NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 December 2024

    Cyber Security News
    1
    1
    383
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Inside a New OT/IoT Cyberweapon: IOCONTROL
        "IOCONTROL is believed to be part of a global cyber operation against western IoT and operational technology (OT) devices. Affected devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), firewalls, and other Linux-based IoT/OT platforms. While the malware is believed to be custom-built by the threat actor, it seems that the malware is generic enough that it is able to run on a variety of platforms from different vendors due to its modular configuration."
        https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol
        https://www.bleepingcomputer.com/news/security/new-iocontrol-malware-used-in-critical-infrastructure-attacks/

      New Tooling

      • Keycloak: Open-Source Identity And Access Management
        "Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, and SAML."
        https://www.helpnetsecurity.com/2024/12/12/keycloak-open-source-identity-and-access-management-iam/
        https://github.com/keycloak/keycloak

      Vulnerabilities

      • The Insecure IoT Cloud Strikes Again: RCE On Ruijie Cloud-Connected Devices
        "Our story begins with a simple question: How can we hack wireless access points and leverage our way into their internal networks without knowing the Wi-Fi credentials or having physical access to the device? Publicly available Wi-Fi hotspots such as those in airports and other public places often provide free internet access. Often these connections are not secure and researchers and cybersecurity experts encourage users not to conduct sensitive company or personal business over these networks."
        https://claroty.com/team82/research/the-insecure-iot-cloud-strikes-again-rce-on-ruijie-cloud-connected-devices
        https://www.darkreading.com/ics-ot-security/iot-cloud-cracked-open-sesame-attack
      • Apache Issues Patches For Critical Struts 2 RCE Bug
        "We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE. According to the National Vulnerability Database (NVD), which published the CVE on Wednesday, Apache scored CVE-2024-53677 a 9.5 using the CVSSv4 framework while Tenable noted a 9.8 rating using CVSSv3 – take your pick."
        https://www.theregister.com/2024/12/12/apache_struts_2_vuln/
        https://cwiki.apache.org/confluence/display/WW/S2-067
      • Cleo Patches Critical Zero-Day Exploited In Data Theft Attacks
        "Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that "all customers upgrade immediately." Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software on December 3."
        https://www.bleepingcomputer.com/news/security/cleo-patches-critical-zero-day-exploited-in-data-theft-attacks/
        https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation
        https://www.bankinfosecurity.com/new-malware-framework-targets-cleo-file-systems-a-27045
        https://www.securityweek.com/cleo-patches-exploited-flaw-as-security-firms-detail-malware-pushed-in-attacks/
        https://www.helpnetsecurity.com/2024/12/12/cleo-patches-zero-day-exploited-by-ransomware-gang/
      • 300,000+ Prometheus Servers And Exporters Exposed To DoS Attacks
        "In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys."
        https://www.aquasec.com/blog/300000-prometheus-servers-and-exporters-exposed-to-dos-attacks/
        https://www.darkreading.com/cloud-security/336k-prometheus-instances-exposed-dos-repojacking
        https://thehackernews.com/2024/12/296000-prometheus-instances-exposed.html
      • Security Flaws In WordPress Woffice Theme Prompts Urgent Update
        "Two significant security vulnerabilities in the popular Woffice WordPress theme that could allow attackers to gain unauthorized control or access have been patched. The Woffice theme, a premium product developed by Xtendify with over 15,000 sales, provides team and project management functionality for WordPress."
        https://www.infosecurity-magazine.com/news/security-flaws-wordpress-woffice/
      • Unauthorized Access To iCloud: Analyzing An iOS Vulnerability That Could Expose Sensitive Data To Attackers
        "Jamf Threat Labs has discovered a bypass vulnerability in the Transparency, Consent and Control (TCC) subsystem in iOS that fails to notify users when another application tries to access sensitive information such as photos, GPS location, contacts and more. Read on to learn more about our findings."
        https://www.jamf.com/blog/tcc-bypass-steals-data-from-icloud/
        https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

      Malware

      • Declawing PUMAKIT
        "UMAKIT is a sophisticated piece of malware, initially uncovered during routine threat hunting on VirusTotal and named after developer-embedded strings found within its binary. Its multi-stage architecture consists of a dropper (cron), two memory-resident executables (/memfd:tgt and /memfd:tgt), an LKM rootkit module and a shared object (SO) userland rootkit."
        https://www.elastic.co/security-labs/declawing-pumakit
        https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/
      • Lookout Discovers Two Russian Android Spyware Families From Gamaredon APT
        "Researchers at the Lookout Threat Lab have discovered two Android surveillance families dubbed BoneSpy and PlainGnome. They are both attributed to Russia-aligned cyber espionage threat group Gamaredon (aka Primitive Bear, Shuckworm). This group was identified as a component of the Russian Federal Security Service (FSB) by the Security Service of Ukraine (SSU) in 2021. These are the first known mobile families to be attributed to Gamaredon."
        https://www.lookout.com/threat-intelligence/article/gamaredon-russian-android-surveillanceware
        https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html
        https://www.infosecurity-magazine.com/news/lookout-new-spyware-russia-china/
      • A New Android Banking Trojan Masquerades As Utility And Banking Apps In India
        "Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile Research Team discovered a new Android banking trojan targeting Indian users. This malware disguises itself as essential services, such as utility (e.g., gas or electricity) or banking apps, to get sensitive information from users. These types of services are vital for daily life, making it easier to lure users. We have previously observed malware that masquerades as utility services in Japan."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-android-banking-trojan-masquerades-as-utility-and-banking-apps-in-india/
      • Careto Is Back: What’s New After 10 Years Of Silence?
        "During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, our researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. You can watch the recording of this presentation here:"
        https://securelist.com/careto-is-back/114942/
      • Hacktivist Alliances Target France Amidst Political Crisis
        "On December 6, 2024, Cyble Research & Intelligence Labs (CRIL) observed that the hacktivist alliance known as the “Holy League” on their Telegram channel declared cyberattacks against France. According to the alliance, these operations were executed in retaliation to France’s continued support of Ukraine and Israel. Prominent members of the alliance, including the pro-Russian group NoName057(16), the pro-Islamic threat actor Mr. Hamza, and the pro-Palestinian collective Anonymous Guys, amplified the announcement across their platforms."
        https://cyble.com/blog/hacktivist-alliances-target-france/

      Breaches/Hacks/Leaks

      • Bitcoin ATM Firm Byte Federal Hacked Via GitLab Flaw, 58K Users Exposed
        "US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. Byte Federal is the largest US operator of Bitcoin ATMs across the United States, with over 1,200 ATMs located in forty-two states, allowing people to exchange cash for cryptocurrency. The company is now sending out data breach notifications warning that it suffered a data breach in November after hackers gained access to its systems by exploiting a GitLab vulnerability."
        https://www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/
        https://securityaffairs.com/171941/data-breach/us-bitcoin-atm-operator-byte-federal-suffered-a-data-breach.html
      • Japanese Publisher Paid BlackSuit $3 Million, But BlackSuit Leaked Their Data Anyway – Reports
        "Kyodo News reports that Japanese publishing firm Kadokawa Corporation paid Black Suit $2.98 million in cryptocurrency after a ransomware attack in June. But looking at BlackSuit’s leak site, it appears BlackSuit leaked their data anyway."
        https://databreaches.net/2024/12/12/japanese-publisher-paid-blacksuit-3-million-but-blacksuit-leaked-their-data-anyway-reports/

      General News

      • Trend Report On Malicious Apps And Distribution Tools
        "As the number of smartphones equipped with Android OS increases, various apps are being released for user convenience. Most released apps are created using traditional app development methods, but for those who find app development difficult, various tools are being released to assist in implementing UI and functions."
        https://asec.ahnlab.com/en/85089/
      • Shaping Effective AI Governance Is About Balancing Innovation With Humanity
        "In this Help Net Security interview, Ben de Bont, CISO at ServiceNow, discusses AI governance, focusing on how to foster innovation while ensuring responsible oversight. He emphasizes the need for collaboration between technologists, policymakers, and ethicists to create ethical and effective frameworks."
        https://www.helpnetsecurity.com/2024/12/12/ben-de-bont-servicenow-ai-governance/
      • US Offers $5 Million For Info On North Korean IT Worker Farms
        "The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. The two companies, Chinese-based Yanbian Silverstar and Volasys Silverstar from Russia, tricked businesses worldwide into employing North Korean staff as freelance IT workers."
        https://www.bleepingcomputer.com/news/security/us-offers-5-million-for-info-on-north-korean-it-worker-farms/
        https://rewardsforjustice.net/rewards/yanbian-silverstar-and-volasys-silverstar/
        https://therecord.media/doj-indicts-14-north-koreans-earning-88-million-at-us-firms
        https://www.bankinfosecurity.com/us-indicts-14-north-koreans-in-scam-funding-wmd-programs-a-27047
        https://cyberscoop.com/court-indicts-14-north-korean-it-workers-tied-to-88-million-in-illicit-gains/
        https://www.securityweek.com/fake-it-workers-funneled-millions-to-north-korea-doj-says/
        https://www.theregister.com/2024/12/13/doj_dpkr_fake_tech_worker_indictment/
      • Police Shuts Down Rydox Cybercrime Market, Arrests 3 Admins
        "Albanian law enforcement has seized the Rydox cybercrime marketplace and arrested three administrators in collaboration with international partners. Kosovo nationals Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli were arrested on Thursday by Kosovo law enforcement and Albania's Special Anti-Corruption Body (SPAK). The U.S. Justice Department indicted the first two for involvement in Rydox's operations, and they're awaiting extradition to the United States."
        https://www.bleepingcomputer.com/news/security/police-shuts-down-rydox-cybercrime-market-arrests-3-admins/
        https://cyberscoop.com/rydox-cybercriminal-marketplace-seized-doj-albania-kosovo/
      • Spain Busts Voice Phishing Ring For Defrauding 10,000 Bank Customers
        "The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. Thirty-five of the arrested people were located across Spain, including in Madrid, Barcelona, Mallorca, Salamanca, and Vigo, and another 48 were arrested in Peru. The leader of the ring was also apprehended in Spain during the 29 simultaneous raids conducted by the cooperating police forces, which also seized cash, mobile phones, computers, and documents."
        https://www.bleepingcomputer.com/news/security/spain-busts-voice-phishing-ring-for-defrauding-10-000-bank-customers/
      • The Evolution And Abuse Of Proxy Networks
        "As long as we've had the internet, users have tried to obfuscate how and what they are connecting to. In some cases, this is to work around restrictions put in place by governments or a desire to access content that is not otherwise available in a given region. This is why technologies like VPNs and The Onion Router (TOR) become popular: They allow users to easily access content without exposing their IP address or location. These technologies are intended to protect users and information and have done a good job of doing so. However, adversaries have taken notice and are using proxy networks for malicious activities."
        https://blog.talosintelligence.com/the-evolution-and-abuse-of-proxy-networks/
      • Cultivating a Hacker Mindset In Cybersecurity Defense
        "In the past, security professionals were true hackers at heart — passionate individuals who made money doing what they loved: breaking systems, pushing boundaries, and constantly learning. They grew their skills out of sheer curiosity and dedication."
        https://www.darkreading.com/cyberattacks-data-breaches/cultivating-hacker-mindset-cybersecurity-defense
      • Professions That Are The Most Exposed To Cybersecurity Threats
        "Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how to stay safe and reduce risks in a digital-first world."
        https://hackread.com/professions-most-exposed-to-cybersecurity-threats/
      • We Must Adjust Expectations For The CISO Role
        "Cybersecurity has become one of the most high-stakes facets of business operations in the past few years. The chief information security officer (CISO) role, once a back-office function primarily focused on technical oversight, has moved squarely into the executive spotlight."
        https://www.helpnetsecurity.com/2024/12/12/ciso-role-expectations/
      • Three-Quarters Of Security Leaders Admit Gaps In Hardware Knowledge
        "Most global organizations fail to consult IT security during hardware procurement, and even if they do, over three-quarters (79%) of IT and security decision makers (ITSDMs) admit to major gaps in their hardware and firmware knowledge, according to HP. The tech giant’s HP Wolf Security unit polled over 6000 office workers and 800 IT and security decision makers in the US, Canada, UK, Japan, Germany and France to compile its report, Securing the Device Lifecycle: From Factory to Fingertips, and Future Redeployment."
        https://www.infosecurity-magazine.com/news/threequarters-security-leaders/
      • Security Operations In 2025 And Beyond
        "As we prepare to say goodbye to 2024, the state of security operations continues to evolve and adapt as organizations face increasingly sophisticated cyberattacks and early signs of cybercriminal adoption of AI. Current solutions often rely on siloed tools, and manual processes are proving inadequate in addressing the complexity and scale of modern threats. According to Unit 42, the time between initial compromise and data exfiltration is decreasing, and attackers are sometimes beginning to exfiltrate data in hours, not days. What does that mean for 2025?"
        https://www.paloaltonetworks.com/blog/2024/12/security-operations-in-2025-and-beyond/
      • 8 Trends Reshaping Network Security In 2025
        "As we look ahead to 2025, one thing is clear: the digital landscape is evolving quickly, and it’s creating new cybersecurity challenges for businesses globally. From the growing speed, scale and sophistication of cyberattacks to the changing nature of how we work and connect, the future of network security depends on a holistic approach that integrates advanced AI technologies and seamless user experience."
        https://www.paloaltonetworks.com/blog/2024/12/8-trends-network-security-in-2025/
      • Phishing: The Silent Precursor To Data Breaches
        "Phishing is one of the most prevalent tactics, techniques, and procedures (TTPs) in today’s cyber threat landscape. It often serves as a gateway to data breaches that can have devastating consequences for organizations and individuals alike. For instance, the Colonial Pipeline cyberattack in 2021 began with a Phishing-related compromise that led to a ransomware attack, disrupting fuel supplies across the U.S. and exposing critical infrastructure vulnerabilities. By exploiting human psychology and trust, Phishing attacks circumvent technical defenses and pave the way for large-scale cyber incidents."
        https://www.securityweek.com/phishing-the-silent-precursor-to-data-breaches/
      • The Ghost Of Christmas Past – AI’s Past, Present And Future
        "The speed at which Artificial Intelligence (AI) continues to expand is unprecedented, particularly since GenAI catapulted into the market in 2022. Today AI works at a much faster pace than human output, which is what makes this technology so appealing to leaders who are focused on streamlining operations, productivity gains and cost efficiencies. But for those who thought that AI was a more recent phenomenon, you are mistaken, cybersecurity has leveraged AI for decades, and the trend has accelerated in recent years."
        https://www.securityweek.com/the-ghost-of-christmas-past-ais-past-present-and-future/

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 1e98e09f-58d7-40bc-976b-f8ebf81037cd-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post