NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 28 October 2024

    Cyber Security News
    1
    1
    357
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Vulnhuntr: Autonomous AI Finds First 0-Day Vulnerabilities In Wild
        "Today, we introduce Vulnhuntr, a Python static code analyzer that leverages the power of large language models (LLMs) to find and explain complex, multistep vulnerabilities. Thanks to the capabilities of models like Claude 3.5, AI has now uncovered more than a dozen remotely exploitable 0-day vulnerabilities targeting open-source projects in the AI ecosystem with over 10,000 GitHub stars in just a few hours of running it. These discoveries include full-blown Remote Code Execution. If you’d like to get paid for using Vulnhuntr then head on over to https://huntr[.]com which is an AI bug bounty program helping secure the exploding open source AI ecosystem."
        https://protectai.com/threat-research/vulnhuntr-first-0-day-vulnerabilities
        https://github.com/protectai/vulnhuntr
        https://www.darkreading.com/application-security/open-source-llm-tool-finds-python-zero-days

      Vulnerabilities

      • QNAP, Synology, Lexmark Devices Hacked On Pwn2Own Day 3
        "The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards. On Day 1, participants uncovered 52 zero-day vulnerabilities, and on Day 2, another 51 zero-days were added."
        https://www.bleepingcomputer.com/news/security/qnap-synology-lexmark-devices-hacked-on-pwn2own-day-3/
      • Vulnerable WiFi Alliance Example Code Found In Arcadyan FMIMG51AX000J
        "A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers."
        https://kb.cert.org/vuls/id/123336
        https://thehackernews.com/2024/10/researchers-discover-command-injection.html
      • An Update On Windows Downdate
        "In August, I shared a blog on my most recent research project called Windows Downdate, which I first presented at Black Hat USA 2024 and DEF CON 32 (2024). In it, I explained how I was able to develop a tool to take over the Windows Update process to craft custom downgrades on critical OS components to expose previously fixed vulnerabilities. By using this downgrade ability, I discovered CVE-2024-21302, a privilege escalation vulnerability affecting the entire Windows virtualization stack."
        https://www.safebreach.com/blog/update-on-windows-downdate-downgrade-attacks/
        https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/
        https://hackread.com/hackers-downgrade-windows-exploit-patched-flaws/
      • Over 70 Zero-Day Flaws Get Hackers $1 Million At Pwn2Own Ireland
        "The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. The hacking contest pits security researchers against various software and hardware products, in an attempt earn the "Master of Pwn" title by compromising targets in eight categories ranging from mobile phones, messaging apps, home automation, and smart speakers to printers, surveillance systems, network-attached storage (NAS), and SOHO Smash-up."
        https://www.bleepingcomputer.com/news/security/over-70-zero-day-flaws-get-hackers-1-million-at-pwn2own-ireland/

      Malware

      • WrnRAT Distributed Under The Guise Of Gambling Games
        "AhnLab SEcurity intelligence Center (ASEC) recently discovered that malware was being distributed under the guise of gambling games such as badugi, 2-player go-stop, and hold’em. The threat actor created a website disguised as a gambling game site, and if the game launcher is downloaded, it installs malware that can control the infected system and steal information. The malware appears to have been created by the threat actor and is referred to as WrnRAT based on the strings used in its creation."
        https://asec.ahnlab.com/en/84086/
      • ReliaQuest Uncovers New Black Basta Social Engineering Technique
        "In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” Their previous approach involved overwhelming users with email spam, prompting them to create a legitimate help-desk ticket to resolve the issue. The attacker would then contact the end user, posing as the help desk, to respond to the ticket."
        https://www.reliaquest.com/blog/black-basta-social-engineering-technique-microsoft-teams/
        https://www.bleepingcomputer.com/news/security/black-basta-ransomware-poses-as-it-support-on-microsoft-teams-to-breach-networks/
      • Amazon Identified Internet Domains Abused By APT29
        "APT29 aka Midnight Blizzard recently attempted to phish thousands of people. Building on work by CERT-UA, Amazon recently identified internet domains abused by APT29, a group widely attributed to Russia’s Foreign Intelligence Service (SVR). In this instance, their targets were associated with government agencies, enterprises, and militaries, and the phishing campaign was apparently aimed at stealing credentials from Russian adversaries. APT29 sent the Ukrainian language phishing emails to significantly more targets than their typical, narrowly targeted approach. Some of the domain names they used tried to trick the targets into believing the domains were AWS domains (they were not), but Amazon wasn’t the target, nor was the group after AWS customer credentials."
        https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/
        https://www.bleepingcomputer.com/news/security/amazon-seizes-domains-used-in-rogue-remote-desktop-campaign-to-steal-data/
        https://therecord.media/kremlin-linked-apt29-hackers-target-ukrainian-state-agencies-espionage
        https://www.darkreading.com/cyberattacks-data-breaches/russias-apt29-aws-windows-credentials
        https://www.securityweek.com/aws-seizes-domains-used-by-russias-apt29/
        https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html
        https://www.infosecurity-magazine.com/news/ukraine-phishing-campaign-citizens/
      • Tenacious Pungsan: A DPRK Threat Actor Linked To Contagious Interview
        "In recent years, the open source software supply chain has become a focus of increasing concern as an effective attack vector for malicious actors to compromise downstream targets. Attackers may seek to compromise existing, often broadly used packages, or they may publish new packages containing malicious code. Attacks of this second kind usually involve some form of namesquatting, in which the name of the malicious package is very similar to a targeted legitimate package in hopes that developers will confuse the former for the latter. We have observed significant attacks of both kinds in 2024 alone."
        https://securitylabs.datadoghq.com/articles/tenacious-pungsan-dprk-threat-actor-contagious-interview/
        https://www.bankinfosecurity.com/north-korean-hackers-spreading-malware-via-fake-interviews-a-26639
      • Chinese Hackers Reportedly Targeted Trump, Vance Phones
        "The FBI said Friday afternoon it is investigating Chinese nation-state hacking into to commercial telecommunications infrastructure following a news report that Beijing actors targeted data from campaign phones used by Republican presidential nominee Donald Trump and his running mate, Ohio Sen. JD Vance."
        https://www.bankinfosecurity.com/chinese-hackers-reportedly-targeted-trump-vance-phones-a-26638
        https://www.fbi.gov/news/press-releases/joint-statement-by-fbi-and-cisa-on-peoples-republic-of-china-activity-targeting-telecommunications
        https://www.nytimes.com/2024/10/25/us/politics/trump-vance-hack.html
        https://therecord.media/fbi-cisa-investigating-china-linked-telecom-hack-trump-harris
        https://cyberscoop.com/report-chinese-hackers-used-telecom-access-to-go-after-phones-of-trump-vance/
        https://securityaffairs.com/170277/intelligence/chinese-cyber-spies-targeted-trump-vance.html
      • New Iranian-Based Ransomware Group Charges $2000 For File Retrieval
        "The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment."
        https://blog.sonicwall.com/en-us/2024/10/new-iranian-based-ransomware-group-charges-2000-for-file-retrieval/
      • TeamTNT’s Docker Gatling Gun Campaign
        "Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware."
        https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/
        https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html
      • Arctic Wolf Labs Observes Increased Fog And Akira Ransomware Activity Linked To SonicWall SSL VPN
        "n early August, Arctic Wolf Labs began observing a marked increase in Fog and Akira ransomware intrusions where initial access to victim environments involved the use of SonicWall SSL VPN accounts. Based on victimology data showing a variety of targeted industries and organization sizes, we assess that the intrusions are likely opportunistic, and the threat actors are not targeting a specific set of industries."
        https://arcticwolf.com/resources/blog/arctic-wolf-labs-observes-increased-fog-and-akira-ransomware-activity-linked-to-sonicwall-ssl-vpn/
        https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/

      Breaches/Hacks/Leaks

      • Change Healthcare Says 100 Million People Impacted By February Ransomware Attack
        "Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February. The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.” In June, the company admitted that the hackers behind the incident likely accessed health insurance information, extensive personal health information like test results and images, financial and banking information as well as personal data like Social Security numbers."
        https://therecord.media/change-healthcare-100-million-impacted-ransomware-attack
        https://www.documentcloud.org/documents/25250169-change-healthcare-breach
        https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/
        https://www.darkreading.com/cyberattacks-data-breaches/unitedhealth-reveals-100m-compromised-change-healthcare-breach
        https://www.securityweek.com/change-healthcare-ransomware-attack-impacts-100-million-people/
        https://cyberscoop.com/change-healthcare-breach-affected-100-million-americans-marking-a-new-record/
        https://www.malwarebytes.com/blog/news/2024/10/100-million-us-citizens-officially-impacted-by-change-healthcare-data-breach
        https://www.infosecurity-magazine.com/news/change-healthcare-breach-americans/
        https://securityaffairs.com/170258/data-breach/change-healthcare-data-breach.html
        https://techcrunch.com/2024/10/24/unitedhealth-change-healthcare-hacked-millions-health-records-ransomware/
      • OnePoint Patient Care Data Breach Impacts Nearly 800,000 People
        "OnePoint Patient Care (OPPC), an Arizona-based hospice pharmacy that serves over 40,000 patients per day, is informing customers about a data breach impacting their personal information. According to the healthcare organization, it detected suspicious activity on its network on August 8, 2024. An investigation revealed a week later that before the cyberattack was detected, the hackers had obtained files containing personal information from OPPC systems."
        https://www.securityweek.com/onepoint-patient-care-data-breach-impacts-nearly-800000-people/
        https://securityaffairs.com/170247/data-breach/onepoint-patient-care-data-breach.html
      • RansomHub Gang Allegedly Behind Attack On Mexican Airport Operator
        "A hacking group recently spotlighted by U.S. agencies said it is responsible for an attack targeting an operator of 13 airports across Mexico. Grupo Aeroportuario del Centro Norte announced last Friday that a cyber incident forced its IT team to turn to backup systems in an effort to continue running the airports it controls across central and northern Mexico. Known colloquially as OMA, the company runs airports in Monterrey and other major Mexican cities, handling more than 19 million passengers so far this year."
        https://therecord.media/ransomhub-gang-behind-attack-mexican-airport-operator

      General News

      • Achieving Peak Cyber Resilience
        "Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s a lengthy process that involves a lot of planning and guidance along the way."
        https://www.helpnetsecurity.com/2024/10/25/cyber-resilience-peak/
      • The Future Of Cyber Insurance: Meeting The Demand For Non-Attack Coverage
        "In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the need for businesses to implement cyber hygiene practices and align their risk management strategies with insurers’ expectations to mitigate financial impacts and reduce premiums."
        https://www.helpnetsecurity.com/2024/10/25/michael-daum-allianz-commercial-cyber-claims/
      • Unclear Pricing For GRC Tools Creates Market Confusion
        "Due to widely varying government, risk, and compliance (GRC) tool pricing, enterprise risk management (ERM) leaders must understand four different pricing-tier categories of GRC solutions and apply a scoping framework to further estimate likely costs ahead of vendor selection, according to Gartner."
        https://www.helpnetsecurity.com/2024/10/25/grc-tool-pricing-transparency/
      • New Rules For US National Security Agencies Balance AI’s Promise With Need To Protect Against Risks
        "New rules from the White House on the use of artificial intelligence by US national security and spy agencies aim to balance the technology’s immense promise with the need to protect against its risks. The framework signed by President Joe Biden and announced Thursday is designed to ensure that national security agencies can access the latest and most powerful AI while also mitigating its misuse. Recent advances in artificial intelligence have been hailed as potentially transformative for a long list of industries and sectors, including military, national security and intelligence. But there are risks to the technology’s use by government, including possibilities it could be harnessed for mass surveillance, cyberattacks or even lethal autonomous devices."
        https://www.securityweek.com/new-rules-for-us-national-security-agencies-balance-ais-promise-with-need-to-protect-against-risks/
      • Russia Sentences REvil Ransomware Members To Over 4 Years In Prison
        "Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. REvil ransomware (aka Sodin and Sodinokibi) was launched in April 2019 as a direct successor of the GandCrab operation. In less than a year, the gang became the most prolific ransomware group, asking for some of the highest ransom payments at the time and earning over $100 million in a year."
        https://www.bleepingcomputer.com/news/security/russia-sentences-revil-ransomware-members-to-over-4-years-in-prison/
        https://therecord.media/four-revil-ransomware-gang-members-sentenced-prison-russia
        https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html
        https://securityaffairs.com/170287/cyber-crime/revil-ransomware-group-member-sentenced.html
      • Europol Details Pursuit Of LockBit Ransomware Affiliates
        "What does it take to disrupt a major ransomware operation? Operation Cronos, comprising 10 national law enforcement agencies, continues to target the LockBit ransomware-as-a-service group using a variety of approaches. "The goal of this investigation specifically was to disrupt the trust of the crime community for this specific ransomware family and for providers of the ransomware family," said Donatas Mazeika, head of the forensic support team at Europol's European Cyber Crime Centre, speaking Friday at the Hardware.io conference in Amsterdam."
        https://www.bankinfosecurity.com/europol-details-pursuit-lockbit-ransomware-affiliates-a-26632
      • The Rise And Fall Of The BreachForums Cybercrime Network
        "In the cybersecurity world, the success of cybercriminal activities can be dependent upon and closely tied to the transfer of tools, resources, and services among different threat actors. Nowadays, cybercrime-as-a-service (CaaS) solutions are facilitating the procurement of such tools for attackers, giving them the ability to easily execute their illegal pursuits."
        https://blog.barracuda.com/2024/10/24/the-rise-and-fall-of-the-BreachForums-cybercrime-network
      • Cybersecurity Isn't Easy When You're Trying To Be Green
        "Renewable energy companies lag behind their more traditional peers when it comes to the cybersecurity readiness of their infrastructure, raising concerns that attackers targeting critical infrastructure could find easier prey among "green" energy firms. In a study of 250 energy companies worldwide, oil and natural-gas firms scored the highest — with the average company scoring a 94, or "A" — while the lowest scores belonged to renewable energy companies, which scored a median of 85, or a "B.""
        https://www.darkreading.com/cyber-risk/cybersecurity-is-not-easy-when-you-are-green
      • 'Shift Left' Gets Pushback, Triggers Security Soul Searching
        "The common wisdom in the software industry is that fixing a vulnerability during production is 100 times more expensive than fixing it during the design phase. This massive purported cost of defects has fueled arguments — especially from vendors — that developers need increasingly complex — and expensive — tools to catch more bugs earlier in the development pipeline. Yet software security professionals are now questioning the extreme nature of that financial trade-off."
        https://www.darkreading.com/application-security/shift-left-pushback-triggers-security-soul-searching
      • Cybercrime Atlas: An Effective Approach To Collaboration In Cybersecurity
        "As the saying goes, “There is strength in numbers,” which holds true when fighting cybercrime. Collaborating across organizations, industries, and borders is one of the most effective actions we can collectively take to address these pressing issues and disrupt threat actor activity. Cultivating relationships and sharing information creates trust, and greater trust among public and private entities paves the way for more intelligence sharing to enable us all to stay ahead of our adversaries."
        https://www.fortinet.com/blog/industry-trends/cybercrime-atlas-an-effective-approach-to-collaboration-in-cybersecurity
      • Addressing Growing Concerns About Cybersecurity In Manufacturing
        "Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface. According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023."
        https://securityintelligence.com/articles/addressing-growing-concerns-cybersecurity-in-manufacturing/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 824724ef-9729-4fe5-b296-cfe53814db38-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post