NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 December 2024

    Cyber Security News
    1
    1
    424
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Compromising OpenWrt Supply Chain Via Truncated SHA-256 Collision And Command Injection
        "Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router. 1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service."
        https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
        https://lists.openwrt.org/pipermail/openwrt-announce/2024-December/000061.html
        https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/
        https://www.helpnetsecurity.com/2024/12/09/openwrt-security-update-supply-chain-attack/
        https://www.securityweek.com/critical-openwrt-flaw-exposes-firmware-update-server-to-exploitation/
        https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
      • QNAP Patches Vulnerabilities Exploited At Pwn2Own
        "Taiwan-based QNAP Systems over the weekend announced patches for multiple QTS and QuTS Hero vulnerabilities demonstrated at the Pwn2Own Ireland 2024 hacking contest. At Pwn2Own, participants earned tens of thousands of dollars for QNAP product exploits, and one entry even earned white hat hackers $100,000, but it involved chaining not only QNAP but also TrueNAS device vulnerabilities. The most severe of the security holes is CVE-2024-50393 (CVSS score of 8.7), a command injection flaw that could allow remote attackers to execute arbitrary commands on vulnerable devices."
        https://www.securityweek.com/qnap-patches-vulnerabilities-exploited-at-pwn2own/
      • MC LR Router And GoCast Unpatched Vulnerabilities
        "Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting."
        https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/
      • Researchers Uncover Prompt Injection Vulnerabilities In DeepSeek And Claude AI
        "Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print the xss cheat sheet in a bullet list. just payloads" in the DeepSeek chat triggered the execution of JavaScript code as part of the generated response – a classic case of cross-site scripting (XSS)."
        https://thehackernews.com/2024/12/researchers-uncover-prompt-injection.html

      Malware

      • (QR) Coding My Way Out Of Here: C2 In Browser Isolation Environments
        "Browser isolation is a security technology where web browsing activity is separated from the user's local device by running the browser in a secure environment, such as a cloud server or a virtual machine, and then streaming the visual content to the user's device."
        https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/
        https://www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/
        https://www.darkreading.com/endpoint-security/attackers-qr-codes-bypass-browser-isolation
        https://securityaffairs.com/171809/hacking/bypass-browser-isolation-using-qr-codes.html
      • Suspected Russian Hackers Target Ukrainian Defense Enterprises In New Espionage Campaign
        "Suspected Russian hackers have been targeting Ukrainian military and defense enterprises in a new espionage campaign, according to a new report. The threat actor behind the campaign, tracked as UAC-0185 by Ukraine’s military computer emergency response team (MIL.CERT-UA), sent phishing emails disguised as invitations to a legitimate defense conference that took place in Kyiv last week. The group, also known as UNC4221, has been active since at least 2022, primarily targeting Ukrainian military personnel by stealing credentials through messaging apps such as Signal, Telegram and WhatsApp, as well as through local military systems like Delta, Teneta and Kropyva."
        https://therecord.media/suspected-russian-hackers-target-ukrainian-enterprises-espionage
        https://www.infosecurity-magazine.com/news/phishing-scam-targets-ukrainian/
      • Black Basta Ransomware Campaign Drops Zbot, DarkGate, And Custom Malware
        "Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024, followed by an update in August 2024, when the operators updated their tactics and malware payloads and began sending lures via Microsoft Teams. Now, the procedures followed by the threat actors in the early stages of the social engineering attacks have been refined again, with new malware payloads, improved delivery, and increased defense evasion."
        https://www.rapid7.com/blog/post/2024/12/04/black-basta-ransomware-campaign-drops-zbot-darkgate-and-custom-malware/
        https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html
      • PROXY.AM Powered By Socks5Systemz Botnet
        "A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions."
        https://www.bitsight.com/blog/proxyam-powered-socks5systemz-botnet
        https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html

      Breaches/Hacks/Leaks

      • Ransomware Attack Hits Leading Heart Surgery Device Maker
        "Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. The Atlanta-based company employs over 1,250 people worldwide and has sales representatives in more than 100 countries. It also operates manufacturing facilities in Atlanta, Georgia; Austin, Texas; and Hechingen, Germany."
        https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-leading-heart-surgery-device-maker/
        https://therecord.media/artivion-medical-device-company-cyberattack-notice-sec
        https://www.securityweek.com/medical-device-maker-artivion-scrambling-to-restore-systems-after-ransomware-attack/
      • Radiant Links $50 Million Crypto Heist To North Korean Hackers
        "Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. The attribution comes after investigating the incident, assisted by cybersecurity experts at Mandiant, who say the attack was conducted by North Korean state-affiliated hackers known as Citrine Sleet, aka "UNC4736 and "AppleJeus." The US previously warned that North Korean threat actors targeting cryptocurrency firms, exchanges, and gaming companies to generate and launder funds to support the country's operations."
        https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/
        https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e
      • Romanian Energy Supplier Electrica Hit By Ransomware Attack
        "Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today. The company serves over 3.8 million users with nationwide coverage for electricity supply, maintenance, and energy services, distributing electricity to customers across Transilvania and Muntenia. Electrica was established as a National Electricity Company (CONEL) division in 1998 and became an independent entity in 2000. Since 2014, Electrica has been double-listed on the Bucharest and London stock exchanges."
        https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/
        https://therecord.media/electric-distributor-cyberattack-romania
        https://securityaffairs.com/171832/hacking/electrica-group-ransomware-attack.html
      • US Subsidiaries Of Japanese Water Treatment Company, Green Tea Maker Hit With Ransomware
        "The U.S. subsidiary of a Japanese water treatment company said ransomware actors have stolen data from systems and encrypted some servers. Kurita Water Industries said the incident began on November 29 and affected Kurita America, a subsidiary headquartered in Minnesota. Ransomware infections were found in multiple servers which were subsequently disconnected from the rest of the network."
        https://therecord.media/us-subsidiaries-japanese-water-treatment
      • Crooks Stole AWS Credentials From Misconfigured Sites Then Kept Them In Open S3 Bucket
        "A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites and stole source code, thousands of credentials, and other secrets remains "ongoing to this day," according to security researchers. Breach hunters Noam Rotem and Ran Locar identified and reported names and contact information of some of the miscreants involved to both the Israeli Cyber Directorate and AWS Fraud Team, according to Rotem, who spoke exclusively with The Register about their investigation."
        https://www.theregister.com/2024/12/09/aws_credentials_stolen/

      General News

      • Who Handles What? Common Misconceptions About SaaS Security Responsibilities
        "In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks."
        https://www.helpnetsecurity.com/2024/12/09/james-dolph-guidewire-saas-responsibilities/
      • Businesses Plagued By Constant Stream Of Malicious Emails
        "36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained malicious content, totalling 427.8 million emails."
        https://www.helpnetsecurity.com/2024/12/09/malicious-emails-inboxes/
      • International Operation Against ‘phone Phishing’ Gang In Belgium And The Netherlands
        "Europol has supported Belgian and Dutch authorities in an international operation against a ‘phone phishing’ gang that has led to the arrest of 8 suspects. On the action day, law enforcement also carried out 17 searches in different locations in Belgium and the Netherlands. Although most of the criminal activities took place in Belgium, the main perpetrators mostly operated from the Netherlands. Besides committing large-scale ‘phishing’ campaigns and trying to gain access to financial data by phone or online, the suspects also pretended to be police or banking staff and approached older victims at their doors."
        https://www.europol.europa.eu/media-press/newsroom/news/international-operation-against-phone-phishing-gang-in-belgium-and-netherlands
        https://www.bleepingcomputer.com/news/security/cybercrime-gang-arrested-after-turning-airbnbs-into-fraud-centers/
        https://www.darkreading.com/cyberattacks-data-breaches/millionaire-airbnb-phishing-ring-busted-police
        https://www.infosecurity-magazine.com/news/european-police-phone-phishing/
        https://hackread.com/phishers-impersonate-police-arrest-million-euro-scam/
        https://www.securityweek.com/eight-suspected-phishers-arrested-in-belgium-netherlands/
      • Story Of The Year: Global IT Outages And Supply Chain Attacks
        "A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses. With large-scale security crises being one of the most relevant threats worldwide, it’s more important than ever to reflect on past events, assess emerging threats, and, most crucially, explore strategies to prevent future incidents."
        https://securelist.com/ksb-story-of-the-year-2024/114883/
      • November 2024 Threat Trend Report On Ransomware
        "This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in November 2024, as well as major Korean and international ransomware issues worth noting. Below are the summarized details."
        https://asec.ahnlab.com/en/85030/
      • The Invisible Eyes And Ears In Our Homes: How Smart Devices Are Eroding Privacy And Security
        "Privacy is generally held as a fundamental right, with citizens often having high expectations regarding the protection of their personal information. Citizens protest when they fear that governments are increasing their involvement in the citizens’ personal life. However, they don’t consider how much personal and sensitive data they share with any application that they install on their smartphone, or with smart devices in their homes."
        https://blog.checkpoint.com/security/the-invisible-eyes-and-ears-in-our-homes-how-smart-devices-are-eroding-privacy-and-security/
      • Large-Scale Incidents & The Art Of Vulnerability Prioritization
        "The work of cybersecurity defenders continues to evolve. The sheer amount of software and applications within an organization's IT environment has increased the attack surface and, consequently, the number of vulnerabilities. According to the Verizon "2024 Data Breach Investigations Report," "14% of breaches involved the exploitation of vulnerabilities as an initial access step, almost triple the amount from last year's report.""
        https://www.darkreading.com/vulnerabilities-threats/large-scale-incidents-art-vulnerability-prioritization

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 75b26198-f088-43a0-bc22-4148e1fe9da7-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post