, Superstition And Great Insecurity – How Global Consumers Engage With The Digital World
        "As a recent study[1] shows, modern consumers everywhere are becoming more knowledgeable about the benefits and drawbacks of an increasingly complex and sophisticated digital world. Yet even amongst the generally tech savvy, younger audience[2], superstitious beliefs can be found alongside excitement and concern when it comes to using smart devices, surfing on the internet and managing their personal information. A widespread sense of insecurity highlights the need for more education on safe practices in the digital environment, expert explanations on new technologies, and knowledge about reliable security solutions protecting users’ devices, privacy and digital identity."
        https://www.kaspersky.com/blog/myths-and-reality-of-digital-world/
        https://www.theregister.com/2024/08/08/report_tech_misconceptions_plague_the/
      • Entrust Faces Years Of Groveling To Regain Browsers' Trust, Say Rival Chiefs
        "After falling down in the estimations of major browser makers Google and Mozilla, Entrust faces a lengthy fight on its hands to regain industry trust and once more issue trusted TLS certificates. That's according to the top dogs at rival cert issuer Sectigo. The company also claims that Microsoft and Apple are likely to follow in their competitors' footsteps in distrusting certificates newly issued by Entrust in Edge and Safari respectively."
        https://www.theregister.com/2024/08/08/entrust_faces_years_of_groveling/
      • Best Practices For Cisco Device Configuration
        "In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance."
        https://www.cisa.gov/news-events/alerts/2024/08/08/best-practices-cisco-device-configuration
        https://media.defense.gov/2019/Jul/16/2002157833/-1/-1/0/CSA-CISCO-SMART-INSTALL-PROTOCOL-MISUSE.PDF
        https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF
        https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-abusing-cisco-smart-install-feature/
        https://www.bleepingcomputer.com/news/security/exploit-released-for-cisco-ssm-bug-allowing-admin-password-changes/
      • Microsoft On CISOs: Thriving Community Means Stronger Security
        "This week at Black Hat, Ann Johnson, corporate vice president and deputy chief information security officer (CISO) at Microsoft, and Sherrod DeGrippo, Microsoft's director of threat intelligence strategy, took to the main stage for their talk, "From the Office of the CISO: Smarter, Faster, Stronger, Security in the Age of AI." While attendees may have expected a discussion focused on ways that AI can help the effectiveness of cybersecurity tools, one could say that Johnson and DeGrippo decided to go off script."
        https://www.darkreading.com/cybersecurity-operations/microsoft-on-cisos-thriving-community-means-stronger-security
      • Tech Analysis: Addressing Claims About Falcon Sensor Vulnerability
        "CrowdStrike is aware of inaccurate reporting and false claims about the security of the Falcon sensor. This blog sets the record straight by providing customers with accurate technical information about the Falcon sensor and any claims regarding the Channel File 291 incident. CrowdStrike has provided a Technical Root Cause Analysis and executive summary that describes the bug in detail."
        https://www.crowdstrike.com/blog/tech-analysis-addressing-claims-about-falcon-sensor-vulnerability/
        https://www.securityweek.com/crowdstrike-dismisses-claims-of-exploitability-in-falcon-sensor-bug/
      • Why Tech-Savvy Leadership Is Key To Cyber Insurance Readiness
        "The board does not understand cybersecurity – that’s not so anymore. Prior to the pandemic, the CISO and cybersecurity team were seen as the geeks in the room down the hall who always said no. Even post-pandemic, while there is appreciation that cybersecurity can be a business enabler, there is typically a lack of understanding, especially at the board level, on how to achieve a robust cybersecurity posture and how it actually enables the business."
        https://www.welivesecurity.com/en/business-security/why-tech-savvy-leadership-key-cyber-insurance-readiness/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) ec9adaf6-e833-4c2f-b94e-f7c390781eab-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post