NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 December 2024

    Cyber Security News
    1
    1
    541
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • AutomationDirect C-More EA9 Programming Software
        "Successful exploitation of these vulnerabilities could result in memory corruption; a buffer overflow condition may allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-01
      • Planet Technology Planet WGS-804HPT
        "Successful exploitation of these vulnerabilities could result in remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-340-02

      New Tooling

      • Announcing The Launch Of Vanir: Open-Source Security Patch Validation
        "Today, we are announcing the availability of Vanir, a new open-source security patch validation tool. Introduced at Android Bootcamp in April, Vanir gives Android platform developers the power to quickly and efficiently scan their custom platform code for missing security patches and identify applicable available patches. Vanir significantly accelerates patch validation by automating this process, allowing OEMs to ensure devices are protected with critical security updates much faster than traditional methods. This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe."
        https://security.googleblog.com/2024/12/announcing-launch-of-vanir-open-source.html
        https://github.com/google/vanir

      Vulnerabilities

      • Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
        "It is not just APTs that like to target telephone systems, but ourselves at watchTowr too. We can't overstate the consequences of an attacker crossing the boundary from the 'computer system' to the 'telephone system'. We've seen attackers realise this in 2024, with hacks against legal intercept systems widely reported in the news. VoIP platforms, which handle telephone calls for an organization, are a really juicy target for an APT. Imagine being able to listen in on the phone calls of your target, as they're happening - or even to interfere with them and block them at will! It's a very powerful thing to be able to do, and a godsend for an outcome-motivated attacker."
        https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
        https://www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/
        https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
        https://www.darkreading.com/vulnerabilities-threats/bypass-bug-critical-n-day-mitel-micollab
        https://www.bankinfosecurity.com/mitel-micollab-voip-software-zero-day-vulnerability-alert-a-26979
        https://cyberscoop.com/russian-surveillance-spyware-threat-citizen-lab/
        https://www.helpnetsecurity.com/2024/12/05/mitel-micollab-zero-day-and-poc-exploit-unveiled/
      • Cisco Releases Security Updates For NX-OS Software
        "Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL
        https://www.securityweek.com/bootloader-vulnerability-impacts-over-100-cisco-switches/
        https://securityaffairs.com/171729/security/cisco-switches-bootloader-flaw-cve-2024-20397.html

      Malware

      • MOONSHINE Exploit Kit And DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks
        "We have been continuously monitoring the MOONSHINE exploit kit’s activity since 2019. During our research, we discovered a MOONSHINE exploit kit server with improper operational security: Its server exposed MOONSHINE’s toolkits and operation logs, which revealed the information of possible victims and the attack tactics of a threat actor we have named Earth Minotaur."
        https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html
        https://thehackernews.com/2024/12/hackers-target-uyghurs-and-tibetans.html
        https://www.darkreading.com/cyberattacks-data-breaches/earth-minotaur-exploits-wechat-bugs-spyware-uyghurs
      • U.S. Organization In China Targeted By Attackers
        "A large U.S. organization with a significant presence in China was the subject of a targeted attack earlier this year, during which the attackers obtained a persistent presence on its network, seemingly for the purpose of intelligence gathering. The attack was likely carried out by a China-based threat actor, since some of the tools used in this attack have been previously associated with Chinese attackers."
        https://www.security.com/threat-intelligence/us-china-espionage
        https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html
        https://www.bleepingcomputer.com/news/security/us-org-suffered-four-month-intrusion-by-chinese-hackers/
        https://therecord.media/us-org-with-presence-in-china-hacked-symantec
        https://hackread.com/chinese-hackers-breach-us-firm-network-for-months/
      • Device Confiscated By Russian Authorities Returned With Monokle-Type Spyware Installed
        "The First Department is a legal assistance organization founded by exiled Russian human rights lawyer Ivan Pavlov that specializes in defending those accused of treason and espionage in Russia. Pavlov left Russia in September 2021 after facing persecution for his legal work. The First Department plays an essential role in supporting individuals targeted for repression by the Russian government. The organization has been headed by Dmitry Zair-Bek since May 2022."
        https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/
        https://therecord.media/russian-authorities-infected-detainee-phone-with-spyware
        https://www.bleepingcomputer.com/news/security/new-android-spyware-found-on-phone-seized-by-russian-fsb/
        https://www.bankinfosecurity.com/russian-forces-accused-secretly-planting-spyware-on-phone-a-26984
      • BlueAlpha Abuses Cloudflare Tunneling Service For GammaDrop Staging Infrastructure
        "BlueAlpha is a state-sponsored cyber threat group operating under the directive of the Russian Federal Security Service (FSB) that overlaps with the publicly reported groups Gamaredon, Shuckworm, Hive0051, and UNC530. BlueAlpha has been active since at least 2014 and continues to target Ukrainian organizations through relentless spearphishing campaigns to distribute custom malware. Since at least October 2023 BlueAlpha has delivered the custom VBScript malware GammaLoad, enabling data exfiltration, credential theft, and persistent access to compromised networks."
        https://www.recordedfuture.com/research/bluealpha-abuses-cloudflare-tunneling-service
        https://go.recordedfuture.com/hubfs/reports/cta-ru-2024-1205.pdf
        https://therecord.media/russian-state-hackers-abuse-cloudflare-tunnels-spy-on-ukraine
        https://www.darkreading.com/cloud-security/russias-bluealpha-apt-cloudflare-tunnels
      • Our Secret Ingredient For Reverse Engineering
        "Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. We in the Global Research and Analysis Team do the same – and over the years we have developed our own IDA plugin named hrtng that is specifically designed to aid us with malware reverse engineering."
        https://securelist.com/hrtng-ida-pro-plugin/114780/
      • Romania's Election Systems Targeted In Over 85,000 Cyberattacks
        "A declassified report from Romania’s Intelligence Service says that the country’s election infrastructure was targeted by more than 85,000 cyberattacks. Threat actors also obtained access credentials for election-related websites and leaked them on a Russian hacker forum less than a week before the first presidential election round."
        https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/
      • Threat Actor Targets The Manufacturing Industry With Lumma Stealer And Amadey Bot
        "CRIL recently identified a multi-stage cyberattack campaign originating from an LNK file. The initial infection vector remains unknown; however, the attack likely begins with a spear-phishing email, prompting the recipient to click on a link that leads to an LNK shortcut file disguised as a PDF document."
        https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/
      • Microsoft: Another Chinese Cyberspy Crew Targeting US Critical Orgs 'as Of Yesterday'
        "A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond's threat intel team. The crew has been active since at least January, and while Microsoft declined to enumerate Storm-0227's victim count, "there are indicators that this group is active as of yesterday, actively pursuing threat activity," Sherrod DeGrippo, director of threat intelligence strategy, told The Register."
        https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/

      Breaches/Hacks/Leaks

      • Major USAID Contractor Chemonics Says 263,000 Affected By 2023 Data Breach
        "A large contractor for the U.S. government said a 2023 cyberattack exposed the critical personal information of more than 263,000 people. Chemonics, an international development firm with $1.4 billion in U.S. government contracts, announced the incident this week — notifying regulators in several states and posting a notice on its website."
        https://therecord.media/chemonics-data-breach-usaid-contractor
        https://www.securityweek.com/chemonics-international-data-breach-impacts-260000-individuals/

      General News

      • Infostealer Logs Analysis Report
        "The purpose of this report is to provide a comprehensive insight into the cyber threat environment by conducting a deep analysis of the log data stolen by Infostealer malware. Unlike other reports that cover the analysis and trends of Infostealer malware, this report is based on the data of the actual infected systems to derive threat actors’ strategies, types of damages, and effective response measures. This report also analyzed 28,248,895 infection cases worldwide to identify the characteristics and patterns by region, system, and user type."
        https://asec.ahnlab.com/en/84967/
      • Preparing For Q-Day: The Essential Role Of Cloud Migration In Securing Enterprise Data
        "As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend cybersecurity, rendering current encryption ineffective."
        https://www.helpnetsecurity.com/2024/12/05/preparing-for-q-day/
      • How The Shadowserver Foundation Helps Network Defenders With Free Intelligence Feeds
        "In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and disrupt cybercrime, while providing support to law enforcement and offering capacity-building services globally."
        https://www.helpnetsecurity.com/2024/12/05/piotr-kijewski-shadowserver-foundation-secure-internet/
      • Pro-Russian Hacktivist Group Claims 6600 Attacks Targeting Europe
        "Pro-Russian hacktivist gang Noname has claimed over 6600 attacks since March 2022, almost exclusively targeting European nations, new research from Orange Cyberdefense has shown. The cybersecurity vendor’s Security Navigator 2025 report found that 96% of Noname’s attacks targets included Ukraine, Czech Republic, Spain, Poland and Italy and have been ongoing since Russia began its invasion of Ukraine in early 2022. The hacktivist group has not targeted the US once during this period, the researchers found."
        https://www.infosecurity-magazine.com/news/pro-russian-hacktivist-attacks/
        https://www.orangecyberdefense.com/ch/insights/whitepapers-reports/security-navigator-2025
      • ASD’s ACSC, CISA, And US And International Partners Release Guidance On Choosing Secure And Verifiable Technologies
        "Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies."
        https://www.cisa.gov/news-events/alerts/2024/12/05/asds-acsc-cisa-and-us-and-international-partners-release-guidance-choosing-secure-and-verifiable
        https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/outsourcing-and-procurement/cyber-supply-chains/choosing-secure-and-verifiable-technologies
      • US Arrests Scattered Spider Suspect Linked To Telecom Hacks
        "U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. Remington Goy Ogletree (also known online as "remi") breached the three companies' networks using credentials stolen in text and voice phishing messages targeting their employees. He also impersonated the victims' IT support departments in calls designed to pressure the employees into accessing phishing sites where they were asked to enter their user names and passwords."
        https://www.bleepingcomputer.com/news/security/us-arrests-scattered-spider-suspect-linked-to-telecom-hacks/
      • Fraudulent Shopping Sites Tied To Cybercrime Marketplace Taken Offline
        "Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by law enforcement authorities across Europe, over 50 servers were seized, significant digital evidence was secured, and two key suspects were placed in pretrial detention."
        https://www.europol.europa.eu/media-press/newsroom/news/fraudulent-shopping-sites-tied-to-cybercrime-marketplace-taken-offline
        https://www.bleepingcomputer.com/news/security/police-shuts-down-manson-cybercrime-market-fake-shops-arrests-key-suspects/
        https://thehackernews.com/2024/12/europol-shuts-down-manson-market-fraud.html
        https://hackread.com/police-dismantle-manson-market-seize-servers-evidence/
        https://www.helpnetsecurity.com/2024/12/05/manson-market-shuttered-by-law-enforcement/
        https://www.securityweek.com/50-servers-linked-to-cybercrime-marketplace-and-phishing-sites-seized-by-law-enforcement/
      • Wolves In Sheep's Clothing: Industry-Specific Targeted Phishing Attacks
        "Subject customization using either the recipient’s name, email address, phone number, or company name is a common tactic used in phishing emails to deceive recipients. Threat actors often include the company name or designated recipient’s personal information to disguise the true intent of the email. Our analysis shows that certain industries are more targeted by these types of attacks than others. From data drawn from Q3 2023 to Q3 2024, Cofense Intelligence identified the top five targeted industries and the common subject customization tactics that were seen within each industry."
        https://cofense.com/blog/wolves-in-sheep-s-clothing-industry-specific-targeted-phishing-attacks
      • Feds Are Probing 764, The Com’s Use Of Cybercriminal Tactics To Carry Out Violent Crimes
        "The child sextortion group 764 and the global collective of loosely associated groups known as “The Com” are using tools and techniques normally used for financially motivated cybercrime tactics — such as SIM swapping, IP grabbing and social engineering — to commit violent crimes, according to exclusive law enforcement and intelligence reports reviewed by CyberScoop."
        https://cyberscoop.com/the-com-764-cybercrime-violent-crime-fbi-intellignce-report/
      • LLMs Raise Efficiency, Productivity Of Cybersecurity Teams
        "Security professionals say adding LLM/GenAI capabilities to security programs improves efficiency in threat detection and increases productivity of analysts, according to Dark Reading's latest research on enterprise security. Efficiency and effectiveness were recurring themes. In Dark Reading's Artificial Intelligence and Machine Learning in Cybersecurity Survey, the top three benefits of using GenAI and LLMs in a cybersecurity program were more efficient threat detection (28%), improved analyst productivity and efficiency (27%), and better threat intelligence analysis (23%)."
        https://www.darkreading.com/vulnerabilities-threats/llms-raise-efficiency-productivity-of-cybersecurity-teams
      • Vulnerability Management Challenges In IoT & OT Environments
        "As Internet of Things (IoT) andoperational technology (OT) devices proliferate across critical infrastructure, manufacturing, healthcare, and other sectors, they bring with them unique and significant security challenges. These devices are increasingly woven into the fabric of everyday business operations, making them essential, yet difficult to secure. While vulnerability management is a well-understood practice in traditional IT environments, IoT and OT introduce complexities that render many of these traditional practices less effective, if not completely obsolete. Here are some of the key challenges, along with strategies for tackling them."
        https://www.darkreading.com/vulnerabilities-threats/vulnerability-management-challenges-iot-ot-environments
        Forecasting The 2025 Cloudscape
        "As we prepare to step into 2025, cloud security continues to remodel in response to emerging needs – the wide adoption of AI, regulatory demands and increasing cyberthreats. Our company’s cloud security leaders are on the heels of these threats with Palo Alto Networks global 2025 predictions, laying out the top cloud security predictions for the coming year."
        https://www.paloaltonetworks.com/blog/2024/12/forecasting-the-2025-cloudscape/
      • Burnout In SOCs: How AI Can Help Analysts Focus On High-Value Tasks
        "Security Operations Center (SOC) analyst burnout is a very real problem. These are some of the most important cybersecurity professionals out there, and many of them are being worked to exhaustion. Amidst an already overstretched cybersecurity workforce—ISC2 estimated in 2023 that there was a 4 million gap between supply and demand—it’s enormously important that we address this problem."
        https://securityaffairs.com/171724/security/burnout-in-socs-how-ai-can-help-analysts-focus-on-high-value-tasks.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 57967c46-284e-4b0e-9e63-82f1433466fe-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post