NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 November 2024

    Cyber Security News
    1
    1
    344
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • New Algorithm Identifies Increase In Critical Infrastructure Security Vulnerabilities
        "Behind the normalcy of daily life is critical infrastructure. It's responsible for keeping water clean, providing electricity, and facilitating the supply chain ensuring the needs of countless people around the world are met. As with most systems, the technology that helps operate, manage, and monitor critical infrastructure can be connected to the internet, making it vulnerable to cyberattacks. Just last year, a water treatment plant in Pennsylvania was attacked by Iranian hackers and taken offline. Russia is also currently using cyberattacks to interfere with the Ukrainian power grid. These attacks are becoming more frequent and more powerful, with the capability to shut down large operations, adversely affecting millions of people."
        https://ece.gatech.edu/news/2024/10/new-algorithm-identifies-increase-critical-infrastructure-security-vulnerabilities-0
        https://www.securityweek.com/plchound-aims-to-improve-detection-of-internet-exposed-ics/

      New Tooling

      • Osmedeus: Open-Source Workflow Engine For Offensive Security
        "Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists."
        https://www.helpnetsecurity.com/2024/11/06/osmedeus-open-source-workflow-engine-offensive-security/
        https://github.com/j3ssie/osmedeus

      Vulnerabilities

      • Cisco Bug Lets Hackers Run Commands As Root On UWRB Access Points
        "Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. Tracked as CVE-2024-20418, this security flaw was found in Cisco's Unified Industrial Wireless Software's web-based management interface. Unauthenticated threat actors can exploit it in low-complexity command injection attacks that don't require user interaction."
        https://www.bleepingcomputer.com/news/security/cisco-bug-lets-hackers-run-commands-as-root-on-uwrb-access-points/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs

      Malware

      • New SteelFox Trojan Mimics Software Activators, Stealing Sensitive Data And Mining Cryptocurrency
        "In August 2024, our team identified a new crimeware bundle, which we named “SteelFox”. Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. It also uses stealer malware to extract the victim’s credit card data as well as details about the infected device."
        https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/
        https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/
      • Threat Campaign Spreads Winos4.0 Through Game Application
        "Winos4.0 is an advanced malicious framework that offers comprehensive functionality, a stable architecture, and efficient control over numerous online endpoints to execute further actions. Rebuilt from Gh0strat, it includes several modular components, each handling distinct functions. Winos4.0 has been deployed in various attack campaigns, such as Silver Fox. FortiGuard Labs has identified multiple samples of this malware hidden within gaming-related applications, including installation tools, speed boosters, and optimization utilities."
        https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application
        https://www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/
        https://thehackernews.com/2024/11/new-winos-40-malware-infects-gamers.html
        https://www.darkreading.com/threat-intelligence/chinese-gamers-targeted-winos40-framework-scam
        https://hackread.com/winos4-0-malware-target-windows-fake-gaming-apps/
        https://www.infosecurity-magazine.com/news/winos40-malware-found-game-windows/
      • Uncovering a Large-Scale Campaign Using The Latest Version Of The Rhadamanthys Stealer: Rhadamanthys.07
        "Check Point Research recently identified a large-scale phishing campaign using a new version of the infamous Rhadamanthys Stealer, a sophisticated malware designed to extract data from infected machines. The attackers masquerade as various legitimate companies, alleging that victims have committed copyright infringements on their personal Facebook pages. Using falsified Gmail accounts sending emails from these well-known companies, the email addresses and language are customized per each target to inform the victim of their supposed copywriting violation."
        https://blog.checkpoint.com/security/uncovering-a-large-scale-campaign-using-the-latest-version-of-the-rhadamanthys-stealer-rhadamanthys-07/
        https://research.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version/
        https://www.darkreading.com/cyberattacks-data-breaches/fake-copyright-infringement-emails-rhadamanthys
      • Hidden In The Crowd: The Risk Of Group-Delivered Malware
        "In most cases, threat actors make use of one or more delivery mechanisms to place a single malware sample on a victim’s computer. This is because most of the time only that one file is needed to completely compromise a computer and, in many cases, other computers on the same network. In more rare cases, a single threat actor will deliver malware such as a Remote Access Trojan (RAT) and a Keylogger or Information Stealer to complement the RAT and harvest information that the RAT may have difficulty collecting without being detected."
        https://cofense.com/blog/hidden-in-the-crowd-the-risk-of-group-delivered-malware
      • Scammers Target BASE And Ethereum With Political Meme Coins And Rug Pulls
        "Trugard Labs has revealed a series of major threats plaguing blockchain networks, particularly in emerging and fast-growing chains like BASE, Coinbase’s Layer 2 solution. With the release of their September findings from the Xcalibur source code detection suite, Trugard draws attention to the latest scams exploiting users on BASE, Ethereum, BSC, and Polygon networks. The rise in politically themed meme coin scams, multi-chain vulnerabilities, and BASE’s appeal to scammers point to a troubling pattern across decentralized finance (DeFi) networks."
        https://hackread.com/scammers-base-ethereum-political-meme-coins-rug-pulls/
      • Unmasking VEILDrive: Threat Actors Exploit Microsoft Services For C2
        "Hunters’ Team AXON has uncovered and is actively monitoring an ongoing threat campaign dubbed "VEILDrive”. Initially discovered during an investigation of malicious activity in a customer's infrastructure, VEILDrive leverages Microsoft’s SaaS suite—particularly Teams, SharePoint, Quick Assist, and OneDrive—to execute its tactics. Uniquely, the threat actor utilizes a OneDrive-based Command & Control (C&C) method embedded within custom malware that is deployed on compromised environments. Our analysis indicates a probable Russian origin for this campaign, and Team AXON has since alerted both Microsoft and impacted organizations to mitigate further exploitation."
        https://www.hunters.security/en/blog/veildrive-microsoft-services-malware-c2
        https://thehackernews.com/2024/11/veildrive-attack-exploits-microsoft.html
      • Bengal Cat Lovers In Australia Get Psspsspss’d In Google-Driven Gootloader Campaign
        "Once used exclusively by the cybercriminals behind REVil ransomware and the Gootkit banking trojan, GootLoader and its primary payload have evolved into an initial access as a service platform—with Gootkit providing information stealing capabilities as well as the capability to deploy post-exploitation tools and ransomware. GootLoader is known for using search engine optimization (SEO) poisoning for its initial access. Victims are often enticed into clicking on malicious adware or links disguised as legitimate marketing, or in this case a legitimate Google search directing the user to a compromised website hosting a malicious payload masquerading as the desired file."
        https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/
        https://www.theregister.com/2024/11/06/bengal_cat_australia/

      Breaches/Hacks/Leaks

      • Washington Courts' Systems Offline Following Weekend Cyberattack
        "Court systems across Washington state have been down since Sunday when officials said "unauthorized activity" was detected on their networks. This ongoing data system outage affects all state courts' judicial information systems, websites, and associated services. According to statements from affected state courts, the Administrative Office of the Courts (AOC) acted quickly after discovering the incident to secure critical court systems and is currently working to restore impacted services, the Seattle Times first reported."
        https://www.bleepingcomputer.com/news/security/washington-courts-systems-offline-following-weekend-cyberattack/
        https://therecord.media/outages-washington-courts-cyber-activity
        https://www.securityweek.com/cyberattack-blamed-for-statewide-washington-courts-outage/
      • Cyberattackers Stole Microlise Staff Data Following DHL, Serco Disruption
        "Telematics tech biz Microlise says an attack that hit its network likely did not expose customer data, although staff aren't so lucky. "Some limited employee data" was compromised in the incident, Microlise told the London Stock Exhchange today, without going into any great detail about the nature of the data or how many staff members were affected. Microlise initially disclosed the break-in on October 31, after which time the AIM-listed company's share price dropped 16 percent and has still not fully recovered."
        https://www.theregister.com/2024/11/06/microlise_cyberattack/
        https://www.londonstockexchange.com/news-article/SAAS/update-on-cyber-security-incident/16750350
        https://www.infosecurity-magazine.com/news/cyberattack-microlise-disrupts-dhl/
      • Cyberattack Disables Tracking Systems And Panic Alarms On British Prison Vans
        "A cyberattack on a telematics company has left British prison vans without tracking systems or panic alarms, although there is no evidence criminals have attempted to exploit the situation. Microlise, the directly impacted company, informed the London Stock Exchange of the incident last week although it did not provide details of the knock-on impact to customers. In an updated statement on Wednesday, Microlise confirmed that the attackers may have accessed employee data but said it is “confident that no customer systems data has been compromised.”"
        https://therecord.media/british-prison-vans-cyberattack
      • SelectBlinds Says 200,000 Customers Impacted After Hackers Embed Malware On Site
        "More than 200,000 who shopped for blinds or window dressing this year had their credit card information and other data stolen after hackers placed malware on a major retailer’s website. In breach notification documents filed this week in California and Maine, SelectBlinds said employees discovered the malware on September 28 and realized the malware had been on the company website since at least January 7."
        https://therecord.media/selectblinds-customers-credit-card-info-data-breach-website-malware

      General News

      • Identity-Related Data Breaches Cost More Than Average Incidents
        "Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total costs of identity-related data breaches exceeded the cost of a typical data breach. These findings underscore why organizations should prioritize investing in security capabilities that can mitigate the high costs of identity-related breaches."
        https://www.helpnetsecurity.com/2024/11/06/identity-related-data-breaches-cost/
      • Top US Cyber Official Says 'no Evidence Of Malicious Activity' Impacting Election
        "The top American cybersecurity agency said on Tuesday it saw no credible threats aimed at disrupting the voting infrastructure. “At this time, we've seen no evidence of malicious activity impacting the security or integrity of election infrastructure,” Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), said during the organization’s fourth and final Election Day media call. "While at the national level we saw some minor disruptive activity throughout the day, activity that was largely expected and planned for.”"
        https://therecord.media/cisa-easterly-no-evidence-of-malicious-election-activity
      • How Early-Stage Companies Can Go Beyond Cybersecurity Basics
        "The digital landscape has become a battleground, with cybercriminals constantly evolving their tactics and outmaneuvering even the most advanced defenses. Phishing scams are becoming increasingly sophisticated, zero-day vulnerabilities are emerging at an alarming rate, and ransomware attacks are crippling organizations worldwide. To stay ahead of this ever-shifting threat landscape, businesses must adopt a proactive approach to cybersecurity that goes beyond mere compliance."
        https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/
      • How To Outsmart Stealthy E-Crime And Nation-State Threats
        "Throughout the past year, we've seen a sharp uptick in cross-domain threats. This activity spans multiple domains within an organization's IT architecture, including identity, cloud, and endpoint. These attacks leave minimal footprints in each domain, like separate puzzle pieces, making them harder to detect. While cross-domain intrusions vary in complexity, my team and I are increasingly observing attacks that leverage stolen credentials to breach cloud environments and move laterally across endpoints."
        https://www.darkreading.com/vulnerabilities-threats/how-outsmart-stealthy-ecrime-nation-state-threats
      • Despite Emerging Regulations, Mobile Device, IoT Security Requires More Industry Attention
        "A broad array of Internet-connected devices have become a part of our lives, whether the mobile devices that we use daily, the Internet of Things (IoT) devices often spread throughout our "smart" homes, or even the medical devices that help provide us care when we need it.These devices are now a fixture of our lives, professionally and personally. Unfortunately, they bring with them a countless number of cybersecurity challenges."
        https://www.darkreading.com/iot/mobile-device-iot-security-requires-more-industry-attention
      • IRISSCON: Organizations Still Falling Victim To Predictable Cyber-Attacks
        "Despite most cyber threats, like ransomware, being both known and predictable, many orgnaizations are still underprepared. Experts speaking at the IRISSCON 2024 conference in Dublin noted that many incidents are indeed preventable. Analyzing the findings from Verizon’s Data Breach Investigations Report (DBIR) 2024, Phillip Larbey, Associate Director for EMEA at Verizon, said that the vast majority of cyber incidents involve at least one of three elements – human error, social engineering and ransomware."
        https://www.infosecurity-magazine.com/news/orgs-victim-predictable-attacks/
      • Massive Nigerian Cybercrime Bust Sees 130 Arrested
        "In a massive law enforcement operation, the Nigeria Police Force (NPF) has arrested 130 individuals over cybercrime accusations. Prince Olumuyiwa Adejobi, the NPF public relations officer, announced the arrests on X on November 3. The suspects include 113 foreign individuals, primarily of Chinese and Malaysian origin, and 17 Nigerian nationals. They are accused of being involved in high-level cybercrimes, hacking and activities threatening national security."
        https://www.infosecurity-magazine.com/news/massive-nigerian-cybercrime-bust/
      • What Telegram’s Recent Policy Shift Means For Cyber Crime
        "Since its launch in August 2013, Telegram has become the go-to messaging app for privacy-focused users. To start using the app, users can sign up using either their real phone number or an anonymous number purchased from the Fragment blockchain marketplace. In the case of the latter, Telegram cannot be linked to the user’s real phone number or any other personally identifiable information (PII)."
        https://securityintelligence.com/articles/what-telegrams-recent-policy-shift-means-for-cyber-crime/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 785d5805-a85b-41ab-ba37-ca579eaf9cc7-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post