NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 18 October 2024

    Cyber Security News
    1
    1
    423
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Elvaco M-Bus Metering Gateway CMe3100
        "Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution, impersonate and send false information, or bypass authentication."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-01
      • Kieback&Peter DDC4000 Series
        "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full administrator rights on the system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
      • LCDS LAquis SCADA
        "Successful exploitation of this vulnerability could allow an attacker to steal cookies, inject arbitrary code, or perform unauthorized actions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-02
      • Mitsubishi Electric CNC Series
        "Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the affected device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-03
      • HMS Networks EWON FLEXY 202
        "Successful exploitation of this vulnerability could allow an attacker to sniff and decode credentials that are transmitted using weak encoding techniques."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-04

      New Tooling

      • GhostStrike: Open-Source Tool For Ethical Hacking
        "GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments."
        https://www.helpnetsecurity.com/2024/10/17/ghoststrike-open-source-tool-ethical-hacking/
        https://github.com/stivenhacker/GhostStrike

      Vulnerabilities

      • F5 BIG-IP Updates Patch High-Severity Elevation Of Privilege Vulnerability
        "F5 on Wednesday published its October 2024 quarterly security notification, describing two vulnerabilities addressed in BIG-IP and BIG-IQ enterprise products. Updates released for BIG-IP address a high-severity security defect tracked as CVE-2024-45844. Affecting the appliance’s monitor functionality, the bug could allow authenticated attackers to elevate their privileges and make configuration changes. “This vulnerability may allow an authenticated attacker with Manager role privileges or greater, with access to the Configuration utility or TMOS Shell (tmsh), to elevate their privileges and compromise the BIG-IP system. There is no data plane exposure; this is a control plane issue only,” F5 notes in its advisory."
        https://www.securityweek.com/f5-big-ip-updates-patch-high-severity-elevation-of-privilege-vulnerability/
      • Cisco Patches High-Severity Vulnerabilities In Analog Telephone Adapters
        "Cisco on Wednesday announced patches for eight vulnerabilities in the firmware of ATA 190 series analog telephone adapters, including two high-severity flaws leading to configuration changes and cross-site request forgery (CSRF) attacks. Impacting the web-based management interface of the firmware and tracked as CVE-2024-20458, the first bug exists because specific HTTP endpoints lack authentication, allowing remote, unauthenticated attackers to browse to a specific URL and view or delete configurations, or modify the firmware."
        https://www.securityweek.com/cisco-patches-high-severity-vulnerabilities-in-analog-telephone-adapters/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog
      • Gatekeeper Bypass: Uncovering Weaknesses In a MacOS Security Mechanism
        "Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. A bypass of Gatekeeper could leave the user unprotected from risky applications that may attempt to execute malicious content."
        https://unit42.paloaltonetworks.com/gatekeeper-bypass-macos/

      Malware

      • ClickFix Tactic: The Phantom Meet
        "In May 2024, a new social engineering tactic called ClickFix emerged, featuring a ClearFake cluster that the Sekoia Threat Detection & Research (TDR) team closely monitored and analysed in a private report entitled FLINT 2024-027 – New widespread ClearFake variant abuses PowerShell and clipboard. This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems."
        https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/
        https://www.bleepingcomputer.com/news/security/fake-google-meet-conference-errors-push-infostealing-malware/
        https://hackread.com/clickfix-fake-google-meet-alerts-windows-macos-malware/
        https://www.helpnetsecurity.com/2024/10/17/google-meet-fix-it-infostealers/
      • UAT-5647 Targets Ukrainian And Polish Entities With RomCom Malware Variants
        "UAT-5647 has long been considered a multi-motivational threat actor performing both ransomware and espionage-oriented attacks. However, UAT-5647 has accelerated their attacks in recent months with a clear focus on establishing long–term access for exfiltrating data of strategic interest to them. Our assessment, in line with recent reporting from CERT-UA and Palo Alto Networks, indicates that the threat actor is aggressively expanding their tooling and infrastructure to support a wide variety of malware components authored in diverse languages and platforms such as GoLang, C++, RUST and LUA."
        https://blog.talosintelligence.com/uat-5647-romcom/
        https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html
        https://securityaffairs.com/169928/apt/romcom-targeted-ukrainian-government-agencies.html
      • Encrypted Symphony: Infiltrating The Cicada3301 Ransomware-As-a-Service Group
        "Since its discovery in June 2024, the Cicada3301 ransomware-as-a-service (RaaS) group has been observed targeting businesses across a wide range of critical sectors. Between June and October 2024, the group published stolen data from 30 companies on their dedicated leak sites (DLS), with 24 instances of attacks that claimed victims based in the United States and the United Kingdom."
        https://www.group-ib.com/blog/cicada3301/
        https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html
        https://www.infosecurity-magazine.com/news/cicada-ransomware-critical-sectors/
      • SAS CTF And The Many Ways To Persist a Kernel Shellcode On Windows 7
        "On May 18, 2024, Kaspersky’s Global Research & Analysis Team (GReAT), with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world took part in the event, solving challenges based on real cases that Kaspersky GReAT encountered in its work, but a couple of challenges remained unsolved. One of those challenges was based on a security issue that allows kernel shellcode to be hidden in the system registry and executed during system boot on a fully updated Windows 7/Windows Server 2008 R2 due to an incomplete fix for the CVE-2010-4398 vulnerability."
        https://securelist.com/sas-ctf-windows-7-challenge-explained/114180/
      • Ukraine Tracks Emailed Bomb Threats To Russia-Linked Group
        "A hacker group tracked as UAC-0050 may be behind a recent large-scale information campaign targeting Ukrainian institutions with emails warning of a terrorist attack. In a report released this week, Ukraine’s computer emergency response team (CERT-UA) linked UAC-0050 to a psychological operation with the name Fire Cells Group. The campaign included emails claiming that bombs were planted inside Ukrainian institutions. Among the targets were nearly 60 Ukrainian embassies around the world, as well as media outlets and state agencies. Their employees were forced to evacuate or suspend services while police searched for alleged explosive devices. According to the investigation, all alerts were false and were likely part of Russian intelligence agencies’ hybrid war against Ukraine."
        https://therecord.media/ukraine-bomb-threats-fire-cells-group
      • Independent Russian News Site Rides Out a Week Of DDoS Incidents
        "The Russian independent media outlet Novaya Gazeta Europe was targeted by several large-scale distributed denial-of-service (DDoS) attacks this week, temporarily knocking its website offline. The attacks began on Monday and persisted until Wednesday, reaching 12 million junk page requests per minute at one point, according to the outlet’s statement. During the attacks, the website was temporarily unavailable due to traffic overload. “If our website isn't loading, it means we’re currently experiencing an attack. Please check back in 20 to 30 minutes — by then, we typically have things under control and access should be restored,” Novaya Gazeta Europe stated."
        https://therecord.media/ddos-attacks-novaya-gazeta-europe-russian-media
      • Cronus: Ransomware Threatening Bodily Harm
        "Cronus is a .NET based ransomware strain that was first reported on by Seqrite. Threat researchers discovered the ransomware variant after discovering a malicious document that was submitted to VirusTotal. This blog outlines how the ransomware encrypts files and establishes persistence, as well as analyzes the Cronus ransomware note."
        https://blog.pulsedive.com/threat-research-cronus-ransomware-threatening-bodily-harm/

      Breaches/Hacks/Leaks

      • BianLian Ransomware Claims Attack On Boston Children's Health Physicians
        "The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. BHCP is a network of over 300 pediatric physicians and specialists operating over 60 locations across New York's Hudson Valley and Connecticut, offering patient care in clinics, community hospitals, and health centers affiliated with Boston Children's Hospital. According to the announcement BHCP published on its website, a cyberattack compromised its IT vendor on September 6 and a few days later BHCP detected unauthorized activity on its network."
        https://www.bleepingcomputer.com/news/security/bianlian-ransomware-claims-attack-on-boston-childrens-health-physicians/
      • Hackers Blackmail Globe Life After Stealing Customer Data
        "Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. Founded in 1900, Globe Life is among the largest providers of life and health insurance plans in the United States, with a market capitalization of $12 billion and a total revenue that exceeds $5.3 billion. Global Life previously disclosed a data breach on June 13 after discovering they had been compromised while reviewing potential vulnerabilities related to access permissions and user identity management for its web portal."
        https://www.bleepingcomputer.com/news/security/hackers-blackmail-globe-life-after-stealing-customer-data/
        https://therecord.media/globe-life-insurance-facing-extortion-threat-after-subsidiary-data-theft
        https://www.theregister.com/2024/10/17/us_insurance_giant_with_a/
      • Japan's Ruling Political Party Hit By Cyberattack From Alleged Pro-Russian Hackers
        "Japan's ruling Liberal Democratic Party (LDP) reported that a cyberattack temporarily disrupted its website earlier this week, coinciding with the start of the country’s general election campaign. During a press conference on Thursday, Deputy Chief Cabinet Secretary Kazuhiko Aoki said that the country's cyber agencies had implemented relevant security measures and are investigating the incident. The LDP's website was targeted by a distributed denial-of-service (DDoS) attack on Tuesday, coinciding with the beginning of the 12-day campaign period for the election of the House of Representatives, which plays a key role in Japan’s parliamentary system."
        https://therecord.media/japan-political-party-hit-by-cyberattack-pro-russian-hackers

      General News

      • How NIS2 Will Impact Sectors From Healthcare To Energy
        "In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect of organizational strategy and accountability."
        https://www.helpnetsecurity.com/2024/10/17/mick-baccio-splunk-nis2-challenges/
      • Why Companies Are Struggling To Keep Up With SaaS Data Protection
        "While businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data, according to Keepit. According to the survey, while 28% of respondents expressed high confidence in their data protection measures, a significant 31% reported moderate to severe lapses in their data protection. This lack of confidence is alarming as the use of SaaS applications continues to grow, with critical data stored in applications like Microsoft 365, Salesforce, and Power BI."
        https://www.helpnetsecurity.com/2024/10/17/saas-tools-data-protection/
      • Should We Chat, Too? Security Analysis Of WeChat’s MMTLS Encryption Protocol
        "WeChat, with over 1.2 billion monthly active users, stands as the most popular messaging and social media platform in China and third globally. As indicated by market research, WeChat’s network traffic accounted for 34% of Chinese mobile traffic in 2018. WeChat’s dominance has monopolized messaging in China, making it increasingly unavoidable for those in China to use. With an ever-expanding array of features, WeChat has also grown beyond its original purpose as a messaging app."
        https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
        https://www.theregister.com/2024/10/17/wechat_devs_modded_tls_introducing/
      • FBI Arrest Alabama Man Suspected Of Hacking SEC's X Account
        "An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. The Department of Justice said that 25-year-old Eric Council, of Alabama, and conspirators conducted a SIM-swap attack to take over the identity of the person in charge of SEC's X account."
        https://www.bleepingcomputer.com/news/security/fbi-arrest-alabama-man-suspected-of-hacking-secs-x-account/
        https://therecord.media/sec-twitter-account-hack-arrest-alabama
        https://cyberscoop.com/sec-twitter-hack-arrest-sim-swapping/
        https://www.itnews.com.au/news/fbi-arrests-alabama-man-over-sec-bitcoin-x-account-hack-612444
      • CISA And FBI Release Joint Guidance On Product Security Bad Practices For Public Comment
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions."
        https://www.cisa.gov/news-events/alerts/2024/10/16/cisa-and-fbi-release-joint-guidance-product-security-bad-practices-public-comment
        https://cisa.gov/resources-tools/resources/product-security-bad-practices
        https://www.bankinfosecurity.com/cisa-unveils-exceptionally-risky-software-bad-practices-a-26556
        https://www.infosecurity-magazine.com/news/cisa-product-security-flaws/
        https://www.securityweek.com/cisa-fbi-seek-public-comment-on-software-security-bad-practices-guidance/
      • Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand As Alibaba And Adobe Enter Top 10
        "In the realm of cyber security, phishing attacks are among the most prevalent threats, often serving as the initial step for larger-scale campaigns within supply chains. Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd., has recently released its latest Brand Phishing Ranking for the third quarter of 2024. This report sheds light on the brands most frequently imitated by cyber criminals, in their attempts to deceive and steal personal information or payment credentials, emphasizing the ongoing risks associated with phishing attacks in today’s digital landscape."
        https://blog.checkpoint.com/research/check-point-research-unveils-q3-2024-brand-phishing-trends-microsoft-remains-most-imitated-brand-as-alibaba-and-adobe-enter-top-10/
      • Is a CPO Still a CPO? The Evolving Role Of Privacy Leadership
        "The role of the CPO — chief privacy officer — is at a crossroads. A rapidly growing number of data breaches, continually evolving regulations, and the increasing complexity of digital ecosystems have made a robust, privacy-first approach to managing data more critical for businesses than ever before. The role of a CPO was once clear-cut: Ensure compliance with privacy laws, manage data collection practices, and mitigate data risks. Now, CPOs are balancing more responsibilities than ever. Privacy has an impact on every realm of the business. So, is a CPO still a CPO, or is the role something greater? And, is it a role that just one person can handle?"
        https://www.darkreading.com/cyber-risk/cpo-still-cpo-evolving-role-privacy-leadership
      • Hong Kong Crime Ring Swindles Victims Out Of $46M
        "Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims. The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds."
        https://www.darkreading.com/cyberattacks-data-breaches/hong-kong-crime-ring-swindles-victims-out-of-46m
      • The Role Of Compromised Cyber-Physical Devices In Modern Cyberattacks
        "Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the attackers themselves."
        https://www.helpnetsecurity.com/2024/10/17/fyodor-yarochkin-trend-micro-compromised-cyber-physical-devices/
      • Ransomware: Threat Level Remains High In Third Quarter
        "Ransomware attacks continued to occur at near peak levels during the third quarter of this year, which also saw the newly formed RansomHub group overtake the veteran LockBit operation as the number one ransomware threat. Analysis of data from ransomware leak sites found that ransomware actors claimed 1,255 attacks in the third quarter of 2024, down very slightly from 1,325 in the second quarter, but the overall number of attacks is continuing to trend upwards."
        https://www.security.com/threat-intelligence/ransomware-threat-level-remains-high
        https://www.infosecurity-magazine.com/news/ransomhub-overtakes-lockbit/
      • Be Aware Of These Eight Underrated Phishing Techniques
        "Email phishing is by far one of the most prevalent forms of phishing. However, there are a number of lesser-known phishing techniques that are often overlooked or underestimated yet increasingly being employed by attackers. Let’s take a brief look at some of the main ones."
        https://www.securityweek.com/be-aware-of-these-eight-underrated-phishing-techniques/
      • Apple Releases Draft Ballot To Shorten Certificate Lifespan To 45 Days
        "Earlier this week, on October 9, during the second day of the fall CA/Browser Forum Face-to-Face meeting, Apple revealed that it had published a draft ballot for commentary to GitHub. This proposal, which is sponsored by Sectigo, offers to incrementally phase maximum term for public SSL/TLS certificates down to 45 days between now and 2027. The draft also phases down the DCV reuse period over time, until it reaches 10 days in 2027."
        https://www.sectigo.com/resource-library/apple-now-joins-google-in-push-to-shorten-digital-certificate-lifespans

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 32ed0a48-504e-4571-959d-52340d25db36-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post