NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 21 November 2024

    Cyber Security News
    1
    1
    304
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Decades-Old Security Vulnerabilities Found In Ubuntu's Needrestart Package
        "Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction. The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that users move quickly to apply the fixes. The vulnerabilities are believed to have existed since the introduction of interpreter support in needrestart 0.8, which was released on April 27, 2014."
        https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html
        https://ubuntu.com/blog/needrestart-local-privilege-escalation
        https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/
        https://www.infosecurity-magazine.com/news/5-privilege-escalation-flaws/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
        CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Insecure Deserialization Vulnerability (CVE-2024-8069) In Citrix Session Recording
        "The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in the Session Recording functionality of Citrix Virtual Apps and Desktops, assessed its impact and developed mitigation measures. Citrix Virtual Apps and Desktops are virtualization solutions that give IT control of virtual machines, applications, licensing and security while providing anywhere access for any device. Identified as CVE-2024-8069, Citrix Session Recording versions 2407 before hotfix 24.5.200.8, 1912 LTSR CU9 before hotfix 19.12.9100.6, 2203 LTSR CU5 before hotfix 22.03.5100.11, and 2402 LTSR CU1 before hotfix 24.02.1200.16 allow an attacker to execute arbitrary code remotely, earning a CVSS score of 8.8."
        https://www.sonicwall.com/blog/insecure-deserialization-vulnerability-cve-2024-8069-in-citrix-session-recording

      Malware

      • Malicious QR Codes
        "Prior to 1994, most code scanning technology utilized one-dimensional barcodes. These one-dimensional barcodes consist of a series of parallel black lines of varying width and spacing. We are all familiar with these codes, like the type you might find on the back of a cereal box from the grocery store. However, as the use of barcodes spread, their limitations became problematic, especially considering that a one-dimensional barcode can only hold up to 80 alphanumeric characters of information. To eliminate this limitation, a company named Denso Wave created the very first “Quick Response“ codes (QR codes)."
        https://blog.talosintelligence.com/malicious_qr_codes/
      • Unveiling LIMINAL PANDA: A Closer Look At China's Cyber Threats To The Telecom Sector
        "On Tuesday, November 19, 2024, Adam Meyers, CrowdStrike Senior Vice President of Counter Adversary Operations, will testify in front of the U.S. Senate Judiciary Subcommittee on Privacy, Technology, and the Law on Chinese cyber threats to critical infrastructure. Within his testimony, Adam will speak publicly for the first time about a China-nexus state-sponsored actor that CrowdStrike Counter Adversary Operations tracks as LIMINAL PANDA."
        https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/
        https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html
        https://www.darkreading.com/threat-intelligence/china-liminal-panda-telcos-phone-data
        https://www.infosecurity-magazine.com/news/chinese-apt-targets-telecoms-bri/
      • Amazon And Audible Flooded With 'forex Trading' And Warez Listings
        "Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software."
        https://www.bleepingcomputer.com/news/security/amazon-and-audible-flooded-with-forex-trading-and-warez-listings/
      • Ghost Tap: New Cash-Out Tactic With NFC Relay
        "Cash-out tactics of fraudsters are of particular interest for financial institutions for obvious reasons – the ability to detect anomaly in the flow of the customer assets that is matching the known cash-out tactic allows to protect unsuspecting customer’s assets as well as detect money laundering schemes as a part of anti-fraud compliance. Knowing that, fraudsters are always on the lookout for the new ways to cash-out the stolen funds, both to avoid detection based on the transactions monitoring as well as to ensure the stability and scalability of the cash-out process, staying anonymous while easily finding new mules."
        https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay
        https://thehackernews.com/2024/11/ghost-tap-hackers-exploiting-nfcgate-to.html
        https://www.bleepingcomputer.com/news/security/new-ghost-tap-attack-abuses-nfc-mobile-payments-to-steal-money/
        https://www.bankinfosecurity.com/criminals-ghost-tap-nfc-for-payment-cash-out-attacks-a-26860
      • Threat Assessment: Ignoble Scorpius, Distributors Of BlackSuit Ransomware
        "Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least 93 victims globally, a quarter of which were in the construction and manufacturing industries."
        https://unit42.paloaltonetworks.com/threat-assessment-blacksuit-ransomware-ignoble-scorpius/
      • “Sad Announcement” Email Leads To Tech Support Scam
        "Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know. The email may appear to come from the person themselves. A co-worker who received such an email pointed it out to our team. Looking around, I found the first report about such an email in a tweet dating back to February 5, 2024."
        https://www.malwarebytes.com/blog/news/2024/11/sad-announcement-email-leads-to-tech-support-scam
      • Phobos Ransomware Indictment Sheds Light On Long-Running, Quietly Successful Scheme
        "U.S. federal government contractors, healthcare providers, public school systems and a law enforcement union were among the targets of Phobos ransomware over a five-year span, according to an indictment unsealed this week. The document sheds light on a durable cybercrime operation that has drawn serious attention from security researchers and law enforcement agencies, even though it has kept a lower profile than other ransomware gangs known for flashy data-leak sites, brand-name targets and big paydays."
        https://therecord.media/phobos-ransomware-indictment-five-years-under-the-radar
      • FBI Says BianLian Based In Russia, Moving From Ransomware Attacks To Extortion
        "BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement. BianLian has drawn scrutiny for attacks on charities like Save The Children as well as healthcare firms like Boston Children’s Health Physicians. On Tuesday, the gang took credit for an attack on Amherstburg Family Health Team — a Canadian healthcare company that said it is currently experiencing delays due to technical issues with its phone system."
        https://therecord.media/fbi-says-bianlian-based-in-russia-switching-tactics

      Breaches/Hacks/Leaks

      • Fintech Giant Finastra Investigates Data Breach After SFTP Hack
        "Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. Finastra is a financial software company serving over 8,000 institutions across 130 countries, including 45 of the world's top 50 banks and credit unions. The company employs 12,000 people, and last year, it reported a revenue of $1.7 billion."
        https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack/
        https://www.bankinfosecurity.com/fintech-finastra-confirms-data-theft-investigation-underway-a-26859
      • Thai Loyalty Membership Card Data Of 5 Million Customers Put Up For Sale On Hacking Forum
        "Central Group is a multinational conglomerate in Thailand that describes itself as one of the largest private commercial conglomerates in Thailand with more than 50 subsidiaries and six key business lines. In October 2021, DataBreaches reported an attack on the Central Restaurant Group by threat actors called DESORDEN. When negotiations failed, DESORDEN revealed details about the scope of the attack. Now, it seems another threat actor has obtained data from another Central Group subsidiary."
        https://databreaches.net/2024/11/20/thai-loyalty-membership-card-data-of-5-million-customers-put-up-for-sale-on-hacking-forum/

      General News

      • Five Backup Lessons Learned From The UnitedHealth Ransomware Attack
        "The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation. Over the past few months, there have been two congressional hearings on the attack — one in the Senate, followed by one in the House — as well as calls from multiple senators for investigations into how the government responded to the incident, not to mention the criticism against UnitedHealth’s CISO, Steven Martin, who joined the company in June 2023."
        https://www.helpnetsecurity.com/2024/11/20/backup-strategies/
      • Debunking Myths About Open-Source Security
        "In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterprise-grade maturity, reliability, and transparency. Domas also shares key factors organizations should prioritize in open-source adoption to enhance security and balance innovation with stability."
        https://www.helpnetsecurity.com/2024/11/20/stephanie-domas-canonical-open-source-maturity/
      • Overreliance On GenAI To Develop Software Compromises Security
        "GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and productivity, according to Legit Security. “As GenAI transforms software development and becomes increasingly embedded in the development lifecycle, there are some real security concerns among developers and security teams,” said Liav Caspi, CTO at Legit. “Our research found that teams are challenged with balancing the innovations of GenAI and the risks it introduces by exposing their applications and their software supply chain to new vulnerabilities."
        https://www.helpnetsecurity.com/2024/11/20/genai-software-development-process-security/
      • OWASP Warns Of Growing Data Exposure Risk From AI In New Top 10 List For LLMs
        "Sensitive information disclosure via large language models (LLMs) and generative AI has become a more critical risk as AI adoption surges, according to the Open Worldwide Application Security Project (OWASP) To this end, ‘sensitive information disclosure’ has been designated as the second biggest risk to LLMs and GenAI in OWASP’s updated Top 10 List for LLMs, up from sixth in the original 2023 version of the list."
        https://www.infosecurity-magazine.com/news/owasp-data-exposure-risk-ai/
      • One Deepfake Digital Identity Attack Strikes Every Five Minutes
        "Fraudsters are using deepfake technology with growing frequency to help them bypass digital identity verification checks, Entrust has warned. The identity security specialist revealed the findings in its Entrust Onfido 2025 Identity Fraud Report yesterday. It is based on data collected from the millions of identity verifications the vendor makes each year across 195 countries. It claimed that deepfakes now comprise 24% of fraudulent attempts to pass motion-based biometrics checks, which are used by banks and other service providers to authenticate users."
        https://www.infosecurity-magazine.com/news/deepfake-identity-attack-every/
      • Cybercriminals Exploit Weekend Lull To Launch Ransomware Attacks
        "Ransomware gangs are increasingly targeting weekends and holidays, when cybersecurity teams are typically less staffed, according to a new report from Semperis. The cybersecurity firm said that 86% of study participants who experienced a ransomware attack were targeted on a weekend or holiday, when staffing is most likely to be reduced. Even though 96% of surveyed organizations maintained a security operations center (SOC) 24/7, 85% reduced SOC staffing by as much as 50% on holidays and weekends."
        https://www.infosecurity-magazine.com/news/cybercriminals-exploit-weekend/
      • Data Is The New Uranium – Incredibly Powerful And Amazingly Dangerous
        "I recently got to play a 'fly on the wall' at a roundtable of chief information security officers. Beyond the expected griping and moaning about funding shortfalls and always-too-gullible users, I began to hear a new note: data has become a problem. A generation ago we had hardly any data at all. In 2003 I took a tour of a new all-digital 'library' – the Australian Centre for the Moving Image (ACMI) – and marveled at its single petabyte of online storage. I'd never seen so much, and it pointed toward a future where we would all have all the storage capacity we ever needed."
        https://www.theregister.com/2024/11/20/data_is_the_new_uranium/
      • 2024 CWE Top 25 Most Dangerous Software Weaknesses
        "The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services."
        https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses
        https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/
      • USDA Releases Success Story Detailing The Implementation Of Phishing-Resistant Multi-Factor Authentication
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards."
        https://www.cisa.gov/news-events/alerts/2024/11/20/usda-releases-success-story-detailing-implementation-phishing-resistant-multi-factor-authentication
        https://cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido
      • US Charges Five Linked To Scattered Spider Cybercrime Gang
        "The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. Between September 2021 and April 2023, they were able to steal millions from cryptocurrency wallets using victims' credentials stolen in SMS phishing attacks targeting dozens of targets, including both individuals and companies."
        https://www.bleepingcomputer.com/news/security/us-charges-five-linked-to-scattered-spider-cybercrime-gang/
        https://therecord.media/five-scattered-spider-members-charged-breaches-11-million-theft
        https://cyberscoop.com/federal-charges-scattered-spider-cybercrime-phishing-cryptocurrency-theft/
        https://www.theregister.com/2024/11/21/scattered_spider_suspects/
      • It's Near-Unanimous: AI, ML Make The SOC Better
        "Efficiency is the name of the game for the security operations center — and 91% of cybersecurity pros say AI and ML are winning that game. Only 9% of cybersecurity professionals said that new artificial intelligence (AI) and machine learning (ML) tools have not improved their security operations center (SOC) functionality, according to Dark Reading's latest research on enterprise security. The vast majority of respondents saw noticeable rises in speed, accuracy, and efficiency — good news for those front-line workers."
        https://www.darkreading.com/cybersecurity-operations/survey-report-ai-ml-make-soc-better
      • Middle East Cybersecurity In 2024: From Zero-Day Exploits To Supply Chain Attacks
        "In 2024, the Middle East faces an escalating wave of cyberattacks amid its rapid digital transformation, with zero-day exploits and advanced attack techniques targeting critical infrastructure, government entities, and supply chains. Cybercriminals are increasingly exploiting vulnerabilities like CVE-2024-4577 and CVE-2024-26169, demonstrating a heightened ability to disrupt sectors such as oil, gas, and telecommunications."
        https://cyble.com/blog/middle-east-cybersecurity-in-2024/
      • Feds Seize PopeyeTools Marketplace, Charge Alleged Operators
        "The United States Justice Department has taken control of PopeyeTools, a notorious online marketplace dedicated to carrying out cybercrime, fraud and selling stolen credit cards. The department announced Wednesday the seizure of the illicit PopeyeTools website and criminal charges against three alleged administrators: Abdul Ghaffar, 25, Abdul Sami, 35, and Javed Mirza, 37. The two Pakistanis and an Afghan are charged with conspiracy, trafficking and solicitation related to access devices."
        Priority: 3 - Important
        Relevance: General
        https://www.bankinfosecurity.com/feds-seize-popeyetools-marketplace-charge-alleged-operators-a-26867

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 0293136a-221c-4449-8f91-e2a07663f9c3-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post