NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 November 2024

    Cyber Security News
    1
    1
    397
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • White House Slams Russia Over Ransomware's Healthcare Hits
        "Ransomware is a public health crisis and not just a cybersecurity problem, stressed a Biden administration official during a Friday briefing to the United Nations Security Council in which she also upbraided Russia for harboring cybercriminals. A Friday joint statement signed by 54 UN member states calls on all of the UN members "to collectively work together to strengthen the cybersecurity and resilience of our critical infrastructure and work to confront and disrupt the ransomware threat," especially for healthcare and emergency services."
        https://www.bankinfosecurity.com/white-house-slams-russia-over-ransomwares-healthcare-hits-a-26781
        https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/joint-statement-on-ransomware-attacks-against-healthcare-facilities-united-states-mission-to-united-nations.pdf

      Vulnerabilities

      • Microsoft Bookings – Facilitating Impersonation
        "Microsoft Bookings includes a feature to create “Shared Booking Pages,” enabled by default for users assigned an appropriate Microsoft 365 licence. To check if you’re licensed, visit Bookings in Outlook. Behind the scenes, the feature operates in a way that could make it very useful for adversaries who have compromised the Microsoft 365 account of a user in an organisation."
        https://www.cyberis.com/article/microsoft-bookings-facilitating-impersonation
        https://hackread.com/microsoft-bookings-flaw-account-hijack-impersonate/

      Malware

      • Trend Micro And Japanese Partners Reveal Hidden Connections Among SEO Malware Operations
        "Trend Micro researchers recently conducted a research project that analyzed the relationship among multiple blackhat search engine optimization (SEO) malware families. By analyzing data from command-and-control (C&C) servers of different types of SEO malware and fake shopping sites, they were able to identify distinct groups of SEO malware families, how these share infrastructure to maximize the effectiveness of SEO poisoning attacks, and their role in orchestrating e-commerce scams."
        https://www.trendmicro.com/en_us/research/24/k/seo-malware.html
      • Ymir: New Stealthy Ransomware In The Wild
        "In a recent incident response case, we discovered a new and notable ransomware family in active use by the attackers, which we named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls. In the case we analyzed, the attacker was able to gain access to the system via PowerShell remote control commands. After that, they installed multiple tools for malicious actions, such as Process Hacker and Advanced IP Scanner. Eventually, after reducing system security, the adversary ran Ymir to achieve their goals."
        https://securelist.com/new-ymir-ransomware-found-in-colombia/114493/
        https://www.bleepingcomputer.com/news/security/new-ymir-ransomware-partners-with-rustystealer-in-attacks/
      • October 2024’s Most Wanted Malware: Infostealers Surge As Cyber Criminals Leverage Innovative Attack Vectors
        "Check Point Software’s latest threat index reveals a significant rise in infostealers like Lumma Stealer, while mobile malware like Necro continues to pose a significant threat, highlighting the evolving tactics used by cyber criminals across the globe. Check Point’s Global Threat Index for October 2024 reveals a concerning trend in the cyber security landscape: the rise of infostealers and the increasing sophistication of attack methods employed by cyber criminals."
        https://blog.checkpoint.com/security/october-2024s-most-wanted-malware-infostealers-surge-as-cyber-criminals-leverage-innovative-attack-vectors/
      • FBI Warns US Organizations Of Fake Emergency Data Requests Made By Cybercriminals
        "The FBI has issued an alert to warn US-based companies and law enforcement agencies that threat actors are sending fake emergency data requests with the goal of harvesting personally identifiable information (PII). An emergency data request enables law enforcement agencies to obtain information from online service providers in emergency situations, when there is no time to get a subpoena. Emergency data requests have been abused by Lapsus$ and other threat actors, but the FBI has observed a spike in cybercrime forum posts related to the process of emergency data requests."
        https://www.securityweek.com/fbi-warns-us-organizations-of-fake-emergency-data-requests-made-by-cybercriminals/
        https://www.ic3.gov/CSA/2024/241104.pdf
        https://www.theregister.com/2024/11/11/fraudulent_edr_emails/
      • Machine Learning Bug Bonanza – Exploiting ML Services
        "JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered security vulnerabilities in ML-related projects as compared to more established software categories such as DevOps, Web Servers, etc. For example, in the past two years, 15 critical CVEs were published in mlflow vs. just two critical CVEs in Jenkins, which was documented by both public research and our own investigation."
        https://jfrog.com/blog/machine-learning-bug-bonanza-exploiting-ml-services/
        https://thehackernews.com/2024/11/security-flaws-in-popular-ml-toolkits.html
      • Cyberattack Causes Credit Card Readers To Malfunction In Israel
        "Devices used across Israel to read credit cards malfunctioned on Sunday due to a suspected cyberattack that disrupted the communications services underpinning them. Customers at supermarkets and gas stations were reportedly unable to make payments due to the incident, which reports suggest lasted around an hour. As reported by the Jerusalem Post, the cause was a distributed denial-of-service attack (DDoS) that targeted the payment gateway company Hyp’s CreditGuard product."
        https://therecord.media/cyberattack-causes-credit-card-readers-in-israel-to-malfunction
        https://www.jpost.com/business-and-innovation/all-news/article-828372

      Breaches/Hacks/Leaks

      • HIBP Notifies 57 Million People Of Hot Topic Data Breach
        "Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. Hot Topic is an American retail chain specializing in counterculture-related clothing, accessories, and licensed music merchandise. The company operates over 640 stores across the United States and Canada, primarily located in shopping malls, and has a vast customer base. According to HIBP, the exposed details include full names, email addresses, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card data for Hot Topic, Box Lunch, and Torrid customers."
        https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/
      • Amazon Confirms Employee Data Breach After Vendor Hack
        "Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. The threat actor behind this data leak, known as Nam3L3ss, published over 2.8 million lines of Amazon employee data, including names, contact information, building locations, email addresses, and more. Amazon spokesperson Adam Montgomery confirmed Nam3L3ss' claims, adding that this data was stolen from systems belonging to a third-party service provider."
        https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/
        https://securityaffairs.com/170804/data-breach/amazon-employee-data-breach-may-2023-moveit-attacks.html
      • Halliburton Reports $35 Million Loss After Ransomware Attack
        "Halliburton has revealed that an August ransomware attack has led to $35 million in losses after the breach caused the company to shut down IT systems and disconnect customers. Halliburton is a global provider of products and services to the energy industry, offering a range of solutions for oil and gas reservoirs, including exploration, development, and production. The company operates in 70 countries, employing 48,000 individuals and reporting revenue that surpassed $23.02 billion."
        https://www.bleepingcomputer.com/news/security/halliburton-reports-35-million-loss-after-ransomware-attack/
        https://www.darkreading.com/cybersecurity-operations/halliburton-optimistic-35m-data-breach-losses
        https://www.securityweek.com/cyberattack-cost-oil-giant-halliburton-35-million/
      • Debt Relief Firm Forth Discloses Data Breach Impacting 1.5 Million People
        "Debt relief solutions provider Forth (Set Forth) is notifying 1.5 million individuals that their personal information was compromised in a May 2024 data breach. The incident, the company revealed in a Friday announcement, was discovered on May 21 and prompted the activation of incident response protocols. On July 1, Forth determined that the attackers accessed certain documents on its systems, including files containing personal information. The potentially compromised data, the company says, includes names, addresses, dates or birth, and Social Security numbers."
        https://www.securityweek.com/debt-relief-firm-forth-discloses-data-breach-impacting-1-5-million-people/
      • Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare Patients
        "The information of over 300,000 Presbyterian Healthcare Services patients was compromised as a result of a data breach at law firm Thompson Coburn. In a recent data security incident notice, Thompson Coburn said it had detected unauthorized activity on its network on May 29. An investigation showed that files containing protected health information belonging to patients of its client, Presbyterian Healthcare Services, had been viewed or taken."
        https://www.securityweek.com/law-firm-data-breach-impacts-300000-presbyterian-healthcare-patients/

      General News

      • AI & LLMs Show Promise In Squashing Software Bugs
        "Security researchers and attackers are turning to AI models to find vulnerabilities, a technology whose use will likely drive the annual count of software flaws higher, but could eventually result in fewer flaws in public releases, experts say. On Nov. 1, Google said its Big Sleep large language model (LLM) agent discovered a buffer-underflow vulnerability in the popular database engine, SQLite. The experiment shows both the peril and the promise of AI-powered vulnerability discovery tools: The AI agent searched through the code for variations on a specific vulnerability, but identified the software flaw in time for Google to notify the SQLite project and work with them to fix the issue."
        https://www.darkreading.com/application-security/ai-llms-show-promise-squashing-software-bugs
      • 4 Reasons Why Veterans Thrive As Cybersecurity Professionals
        "Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need in prospective talent. These organizations must take note, as tapping veterans for cybersecurity roles can mutually benefit their business and the individuals they hire. Below, I’ll explain four reasons veterans make excellent cybersecurity company employees."
        https://www.helpnetsecurity.com/2024/11/11/veterans-cybersecurity-professionals/
      • Strategies For CISOs Navigating Hybrid And Multi-Cloud Security
        "In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent security policies, and the need for automated compliance solutions."
        https://www.helpnetsecurity.com/2024/11/11/alex-freedland-mirantis-cisos-cloud-security/
      • How Human Ingenuity Continues To Outpace Automated Security Tools
        "10% of security researchers now specialize in AI technology as 48% of security leaders consider AI to be one of the greatest risks to their organizations, according to HackerOne. HackerOne’s report combines perspectives from the researcher community, customers, and security leaders. It explores how security-focused organizations integrate human expertise with technology and AI for a defense-in-depth strategy."
        https://www.helpnetsecurity.com/2024/11/11/ai-safety-issues/
      • Open Source Security Incidents Aren't Going Away
        "Open source security incidents aren't going away. The reliance on open source software (OSS) increases year-over-year, with more than 95% of all software, including open source, in some capacity. From operating systems to critical libraries to Web applications and more, open source software (OSS) plays a pivotal role in the current technology landscape. However, this widespread reliance introduces significant security risks. As the use of OSS continues to evolve, so does the importance of securing it. This responsibility falls not on individual hobbyist developers, but on the companies and organizations that have the resources to dedicate engineers specifically to open source security. These organizations are the ones that benefit the most from open source and should be the ones who contribute the most back."
        https://www.darkreading.com/vulnerabilities-threats/open-source-security-incidents-aren-t-going-away
      • WEF Introduces Framework To Strengthen Anti-Cybercrime Partnerships
        "The past few months have shown that collaborations between experts from the cybersecurity industry and the public sector are efficient at disrupting cybercrime. Drawing on big successes, like the LockBit takedown, Operation ‘Trust No One’ or the LabHost operation, the World Economic Forum’s (WEF) Partnership against Cybercrime released a framework to strengthen anti-cybercrime collaboration."
        https://www.infosecurity-magazine.com/news/wef-framework-combat-cybercrime/
      • Bitcoin Fog Founder Sentenced To 12 Years For Cryptocurrency Money Laundering
        "The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March. The U.S. Department of Justice (DoJ) described Bitcoin Fog as the darknet's longest-running cryptocurrency mixer, allowing cybercriminals to conceal the source of their cryptocurrency proceeds."
        https://thehackernews.com/2024/11/bitcoin-fog-founder-sentenced-to-12.html
        https://www.justice.gov/opa/pr/bitcoin-fog-operator-sentenced-money-laundering-conspiracy
        https://www.infosecurity-magazine.com/news/man-12-years-running-crypto-mixer/
        https://www.theregister.com/2024/11/11/bitcoin_fog_sentencing/
        https://hackread.com/bitcoin-fog-operator-longest-bitcoin-laundering/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 9829419e-2b0a-4eb8-92fa-2345ca60408a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post