NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 October 2024

    Cyber Security News
    1
    1
    435
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • MaLDAPtive: Open-Source Framework For LDAP SearchFilter Parsing, Obfuscation, And More!
        "MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure precise obfuscation, deobfuscation, and detection of LDAP SearchFilters."
        https://www.helpnetsecurity.com/2024/10/04/maldaptive-open-source-framework-for-ldap-searchfilter-parsing-obfuscation/
        https://github.com/MaLDAPtive/Invoke-Maldaptive

      Vulnerabilities

      • Apple Releases Critical iOS And iPadOS Updates To Fix VoiceOver Password Vulnerability
        "Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with discovering and reporting the flaw."
        https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html
        https://support.apple.com/en-us/121373
        https://www.darkreading.com/cyber-risk/iphone-voiceover-feature-read-passwords-aloud
        https://www.theregister.com/2024/10/04/apple_voiceover_password_bug/
        https://securityaffairs.com/169381/mobile-2/apple-ios-18-0-1.html

      Malware

      • CUCKOO SPEAR Part 2: Threat Actor Arsenal
        "In the previous installment of our Cuckoo Spear series, we introduced the Cuckoo Spear campaign and provided an overview of the APT10 threat actor’s tactics and objectives. If you missed Part 1, you can catch up here. In this follow-up, we dive deeper into the technical aspects of the NOOPDOOR and NOOPLDR malwares that APT10 employed in the Cuckoo Spear campaign. Our analysis reveals how NOOPDOOR operates and the potential risks it poses to organizations. This breakdown will help cybersecurity professionals better understand and defend against the sophisticated strategies of this persistent adversary."
        https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal
      • Scam Information And Event Management
        "While trying to deliver malware on victims’ devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims’ devices without user consent; they’ve used large amounts of resources for distribution, but what’s more, used multiple unusual vectors for defense evasion and persistence. One of these vectors was abusing the open-source SIEM “Wazuh” agent."
        https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
      • A Look Into Embargo Ransomware, Another Rust-Based Ransomware
        "Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid."
        https://blog.sonicwall.com/en-us/2024/10/a-look-into-embargo-ransomware-another-rust-based-ransomware/
      • No Way To Hide: Uncovering New Campaigns From Daily Tunneling Detection
        "This article reviews four previously undisclosed domain name system (DNS) tunneling campaigns that occurred in recent months. We identified these new campaigns through our recently deployed campaign monitoring system, which can identify new, potentially malicious campaigns from daily tunneling detection. DNS tunneling is a technique threat actors use to encode non-DNS traffic data within DNS packet traffic. This allows the information to bypass traditional network firewalls and establish covert communication channels for data exfiltration and infiltration."
        https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
      • U.S. Wiretap Systems Targeted In China-Linked Hack
        "A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers, potentially accessing information from systems the federal government uses for court-authorized network wiretapping requests.For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said."
        https://www.msn.com/en-us/news/technology/u-s-wiretap-systems-targeted-in-china-linked-hack/ar-AA1rIZKx
        https://securityaffairs.com/169460/apt/salt-typhoon-hacked-us-broadband-providers.html
        https://www.itnews.com.au/news/chinese-hackers-breached-us-court-wiretap-systems-612182

      Breaches/Hacks/Leaks

      • Highline Public Schools Confirms Ransomware Behind Shutdown
        "On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. Highline Public Schools has over 2,000 staff members and offers programs ranging from early childhood education to college preparation. It serves over 17,500 students across 34 schools in the Burien, Des Moines, Normandy Park, SeaTac, and White Center communities in Washington State."
        https://www.bleepingcomputer.com/news/security/highline-public-schools-confirms-ransomware-attack-was-behind-september-shut-down/
      • Outlast Game Development Delayed After Red Barrels Cyberattack
        "Canadian video game developer Red Barrels is warning that the development of its Outlast games will likely be delayed after the company suffered a cyberattack impacting its internal IT systems and data. Although the statement emphasizes that the attack has not affected player data, the production timeline has been impacted. "The Red Barrels team regrets to announce that its internal IT systems were recently impacted by a cybersecurity event, involving access to some of its data," reads a statement on Red Barrel's website."
        https://www.bleepingcomputer.com/news/security/outlast-game-development-delayed-after-red-barrels-cyberattack/
      • Comcast And Truist Bank Customers Caught Up In FBCS Data Breach
        "Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. The case concerns a data breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency in the U.S. that partners with various companies to collect unpaid debts on their behalf."
        https://www.bleepingcomputer.com/news/security/comcast-and-truist-bank-customers-caught-up-in-fbcs-data-breach/
        https://www.theregister.com/2024/10/04/comcast_fcbs_ransomware_theft/

      General News

      • Best Practices For Implementing Threat Exposure Management, Reducing Cyber Risk Exposure
        "In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces and fragmented security tools. The proactive TEM approach prioritizes risks and integrates seamlessly with existing security tools, enabling organizations to mitigate threats before they can be exploited effectively."
        https://www.helpnetsecurity.com/2024/10/04/sanaz-yashar-zafran-threat-exposure-management-tem/
      • Cybercriminals Capitalize On Poorly Configured Cloud Environments
        "Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections."
        https://www.helpnetsecurity.com/2024/10/04/cloud-environments-attack-surface/
      • Russia Arrests US-Sanctioned Cryptex Founder, 95 Other Linked Suspects
        "Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials. Following 148 raids, 96 individuals were arrested and charged with organizing and participating in a criminal organization, unlawful access to computer information, illegal payment processing, and illegal banking activities."
        https://www.bleepingcomputer.com/news/security/russia-arrests-us-sanctioned-cryptex-founder-95-other-linked-suspects/
        https://www.bankinfosecurity.com/russia-arrests-100-in-cryptex-crypto-exchange-crackdown-a-26460
      • MITRE Launches AI Incident Sharing Initiative
        "MITRE’s Center for Threat-Informed Defense announced the launch of the AI Incident Sharing initiative this week, a collaboration with more than 15 companies to increase community knowledge of threats and defenses for AI-enabled systems. The incident sharing initiative falls under the purview of the center’s Secure AI project, and aims to enable quick and secure collaboration on threats, attacks and accidents involving AI-enabled systems."
        https://www.darkreading.com/threat-intelligence/mitre-launches-ai-incident-sharing-initiative
      • Insider Threat Damage Balloons As Visibility Gaps Widen
        "Organizations are seeing staggering increases in cyberattacks that stem from insider threats, with price tags for remediation reaching eyewatering heights of up to $2 million per incident.According to research from Gurucul — which surveyed more than 400 IT and cybersecurity professionals — organizations are seeing a rising tide when it comes to insider threats. In 2023, 60% of organizations reported insider attacks, but in 2024 this number jumped to 83%."
        https://www.darkreading.com/threat-intelligence/insider-threat-damage-balloons-amid-evolving-cyber-environments
        https://gurucul.com/2024-insider-threat-report/
      • Cybersecurity Is Serious — But It Doesn't Have To Be Boring
        "In the high-pressure world of cybersecurity, daily headlines about breaches, ransomware, and phishing threats create a sense of urgency and tension. But what if one of the most effective tools for defense wasn't just technology, but humor? While it may seem unexpected, humor is emerging as a powerful asset in security training and culture-building. It boosts employee engagement, improves retention of key security concepts, and fosters a resilient security culture — ultimately strengthening an organization's defenses."
        https://www.darkreading.com/cybersecurity-operations/cybersecurity-serious-not-boring
      • Criminals Are Testing Their Ransomware Campaigns In Africa
        "The industry consensus about ransomware is that it's not going away anytime soon, evidenced by the consistent growth of ransomware attacks over the past decade. We've seen some of the biggest ransomware attacks in history — including the JBS, Colonial Pipeline, and Equifax breaches — over the past five years. What's more, between 2023 and 2024, there was an 81% year-on-year jump in the number of recorded ransomware attacks, according to cybersecurity research firm Black Kite."
        https://www.darkreading.com/cyberattacks-data-breaches/criminals-test-ransomware-africa
      • How Confidence Between Teams Impacts Cyber Incident Outcomes
        "Playbooks and tools are only as good as the people using them and a lack of trust and cooperation can derail even the most carefully crafted cyber response. Both technical teams and non-cyber business leaders must have the right skills and experiences to successfully deal with inevitable cyber incidents in an evolving threat landscape. The Immersive Labs annual Cyber Workforce Benchmark Report found that while cyber resilience is rising globally, organizations typically are not preparing their workforces enough for after-incident response."
        https://www.infosecurity-magazine.com/news/confidence-teams-cyber-incident/
      • White House Official Says Insurance Companies Must Stop Funding Ransomware Payments
        "Insurance companies must stop issuing policies that incentivize making extortion payments in ransomware attacks, a senior White House official said on Friday. The call for the practice to end, which was made without any indication the White House was formally proposing to ban the practice, follows the fourth annual International Counter Ransomware Initiative (CRI) summit in the United States this week, where the 68 members of the CRI discussed tackling the problem."
        https://therecord.media/cyber-insurance-ransomware-payments-anne-neuberger-op-ed
        https://www.infosecurity-magazine.com/news/cri-releases-guidance-ransomware/
      • Are We Getting Better At Quantifying Risk Management?
        "As cyber threats grow more sophisticated and pervasive, the need for effective risk management has never been greater. The challenge lies not only in defining risk mitigation strategy but also in quantifying risk in ways that resonate with business leaders. The ability to translate complex technical risks into understandable and actionable business terms has become a crucial component of securing the necessary resources for cybersecurity programs."
        https://securityintelligence.com/articles/are-we-getting-better-at-quantifying-risk-management/

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) ddd83d71-83eb-4f5e-867f-2deb3552e727-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post