NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 December 2024

    Cyber Security News
    1
    1
    457
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Major Drop In Cyber-Attack Reports From Large UK Financial Businesses
        "The number of cyber-attacks reported by large finance institutions to the UK’s Financial Conduct Authority (FCA) has fallen 53% in 2024 compared to 2023. This is according to data shared by cybersecurity training platform provider Hack the Box on December 9 following a Freedom of Information (FOI) request. This data compares two periods, from January 1 to December 31, 2023, and from January 1 to October 21, 2024."
        https://www.infosecurity-magazine.com/news/drop-cyberattack-reports-financial/

      Industrial Sector

      • MOBATIME Network Master Clock
        "Successful exploitation of this vulnerability could allow an attacker to take control of the operating system for this product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-01
      • National Instruments LabVIEW
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-04
      • Horner Automation Cscape
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-05
      • Rockwell Automation Arena
        "Successful exploitation of these vulnerabilities could result in execution of arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-06
      • Schneider Electric EcoStruxure Foxboro DCS Core Control Services
        "Successful exploitation of these vulnerabilities could lead to a loss of system functionality or unauthorized access to system functions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-02
      • Schneider Electric FoxRTU Station
        "Successful exploitation of this vulnerability could allow an attacker to perform remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-345-03
      • Utility Companies Face 42% Surge In Ransomware Attacks
        "Ransomware groups are focusing more than ever on utilities, with the sector facing a 42% surge in attacks over the past year, according to ReliaQuest. In its latest report, Uncovering Critical Cyber Threats to Utilities, published on December 10, the US cybersecurity firm shared findings of cyber threats to the utilities sector between November 1, 2023, and October 31, 2024. The report shows that the rise in ransomware is due to cybercriminals setting their eyes on companies that have to deal with a blend of IT and operational technology (OT) systems."
        https://www.infosecurity-magazine.com/news/utility-companies-42-surge/
        https://www.reliaquest.com/resources/research-reports/threat-landscape-report-uncovering-critical-cyber-threats-to-utilities/

      New Tooling

      • Neosync: Open-Source Data Anonymization, Synthetic Data Orchestration
        "Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging."
        https://www.helpnetsecurity.com/2024/12/10/neosync-open-source-data-anonymization-synthetic-data-orchestration/
        https://github.com/nucleuscloud/neosync

      Vulnerabilities

      • Ivanti Warns Of Maximum Severity CSA Auth Bypass Vulnerability
        "Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike's Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path or channel."
        https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/
      • Microsoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws
        "Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/
        https://www.cisa.gov/news-events/alerts/2024/12/10/microsoft-releases-december-2024-security-updates
        https://www.darkreading.com/application-security/microsoft-zero-day-critical-rces-patch-tuesday
        https://www.tripwire.com/state-of-security/vert-threat-alert-december-2024-patch-tuesday-analysis
        https://blog.talosintelligence.com/december-patch-tuesday-release/
        https://www.helpnetsecurity.com/2024/12/10/december-2024-patch-tuesday-microsoft-zero-day-cve-2024-49138/
        https://www.securityweek.com/microsoft-ships-urgent-patch-for-exploited-windows-clfs-zero-day/
        https://securityaffairs.com/171845/security/microsoft-december-2024-patch-tuesday.html
        https://www.theregister.com/2024/12/10/microsoft_patch_tuesday/
        https://cyberscoop.com/microsoft-patch-tuesday-december-2024/
      • WPForms 1.8.4 - 1.9.2.1 - Missing Authorization To Authenticated (Subscriber+) Payment Refund And Subscription Cancellation
        "The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions."
        https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpforms-lite/wpforms-184-1921-missing-authorization-to-authenticated-subscriber-payment-refund-and-subscription-cancellation
        https://www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
      • Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited In The Wild
        "On December 3, Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. We’ve directly observed evidence of threat actors exploiting this software en masse and performing post-exploitation activity. Although Cleo published an update and advisory for CVE-2024-50623—which allows unauthenticated remote code execution—Huntress security researchers have recreated the proof of concept and learned the patch does not mitigate the software flaw."
        https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
        https://www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
        https://thehackernews.com/2024/12/cleo-file-transfer-vulnerability-under.html
        https://www.darkreading.com/cyberattacks-data-breaches/termite-ransomware-behind-cleo-zero-day-attacks
        https://therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers
        https://www.securityweek.com/cleo-file-transfer-tool-vulnerability-exploited-in-wild-against-enterprises/
        https://www.helpnetsecurity.com/2024/12/10/cve-2024-50623-cleo-file-transfer-software-vulnerabilities-exploited/
        https://www.theregister.com/2024/12/10/cleo_vulnerability/
      • Adobe Releases Security Updates For Multiple Products
        "Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products
        https://www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/
      • SAP Patches Critical Vulnerability In NetWeaver
        "Enterprise software maker SAP on Tuesday announced the release of nine new and four updated security notes as part of its December 2024 Security Patch Day. Marked as ‘hot news’, the highest severity in SAP’s notebook, the first new security note addresses three vulnerabilities in NetWeaver AS for JAVA (Adobe Document Services), including a critical flaw that could lead to full system compromise."
        https://www.securityweek.com/sap-patches-critical-vulnerability-in-netweaver/
        https://securityaffairs.com/171839/security/sap-fixed-critical-ssrf-flaw-netweaver.html
      • Dell Urges Immediate Update To Fix Critical Power Manager Vulnerability
        "Dell has issued a critical security alert (DSA-2024-439) regarding an Improper Access Control vulnerability discovered in its Power Manager software. This vulnerability, identified as CVE-2024-49600, could potentially allow attackers to execute malicious code and gain elevated privileges on affected systems. The vulnerability affects versions of Dell Power Manager released before 3.17."
        https://hackread.com/dell-urges-update-critical-power-manager-vulnerability/
        https://www.dell.com/support/kbdoc/en-us/000244438/dsa-2024-439
      • BadRAM: $10 Security Flaw In AMD Could Allow Hackers To Access Cloud Computing Secrets
        "Researchers have unveiled a new way to bypass a key security protection used in AMD chips that could allow hackers with physical access to cloud computing environments to snoop on those services’ clients. Named “badRAM” and described as the “$10 hack that erodes trust in the cloud” the vulnerability was announced on Tuesday and, similar to other branded vulnerabilities, is being disclosed on a website with its own logo. It will be detailed in a paper to be presented at the IEEE Symposium on Security and Privacy 2025 next May."
        https://therecord.media/amd-security-flaw-badram
        https://badram.eu/
        https://www.theregister.com/2024/12/10/amd_secure_vm_tech_undone/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/171851/hacking/u-s-cisa-adds-microsoft-windows-clfs-driver-flaw-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • From Vulnerabilities To Breaches: The Shiny Nemesis Cyber Operation
        "Independent cybersecurity experts Noam Rotem and Ran Locar have uncovered and reported to vpnMentor a cyber operation that exploited vulnerabilities in public sites, leading to unauthorized access to sensitive customer data, infrastructure credentials, and proprietary source code. This report provides detailed analysis of the tactics, techniques, and procedures used by the attackers, who have been linked to the “Nemesis” and “ShinyHunters” hacking groups. Our experts collaborated with the AWS Fraud Team for mitigation measures."
        https://www.vpnmentor.com/news/shiny-nemesis-report/
        https://www.darkreading.com/endpoint-security/cybercrime-gangs-steal-thousands-aws-credentials
        https://hackread.com/shinyhunters-nemesis-hacks-aws-s3-bucket-leak/
        https://www.infosecurity-magazine.com/news/hackers-exploit-aws/
      • Inside The Incident: Uncovering An Advanced Phishing Attack
        "Think about your most recent security awareness training concerning phishing attacks. It likely included guidelines about avoiding clicking on suspicious links and exercises to identify subtle character differences, such as distinguishing between the letter “O” and a zero. Unfortunately, the time when even the most novice technology user could easily recognize a phishing email has ended."
        https://www.bleepingcomputer.com/news/security/inside-the-incident-uncovering-an-advanced-phishing-attack/
      • Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure Via Visual Studio Code Tunnels
        "Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations."
        https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/
        https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html
        https://www.bleepingcomputer.com/news/security/chinese-hackers-use-visual-studio-code-tunnels-for-remote-access/
        https://www.darkreading.com/cyberattacks-data-breaches/operation-digital-eye-attack-targets-european-it-orgs
      • 3AM Ransomware: What You Need To Know
        "3AM (also known as ThreeAM) is a ransomware group that first emerged in late 2023. Like other ransomware threats, 3AM exfiltrates victims' data (threatening to release it publicly unless a ransom is paid) and encrypts the copies left on targeted organisations' computer systems."
        https://www.tripwire.com/state-of-security/3am-ransomware-what-you-need-know
      • November 2024’s Most Wanted Malware: Androxgh0st Leads The Pack, Targeting IoT Devices And Critical Infrastructure
        "Check Point Software’s latest threat index highlights the rise of Androxgh0st, a Mozi-integrated botnet, and ongoing threats from Joker and Anubis, showcasing evolving cyber criminal tactics."
        https://blog.checkpoint.com/research/november-2024s-most-wanted-malware-androxgh0st-leads-the-pack-targeting-iot-devices-and-critical-infrastructure/
      • Forget PSEXEC: DCOM Upload & Execute Backdoor
        "This blog post presents a powerful new DCOM lateral movement attack that allows the writing of custom DLLs to a target machine, loading them to a service, and executing their functionality with arbitrary parameters. This backdoor-like attack abuses the IMsiServer COM interface by reversing its internals. This process is described step-by-step in this blog. The research also includes a working POC tool to demonstrate the attack on the latest Windows builds."
        https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor
      • AppLite: A New AntiDot Variant Targeting Mobile Employee Devices
        "The zLabs team identified a sophisticated Mishing (mobile-targeted phishing) campaign that delivers malware to the user’s Android mobile device, enabling a broad set of malicious actions including credential theft of banking, cryptocurrency and other critical applications. The investigation revealed a network of phishing domains actively distributing a new variant of the Antidot banking trojan. This previously unknown strain builds upon the version discovered by Cyble in May of 2024."
        https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
        https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html
        https://hackread.com/hackers-job-seekers-banking-trojan-fake-job-emails/
        https://www.infosecurity-magazine.com/news/applite-malware-targets-banking/
      • Ongoing Phishing And Malware Campaigns In December 2024
        "Cyber attackers never stop inventing new ways to compromise their targets. That's why organizations must stay updated on the latest threats. Here's a quick rundown of the current malware and phishing attacks you need to know about to safeguard your infrastructure before they reach you."
        https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html

      General News

      • Preventing Data Leakage In Low-Node/no-Code Environments
        "Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage."
        https://www.helpnetsecurity.com/2024/12/10/lcnc-platforms/
      • Strengthening Security Posture With Comprehensive Cybersecurity Assessments
        "In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs."
        https://www.helpnetsecurity.com/2024/12/10/phani-dasari-hgs-cybersecurity-assessments/
      • Treasury Sanctions Cybersecurity Company Involved In Compromise Of Firewall Products And Attempted Ransomware Attacks
        "Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is sanctioning cybersecurity company Sichuan Silence Information Technology Company, Limited (Sichuan Silence), and one of its employees, Guan Tianfeng (Guan), both based in People’s Republic of China (PRC), for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims were U.S. critical infrastructure companies."
        https://home.treasury.gov/news/press-releases/jy2742
        https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-firm-for-hacking-firewalls-in-ragnarok-ransomware-attacks/
        https://therecord.media/us-sanctions-chinese-cyber-firm-compromising-firewalls
        https://www.bankinfosecurity.com/us-indicts-sanctions-alleged-chinese-sophos-firewall-hacker-a-27014
        https://cyberscoop.com/treasury-sanctions-chinese-cyber-company-2020-firewall-attack/
        https://www.helpnetsecurity.com/2024/12/10/us-sanctions-sichuan-silence-guan-tianfeng/
      • SAT Is Dead
        "Security awareness training (SAT) has been around for over a decade and is now common practice. Today, most responsible corporations run an SAT program. That might seem like a victory for internet security, and in a sense, it is. Yet, from the point of view of improving cybersecurity outcomes, most of the SAT field died years ago—innovation brains eaten away—leaving behind solutions walking around as “compliance checkbox” zombies. This is a huge problem."
        https://cofense.com/blog/sat-is-dead
      • Lessons From The Largest Software Supply Chain Incidents
        "In 2011, Marc Andreessen coined a phrase we're now all familiar with: "Software is eating the world." More than 13 years later, the expression still rings true. The world runs on software, and each day it continues to transform industries and fuel the global economy. Companies are generating more software — faster than ever before — in order to keep up in today's dynamic and ultracompetitive business landscape."
        https://www.darkreading.com/vulnerabilities-threats/lessons-largest-software-supply-chain-incidents
      • Hackers Pivot From Data Breaches To Total Destruction
        "Hackers are increasingly looking to shut down victim companies during cyberattacks. Why it matters: Organizations need to prepare their defenses to fend off service disruptions and malware wipers, experts say."
        https://www.axios.com/2024/12/03/cyberattacks-business-shutdowns-data-breaches
        https://www.paloaltonetworks.com/blog/2024/12/axios-and-unit-42s-sam-rubin-discuss-disruptive-cyberattacks/
      • Thailand's Biggest Seizure Of Call Scam Equipment
        "Police launched multiple raids in the northern province of Chiang Mai, resulting in the largest seizure of call scam equipment in Thailand, linked to a Thai-Chinese gang. Officers raided 11 rented houses in Muang, San Sai and San Kamphaeng districts on Tuesday and found 642 SIM (Subscriber Identity Module) boxes, 590,000 SIM cards, 72 computers, 1,455 mobile phones and 47 SIM card readers, Pol Lt Gen Jirabhop Bhuridej, commissioner of the Central Investigation Bureau (CIB), told a press conference on Wednesday."
        https://www.bangkokpost.com/thailand/general/2910420/thailands-biggest-seizure-of-call-scam-equipment

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5d243677-7be0-4119-ba4b-d72a11714b26-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post