NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 29 October 2024

    Cyber Security News
    1
    1
    375
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • New Tool Bypasses Google Chrome’s New Cookie Encryption System
        "A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser. The tool, named 'Chrome-App-Bound-Encryption-Decryption,' was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses. Although the tool achieves what multiple infostealer operations have already added to their malware, its public availability raises the risk for Chrome users who continue to store sensitive data in their browsers."
        https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/
        https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption

      Vulnerabilities

      • Anatomy Of An LLM RCE
        "As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of ethical policy violations; they have become a , potentially aiding in the compromise of the systems they’re integrated into. These critical threats have recently been identified in various applications, from a data framework for LLMs known as LlamaIndex to an SQL agent called Vanna.AI and even an LLM integration framework LangChain."
        https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce

      Malware

      • RAT Malware Operating Via Discord Bot
        "Discord is a social platform where users can create servers to form communities and communicate in real-time, supporting voice, video, and text chat. While it initially gained popularity among gamers, it has now expanded into a space where groups with diverse interests gather to communicate. A Discord Bot is a program that automatically performs specific tasks on user-created servers, offering various features such as server management, automated message responses, game facilitation, music playback, and notification delivery, making server operation easier. These bots are mainly implemented using languages like Python and JavaScript, and they interact with servers through the Discord API."
        https://asec.ahnlab.com/en/84107/
      • You’re Invited: Rampant Phishing Abuses Eventbrite
        "With over 5 million events annually on Eventbrite, attackers have found a new, trusted entry point for phishing – now showing a 900% growth rate in attacks. Perception Point’s security researchers recently identified a mounting wave of phishing attacks, in which threat actors misuse Eventbrite’s services to steal financial or personal information. Within days, Perception Point has prevented thousands of these phishing emails, targeting both individuals and organizations worldwide across various industries–impersonating banks, airlines, postal services, energy companies, and more."
        https://perception-point.io/blog/youre-invited-rampant-phishing-abuses-eventbrite/
      • Hybrid Russian Espionage And Influence Campaign Aims To Compromise Ukrainian Military Recruits And Deliver Anti-Mobilization Narratives
        "In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android malware using a Telegram persona named "Civil Defense". "Civil Defense" claims to be a provider of free software programs designed to enable potential conscripts to view and share crowdsourced locations of Ukrainian military recruiters. If installed with Google Play Protect disabled, these programs deliver an operating system-specific commodity malware variant to the victim alongside a decoy mapping application we track as SUNSPINNER."
        https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives
        https://www.bleepingcomputer.com/news/security/russia-targets-ukrainian-conscripts-with-windows-android-malware/
        https://therecord.media/russia-linked-hackers-target-ukrainian-military-recruits
        https://thehackernews.com/2024/10/russian-espionage-group-targets.html
        https://www.darkreading.com/threat-intelligence/russia-kneecaps-ukraine-army-recruitment-spoofed-civil-defense-app
        https://www.bankinfosecurity.com/russia-tied-to-ukrainian-military-recruit-malware-targeting-a-26650
        https://cyberscoop.com/suspected-russian-hacking-influence-operations-take-aim-at-ukrainian-military-recruiting/
        https://www.securityweek.com/google-russia-targeting-ukrainian-military-recruits-with-android-windows-malware/
        https://www.infosecurity-magazine.com/news/russian-malware-ukrainian-recruits/
      • Joint Statement By FBI And CISA On PRC Activity Targeting Telecommunications
        "The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China. After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims. The investigation is ongoing, and we encourage any organization that believes it might be a victim to engage its local FBI field office or CISA."
        https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications
        https://www.bleepingcomputer.com/news/security/us-says-chinese-hackers-breached-multiple-telecom-providers/
        https://www.theregister.com/2024/10/28/feds_investigate_chinas_salt_typhoon/
      • Mozilla: ChatGPT Can Be Manipulated Using Hex Code
        "A new prompt-injection technique could allow anyone to bypass the safety guardrails in OpenAI's most advanced language learning model (LLM). GPT-4o, released May 13, is faster, more efficient, and more multifunctional than any of the previous models underpinning ChatGPT. It can process multiple different forms of input data in dozens of languages, then spit out a response in milliseconds. It can engage in real-time conversations, analyze live camera feeds, and maintain an understanding of context over extended conversations with users. When it comes to user-generated content management, however, GPT-4o is in some ways still archaic."
        https://www.darkreading.com/application-security/chatgpt-manipulated-hex-code
      • CloudScout: Evasive Panda Scouting Cloud Services
        "In this blogpost, we provide a technical analysis of CloudScout, a post-compromise toolset used by Evasive Panda to target a government entity and a religious organization in Taiwan from 2022 to 2023. The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies. Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda’s signature malware framework."
        https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/
        https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html
        https://www.infosecurity-magazine.com/news/evasive-panda-cloudscout-taiwan/
      • Attackers Target Crypto Wallets Using Codeless Webflow Phishing Pages
        "From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials. The campaigns have targeted more than 120 organizations worldwide, with the majority located in North America and Asia, across multiple segments led by financial services, banking, and technology."
        https://www.netskope.com/blog/attackers-target-crypto-wallets-using-codeless-webflow-phishing-pages
        https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html
      • Pig Butchers Join The Gig Economy: Cryptocurrency Scammers Target Job Seekers
        "For years, Pig Butcher scammers have swindled victims out of billions of dollars. Typically, they lure victims in with long-winded confidence scams that eventually direct victims to a fake cryptocurrency investment platform. Once a target’s initial small investment starts turning into a large (but fake) “profit,” the scammers pressure the victim to invest vast sums of money. Once the victim’s money leaves their digital wallet, the unrealized gains are replaced with a sinking realization—they have lost everything."
        https://www.proofpoint.com/us/blog/threat-insight/pig-butchers-join-gig-economy-cryptocurrency-scammers-target-job-seekers
        https://www.infosecurity-magazine.com/news/job-scam-targets-financially/

      Breaches/Hacks/Leaks

      • Free, France’s Second Largest ISP, Confirms Data Breach After Leak
        "Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers."
        https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/
        https://therecord.media/france-telecom-free-cyberattack
        https://securityaffairs.com/170333/data-breach/free-suffered-a-cyber-attack.html
      • Texas County Says 47,000 Had SSNs, Medical Treatment Info Leaked During May Cyberattack
        "A cyberattack in May gave hackers access to the personal, financial and medical information of more than 47,000 residents living in Wichita County, Texas. County officials filed breach notification documents with regulators in Texas as well as Maine and posted a notice on their website warning residents that the incident involved everything from names, Social Security numbers and government IDs to financial account information, health insurance information and some types of medical treatment information."
        https://therecord.media/wichita-county-texas-cyberattack-data-breach

      General News

      • A Good Cyber Leader Prioritizes The Greater Good
        "In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into this; we have to get ourselves out.” Geopolitical tensions are rising worldwide, attacks are becoming increasingly sophisticated, and nation-state threats on US organizations and critical infrastructure are at an all-time high. As we prepare to enter another year of aggressive cybersecurity threats and reflect on some of the most significant attacks this year, bolstering defenses from a technical standpoint is undoubtedly needed."
        https://www.helpnetsecurity.com/2024/10/28/good-cyber-leader-responsibility/
      • How Isolation Technologies Are Shaping The Future Of Kubernetes Security
        "In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized environments."
        https://www.helpnetsecurity.com/2024/10/28/emily-long-edera-kubernetes-clusters-security/
      • Fraudsters Revive Old Tactics Mixed With Modern Technology
        "Threat actors continue to probe the payments ecosystem for vulnerabilities and were successful in conducting fraud schemes affecting multiple financial institutions, technologies, and processes, according to Visa. Scammers are going back to basics with an increase of physical theft over the past six months, capitalizing on the window between the theft and the victim’s awareness. After a theft, the most common ways the criminals are capitalizing on their theft by purchasing gift cards or physical goods to resell, or even using the card number online for money transfers."
        https://www.helpnetsecurity.com/2024/10/28/payments-fraud-schemes/
      • AI-Powered BEC Scams Zero In On Manufacturers
        "Business email compromise (BEC) threats are on the rise and now account for over half of all phishing attempts, with manufacturers particularly badly hit, according to Vipre Security Group. The security vendor used proprietary intelligence to compile its Email Threat Trends Report: Q3 2024, published this morning. It revealed that around 12% of the 1.8 billion emails that Vipre processed globally in the period were classified as malicious, with BEC accounting for 58% of phishing attempts."
        https://www.infosecurity-magazine.com/news/aipowered-bec-scams-manufacturers/
      • Redline, Meta Infostealer Malware Operations Seized By Police
        "The Dutch National Police seized the network infrastructure for the Redline and Meta infostealer malware operations in "Operation Magnus," warning cybercriminals that their data is now in the hands of law enforcement. Operation Magnus was announced on a dedicated website that disclosed the disruption of the Redline and Meta operations, stating that legal actions based on the seized data are currently underway. "On the 28th of October 2024 the Dutch National Police, working in close cooperation with the FBI and other partners of the international law enforcement task force Operation Magnus, disrupted operation of the Redline and Meta infostealers," reads a short announcement on the Operation Magnus site."
        https://www.bleepingcomputer.com/news/legal/redline-meta-infostealer-malware-operations-seized-by-police/
        https://operation-magnus.com/
        https://therecord.media/infostealer-servers-takedown-dutch-police-fbi
        https://www.bankinfosecurity.com/dutch-police-fbi-infiltrate-info-stealer-infrastructure-a-26643
        https://cyberscoop.com/redline-meta-operation-magnus-infostealers/
        https://www.theregister.com/2024/10/28/dutch_cops_pwn_the_redline/
        https://www.helpnetsecurity.com/2024/10/28/police-hacks-disrupts-redline-meta-infostealer-operations/
      • 2025 Cyber Security Predictions – The Rise Of AI-Driven Attacks, Quantum Threats, And Social Media Exploitation
        "As we move into 2025, the cyber security landscape will become more complex, with new challenges emerging as rapidly as the technologies that drive them. From artificial intelligence (AI)-enhanced malware to looming quantum computing threats, the forecast from Check Point Software Technologies highlights the trends that organizations must prepare for to stay secure in this evolving digital environment."
        https://blog.checkpoint.com/security/2025-cyber-security-predictions-the-rise-of-ai-driven-attacks-quantum-threats-and-social-media-exploitation/
      • Put End-Of-Life Software To Rest
        "When you've bought a haunted house, the worst thing you can do is decide to just live with it. Yet in every horror movie, there's always that one person — usually the father — who doesn't want to leave. Plates are flying off the shelves, blood is erupting from the sink, and Dad is ignoring all of it while pruning the ficus in the living room. Dad doesn't last long in those movies, and it's because he's ignoring one universal truth: Denying that a threat is real won't protect you from it."
        https://www.darkreading.com/vulnerabilities-threats/put-end-life-software-rest
      • Italy Police Arrest Four Over Alleged Illegal Database Access, Source Says
        "Italian police have placed four people under house arrest as part of a probe into alleged illegal access to state databases, and are investigating dozens, including Leonardo Maria Del Vecchio, son of the late billionaire founder of Luxottica, a source said on Saturday. A lawyer for Leonardo Maria Del Vecchio said he was "eagerly awaiting the completion of preliminary investigations to be able to prove he has nothing to do with the events in question and that charges laid against him have no basis. "He seems to be rather a victim given initial allegations and the negative outcome of the search conducted," lawyer Maria Emanuela Mascalchi said in a statement."
        https://www.reuters.com/world/europe/italy-police-arrest-four-over-alleged-illegal-database-access-source-says-2024-10-26/
        https://therecord.media/italy-arrests-illegal-dossiers-private-intelligence
        https://securityaffairs.com/170328/data-breach/a-crime-ring-compromised-italian-state-databases.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 6b5a9e31-2fc5-48ca-a708-ddc1989afe20-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post