NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 November 2024

    Cyber Security News
    1
    1
    402
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog
      • Finding Vulnerabilities In ClipSp, The Driver At The Core Of Windows’ Client License Platform
        "ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems.Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape:"
        https://blog.talosintelligence.com/finding-vulnerabilities-in-clipsp-the-driver-at-the-core-of-windows-client-license-platform/

      Malware

      • Game Of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
        "Since 2023, Earth Estries (aka Salt Typhoon, FamousSparrow, GhostEmperor and UNC2286) has emerged as one of the most aggressive Chinese advanced persistent threat (APT) groups, primarily targeting critical industries such as telecommunications and government entities in the US, the Asia-Pacific region, the Middle East, and South Africa. In this blog entry, we will highlight their evolving attack techniques and analyze the motivation behind their operations, providing insights into their long-term targeted attacks."
        https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
        https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/
        https://therecord.media/china-salt-typhoon-targets-southeast-asia-telecom
      • The Dark Side Of Domain-Specific Languages: Uncovering New Attack Techniques In OPA And Terraform
        "Check out our deep dive into both new and known techniques for abusing infrastructure-as-code and policy-as-code tools. You’ll also learn how to defend against them in this blog post which expands on the attack techniques presented at our fwd:cloudsec Europe 2024 talk “Who Watches the Watchmen? Stealing Credentials from Policy-as-Code Engines (and beyond).”"
        https://www.tenable.com/blog/the-dark-side-of-domain-specific-languages-uncovering-new-attack-techniques-in-opa-and
        https://thehackernews.com/2024/11/cybersecurity-flaws-in-iac-and-pac.html
      • Warning Against Malware In SVG Format Distributed Via Phishing Emails
        "AhnLab SEcurity Intelligence Center (ASEC) has recently identified multiple instances of malware being distributed in Scalable Vector Graphics (SVG) format. An SVG file is an XML-based file format that represents scalable vector graphics. SVG files are primarily used for icons, charts, and graphs, and they support the use of CSS and JavaScript within the code. The threat actor is exploiting these features to distribute various types of SVG malware. The SVG malware is being distributed as an attachment in phishing emails, and the email body includes instructions on how to execute the file. When an SVG file is executed in the usual way, it opens through a web browser."
        https://asec.ahnlab.com/en/84720/
      • Infected Systems Controlled Through Remote Administration Tools – Detected By EDR (2)
        "Remote administration tools, also known as RAT, are software that provide the ability to manage and control terminals at remote locations. Recently, there has been an increase in cases where remote administration tools are installed instead of backdoor malware during the initial access or lateral movement phases to control the target system. This is an intentional tactic aimed at bypassing firewalls and detection, as anti-malware products face limitations in simply detecting and blocking these tools, unlike typical malware. As a result, threat actors are exploiting this weakness, making it essential to utilize EDR solutions to monitor and respond to suspicious activities in preparation for such attacks."
        https://asec.ahnlab.com/en/84729/
      • Blue Yonder Ransomware Attack Disrupts Grocery Store Supply Chain
        "Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. Blue Yonder (formerly JDA Software) operates as a Panasonic subsidiary with an annual revenue of over a billion USD and 6,000 employees. The company offers AI-driver supply chain solutions to retailers, manufacturers, and logistics providers, encompassing demand forecasting, inventory optimization, and transportation management."
        https://www.bleepingcomputer.com/news/security/blue-yonder-ransomware-attack-disrupts-grocery-store-supply-chain/
      • Black Basta Ransomware Group Retools For Strategic Attacks
        "The Black Basta ransomware group has been refining social engineering tactics to amass more victims despite escalating law enforcement disruptions, experts say. The group has moved beyond a botnet-driven focus on malware distribution to focus on tricking targets through carefully planned social engineering campaigns - displaying tactics more often seen in nation-state hacking, says a report from threat intelligence firm RedSense."
        https://www.bankinfosecurity.com/black-basta-ransomware-group-retools-for-strategic-attacks-a-26898
        https://www.darkreading.com/vulnerabilities-threats/blackbasta-ransomware-group-conti
      • Phish Swimming In The OpenSea: The OpenSea Phishing Threat
        "OpenSea is a well-known NFT (non-fungible token) platform and is the go-to platform for many entry-level NFT enthusiasts looking to enter the crypto collectible market. However, what if OpenSea itself could be exploited to gain access to new user crypto wallets who are likely unaware of TA (Threat Actor) phishing tactics? Learning to identify these threats can help users who seek to use platforms such as OpenSea keep their crypto wallets safe and feel more secure while navigating the NFT marketplace."
        https://cofense.com/blog/phish-swimming-in-the-opensea-the-opensea-phishing-threat
      • SpyLoan: A Global Threat Exploiting Social Engineering
        "The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory loan apps, on Android. These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions, which can lead to extortion, harassment, and financial loss."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyloan-a-global-threat-exploiting-social-engineering/
      • Python Crypto Library Updated To Steal Private Keys
        "Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean of the malicious code to evade detection."
        https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/
        https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html
      • Rewriting Hysteria: Rising Abuse Of URL Rewriting In Phishing
        "In recent months, threat actors have discovered a troubling new method to exploit URL rewriting, a feature intended to protect users by replacing links in emails. By manipulating these rewritten URLs, attackers mask highly evasive phishing links behind trusted domains of security vendors, effectively bypassing detection. This abuse has led to a critical surge in advanced phishing attacks that leverage the very tools developed to prevent them."
        https://perception-point.io/blog/rewriting-hysteria-rising-abuse-of-url-rewriting-in-phishing/

      General News

      • AI Kuru, Cybersecurity And Quantum Computing
        "As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control systems that use AI and ML to make decisions."
        https://www.helpnetsecurity.com/2024/11/25/ai-quantum-computers/
      • Overcoming Legal And Organizational Challenges In Ethical Hacking
        "In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability detection and boosting defenses. Pózner also discusses legal challenges and highlights the role of community testing and user education in improving cybersecurity tools."
        https://www.helpnetsecurity.com/2024/11/25/balazs-pozner-hackrate-ethical-hacking/
      • Advanced Threat Predictions For 2025
        "We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipate emerging trends and build a clearer picture of what the APT landscape may look like in the year ahead. In this article in the KSB series, we review the trends of the past year, reflect on the predictions we made for 2024, and offer insights into what we can expect in 2025."
        https://securelist.com/ksb-apt-predictions-2025/114582/
      • Russia Ready To Wage Cyber War On UK, Minister To Say
        "Russia is ready to carry out cyber attacks on the United Kingdom and other allies in a bid to weaken support for Ukraine, a senior minister will warn later. Chancellor of the Duchy of Lancaster Pat McFadden, whose role includes responsibility for national security, is set to tell a Nato meeting that the Kremlin could target British businesses and leave millions without power. It is the latest in a series of warnings about the cyber-warfare capabilities of Russia, which McFadden is to call a "hidden war" being waged against Ukraine."
        https://www-bbc-com.cdn.ampproject.org/c/s/www.bbc.com/news/articles/ceqxezer7nqo.amp
        https://securityaffairs.com/171357/intelligence/russia-linked-threat-actors-threaten-uk.html
      • IoT Device Traffic Up 18% As Malware Attacks Surge 400%
        "An 18% rise in IoT device traffic and a substantial 400% increase in malware attacks targeting IoT devices have been revealed by security researchers. The findings by Zscaler highlight significant challenges and vulnerabilities accompanying the growing adoption of Internet of Things (IoT) and Operational Technology (OT) systems. The study, published today, examined 300,000 blocked IoT attacks and found that botnet malware families like Mirai and Gafgyt accounted for 66% of attack payloads."
        https://www.infosecurity-magazine.com/news/iot-device-traffic-malware-attacks/
      • 2025 Prediction: Preemptive Cyber Defense Will Shake Up Cybersecurity Planning
        "The cybersecurity landscape continues to evolve at an unprecedented pace, with 2025 poised to bring even greater complexity and urgency to digital defense strategies. The rapid weaponization of AI technologies is transforming the threat environment, enabling attackers to launch sophisticated, adaptive, and highly targeted campaigns at scale."
        https://blog.morphisec.com/2025-prediction-preemptive-cyber-defense-will-shake-up-cybersecurity-planning
      • Cyberthreat Predictions For 2025 From Barracuda’s Security Frontline
        "Predicting the future isn’t easy, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontlines about the things they witnessed in 2024 and expect to see in 2025."
        https://blog.barracuda.com/2024/11/25/cyberthreat-predictions-2025-barracuda-security-frontline
      • AI, Data Security, And CISO Shifts: Top Cybersecurity Trends To Watch In 2025
        "Looking ahead to 2025, the cybersecurity landscape continues to evolve at a breakneck pace as threat actors continue to perfect their craft. They are using artificial intelligence (AI) to create code and more convincing lures (especially in languages that have traditionally been a barrier for entry), automate attacks, and target people with greater precision. At the same time, they are increasingly turning their attention back to us, as individual consumers, using social media and messaging apps as a testing ground before moving to larger organizations."
        https://www.proofpoint.com/us/blog/ciso-perspectives/ai-data-security-and-ciso-shifts-top-cybersecurity-trends-watch-2025

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c37509c4-2fa2-4690-974c-3bf430007e84-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post