NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 November 2024

    Cyber Security News
    1
    1
    383
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Subnet Solutions PowerSYSTEM Center
        "Successful exploitation of these vulnerabilities could allow an attacker to cause an integer overflow on the affected device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-317-01
      • Hitachi Energy TRO600
        "Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensively than the write privilege intends. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-317-02
        Rockwell Automation FactoryTalk View ME
        "Successful exploitation of this vulnerability could allow a local low-privileged user to escalate their privileges by changing the macro to execute arbitrary code."
        Priority: 3 - Important
        Relevance: General
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-317-03

      Vulnerabilities

      • D-Link Won’t Fix Critical Bug In 60,000 Exposed EoL Modems
        "Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. The vulnerability was discovered in the D-Link DSL6740C modem by security researcher Chaio-Lin Yu (Steven Meow), who reported it to Taiwan’s computer and response center (TWCERTCC). It is worth noting that the device was not available in the U.S. and reached end-of-service (EoS) phase at the beginning of the year."
        https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/
      • Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 91 Flaws
        "Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. This Patch Tuesday fixed four critical vulnerabilities, which include two remote code execution and two elevation of privileges flaws."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/
        https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates
        https://www.tripwire.com/state-of-security/vert-threat-alert-november-2024-patch-tuesday-analysis
        https://blog.talosintelligence.com/november-patch-tuesday-release/
        https://www.darkreading.com/cloud-security/2-zero-day-bugs-microsoft-nov-update-active-exploit
        https://hackread.com/microsofts-november-patch-tuesday-fix-91-vulnerabilities/
        https://www.helpnetsecurity.com/2024/11/12/cve-2024-43451-cve-2024-49039/
        https://www.securityweek.com/microsoft-confirms-zero-day-exploitation-of-task-scheduler-flaw/
        https://securityaffairs.com/170851/hacking/microsoft-patch-tuesday-november-2024.html
        https://www.theregister.com/2024/11/13/november_patch_tuesday/
      • Fortinet Releases Security Updates For Multiple Products
        "Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products
      • Adobe Releases Security Updates For Multiple Products
        "Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products
        https://www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-photoshop-indesign-illustrator/
      • Ivanti Releases Security Updates For Multiple Products
        "Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client."
        https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products
      • Citrix Releases Security Updates For NetScaler And Citrix Session Recording
        "Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording
        https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
        https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html
        https://www.darkreading.com/cloud-security/citrix-recording-manager-zero-day-bug-unauthenticated-rce
        https://www.darkreading.com/cloud-security/citrix-patches-zero-day-recording-manager-bugs
        https://www.infosecurity-magazine.com/news/new-citrix-zeroday-vulnerability/
        https://www.theregister.com/2024/11/12/http_citrix_vuln/
      • SAP Patches High-Severity Vulnerability In Web Dispatcher
        "Enterprise software maker SAP on Tuesday announced the release of eight new and two updated security notes as part of its November 2024 security updates. Marked as ‘high priority’, the second most severe rating in SAP’s playbook, the most important of these notes resolves a high-severity vulnerability in Web Dispatcher, the appliance that distributes incoming requests to the adequate SAP instances. In its advisory, SAP describes the security defect, which is tracked as CVE-2024-47590 (CVSS score of 8.8), as a cross-site scripting (XSS) bug."
        https://www.securityweek.com/sap-patches-high-severity-vulnerability-in-web-dispatcher/
      • ModeLeak: Privilege Escalation To LLM Model Exfiltration In Vertex AI
        "In the race to gain a competitive edge, organizations are increasingly training artificial intelligence (AI) models on sensitive data. But what if a seemingly harmless AI model became a gateway for attackers? A malicious actor could upload a poisoned model to a public repository, and without realizing it, your team could deploy it in your environment. Once active, that model could exfiltrate your sensitive machine learning (ML) models and fine-tuned large language model (LLM) adapters. With access to these adapters, attackers could replicate your custom tuning and optimizations, exposing sensitive information embedded in fine-tuning patterns."
        https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/
      • Microsoft Exchange Adds Warning To Emails Abusing Spoofing Flaw
        "Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. "The problem is that SMTP servers parse the recipient address differently, which leads to email spoofing," Kokorin said in a May report."
        https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/

      Malware

      • Iranian “Dream Job” Campaign 11.24
        "ClearSky Cyber Security research identified a campaign named “Iranian Dream Job campaign”, in which the Iranian threat actor TA455 targeted the aerospace industry by offering fake jobs. The campaign distributed the SnailResin malware, which activates the SlugResin backdoor. ClearSky attributes both malware programs to a subgroup of Charming Kitten. However, some cyber research companies detected the malware files as belonging to the North Korean Kimsuky/Lazarus APT group. The similar “Dream Job” lure, attack techniques, and malware files suggest that either Charming Kitten was impersonating Lazarus to hide its activities, or that North Korea shared attack methods and tools with Iran."
        https://www.clearskysec.com/irdreamjob24/
        https://www.infosecurity-magazine.com/news/ta455s-iranian-dream-job-campaign/
      • Defending The Tor Network: Mitigating IP Spoofing Against Tor
        "At the end of October, Tor directory authorities, relay operators, and even the Tor Project sysadmin team received multiple abuse complaints from their providers about port scanning. These complaints were traced back to a coordinated IP spoofing attack, where an attacker spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network. Thanks to a joint effort from the Tor community, InterSecLab, and the support of Andrew Morris and the team at GreyNoise, the origin of these spoofed packets was identified and shut down on November 7th, 2024."
        https://blog.torproject.org/defending-tor-mitigating-IP-spoofing/
        https://www.securityweek.com/ip-spoofing-attack-tried-to-disrupt-tor-network/
      • APT Actors Embed Malware Within MacOS Flutter Applications
        "Jamf Threat Labs discovered malware samples believed to be tied to the Democratic People's Republic of Korea (DPRK), aka North Korea, that are built using Flutter, which by design provides obfuscation to the malicious code. JTL performs a deep dive into how the malicious code works to help protect users on macOS devices."
        https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
        https://www.bleepingcomputer.com/news/security/north-korean-hackers-create-flutter-apps-to-bypass-macos-security/
        https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html
        https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/
        https://www.infosecurity-magazine.com/news/north-korea-hackers-flutter-macos/
      • The Botnet Is Back: SSC STRIKE Team Uncovers a Renewed Cyber Threat
        "A silent danger is sweeping through the world’s critical infrastructure. The SecurityScorecard STRIKE Team has uncovered a resurgence of Volt Typhoon—a state-sponsored cyber-espionage group from the Asia-Pacific region, known for its precision and persistence. This is no ordinary attack. Volt Typhoon exploits unprotected, outdated edge devices within targeted critical infrastructure."
        https://securityscorecard.com/blog/botnet-is-back-ssc-strike-team-uncovers-a-renewed-cyber-threat/
        https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption/
        https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
      • SpyNote: Unmasking a Sophisticated Android Malware
        "At Cyfirma, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations and individuals. This report delves into the mechanics of SpyNote, a sophisticated variant of Android malware. This comprehensive analysis reveals the malware’s intricate methods for disguising itself, escalating permissions, maintaining persistence, and evading detection. Through detailed code examination and execution observations, we uncover how SpyNote leverages the Accessibility Service, disguises itself as a trusted antivirus app, and persistently attempts to communicate with its command-and-control server despite network obstacles. The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats."
        https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/
        https://www.bankinfosecurity.com/spynote-malware-targets-android-antivirus-users-a-26797
      • Hamas-Linked Threat Group Expands Espionage And Destructive Operations
        "Check Point Research has been closely tracking a significant cyber campaign led by the WIRTE group, an Advanced Persistent Threat (APT) originating from the Middle East with connections to Gaza Cybergang, a cluster affiliated with Hamas. Active since at least 2018, the covert organization has gained notoriety for its politically driven cyber-espionage activities, focusing on intelligence gathering that likely ties into the complexities of regional geopolitical conflicts. The group targets entities in the Middle East, specifically the Palestinian Authority, Jordan, Egypt, Iraq, and Saudi Arabia."
        https://blog.checkpoint.com/research/hamas-linked-threat-group-expands-espionage-and-destructive-operations/
        https://research.checkpoint.com/2024/hamas-affiliated-threat-actor-expands-to-disruptive-activity/
        https://www.bankinfosecurity.com/hamas-tied-to-october-wiper-attacks-using-eset-email-a-26795
      • Threat Spotlight: Evolving 'we Know Where You Live' Tactics Personalize Sextortion Scams
        "Sextortion scams are a type of extortion where criminals attempt to extort money from victims by threatening to release explicit images or videos unless demands are met. Leveraging usernames and passwords stolen in data breaches, criminals contact victims and claim to have compromising content, allegedly from the victim’s computer, and threaten to publicly share it if victims don’t pay up."
        https://blog.barracuda.com/2024/11/12/threat-spotlight-personalize-sextortion-scams
      • GoIssue – The Tool Behind Recent GitHub Phishing Attacks
        "We recently uncovered GoIssue, a tool marketed on a cybercrime forum that allows attackers to extract email addresses from GitHub profiles and send bulk emails directly to user inboxes. GoIssue signals a dangerous shift in targeted phishing that extends beyond individual developers to threaten entire organizations. This sophisticated tool, potentially linked to the GitLoker extortion campaign, represents more than just another phishing threat – it’s a gateway to source code theft, supply chain attacks, and corporate network breaches through compromised developer credentials. Learn how to defend against these types of phishing threats, schedule a demo."
        https://slashnext.com/blog/goissue-github-phishing-attacks/
        https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html
        https://www.darkreading.com/cloud-security/goissue-cybercrime-tool-github-developers-en-masse
        https://hackread.com/gitloker-goissue-tool-targets-github-phishing-users/
        https://www.infosecurity-magazine.com/news/phishing-goissue-targets-github/
        https://www.securityweek.com/gitloker-strikes-again-new-goissue-tool-targets-github-developers-and-corporate-supply-chains/
      • How Italy Became An Unexpected Spyware Hub
        "In April 2022, about four months after Kazakhstan’s government violently cracked down on nationwide protests, cybersecurity researchers discovered that authorities in the country were deploying spyware on smartphones to eavesdrop on citizens. The tool wasn’t developed by Kazakhstan, nor was it purchased from Israel or other countries typically associated with spyware. Instead, researchers linked it to RCS Labs, a relatively unknown Italian firm that has been operating since 1992."
        https://therecord.media/how-italy-became-an-unexpected-spyware-hub

      Breaches/Hacks/Leaks

      • Ahold Delhaize Cybersecurity Incident Impacts Giant Food, Hannaford
        "Several US pharmacies and supermarket chains owned by Dutch food giant Ahold Delhaize have been affected by a cybersecurity incident disclosed on Friday. Giant Food pharmacies and Hannaford supermarkets are among the impacted brands that have reported network issues as result of the incident, but other brands might be affected as well. One of the largest food retailers in the world, Ahold Delhaize operates several supermarkets and ecommerce sites in the US, including Food Lion, Giant Food, Hannaford, Stop & Shop, and The Giant Company."
        https://www.securityweek.com/ahold-delhaize-cybersecurity-incident-impacts-giant-food-hannaford/
        https://therecord.media/dutch-company-stop-shop-hannaford-cyber
        https://www.theregister.com/2024/11/12/ahold_delhaize_cybersecurity_issue_blamed/
        https://securityaffairs.com/170840/security/ahold-delhaize-cyber-incident-u-s-brands.html
      • Form I-9 Compliance Data Breach Impacts Over 190,000 People
        "Employee eligibility verification solutions provider Form I-9 Compliance has suffered a data breach and its impact is far bigger than initially believed. Form I-9 Compliance assists customers in completing government-required Form I-9 documents, which are used to verify the identity and employment authorization of individuals hired in the United States. In late May, the company started informing customers that someone had gained unauthorized access to its network in early February. The intrusion was detected on April 12 and some systems were shut down as part of the company’s incident response process."
        https://www.securityweek.com/form-i-9-compliance-data-breach-impacts-over-190000-people/

      General News

      • The Changing Face Of Identity Security
        "It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold of privileged user credentials is often the goal of attackers, granting the perpetrator the keys to the kingdom and enabling them to pull off all malicious activity."
        https://www.helpnetsecurity.com/2024/11/12/identity-security-strategy/
      • Evaluating Your Organization’s Application Risk Management Journey
        "In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software dependencies, ensuring that security remains a priority throughout the software development lifecycle."
        https://www.helpnetsecurity.com/2024/11/12/chris-wysopal-veracode-application-risk-management/
      • JCDC’s Collaborative Efforts Enhance Cybersecurity For The 2024 Olympic And Paralympic Games
        "The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key French counterparts to promote collective defense measures."
        https://www.cisa.gov/news-events/alerts/2024/11/12/jcdcs-collaborative-efforts-enhance-cybersecurity-2024-olympic-and-paralympic-games
      • CISA, FBI, NSA, And International Partners Release Joint Advisory On 2023 Top Routinely Exploited Vulnerabilities
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities. This advisory supplies details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors and their associated Common Weakness Enumeration(s) (CWE) to help organizations better understand the impact of exploitation."
        https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-fbi-nsa-and-international-partners-release-joint-advisory-2023-top-routinely-exploited
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
        https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-most-exploited-vulnerabilities-of-2023/
        https://therecord.media/surge-zero-day-exploits-five-eyes-report
      • Moody’s Rating Adds Telecoms, Airlines, Utilities To Highest Risk Category
        "The telecommunications industry, airlines, and some power generation utilities have elevated cyber risks due to digitization and lax security practices, according to a new report from Moody’s Rating that places the sectors in the “high risk” category. The financial ratings service released a cyber heat map Tuesday that looks at the risk profiles of 71 sectors globally and compares them to 2022. Moody’s analysts found that the increasing reliance on digitization is a major factor for the increased cyber risk, as adoption adds new methods of attack for malicious hackers."
        https://cyberscoop.com/moodys-rating-high-risk-telecom-aviation-power/
        https://cyberscoop.com/wp-content/uploads/sites/3/2024/11/Sector_In-Depth-Cybersecurity-Global-Our-heat-12Nov2024-PBC_1420289.pdf
      • The Power Of The Purse: How To Ensure Security By Design
        "Companies across the country are lining up to join the latest cybersecurity trend: the Cybersecurity and Infrastructure Security Agency's (CISA) Secure by Design pledge, a commitment aimed at software manufacturers that compels them to keep up with fundamental cybersecurity strategies. Companies such as Lenovo, Google, AWS, Cloudflare, and Microsoft have already signed on."
        https://www.darkreading.com/vulnerabilities-threats/power-purse-ensure-security-by-design
      • CISOs Turn To Indemnity Insurance As Breach Pressure Mounts
        "Most enterprise security leaders are now turning to personal indemnity insurance to mitigate mounting breach risks and boardroom pressure, according to Panaseer. The continuous controls monitoring specialist interviewed 400 CISOs and similar in US and UK organizations in order to compile its Panaseer 2025 Security Leaders Report."
        https://www.infosecurity-magazine.com/news/cisos-indemnity-insurance-breach/
      • Pentagon Secrets Leaker Jack Teixeira Sentenced To 15 Years In Prison By a Federal Judge
        "A federal judge on Tuesday sentenced a Massachusetts Air National Guard member to 15 years in prison after he pleaded guilty to leaking highly classified military documents about the war in Ukraine. Jack Teixeira pleaded guilty earlier this year to six counts of willful retention and transmission of national defense information under the Espionage Act following his arrest in the most consequential national security case in years. Brought into court wearing an orange jumpsuit, he showed no visible reaction as he was sentenced by U.S. District Judge Indira Talwani."
        https://www.securityweek.com/pentagon-secrets-leaker-jack-teixeira-sentenced-to-15-years-in-prison-by-a-federal-judge/
        https://www.theregister.com/2024/11/13/teixeira_prison_discord/
      • Controversial UN Cybercrime Treaty Clears Final Hurdle Before Full Vote As US Defends Support
        "The United Nations Cybercrime Convention has cleared another hurdle as it heads to a vote in the General Assembly next month. The draft of the contentious resolution was approved during a meeting on Monday as both the United States and United Kingdom defended their support for the measure — which has faced backlash from tech companies, human rights defenders and even members of Congress."
        https://therecord.media/un-cybercrime-treaty-clears-vote

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) fd0d0ba8-62f1-439e-9dd2-ecda95cd213b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post