NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 December 2024

    Cyber Security News
    1
    1
    119
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Data Scientists Create Tool To Spot Fake Images
        "Pixelator v2 is a tool to spot fake images. It uses a new combination of image veracity techniques with capability beyond what can be seen by the human eye. It can identify subtle differences in images with greater accuracy than traditional methods and has been shown to detect alternations as small as 1 pixel."
        https://www.helpnetsecurity.com/2024/12/02/spot-fake-images-pixelator-v2/
        https://github.com/somdipdey/Pixelator-View-v2/tree/main

      Vulnerabilities

      • Small Number Of Vulnerabilities Patched In Last Android Security Update Of 2024
        "Google on Monday released its December 2024 Android Security Bulletin, detailing a range of security vulnerabilities affecting various components across Android devices, with some potentially allowing remote code execution and local escalation of privileges."
        https://cyberscoop.com/android-security-update-december-2024/
      • The Day We Unveiled The Secret Rotation Illusion
        "It was a typical Sunday morning when our team gathered in the conference room, coffee cups in hand and eyes fixed on the whiteboard. We were wrestling with a question that had been nagging us for months: Is secret rotation truly the security blanket everyone believes it to be? Secret rotation—the practice of regularly changing API keys, tokens, and other credentials—has been a staple in cybersecurity protocols for decades. It’s a checkbox in compliance audits, a line item in security policies, and a task that developers often perform without much enthusiasm."
        https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion
        https://www.helpnetsecurity.com/2024/12/02/revoke-exposed-aws-keys/
      • Status Of Korean Servers Exposed To Ivanti Connect Secure Vulnerabilities (Multiple CVEs)
        "Multiple vulnerabilities have been disclosed for the Ivanti Connect Secure product, including several with a CVSS score of 9 or higher (CRITICAL). The majority of Ivanti Connect Secure servers operating in Korea have been identified as vulnerable versions."
        https://asec.ahnlab.com/en/84892/

      Malware

      • LogoFAIL Exploited To Deploy Bootkitty, The First UEFI Bootkit For Linux
        "Binarly researchers find a direct connection between the newly discovered Bootkitty Linux bootkit and exploitation of the LogoFAIL image parsing vulnerabilities reported more than a year ago."
        https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
        https://www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/
        https://www.darkreading.com/cyber-risk/bootkitty-first-bootloader-target-linux-systems
        https://www.securityweek.com/prototype-uefi-bootkit-is-south-korean-university-project-logofail-exploit-discovered/
      • Novel Phishing Campaign Uses Corrupted Word Documents To Evade Security
        "A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. Threat actors constantly look for new ways to bypass email security software and land their phishing emails in targets' inboxes."
        https://www.bleepingcomputer.com/news/security/novel-phishing-campaign-uses-corrupted-word-documents-to-evade-security/
        https://www.infosecurity-magazine.com/news/corrupted-word-files-fuel-phishing/
      • SmokeLoader Attack Targets Companies In Taiwan
        "In September 2024, FortiGuard Labs observed an attack using the notorious SmokeLoader malware to target companies in Taiwan, including those in manufacturing, healthcare, information technology, and other sectors. SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks. While SmokeLoader primarily serves as a downloader to deliver other malware, in this case, it carries out the attack itself by downloading plugins from its C2 server."
        https://www.fortinet.com/blog/threat-research/sophisticated-attack-targets-taiwan-with-smokeloader
        https://www.bankinfosecurity.com/smokeloader-campaign-targets-taiwanese-companies-a-26951
        https://www.infosecurity-magazine.com/news/smokeloader-malware-taiwan/
        https://hackread.com/smokeloader-malware-ms-office-flaws-browser-data/
      • Horns&Hooves Campaign Delivers NetSupport RAT And BurnsRAT
        "Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as “Запрос цены и предложения от Индивидуального предпринимателя <ФИО> на август 2024."
        https://securelist.com/horns-n-hooves-campaign-delivering-netsupport-rat/114740/
      • Threat Assessment: Howling Scorpius (Akira Ransomware)
        "Emerging in early 2023, the Howling Scorpius ransomware group is the entity behind the Akira ransomware-as-a-service (RaaS), which has consistently ranked in recent months among the top five most active ransomware groups. Its double extortion strategy significantly amplifies the threat it poses. Unit 42 researchers have been monitoring the Howling Scorpius ransomware group over the past year."
        https://unit42.paloaltonetworks.com/threat-assessment-howling-scorpius-akira-ransomware/

      Breaches/Hacks/Leaks

      • Costa Rica State Energy Company Calls In US Experts To Help With Ransomware Attack
        "The state-owned energy provider for Costa Rica was hit with a ransomware attack last week requiring the company to shift to manual operations and call in help from abroad. Refinadora Costarricense de Petróleo, known by most as RECOPE, imports, refines and distributes fossil fuels across the country while also operating pipelines stretching from its Caribbean to Pacific coasts."
        https://therecord.media/costa-rica-state-energy-company-ransomware

      General News

      • 5 Reasons To Double Down On Network Security
        "Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perimeter, forcing organizations to update their defense strategies. Today, with the rise of work-from-anywhere and bring-your-own-device (BYOD) policies as well as the ongoing shift to cloud environments, we’re seeing a shift of equal magnitude as it is becoming increasingly clear that endpoint security tools alone cannot handle the new threat landscape."
        https://www.helpnetsecurity.com/2024/12/02/network-security-double-down/
      • Inside The 2024 CWE Top 25: Trends, Surprises, And Persistent Challenges
        "In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that involves the CNA community and highlights the persistent vulnerabilities that continue to make the list year after year. Summers also touches on the role of AI tools in identifying vulnerabilities and the importance of root cause mapping for improving cybersecurity efforts."
        https://www.helpnetsecurity.com/2024/12/02/alec-summers-mitre-cwe-top-25-2024/
      • Korea Arrests CEO For Adding DDoS Feature To Satellite Receivers
        "South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. While neither company has been named, the two companies have been trading since 2017. In November 2018, the purchasing company made a special request to include DDoS functionality, with the South Korean manufacturer complying. Allegedly, the functionality was needed to counter the attacks of a competing entity."
        https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/
      • Russia Sentences Hydra Dark Web Market Leader To Life In Prison
        "Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have been convicted for their involvement in the production and sale of nearly a ton of drugs. Stanislav Moiseyev, the group's "organizer," who was sentenced to life imprisonment, also received a fine of 4 million rubles, as Russian media group RBC first reported."
        https://www.bleepingcomputer.com/news/security/russia-sentences-hydra-dark-web-market-leader-to-life-in-prison/
      • INTERPOL Financial Crime Operation Makes Record 5,500 Arrests, Seizures Worth Over USD 400 Million
        "A global operation involving law enforcement from 40 countries, territories and regions has ended with the arrest of over 5,500 financial crime suspects and the seizure of more than USD 400 million in virtual assets and government-backed currencies. The five-month Operation HAECHI V (July - November 2024) targeted seven types of cyber-enabled frauds: voice phishing, romance scams, online sextortion, investment fraud, illegal online gambling, business email compromise fraud and e-commerce fraud."
        https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-financial-crime-operation-makes-record-5-500-arrests-seizures-worth-over-USD-400-million
        https://www.darkreading.com/cybersecurity-operations/interpol-cyber-fraud-action-5k-arrests
        https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html
        https://www.infosecurity-magazine.com/news/police-arrest-5500-cyberfraud/
        https://hackread.com/op-haechi-v-interpol-arrests-cybercriminals-million/
        https://www.helpnetsecurity.com/2024/12/02/haechi-v-interpol-global-operation-targeting-cyber-fraud/
        https://securityaffairs.com/171593/cyber-crime/operation-haechi-v-5500-arrests.html
      • Incident Response Playbooks: Are You Prepared?
        "When discussing an incident response (IR) library, it's not about the number of books on a shelf related to incident response planning, how to create plans and playbooks, or the latest theories or frameworks. It's about your actual incident response plan and its accompanying playbooks. Does your organization even have them, or, if something happens, do you just rely on someone from the IT department to handle it? Unfortunately, the latter scenario is often the case."
        https://www.darkreading.com/cyberattacks-data-breaches/incident-response-playbooks-prepared
      • Hackers Drain $1.48 Billion From Crypto In 2024, Led By DeFi Exploits
        "The cryptocurrency industry saw a surprising decrease in losses last month, according to a new report from Immunefi, a leading blockchain security platform. While decentralized finance (DeFi) projects continued to be a prime target, the overall figures show a promising trend. The Immunefi report, shared with Hackread.com, reveals that $71 million was lost to hacks and rug pulls in November 2024, a notable 79% drop from the same month last year."
        https://hackread.com/hackers-drain-billions-crypto-2024-led-defi-exploits/
      • Laser Focus: Countering China’s LiDAR Threat To U.S. Critical Infrastructure And Military Systems
        "“Only by mastering crucial core technologies within our own hands,” said Chinese Communist Party General Secretary Xi Jinping, “can we [China] truly seize the initiative in competition and development, and fundamentally safeguard our national economic security, national security, and security in other domains.” Xi’s declaration underscores his desire to transform China into a science and technology great power, which, he argues, hinges on tightening “international production chains’ dependence on China.”"
        https://www.fdd.org/analysis/2024/12/02/laser-focus-countering-chinas-lidar-threat-to-u-s-critical-infrastructure-and-military-systems/
        https://therecord.media/china-lidar-national-security-threat-report
      • Japanese Crypto Service Shuts Down After Theft Of Bitcoin Worth $308 Million
        "A popular Japanese cryptocurrency platform is shutting down less than six months after hackers siphoned more than $300 million worth of coins from the site. DMM Bitcoin said on Monday that it planned to transfer all customer accounts and company assets to another crypto firm called SBI VC Trade — a subsidiary of Japanese financial services giant SBI Group."
        https://therecord.media/japanese-crypto-service-shuts-down
      • Former Polish Spy Chief Arrested To Testify Before Parliament In Spyware Probe
        "The former head of Poland’s internal security service was arrested Monday and hauled before parliament to testify about how powerful zero-click spyware was deployed by the country’s prior government against several hundred people. News of the arrest of the former spy chief, Piotr Pogonowski, was first reported by the Financial Times."
        https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 7718ee95-4927-4611-aa6f-c7693a178b7d-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post