NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 December 2024

    Cyber Security News
    1
    1
    535
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Telecom Sector

      • White House: Salt Typhoon Hacked Telcos In Dozens Of Countries
        "Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. During a Wednesday press briefing, the White House official told reporters that these breaches include a total of eight telecom firms in the United States, with only four previously known. While these attacks have been underway for "likely one to two years, "at this time, we don't believe any classified communications have been compromised," Neuberger added, as the Journal first reported."
        https://www.bleepingcomputer.com/news/security/white-house-salt-typhoon-hacked-telcos-in-dozens-of-countries/
        https://therecord.media/eight-telcos-breached-salt-typhoon-nsc
        https://therecord.media/salt-typhoon-csrb-review
        https://cyberscoop.com/salt-typhoon-national-security-council-chinese-spying/
      • T-Mobile US CSO: Spies Jumped From One Telco To Another In a Way 'I've Not Seen In My Career'
        "While Chinese-government-backed spies maintained access to US telecommunications providers' networks for months – and in some cases still haven't been booted out – T-Mobile US thwarted successful attacks on its systems "within a single-digit number of days," according to the carrier's security boss Jeff Simon. T-Mo's CSO, in an interview with The Register Wednesday, declined to make public the exact timeline of the intrusion attempts by the Beijing-run crew. "They were active for a single-digit number of days, and it was within the last couple of months," was all he would reveal."
        https://www.theregister.com/2024/12/05/tmobile_cso_telecom_attack/

      New Tooling

      • SafeLine: Open-Source Web Application Firewall (WAF)
        "SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web applications for small and medium-sized enterprises from cyber threats by monitoring and filtering HTTP/HTTPS traffic. More importantly, with the widespread use of Gen AI, automated website traffic has become increasingly overwhelming, negatively impacting the normal user experience and business operations. Therefore, we aim to create a WAF with robust anti-bot and anti-HTTP flood DDoS attack capabilities,” Ztrix, the product director of SafeLine WAF, told Help Net Security."
        https://www.helpnetsecurity.com/2024/12/04/safeline-open-source-web-application-firewall-waf/
        https://github.com/chaitin/SafeLine

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-51378 CyberPanel Incorrect Default Permissions Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog
      • Japan Warns Of IO-Data Zero-Day Router Flaws Exploited In Attacks
        "Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. The vendor has acknowledged the flaws in a security bulletin published on its website. However, the fixes are expected to land on December 18, 2024, so users will be exposed to risks until then unless mitigations are enabled."
        https://www.bleepingcomputer.com/news/security/japan-warns-of-io-data-zero-day-router-flaws-exploited-in-attacks/
        https://jvn.jp/en/jp/JVN46615026/index.html
      • The Road To Agentic AI: Exposed Foundations
        "“Move fast and break things” seems to be the current motto in the field of AI. Ever since the introduction of ChatGPT in 2022, it seems everyone is jumping on the bandwagon. In some fields, people have been happy to just use OpenAI's offerings, but many enterprises have specialized needs. As Nick Turley, OpenAI's head of product, recently said, LLMs are a “calculator for words” and this new technology has opened up many possibilities for enterprises. However, some engineering is needed to use this “word calculator” effectively and while we wait for proper agentic AI systems, the current technology of choice is retrieval augmented generation (RAG)."
        https://www.trendmicro.com/en_us/research/24/k/agentic-ai.html

      Malware

      • DroidBot: Insights From a New Turkish MaaS Fraud Operation
        "DroidBot is an advanced Android Remote Access Trojan (RAT) that combines classic hidden VNC and overlay capabilities with features often associated with spyware. It includes a keylogger and monitoring routines that enable the interception of user interactions, making it a powerful tool for surveillance and credential theft. A distinctive characteristic of DroidBot is its dual-channel communication mechanism: outbound data from infected devices is transmitted using the MQTT protocol, while inbound commands, such as overlay target specifications, are received over HTTPS. This separation enhances its operational flexibility and resilience."
        https://www.cleafy.com/cleafy-labs/droidbot-insights-from-a-new-turkish-maas-fraud-operation
        https://www.bleepingcomputer.com/news/security/new-droidbot-android-malware-targets-77-banking-crypto-apps/
      • FBI Shares Tips On How To Tackle AI-Powered Fraud Schemes
        "The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. "The FBI is warning the public that criminals exploit generative artificial intelligence (AI) to commit fraud on a larger scale which increases the believability of their schemes," reads the PSA. "Generative AI reduces the time and effort criminals must expend to deceive their targets.""
        https://www.bleepingcomputer.com/news/security/fbi-shares-tips-on-how-to-tackle-ai-powered-fraud-schemes/
        https://www.ic3.gov/PSA/2024/PSA241203
      • Supply Chain Attack Detected In Solana's Web3.js Library
        "A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library, which receives more than ~350,000 weekly downloads on npm. These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets."
        https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
        https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html
        https://www.bleepingcomputer.com/news/security/solana-web3js-library-backdoored-to-steal-secret-private-keys/
        https://www.securityweek.com/solana-web3-js-library-backdoored-in-supply-chain-attack/
        https://www.helpnetsecurity.com/2024/12/04/solana-web3-js-supply-chain-compromise/
      • Snowblind: The Invisible Hand Of Secret Blizzard
        "Lumen’s Black Lotus Labs has uncovered a longstanding campaign orchestrated by the Russian-based threat actor known as “Secret Blizzard” (also referred to as Turla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, “Storm-0156.” Known for their focus on espionage, Storm-0156 is associated in public reporting with two activity clusters, “SideCopy” and “Transparent Tribe.” This latest campaign, spanning the last two years, is the fourth recorded case of Secret Blizzard embedding themselves in another group’s operations since 2019 when they were first seen repurposing the C2s of an Iranian threat group."
        https://blog.lumen.com/snowblind-the-invisible-hand-of-secret-blizzard/
        https://www.bleepingcomputer.com/news/security/russian-turla-hackers-hijack-pakistani-apt-servers-for-cyber-espionage-attacks/
        https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html
        https://www.darkreading.com/threat-intelligence/russian-fsb-hackers-breach-pakistan-storm-0156
        https://cyberscoop.com/turla-infiltrates-pakistani-apt-networks-microsoft-lumen/
        https://www.securityweek.com/spy-v-spy-russian-apt-turla-caught-stealing-from-pakistani-apt/
      • iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
        "For years, our understanding of mobile device threats was built on a dangerously narrow foundation. Mobile malware investigations were limited to a microscopic sample of devices – typically those belonging to high-risk targets like journalists, political activists, and government officials. These early investigations were critical to helping the world understand a new wave of capability, but their limited nature still leaves a massive blind spot to understanding the scope of mobile device compromise."
        https://iverify.io/blog/iverify-mobile-threat-investigation-uncovers-new-pegasus-samples
        https://www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices
        https://cyberscoop.com/study-shows-potentially-higher-prevalence-of-spyware-infections-than-previously-thought/
        https://www.helpnetsecurity.com/2024/12/04/detect-mercenary-spyware/

      Breaches/Hacks/Leaks

      • BT Unit Took Servers Offline After Black Basta Ransomware Breach
        "Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. BT Group is the United Kingdom's leading fixed and mobile telecom provider. It also provides managed telecommunications, security, and network and IT infrastructure services to customers in 180 countries. A company spokesperson told BleepingComputer that the security incident didn't impact BT Group's operations or BT Conferencing services, so it is unclear if any systems were encrypted or only data stolen."
        https://www.bleepingcomputer.com/news/security/bt-conferencing-division-took-servers-offline-after-black-basta-ransomware-attack/
        https://therecord.media/bt-group-cyberattack-black-basta
        https://securityaffairs.com/171668/breaking-news/black-basta-ransomware-attack-bt-group.html

      General News

      • 70% Of Open-Source Components Are Poorly Or No Longer Maintained
        "The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, according to Lineaje. Microsoft estimates that its customers face 600 million cyberattacks daily, 24% of which are nation-state attackers targeting the IT sector. With software supporting increasingly vital systems, the origin of code has become a matter of national and economic security."
        https://www.helpnetsecurity.com/2024/12/04/open-source-contributions-risks/
      • Securing AI’s New Frontier: Visibility, Governance, And Mitigating Compliance Risks
        "In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. Braun also shares insights on how organizations can address these challenges and improve their AI security posture."
        https://www.helpnetsecurity.com/2024/12/04/niv-braun-noma-security-data-ai-lifecycle/
      • CISA Releases New Public Version Of CDM Data Model Document
        "Today, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act (FISMA) metrics. The CDM Data Model Document provides a comprehensive description of a common data schema to ensure that prescribed diagnostic activities within CDM solutions are consistent across all participating federal agencies."
        https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-releases-new-public-version-cdm-data-model-document
        https://www.cisa.gov/resources-tools/resources/cdm-data-model-document-501
      • Operation Destabilise: NCA Disrupts $multi-Billion Russian Money Laundering Networks With Links To, Drugs, Ransomware And Espionage, Resulting In 84 Arrests
        "An international NCA-led investigation - Operation Destabilise - has exposed and disrupted Russian money laundering networks supporting serious and organised crime around the world: spanning from the streets of the UK, to the Middle East, Russia, and South America. Investigators have identified two Russian-speaking networks collaborating at the heart of the criminal enterprise; Smart and TGR. Operation Destabilise is being revealed today as the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announces sanctions against the Russian-speaking men and women at the head of these networks, as well as four businesses linked to TGR."
        https://www.nationalcrimeagency.gov.uk/news/operation-destabilise-nca-disrupts-multi-billion-russian-money-laundering-networks-with-links-to-drugs-ransomware-and-espionage-resulting-in-84-arrests
        https://therecord.media/russian-money-laundering-networks-trafficking-cybercrime-kremlin
        https://www.bleepingcomputer.com/news/security/uk-disrupts-russian-money-laundering-networks-used-by-ransomware/
        https://www.bankinfosecurity.com/russian-money-laundering-services-busted-in-uk-led-operation-a-26974
      • Navigating The Changing Landscape Of Cybersecurity Regulations
        "In 2024, the cybersecurity regulatory landscape underwent significant changes, as major economies worldwide introduced new rules to combat increasingly sophisticated cyber threats, such as advanced ransomware and AI-driven attacks. For businesses, navigating this evolving landscape is not merely a compliance issue but a strategic imperative that demands careful attention and adaptation."
        https://www.darkreading.com/vulnerabilities-threats/navigating-changing-landscape-cybersecurity-regulations
      • Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities
        "Shortening the life cycle of Transport Layer Security (TLS) certificates can significantly reduce the vulnerability of websites and hardware devices that require these certificates. TLS certificates are exchanged between Web server and Web client (or server to server) to establish a secure connection and safeguard sensitive data. The majority of today's digital certificates have a time-to-live of 398 days — that's a 365-day certificate with a 33-day grace period, equaling 398 actual days before the certificate expires. If the proposals from Google and Apple are approved, however, that life cycle could drop to 100 days (90 days plus a grace period) or even 47 days (30 days plus a grace period)."
        https://www.darkreading.com/vulnerabilities-threats/digital-certificate-shorter-lifespan-reduces-security-vulnerabilities
      • API Security In Open Banking: Balancing Innovation With Risk Management
        "Any technological innovation comes with security risks, and open banking is no exception. Open banking relies on APIs to connect banks (and their essential services) to their customers. While it is exceptionally convenient and provides several valuable services for consumers, open banking relies on APIs to function."
        https://hackread.com/api-security-open-banking-balancing-risk-management/
      • Ransomware Costs Manufacturing Sector $17bn In Downtime
        "Ransomware attacks on manufacturing companies have caused an estimated $17bn in downtime since 2018. According to new figures by Comparitech, these incidents have disrupted operations at 858 manufacturers worldwide, with each day of downtime costing an average of $1.9m. This significant financial impact stems from the widespread disruption of ransomware attacks. Beyond halting production, they jeopardize customer orders, damage relationships and lead to prolonged recovery efforts."
        https://www.infosecurity-magazine.com/news/ransomware-manufacturing-dollar17b/
      • Security Risks Persist In Open Source Ecosystem
        "Significant security risks continue to be prevalent in open source software practices, a new report by the Linux Foundation, OpenSSF and Harvard University has found. The CENSUS III project was based on 12 million observations of free and open source software (FOSS) libraries used in production apps at over 10,000 companies. It highlighted a number of concerning cybersecurity practices relating to open source software, which is widely used across all industries. The project aims to provide a clearer picture of the structural issues that threaten the FOSS ecosystem."
        https://www.infosecurity-magazine.com/news/security-risks-open-source/
      • EU’s First Ever Report On The State Of Cybersecurity In The Union
        "In accordance with Article 18 of the NIS 2 Directive, ENISA was tasked to prepare a biennial report on the state of cybersecurity in the Union. The report provides an evidence-based overview of the cybersecurity maturity state of play as well as an assessment of cybersecurity capabilities across Europe. The report also includes policy recommendations to address identified shortcomings and increase the level of cybersecurity in the EU."
        https://www.enisa.europa.eu/news/eus-first-ever-report-on-the-state-of-cybersecurity-in-the-union
        https://www.infosecurity-magazine.com/news/enisa-launches-first-state-eu/
      • Kaspersky Security Bulletin 2024. Statistics
        "All statistics in this report come from Kaspersky Security Network (KSN), a global cloud service that receives information from components in our security solutions voluntarily provided by Kaspersky users. Millions of Kaspersky users around the globe assist us in collecting information about malicious activity. The statistics in this report cover the period from November 2023 through October 2024. The report doesn’t cover mobile statistics, which we will share in our annual mobile malware report."
        https://securelist.com/ksb-2024-statistics/114795/
      • Spotting The Charlatans: Red Flags For Enterprise Security Teams
        "Most of the security professionals I’ve worked with over the course of my career have been sincere, talented, constructive players. These types of people know that the whole is greater than the sum of the parts, and they work collaboratively to build up both their peers and the broader teams that they work within. Unfortunately, I have come across a few charlatans as well. These types drag down both their peers and the broader team, though it can sometimes take a while before they are seen for who they really are."
        https://www.securityweek.com/spotting-the-charlatans-red-flags-for-enterprise-security-teams/
      • Threat Spotlight: Phishing Techniques To Look Out For In 2025
        "Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal. In this blog post we look at how these and other advanced phishing techniques are likely to evolve in 2025."
        https://blog.barracuda.com/2024/12/04/threat-spotlight-phishing-techniques-2025
      • The Rise Of MMS Scams: A Picture Is Worth a 1,000 Words—and Sometimes That’s Not Good
        "Reports of messaging abuse and smishing continue to increase at a rapid pace. Since the beginning of May, reports of U.S.-based abusive messages have grown by 39%, and Proofpoint threat engineers are observing a significant increase in one specific subtype. Reported MMS (multimedia messaging service) abuse has increased by 220% over the same period. These messages use images and/or graphics to trick subscribers into providing confidential information or entice them into falling for other scams."
        https://www.proofpoint.com/us/blog/email-and-cloud-threats/growing-threat-mms-scam-messages

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 9f73c91a-d69f-45f8-a3a6-cffe3c670587-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post