NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 September 2024

    Cyber Security News
    1
    1
    416
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
        "Successful exploitation of these vulnerabilities could allow a remote attacker to gain full control of the system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-04
      • OPW Fuel Management Systems SiteSentinel
        "Successful exploitation of this vulnerability could allow an attacker to bypass authentication and obtain full administrative privileges to the server."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-01
      • Alisonic Sibylla
        "Successful exploitation of this vulnerability could result in an attacker obtaining device information from the database, dumping credentials, or potentially gaining administrator access."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-02
      • Franklin Fueling Systems TS-550 EVO
        "Successful exploitation of this vulnerability allow an attacker to gain administrative access over the affected device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-03
      • OMNTEC Proteus Tank Monitoring
        "Successful exploitation of this vulnerability could allow an attacker to perform administrative actions without proper authentication."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-06
      • Unpatched Vulnerabilities Expose Riello UPSs To Hacking: Security Firm
        "Hackers can take control of Riello UPS devices by exploiting vulnerabilities that likely remain unpatched, according to CyberDanube, an Austria-based firm specializing in industrial cybersecurity. Italy-based Riello Elettronica describes itself as an electrical manufacturing sector company that is a leader in the uninterruptible power supply (UPS) market. However, according to CyberDanube, the vendor has not been able to address two vulnerabilities found in the company’s NetMan 204 network communications card, which is used to integrate Riello UPS systems into medium or large networks."
        https://www.securityweek.com/unpatched-vulnerabilities-expose-riello-upss-to-hacking-security-firm/
        https://cyberdanube.com/en/en-multiple-vulnerabilities-in-riello-netman-204/index.html
      • Moxa MXview One
        "Successful exploitation of these vulnerabilities could allow an attacker to expose local credentials and write arbitrary files to the system, resulting in execution of malicious code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-268-05
      • Critical Vulnerabilities Discovered In Automated Tank Gauge Systems
        "Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently. Although the typical gas station comes to mind when thinking about fuel tanks, these systems also exist in other critical facilities, including military bases, hospitals, airports, emergency services, and power plants, to name a few."
        https://www.bitsight.com/blog/critical-vulnerabilities-discovered-automated-tank-gauge-systems
        https://www.darkreading.com/ics-ot-security/critical-automated-tank-gauge-bugs-critical-infrastructure
        https://cyberscoop.com/cisa-automatic-tank-gauge-vulnerability-bitsight-progauge-alisonic-opw/
        https://www.securityweek.com/automatic-tank-gauges-used-in-critical-infrastructure-plagued-by-critical-vulnerabilities/
        https://www.theregister.com/2024/09/24/security_bugs_fuel_storage_tanks/

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-7593 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/critical-ivanti-vtm-auth-bypass-bug-now-exploited-in-attacks/

      Malware

      • Octo2: European Banks Already Under Attack By New Malware Variant
        "Octo (ExobotCompact) is a notable malware family on the current mobile threat landscape. It dominates the tables of the number of unique samples observed by ThreatFabric in the current year. In light of this, the discovery of a new version, named “Octo2” by its creator, could potentially shift the threat landscape and the Modus Operandi of the actors behind it. This report uncovers details about the current state of the malware family, highlights updates, and makes predictions for the future of the Octo (ExobotCompact) malware family."
        https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
        https://thehackernews.com/2024/09/new-octo2-android-banking-trojan.html
        https://www.bleepingcomputer.com/news/security/new-octo-android-malware-version-impersonates-nordvpn-google-chrome/
        https://www.bankinfosecurity.com/octo2-malware-masquerades-as-popular-apps-a-26355
        https://www.infosecurity-magazine.com/news/octo2-malware-threatens-mobile/
      • Pro-Russia Hackers Aim DDoS Campaign At Austrian Websites Ahead Of Elections
        "Pro-Russia hacker groups have claimed responsibility for disrupting dozens of Austrian websites ahead of the country's general election later this month. The groups, known as NoName057(16) and OverFlame, said they launched distributed denial-of-service (DDoS) attacks on websites for the Austrian government, airports, financial services entities and a stock exchange. Researchers at the cybersecurity firm Radware reported that the campaign began early last week and is still ongoing. The incidents have not caused any long-term damage to their targets. DDoS campaigns attempt to overload websites with junk traffic and cause outages."
        https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists
      • Infostealer Malware Bypasses Chrome’s New Cookie-Theft Defenses
        "Infostealer malware developers released updates claiming to bypass Google Chrome’s recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. App-Bound Encryption was introduced in Chrome 127 and is designed to encrypt cookies and stored passwords using a Windows service that runs with system privileges. This model does not allow infostealer malware, which runs with the permissions of the logged user, to steal secrets stored in Chrome browser."
        https://www.bleepingcomputer.com/news/security/infostealer-malware-bypasses-chromes-new-cookie-theft-defenses/
        Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering To Target Transport * And Logistics Firms With Malware
        "Proofpoint researchers are tracking a cluster of activity targeting transportation and logistics companies in North America to deliver a variety of different malware payloads. Notably, this activity leverages compromised legitimate email accounts that belong to transportation and shipping companies. At this time, it is unclear how the actor achieves access to the compromised accounts. The actor then injects malicious content into existing conversations within the account’s inbox, which makes the messages look legitimate. Proofpoint has identified at least 15 compromised email accounts used during these campaigns."
        https://www.proofpoint.com/us/blog/threat-insight/security-brief-actor-uses-compromised-accounts-customized-social-engineering
        https://www.helpnetsecurity.com/2024/09/24/transportation-logistics-malware-attacks/
      • New Twist On Sextortion Scam Includes Pictures Of People's Homes
        "The extortion attempt arrives as an email with a PDF attached. When opened, the document includes a photo of a family's home, and often the person's address and phone number. The scammers claim that the recipient has been spotted in unseemly places on the internet, and they can destroy that evidence — for a fee. Similar sextortion tactics have been around for years, but this latest strain has drawn fresh attention from law enforcement agencies around the country. The PDFs are particularly intimidating in how they harness victims’ personal data."
        https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes
      • Russia's Digital Warfare On Ukraine Shows No Signs Of Slowing: Malware Hits Surge
        "Russia's use of malware to support its military efforts in Ukraine is showing no signs of waning while its tactics continually evolve to bypass protections. Ukraine's State Service of Special Communications and Information Protection (SSSCIP) published its half-year report on Russia's cyber activity in the war this week, noting a 90 percent increase in incidents involving malware infections."
        https://www.theregister.com/2024/09/24/russia_malware_ukraine_attacks/
      • Investigating Infrastructure And Tactics Of Phishing-As-a-Service Platform Sniper Dz
        "We have been monitoring a widely popular phishing-as-a-service (PhaaS) platform named Sniper Dz that primarily targets popular social media platforms and online services. A large number of phishers could be using this platform to launch phishing attacks, since the group behind this kit has thousands of subscribers on its Telegram channel. Our research revealed over 140,000 phishing websites associated with the Sniper Dz PhaaS platform over the past year."
        https://unit42.paloaltonetworks.com/phishing-platform-sniper-dz-unique-tactics/

      Breaches/Hacks/Leaks

      • Hacker Leaks 12,000 Alleged Twilio Call Records With Audio Recordings
        "A hacker has leaked 12,000 alleged Twilio call records, including phone numbers and audio recordings. The breach exposes personal data, creating significant privacy risks for businesses and individuals using the service."
        https://hackread.com/hacker-leaks-twilio-call-records-audio-recordings/
      • Deloitte Says No Threat To Sensitive Data After Hacker Claims Server Breach
        "A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte. The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials. The hacker claims the stolen data includes email addresses, communications between intranet users, and internal settings."
        https://www.securityweek.com/deloitte-says-no-threat-to-sensitive-data-after-hacker-claims-server-breach/
      • MoneyGram Confirms a Cyberattack Is Behind Dayslong Outage
        "Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. While many suspected the company was hit by a cyberattack, it wasn't until Monday morning that MoneyGram confirmed that a cybersecurity incident caused the systems outage. "MoneyGram recently identified a cybersecurity issue affecting certain of our systems," reads the announcement. "Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline, which impacted network connectivity.""
        https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage/
        https://therecord.media/moneygram-cybersecurity-incident-network-outages
        https://www.securityweek.com/cyberattack-causes-moneygram-service-outage/
        https://securityaffairs.com/168827/security/moneygram-outage-caused-by-cyberattack.html
      • Kansas Water Facility Switches To Manual Operations Following Cyberattack
        "Arkansas City, a small city in Kansas, says its water treatment facility was forced to switch to manual operations while a cybersecurity incident is being resolved. The incident, described by local media as a cyberattack, was discovered on the morning of September 22 and led to precautionary measures being taken “to ensure plant operations remained secure”, the city announced in an incident notice. According to city manager Randy Frazer, the water supply has not been affected and the incident has not caused disruption to service."
        https://www.securityweek.com/kansas-water-facility-switches-to-manual-operations-following-cyberattack/
        https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations/
        https://www.darkreading.com/ics-ot-security/kansas-water-plant-pivots-analog-cyber-event
        https://www.bankinfosecurity.com/fbi-us-homeland-security-investigate-water-facility-cyberattack-a-26359
        https://www.infosecurity-magazine.com/news/incident-arkansas-city-water/
      • 14 Million Patients Impacted By US Healthcare Data Breaches In 2024
        "Over 14 million patients have been affected by data breaches caused by malware attacks on US healthcare organizations so far in 2024, according to a new analysis by SonicWall. Most (91%) of these breaches have leveraged ransomware, with the report highlighting that attackers see the threat of exposing sensitive information held by healthcare organizations as an effective method for extorting ransom payments."
        https://www.infosecurity-magazine.com/news/patients-us-healthcare-data/
      • AutoCanada Says Ransomware Attack "may" Impact Employee Data
        "AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. Although the firm says it has detected no fraud campaigns targeting impacted individuals, it is sending notifications to alert affected people of potential risks. In mid-August, the car dealership company disclosed that it had to take specific internal IT systems offline to contain a cyberattack, leading to operational disruptions."
        https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data/
      • U.S. Govt Agency CMS Says Data Breach Impacted 3.1 Million People
        "The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. The hackers stole the data after breaching the Wisconsin Physicians Service (WPS) health insurance corporation, which provided Medicare administrative services. CMS is a federal agency within the HHS that administers the nation's major healthcare programs, including Medicaid and CHIP."
        https://www.bleepingcomputer.com/news/healthcare/us-govt-agency-cms-says-data-breach-impacted-31-million-people/

      General News

      • Small Language Models Bring Big Business Benefits
        "A recent survey has found that most global IT leaders are concerned their companies will be “left behind” if they do not adopt artificial intelligence (AI). Over half of these leaders also say that pressure from customers is a crucial driver for AI adoption and that AI is pivotal for enhancing efficiency and customer service within the business. Most companies view AI adoption as a requirement to maintain a competitive advantage."
        https://blog.barracuda.com/2024/09/23/small-language-models-bring-big-business-benefits
      • The Relation Between Breaches And Stock Price Drops
        "When discussing the consequences of a data breach for organizations, we usually consider three types of damage: financial, legal, and, somewhat more tenuously, reputational. But what about stock prices? One would assume that stock price—an indicator of a business’s overall health and investor confidence—would plummet after a breach, but is this really the case?"
        https://www.tripwire.com/state-of-security/relation-between-breaches-and-stock-price-drops
      • Future-Proofing Cybersecurity: Why Talent Development Is Key
        "In this Help Net Security interview, Jon France, CISO at ISC2, discusses cybersecurity workforce growth. He outlines organizations’ challenges, such as budget constraints and limited entry-level opportunities. France also points to the urgent need to upskill current employees and adopt inclusive hiring practices to tackle the growing skills gap in the industry."
        https://www.helpnetsecurity.com/2024/09/24/jon-france-isc2-cybersecurity-workforce/
      • How Cyber Compliance Helps Minimize The Risk Of Ransomware Infections
        "Over the past decade, ransomware has been cemented as one of the top cybersecurity threats. In 2023 alone, the FBI received 2,385 ransomware complaints, resulting in over $34 million in losses. To help businesses combat ransomware and other threats, various regulatory bodies have developed cyber compliance frameworks to standardize best security practices across industries. While following governmental and industry-focused guidelines doesn’t necessarily ensure a stronger cyber posture, these frameworks do provide useful starting points as models for addressing security gaps of different types."
        https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk/
      • 65% Of Websites Are Unprotected Against Simple Bot Attacks
        "Companies across industries are seeing more bot-driven attacks, both basic and advanced, according to DataDome. An analysis of over 14,000 websites uncovered alarming gaps in protection against cyber fraud, particularly within consumer-centric industries."
        https://www.helpnetsecurity.com/2024/09/24/websites-bot-attacks/
      • Europol: GenAI Offers “Treasure Trove Of Possibilities”
        "Artificial intelligence (AI) will “profoundly reshape the law enforcement landscape” as long as it is adopted responsibly, Europol’s executive director, Catherine De Bolle has claimed. De Bolle’s comments came as the policing organization launched a new report into the technology, which claimed that generative AI (GenAI) offers law enforcers “a treasure trove of possibilities.”"
        https://www.infosecurity-magazine.com/news/europol-genai-treasure-trove/
        https://www.europol.europa.eu/cms/sites/default/files/documents/AI-and-policing.pdf
      • Web Tracking Report: Who Monitored Users’ Online Activities In 2023–2024 The Most
        "Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article, we’re going to explore various types of web trackers and present a detailed annual report that dissects their geographical distribution and organizational affiliations."
        https://securelist.com/web-trackers-report-2023-2024/113778/
        https://www.theregister.com/2024/09/24/google_online_tracker/
      • A Data Leak And a Data Breach
        "For people who haven't personally experienced them, terms like data leak or data breach may seem unfamiliar and foreign - much like visiting a new destination abroad. Having some prior knowledge is great, but it's just scratching the surface! The truth is that people don't always understand the significance of leaks and breaches, or their potential impact on a person or company. So, buckle up: this article explains (in simple terms) what data leaks and data breaches are, their differences, how to prevent them, and more."
        https://www.theregister.com/2024/09/24/a_data_leak_and_a/
      • SANS Institute: Top 5 Dangerous Cyberattack Techniques In 2024
        "The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for. This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested actions to address them."
        https://securityintelligence.com/articles/sans-institute-top-5-dangerous-cyberattack-techniques/
      • HP Wolf Security Threat Insights Report: September 2024
        "Welcome to the September 2024 edition of the HP Wolf Security Threat Insights Report. In the report, we review notable malware campaigns, trends and techniques identified from HP Wolf Security’s customer telemetry in calendar Q2 2024."
        https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-september-2024/
        https://threatresearch.ext.hp.com/wp-content/uploads/2024/09/HP_Wolf_Security_Threat_Insights_Report_September_2024.pdf
        https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/
        https://www.infosecurity-magazine.com/news/threat-actors-shift-javascript/
        https://www.securityweek.com/ai-generated-malware-found-in-the-wild/
        https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html
      • Redefining The Supply Chain In The Post-AI Era
        "The supply chain, long considered the backbone of global commerce, is undergoing a profound transformation in the post-AI era. The infusion of artificial intelligence into supply chain management has catalyzed a shift from traditional, linear models to more dynamic, interconnected and intelligent systems. As businesses navigate this new landscape, they must grapple with both the unprecedented opportunities and the complex challenges that AI introduces."
        https://www.bankinfosecurity.com/blogs/redefining-supply-chain-in-post-ai-era-p-3723
      • 6 Cybersecurity Headaches Sports Organizations Have To Worry About
        "Professional sporting events have long been prime targets for violent attacks and terrorism, given their vast audiences. In recent years, these events have become targets of cyberattacks as adversaries exploit venue operations to disrupt events, abuse payment systems for fraud, breach networks to steal data, and take advantage of how athletes interact with fans."
        https://www.darkreading.com/cybersecurity-operations/6-cybersecurity-headaches-sports-organizations-have-to-worry-about

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 3becbdec-70aa-4394-86dd-77c9a00cda3b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post