NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 08 November 2024

    Cyber Security News
    1
    1
    347
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Beckhoff Automation TwinCAT Package Manager
        "Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-01
      • Delta Electronics DIAScreen
        "Successful exploitation of this these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02
      • Bosch Rexroth IndraDrive
        "Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-03

      Vulnerabilities

      • HPE Warns Of Critical RCE Flaws In Aruba Networking Access Points
        "Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba's Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have been assessed with a severity score of 9.8 and 9.0, respectively. Both are in the command line interface (CLI) service, which is accessed via the PAPI protocol."
        https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-rce-flaws-in-aruba-networking-access-points/
      • CISA Adds Four Known Exploited Vulnerabilities To Catalog
        "CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-43093 Android Framework Privilege Escalation Vulnerability
        CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability
        CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability
        CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog
        https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/
        https://securityaffairs.com/170673/security/u-s-cisa-adds-palo-alto-expedition-android-cyberpanel-and-nostromo-nhttpd-bugs-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • Unwrapping The Emerging Interlock Ransomware Attack
        "Interlock first appeared in public reporting in September 2024 and has been observed launching big-game hunting and double extortion attacks. The group has notably targeted businesses in a wide range of sectors, which at the time of reporting includes healthcare, technology, government in the U.S. and manufacturing in Europe, according to the data leak site disclosure, indicating their targeting is opportunistic. Like other ransomware players in the big-game hunting space, Interlock also operates a data leak site called “Worldwide Secrets Blog,” providing links to victims’ leaked data, chat support for victims' communications, and the email address, “interlock@2mail[.]co”."
        https://blog.talosintelligence.com/emerging-interlock-ransomware/
        https://www.infosecurity-magazine.com/news/interlock-ransomware-us-healthcare/
      • BlueNoroff Hidden Risk | Threat Actor Targets Macs With Fake Crypto News And Novel Persistence
        "Cryptocurrency-related businesses have been targets of North Korean-affiliated threat actors for some time now, with multiple campaigns aiming to steal funds and/or insert backdoor malware into targets. In April 2023, researchers detailed an APT campaign targeting macOS users with multi-stage malware that culminated in a Rust backdoor capable of downloading and executing further malware on infected devices. ‘RustBucket’, as they labeled it, was attributed with strong confidence to the BlueNoroff APT. In May 2023, ESET researchers discovered a second RustBucket variant targeting macOS users, followed by Elastic’s discovery in July that year of a third variant that included a LaunchAgent for persistence. In November 2023, Elastic also reported on another DPRK campaign targeting blockchain engineers of a crypto exchange platform with KandyKorn malware. Further analysis by SentinelLabs was able to connect the KandyKorn and RustBucket campaigns."
        https://www.sentinelone.com/labs/bluenoroff-hidden-risk-threat-actor-targets-macs-with-fake-crypto-news-and-novel-persistence/
        https://thehackernews.com/2024/11/north-korean-hackers-target-crypto.html
        https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-against-crypto-firms/
        https://therecord.media/north-korea-bluenoroff-mac-malware-crypto-industry
        https://www.helpnetsecurity.com/2024/11/07/north-korean-crypto-related-phishing/
        https://www.securityweek.com/north-korean-hackers-target-macos-users-with-fake-crypto-pdfs/
        https://hackread.com/north-korean-hackers-crypto-fake-news-hidden-risk-malware/
        https://securityaffairs.com/170659/malware/bluenoroff-apt-macos-malware.html
      • Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials
        "The Socket Research Team has discovered a malicious Python package, fabrice, that is typosquatting the popular fabric SSH automation library. The threat of malware delivered through typosquatted libraries remains a significant and growing risk to developers using open source software, as demonstrated by the massive malware campaign that recently hit npm. Today we are investigating a typosquatting package that has been live on PyPI since 2021, silently exfiltrating AWS credentials, with more than 37,000 total downloads."
        https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library
        https://thehackernews.com/2024/11/malicious-pypi-package-fabrice-found.html
        https://hackread.com/fabrice-malware-pypi-steal-aws-credentials-3-years/
      • Silent Skimmer Gets Loud (Again)
        "In late May 2024, Unit 42 researchers observed an adversary compromising multiple web servers to gain access to the environment of a multinational organization headquartered in North America. Based on overlaps in adversary infrastructure and tools, as well as tactics, techniques and procedures (TTPs), it’s possible to attribute the activity identified to the same threat actor behind the Silent Skimmer campaign. In September 2023, an online payment scraping campaign was uncovered and dubbed Silent Skimmer. Since then, there has been little to no news of Silent Skimmer – until now."
        https://unit42.paloaltonetworks.com/silent-skimmer-latest-campaign/
      • Mozi Resurfaces As Androxgh0st Botnet: Unraveling The Latest Exploitation Wave
        "The report by CloudSEK uncovers the resurgence of the Mozi botnet in a new form called "Androxgh0st," actively exploiting vulnerabilities across multiple platforms, including IoT devices and web servers. Since January 2024, Androxgh0st has adopted payloads and tactics from Mozi, allowing it to target systems like Cisco ASA, Atlassian JIRA, and PHP frameworks. This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures. Immediate security patches and regular monitoring are advised to mitigate risks from this complex threat, which now combines Mozi’s IoT-targeting abilities with Androxgh0st’s extended attack vector."
        https://www.cloudsek.com/blog/mozi-resurfaces-as-androxgh0st-botnet-unraveling-the-latest-exploitation-wave
        https://hackread.com/androxgh0st-botnet-integrate-mozi-iot-vulnerabilities/
        https://www.infosecurity-magazine.com/news/androxgh0st-botnet-adopts-mozi/
      • GuLoader: Evolving Tactics In Latest Campaign Targeting European Industry
        "Cado Security Labs recently discovered a GuLoader campaign targeting European industrial and engineering companies. GuLoader is an evasive shellcode downloader used to deliver Remote Access Trojans (RAT) that has been used by threat actors since 2019 and continues to advance."
        https://www.cadosecurity.com/blog/guloader-targeting-european-industrial-companies
        https://www.helpnetsecurity.com/2024/11/07/industrial-europe-spear-phishing-guloader/
      • GodFather Malware Expands Its Reach, Targeting 500 Banking And Crypto Applications Worldwide
        "Cyble Research and Intelligence Labs (CRIL) recently identified a phishing site, “mygov-au[.]app,” masquerading as the official MyGov website of the Australian Government. Upon further analysis, this site was found to be distributing a suspicious APK file linked to the GodFather Malware, known for its ability to steal banking application credentials."
        https://cyble.com/blog/godfather-malware-targets-500-banking-and-crypto-apps-worldwide/

      Breaches/Hacks/Leaks

      • Nokia Says Hackers Leaked Third-Party App Source Code
        "Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor's server. The hacker tried to sell the data, claiming that it includes SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials, but they decided to leak it after Nokia denied the breach."
        https://www.bleepingcomputer.com/news/security/nokia-says-hackers-leaked-third-party-app-source-code/
        https://www.darkreading.com/cyberattacks-data-breaches/nokia-no-evidence-so-far-hackers-breached-company-data

      General News

      • How Playing Cyber Games Can Help You Get Hired
        "While having the right technical chops and certifications matter, having cyber gaming experience, whether it’s participating on a cybergames team or in online competitions, can give you a leg up when potential hiring managers are reviewing your resume. It can also give you more confidence after you land the job.From showing that they can perform well under pressure to demonstrating that they’re a good team player, there are many reasons why playing on a cyber team could give a candidate a leg up, says US Cyber Games Commissioner Jessica Gulick."
        https://www.darkreading.com/cybersecurity-careers/how-playing-cyber-games-can-help-you-get-hired
      • Large eBay Malvertising Campaign Leads To Scams
        "Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts. While most of those ads clearly looked fake, they appeared consistently and prominently enough to trick the inattentive user into a scam. Victims who clicked the ad were redirected to bogus websites prompting them to call for assistance, leading them straight into the scammer’s den."
        https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams
      • ESET APT Activity Report Q2 2024–Q3 2024
        "ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024. The highlighted operations are representative of the broader landscape of threats we investigated during this period, illustrating the key trends and developments, and contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports."
        https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/
        https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2024-q3-2024.pdf
        https://thehackernews.com/2024/11/china-aligned-mirrorface-hackers-target.html
        https://therecord.media/china-linked-hackers-tasked-with-japanese-targets-pursue-through-europe
        https://www.darkreading.com/cyberattacks-data-breaches/china-backed-mirrorface-trains-sights-on-eu-diplomatic-corps
        https://cyberscoop.com/china-apt-eset-target-typhoon-mirrorface/
      • How AI Will Shape The Next Generation Of Cyber Threats
        "In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses to anticipate evolving threats. The development of AI technology will dramatically shift the skillsets required for cybercriminals, effectively lowering the barrier to entry. Traditionally, sophisticated cyberattacks required significant technical expertise — attackers needed to understand coding, malware engineering, and advanced exploitation techniques. With the rise of AI, these barriers are diminishing."
        https://www.helpnetsecurity.com/2024/11/07/buzz-hillestad-prismatic-ai-driven-attacks/
      • Consumer Privacy Risks Of Data Aggregation: What Should Organizations Do?
        "In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings reveal extensive, often unsettling, data aggregation practices that go beyond user expectations and present considerable privacy risks."
        https://www.helpnetsecurity.com/2024/11/07/data-privacy-risks/
      • Helping Banish Malicious Adverts – And Drive a Secure Advertising Ecosystem
        "Online advertising is a key and growing component of the global digital economy. According to an industry review, the UK is expected to spend a projected £3.7 billion on advertising in 2024, and roughly three quarters of that will be digital content. This makes digital advertising a huge contributor to the UK economy, but public and commercial trust in the cyber security of the sector is essential if this is to remain the case."
        https://www.ncsc.gov.uk/blog-post/helping-banish-malicious-adverts
        https://www.infosecurity-magazine.com/news/ncsc-publishes-tips-tackle/
      • Defenders Outpace Attackers In AI Adoption
        "Cybercriminals’ use of AI is more limited than is generally reported or demonstrated by security researchers. Meanwhile, investment in AI by the cybersecurity sector is set to give defenders the edge over threat actors, according to Trend Micro’s Director, Forward Looking Threat Research - Cybercrime Research, Robert McArdle. Speaking during IRISSCON 2024 in Dublin, McArdle said that given the contrasting scale of investment and emphasis on AI in cybersecurity, defenders will gain an advantage over attackers."
        https://www.infosecurity-magazine.com/news/defenders-attackers-ai-adoption/
      • Malware Trends Report: Q3, 2024
        "In Q3 2024, ANY.RUN users ran 1,090,457 public interactive analysis sessions, which is a 23.7% increase from Q2 2024. Out of these, 211,770 (19.4%) were marked as malicious, and 47,375 (4.3%) as suspicious. Compared to the previous quarter, the percentage of malicious sandbox sessions increased slightly from 18.4% in Q2 2024 to 19.4% in Q3 2024. The share of suspicious sessions saw a decline from 7.0% to 4.3%. As for indicators of compromise, users collected a total of 570,519,029 IOCs this quarter."
        https://any.run/cybersecurity-blog/malware-trends-report-q3-2024/
        https://thehackernews.com/2024/11/5-most-common-malware-techniques-in-2024.html
      • Spy Or Ally: Unpacking The Cybersecurity Risks Of AI Agent-Based Systems
        "In recent months AI innovators have rolled out both exciting and concerning AI capabilities. Early this year Microsoft Copilot released new capabilities that while helpful for workflow optimization, heightened the risk of sensitive data exposure and data privacy violations."
        https://blog.morphisec.com/unpacking-the-cybersecurity-risks-of-ai-agent-based-systems
      • Exploring DORA: How To Manage ICT Incidents And Minimize Cyber Threat Risks
        "As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM’s 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors. More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust. It is not just about complying with the law; it also secures your company’s success."
        https://securityintelligence.com/posts/exploring-dora-how-to-manage-ict-incidents/
      • The Biggest Inhibitor Of Cybersecurity: The Human Element
        "Global spending on information security is projected to reach $212 billion in 2025, reflecting a 15.1% increase from 2024, according to Gartner’s latest forecast. Despite this surge in investment, breaches remain rampant, as seen in recent incidents such as the ransomware attack on Change Healthcare and a brute-force campaign exploiting vulnerabilities in various Cisco products. While technology plays an essential role in fortifying organizations against cyber threats, adversaries continue to exploit the weakest link in the defense chain: the human element."
        https://www.securityweek.com/the-biggest-inhibitor-of-cybersecurity-the-human-element/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 926afe64-4f16-4688-a588-924f61c8c421-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post