NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 October 2024

    Cyber Security News
    1
    1
    541
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Critical Kubernetes Image Builder Flaw Gives SSH Root Access To VMs
        "A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. Kubernetes is an open-source platform that helps automate the deployment, scale, and operate virtual containers - lightweight environments for applications to run. With Kubernetes Image Builder, users can create virtual machine (VM) images for various Cluster API (CAPI) providers, like Proxmox or Nutanix, that run the Kubernetes environment. These VMs are then used to set up nodes (servers) that become part of a Kubernetes cluster."
        https://www.bleepingcomputer.com/news/security/critical-kubernetes-image-builder-flaw-gives-ssh-root-access-to-vms/
        https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
        https://www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/
      • AhnLab And NCSC Release Joint Report On Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178)
        "AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report “Operation Code on Toast by TA-RedAnt” which details the findings of the ASEC and NCSC joint analysis and the responses to the threat."
        https://asec.ahnlab.com/en/83877/
        https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/
        https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html
      • Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
        "Oracle on Tuesday announced 334 new security patches as part of its October 2024 Critical Patch Update (CPU), including 186 fixes for vulnerabilities that can be exploited remotely without authentication. SecurityWeek has identified roughly 220 unique CVEs in Oracle’s October 2024 CPU. Approximately three dozen security patches resolve critical-severity flaws. The same as in April and July 2024, Oracle Communications received the largest number of security patches. Out of 100 fixes, 81 address unauthenticated, remotely exploitable bugs."
        https://www.securityweek.com/oracle-patches-over-200-vulnerabilities-with-october-2024-cpu/
      • VMware Patches High-Severity SQL Injection Flaw In HCX Platform
        "VMWare on Wednesday called urgent attention to a critical remote code execution flaw haunting users of its enterprise-facing HCX application mobility platform. The vulnerability, tagged as CVE-2024-38814, carries a CVSS severity score of 8.8/10 and allows attackers with non-administrator privileges to execute remote code on the HCX manager. “A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execution on the HCX manager,” according to an advisory from the virtualization technology vendor."
        https://www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/
      • Microsoft Patches Vulnerabilities In Power Platform, Imagine Cup Site
        "Microsoft on Tuesday announced patching potentially serious information disclosure and privilege escalation vulnerabilities in Power Platform and Dataverse, as well as the Imagine Cup website. The tech giant has assigned a maximum severity rating of ‘critical’ to each of the flaws, but based on their CVSS scores they are all high-severity issues. In Power Platform, a low-code platform designed for securing and managing apps, workflows and AI-powered tools, Microsoft fixed CVE-2024-38190, a missing authorization vulnerability that could have allowed an unauthenticated attacker to view sensitive information."
        https://www.securityweek.com/microsoft-patches-vulnerabilities-in-power-platform-imagine-cup-site/
      • I Know Which Device You Used Last Summer: Fingerprinting WhatsApp Users’ Devices
        "As part of our ongoing security research on Meta’s WhatsApp privacy issues, we found out these issues are worse than previously realized: Not only that WhatsApp leaks user device setup information (number of devices, mobile or not), it leaks additional information about their Operating Systems (Android, iPhone / iOS, Windows, Mac). Such information may allow potential attackers to gather actionable intelligence about their victims."
        https://medium.com/@TalBeerySec/i-know-which-device-you-used-last-summer-fingerprinting-whatsapp-users-devices-71b21ac8dc70
        https://www.theregister.com/2024/10/16/whatsapp_privacy_concerns/
      • Code Execution, Data Tampering Flaw In Nvidia NeMo Gen-AI Framework
        "Artificial intelligence tech giant Nvidia has flagged a major security flaw in its NeMo generative-AI framework, warning that malicious hackers can execute code and tamper with data on systems utilizing the platform. “NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering,” the company said in an advisory. Nvidia tagged the issue as CVE-2024-0129 with a CVSS severity score of 6.3/10. The issue affects the framework on Windows, Linux and MacOS systems."
        https://www.securityweek.com/code-execution-data-tampering-flaw-in-nvidia-nemo-gen-ai-framework/
      • Android 15 Rolling Out With New Theft, Application Protection Features
        "Google on Tuesday started shipping Android 15 to Pixel devices with a hefty set of security improvements, including theft protection and a private space for sensitive applications. Android 15’s enhanced security features, such as the new Theft Detection Lock, rely on AI to keep both the device and the user’s data safe. “By using on-device machine learning, Theft Detection Lock is able to analyze various device signals to detect potential theft attempts. If the algorithm detects a potential theft attempt on your unlocked device, it locks your screen to keep thieves out,” Google explains."
        https://www.securityweek.com/android-15-rolling-out-with-new-theft-application-protection-features/
      • Google Pays Out $36,000 For Severe Chrome Vulnerability
        "Google on Tuesday announced a fresh Chrome browser update that addresses 17 vulnerabilities, including 13 security defects reported by external researchers. The most severe of the externally reported bugs is CVE-2024-9954, a high-risk use-after-free defect in AI, for which Google handed out a $36,000 bug bounty reward. The browser update resolves five medium-severity use-after-free issues as well, impacting Web Authentication, UI, DevTools, Dawn, and Parcel Tracking."
        https://www.securityweek.com/google-pays-out-36000-for-severe-chrome-vulnerability/
        https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

      Malware

      • CISA, FBI, NSA, And International Partners Release Advisory On Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
        "Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors. Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering, and energy sectors."
        https://www.cisa.gov/news-events/alerts/2024/10/16/cisa-fbi-nsa-and-international-partners-release-advisory-iranian-cyber-actors-targeting-critical
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a
        https://www.bleepingcomputer.com/news/security/iranian-hackers-act-as-brokers-selling-critical-infrastructure-access/
        https://www.bankinfosecurity.com/iranian-hackers-using-brute-force-on-critical-infrastructure-a-26542
        https://cyberscoop.com/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution/
      • Coffee Lovers Warned Of New Starbucks Phishing Scam
        "A wave of emails masquerading as Starbucks offers have been circulating, promising coffee drinkers a free Starbucks Coffee Lovers Box. Action Fraud, the UK's national fraud and cyber reporting center, said it has received over 900 reports about the scam in the past two weeks. The emails contain malicious links designed to steal personal and financial information or download malware onto personal devices."
        https://www.infosecurity-magazine.com/news/coffee-lovers-warned-of-starbucks/
      • Hackers Target Ukraine’s Potential Conscripts With MeduzaStealer Malware
        "Hackers have targeted the devices of Ukraine’s draft-aged men with MeduzaStealer malware spread through Telegram, researchers have found. MeduzaStealer was previously used by Russia-linked threat actors to obtain login credentials, computer information, browsing history and data from password managers. Last year, a threat actor known as UAC-0050 deployed the malware against targets in Ukraine and Poland. According to a new report from Ukraine’s computer emergency response team (CERT-UA), the unidentified hackers recently distributed MeduzaStealer through a Telegram account disguised as a technical support bot for users of the new Ukrainian government app called Reserve+."
        https://therecord.media/hackers-target-ukraine-draftees-meduzastealer-malware-telegram
      • China’s Infosec Leads Accuse Intel Of NSA Backdoor, Cite Chip Security Flaws
        "A Chinese industry group has accused Intel of backdooring its CPUs, in addition to other questionable security practices while calling for an investigation into the chipmaker, claiming its products pose "serious risks to national security." The Cybersecurity Association of China (CSAC), in a lengthy post on its WeChat account on Wednesday described Intel's chips as being riddled with vulnerabilities, adding that the American company's "major defects in product quality and security management show its extremely irresponsible attitude towards customers.""
        https://www.theregister.com/2024/10/16/china_intel_chip_security/
      • Fake LockBit, Real Damage: Ransomware Samples Abuse AWS S3 To Steal Data
        "From infostealer development to data exfiltration, cloud service providers are increasingly being abused by threat actors for malicious schemes. While in this case the ransomware samples we examined contained hard coded AWS credentials, this is specific to this single threat actor and in general, ransomware developers leverage other online services as part of their tactics. In line with this, we examined ransomware samples written in Go language (aka Golang), targeting Windows and MacOS environments. Most of the samples contained hard-coded AWS credentials, and the stolen data were uploaded to an Amazon S3 bucket controlled by the threat actor."
        https://www.trendmicro.com/en_us/research/24/j/fake-lockbit-real-damage-ransomware-samples-abuse-aws-s3-to-stea.html
      • Quishing Attacks Are Targeting Electric Car Owners: Here’s How To Slam On The Brakes
        "Many countries and regions across the world have been moving quickly on electric cars in recent years. Around 14 million new cars were registered in 2023 alone, a 35% annual increase which brings the worldwide total to over 40 million. But with new technology comes new threats. Ever alert to fresh money-making opportunities, criminal groups are blending physical and virtual-world threats to steal drivers’ payment details."
        https://www.welivesecurity.com/en/scams/quishing-attacks-targeting-electric-car-owners-slam-on-brakes/

      Breaches/Hacks/Leaks

      • Varsity Brands Data Breach Impacts 65,000 People
        "Apparel giant Varsity Brands this week disclosed a data breach impacting a significant number of individuals. Varsity provides uniforms, apparel and services for sports teams, schools, and student-athletes. The company was recently acquired by investment firm KKR, reportedly for $4.75 billion. Varsity informed the Maine Attorney General’s Office this week that it detected “unusual activity” on its systems in May 2024."
        https://www.securityweek.com/varsity-brands-data-breach-impacts-65000-people/

      General News

      • Resilience Over Reliance: Preparing For IT Failures In An Unpredictable Digital World
        "No IT system — no matter how advanced – is completely immune to failure. The promise of a digital ring of steel may sound attractive, but can it protect you against hardware malfunctions? Software bugs? Unexpected environmental conditions? Cybersecurity threats? Human error? And that’s just for starters."
        https://www.helpnetsecurity.com/2024/10/16/resilience-over-reliance-preparing-for-it-failures-in-an-unpredictable-digital-world/
      • Strengthening Kubernetes Security Posture With These Essential Steps
        "In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring."
        https://www.helpnetsecurity.com/2024/10/16/paolo-mainardi-sparkfabrik-kubernetes-security/
      • Unlocking The Value Of AI-Powered Identity Security
        "While most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent​, according to SailPoint. The value of identity security remains largely untapped today. Of the organizations surveyed, roughly 41% remain at the very beginning of their identity security journey with only 10% progressing to the more advanced stages; this large gap highlights the significant opportunities for organizations to realize the full potential of identity security."
        https://www.helpnetsecurity.com/2024/10/16/identity-security-economic-impact/
      • Sri Lankan Police Arrest Over 200 Chinese Scammers
        "Sri Lankan authorities have arrested more than 200 Chinese nationals who they say overstayed their visitor visas and engaged in large-scale financial scam operations targeting victims across Asia. In a series of media statements beginning Oct. 6, Sri Lankan police announced seven raids across the nation that led to the arrest of hundreds of cybercriminals and scam operators, a large majority of whom are Chinese nationals."
        https://www.bankinfosecurity.com/sri-lankan-police-arrest-over-200-chinese-scammers-a-26531
      • How Low Can You Go? An Analysis Of 2023 Time-To-Exploit Trends
        "Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days (vulnerabilities exploited before patches are made available, excluding end-of-life technologies). Forty-one vulnerabilities were exploited as n-days (vulnerabilities first exploited after patches are available). While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed."
        https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/
        https://www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
        https://www.helpnetsecurity.com/2024/10/16/time-to-exploit-vulnerabilities-2023/
      • USDoD Hacker Behind National Public Data Breach Arrested In Brazil
        "A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach". USDoD, aka EquationCorp, has a long history of high-profile data breaches where he stole data and commonly leaked it on hacking forums while taunting the victims. These breaches include those on the FBI's InfraGard, a threat information sharing portal, and National Public Data, where the personal data and social security numbers of hundreds of millions of US citizens were leaked online."
        https://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/
        https://hackread.com/brazil-arrest-usdod-hacker-fbi-national-public-data-breach/
        https://therecord.media/hacker-behind-fbi-npd-airbus-attacks-arrested-brazil
        https://securityaffairs.com/169914/cyber-crime/brazils-policia-federal-arrested-hacker-usdod.html
      • US Disrupts Anonymous Sudan DDoS Operation, Indicts 2 Sudanese Brothers
        "The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year. Since launching in 2023, Anonymous Sudan has been behind numerous high-profile DDoS attacks, causing widespread outages and the inability for users worldwide to access targeted services. Many of their attacks were motivated by pro-Russian and pro-Palestinian causes, based on messages on the operation's Telegram channel."
        https://www.bleepingcomputer.com/news/security/us-disrupts-anonymous-sudan-ddos-operation-indicts-2-sudanese-brothers/
        https://therecord.media/anonymous-sudan-brothers-charged-ddos-attacks-hospital-critical-infrastructure
        https://www.bankinfosecurity.com/us-indicts-sudanese-brothers-for-anonymous-sudan-attacks-a-26540
        https://cyberscoop.com/alleged-anonymous-sudan-leaders-charged-prolific-gangs-tool-disabled/
        https://hackread.com/us-charges-anonymous-sudan-35000-ddos-attacks/
      • Protecting Major Events: An Incident Response Blueprint
        "Ensuring the cybersecurity of major events — whether it’s sports, professional conferences, expos, inter-government meetings or other gatherings — is a complex and time-intensive task. It requires a comprehensive approach and collaboration among various stakeholders, including vendors, hospitality teams, and service providers, to establish a consistent cybersecurity strategy across the entire event ecosystem. In our latest version of the “Protecting major events: An incident response blueprint” whitepaper, Cisco Talos Incident Response outlines the essential steps organizations should take to secure any major event. This paper highlights 13 critical focus areas that will guide organizing committees and participating businesses, offering key questions and actionable answers to help ensure robust event security."
        https://blog.talosintelligence.com/protecting-major-events-blueprint-october-2024-update/
        https://blog.talosintelligence.com/content/files/2024/10/protecting-major-events-1.pdf
      • Here’s How Attackers Are Getting Around Phishing Defenses
        "Hackers are evading natural language processing detection capabilities used to filter out phishing attacks by adding benign text and links, according to data from Egress’ threat intelligence unit released Tuesday. Egress researchers looked at 40 attacks targeting U.S. organizations that used obfuscation techniques designed to evade anti-phishing services by using natural language processors (NLP) to send malware or malicious links. NLPs are also used by artificial intelligence models like ChatGPT."
        https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/
        https://cyberscoop.com/wp-content/uploads/sites/3/2024/10/20241015-Egress-NLP-Data.pdf
      • Fraudulent North Korean IT Worker Schemes: From Insider Threats To Extortion
        "Secureworks® Counter Threat Unit™ (CTU) researchers have observed patterns and evolutions in IT worker schemes linked to the North Korean government (officially the Democratic People’s Republic of Korea (DPRK)). In these schemes, North Korean nationals use stolen or falsified identities to obtain employment with Western companies under false pretenses. This activity has been documented in the U.S., UK, and Australia."
        https://www.secureworks.com/blog/fraudulent-north-korean-it-worker-schemes
        https://therecord.media/north-korean-fake-it-workers-extorting-employers
        https://cyberscoop.com/north-korean-it-workers-secureworks-report/
      • 71% Of Hackers Believe AI Technologies Increase The Value Of Hacking
        "Bugcrowd, the leader in crowdsourced cybersecurity, today released its annual Inside the Mind of a Hacker 2024 report, which analyzed responses from 1,300 hackers, also known as ethical hackers and security researchers on the Bugcrowd Platform. This report provides a comprehensive overview of the hacking community and their perspectives on topics at the forefront of cybersecurity."
        https://www.darkreading.com/vulnerabilities-threats/71-of-hackers-believe-ai-technologies-increase-the-value-of-hacking
        https://ww1.bugcrowd.com/inside-the-mind-of-a-hacker-2024/
        https://www.infosecurity-magazine.com/news/ethical-hackers-embrace-ai-tools/
      • Hybrid Work Exposes New Vulnerabilities In Print Security
        "The shift to hybrid work models has exposed new vulnerabilities in corporate print infrastructure and heightened security risks at many organizations. The risks run the gamut and include employees using insecure and unmanaged printers, remote workers sending print jobs over public networks, inadequate user authentication and print job release processes, exposed local spools and caches, and inconsistent patching practices."
        https://www.darkreading.com/vulnerabilities-threats/hybrid-work-vulnerabilities-print-security
      • Cyber Gangs Aren't Afraid Of Prosecution
        "Historically, cybercriminals have always had an edge over law enforcement. It may take a few hours to steal thousands of credit cards after exploiting a SQL injection flaw, but the subsequent investigation and prosecution of the cybercriminals can take years — and still fail. Europol described the challenges in investigating and prosecuting cybercrime — the collection and preservation of digital evidence, difficulty tracing and identifying attackers, and legal and judicial hurdles associated with cross-border investigations — back in 2019. These challenges remain relevant in 2024."
        https://www.darkreading.com/cyberattacks-data-breaches/cyber-gangs-aren-t-afraid-of-prosecution
      • What Cybersecurity Leaders Can Learn From The Game Of Golf
        "I was talking with some friends about the recent 2024 Presidents Cup matchups, and how Mackenzie Hughes — a fellow Canadian — was going to play a pivotal role on the International Team. As we dug into game strategy, I had one of those lightbulb moments: There is a lot in common between golf and cybersecurity."
        https://www.darkreading.com/vulnerabilities-threats/what-cybersecurity-leaders-learn-golf
      • New Tool DVa Detects And Removes Android Malware
        "Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how this innovative solution helps protect users from malicious apps and safeguards their personal information."
        https://hackread.com/new-tool-dva-detects-and-removes-android-malware/
        https://www.usenix.org/system/files/sec24summer-prepub-136-xu-haichuan.pdf
      • Cyber Threats Escalating Beyond Ability To Defend, New NCSC Head Warns
        "Cyber-threats are escalating beyond the collective ability to defend against them, new UK National Cyber Security Centre (NCSC) head Dr Richard Horne has warned. In his first international speech at Singapore International Cyber Week, Horne said that increased dependence on technology is widening the gap between the escalating threats to societies, critical services, and businesses, and the ability to defend and be resilient against these threats. He revealed that in 2024 the NCSC has already responded to 50% more nationally significant incidents compared to last year, as well as a threefold increase in severe incidents."
        https://www.infosecurity-magazine.com/news/cyber-threats-defend-ncsc-head/
        https://therecord.media/uk-nationally-significant-cyberattacks-ncsc-horne-warning
        https://www.bankinfosecurity.com/uk-reports-50-spike-in-nationally-significant-incidents-a-26544
      • Navigating The Ethics Of AI In Cybersecurity
        "Even if we’re not always consciously aware of it, artificial intelligence is now all around us. We’re already used to personalized recommendation systems in e-commerce, customer service chatbots powered by conversational AI and a whole lot more. In the realm of information security, we’ve already been relying on AI-powered spam filters for years to protect us from malicious emails."
        https://securityintelligence.com/articles/navigating-ethics-ai-cybersecurity/
      • AI Models In Cybersecurity: From Misuse To Abuse
        "Artificial intelligence is on everyone’s mind right now, especially the cybersecurity industry. In a constant game of whack-a-mole, both defenders and attackers are harnessing AI to tip the balance of power in their respective favor. Before we can understand how defenders and attackers leverage AI, we need to acknowledge the three most common types of AI models currently in circulation."
        https://www.securityweek.com/ai-models-in-cybersecurity-from-misuse-to-abuse/
      • Russia's Case Against REvil Hackers Proceeds As Government Recommends 6.5-Year Sentence
        "The Russian military prosecutor's office is reportedly pushing for prison sentences of up to 6.5 years for four people linked to the hacking group REvil. The Russian cybercrime group was one of the most active ransomware gangs before its shutdown in 2021 and the arrests of 14 suspected members by Russian law enforcement a year later. The legal proceedings against the alleged hackers have been dragging on for the last two years, and of 14 detainees only eight have made it to a Moscow court to face charges of illegal financial transactions."
        https://therecord.media/russia-revil-hackers-case-sentencing

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 9360f9b1-d542-4e84-a251-913130477f57-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post