NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 December 2024

    Cyber Security News
    1
    1
    283
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe
        "BeyondTrust has released patches for a critical-severity vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products that could be exploited to execute arbitrary commands. The flaw was discovered during an investigation into a security incident impacting some customers. BeyondTrust’s PRA provides management of privileged user accounts facilitating just-in-time secure access to enterprise environments, while RS enables authorized individuals to securely connect to remote systems and mobile devices. Tracked as CVE-2024-12356 (CVSS score of 9.8), the security defect is described as an unauthenticated command injection bug that can be exploited using crafted client requests."
        https://www.securityweek.com/beyondtrust-patches-critical-vulnerability-discovered-during-security-incident-probe/
        https://www.helpnetsecurity.com/2024/12/18/beyondtrust-fixes-critical-vulnerability-in-remote-access-support-solutions-cve-2024-12356/
      • Multiple Vulnerabilities In Google Chrome For Desktop: Update To Stay Secure
        "On December 16, 2024, the Indian Computer Emergency Response Team (CERT-In) issued a vulnerability note (CIVN-2024-0356) regarding multiple security flaws in Google Chrome for Desktop. These vulnerabilities, rated HIGH in severity, could allow remote attackers to execute malicious code or disrupt the system’s functionality through a Denial of Service (DoS) attack."
        https://cyble.com/blog/multiple-vulnerabilities-in-google-chrome-for-desktop-update-to-stay-secure/
      • CISA Adds Four Known Exploited Vulnerabilities To Catalog
        "CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability
        CVE-2022-23227 NUUO NVRmini 2 Devices Missing Authentication Vulnerability
        CVE-2019-11001 Reolink Multiple IP Cameras OS Command Injection Vulnerability
        CVE-2021-40407 Reolink RLC-410W IP Camera OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-adds-four-known-exploited-vulnerabilities-catalog

      Malware

      • Malware Trends: eBPF Exploitation, Malware Configurations Stored In Unexpected Places, And Increased Use Of Custom Post-Exploitation Tools
        "An investigation into an information security incident has allowed virus analysts at Doctor Web to uncover an ongoing campaign that incorporates many modern trends employed by cybercriminals. A client approached Doctor Web after suspecting that their computer infrastructure had been compromised. While analyzing the client’s data, our virus analysts identified a number of similar cases, leading them to conclude that an active campaign was underway. It appears that the hackers' efforts are primarily concentrated in Southeast Asia."
        https://news.drweb.com/show/?i=14955&lng=en
        https://hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/
      • Effective Phishing Campaign Targeting European Companies And Institutions
        "Unit 42 researchers recently investigated a phishing campaign targeting European companies, including in Germany and the UK. Our investigation revealed that the campaign aimed to harvest account credentials and take over the victim’s Microsoft Azure cloud infrastructure. The campaign’s phishing attempts peaked in June 2024, with fake forms created using the HubSpot Free Form Builder service. Our telemetry indicates the threat actor successfully targeted roughly 20,000 users across various European companies."
        https://unit42.paloaltonetworks.com/european-phishing-campaign/
        https://www.bleepingcomputer.com/news/security/hubspot-phishing-targets-20-000-microsoft-azure-accounts/
        https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
        https://www.darkreading.com/cloud-security/manufacturing-orgs-azure-creds-hubspot-phishing-attack
        https://www.helpnetsecurity.com/2024/12/18/european-companies-docusign-themed-phishing-owa-microsoft-azure/
      • A New Playground: Malicious Campaigns Proliferate From VSCode To Npm
        "ReversingLabs researchers have been monitoring multiple public repositories over the past few years. Recently, our team has expanded its threat hunting efforts to VSCode Marketplace — and the researchers started to see an increasing amount of malicious activity. In the past, RL researchers have observed how easy and quickly it is for supply chain attacks to proliferate from the npm community to VSCode Marketplace. Using npm packages, threat actors can get malicious code into VSCode IDE as well, which is often overlooked as a potential source of compromise."
        https://www.reversinglabs.com/blog/a-new-playground-malicious-campaigns-proliferate-from-vscode-to-npm
        https://www.bleepingcomputer.com/news/security/malicious-microsoft-vscode-extensions-target-devs-crypto-community/
        https://www.infosecurity-magazine.com/news/threat-actors-exploit-vscode/
      • AI-Generated Malvertising “white Pages” Are Fooling Detection Engines
        "This is no secret, online criminals are leveraging artificial intelligence (AI) and large language models (LLMs) in their malicious schemes. While AI tends to be abused to trick people (i.e. deepfakes) in order to gain something, sometimes, it is meant to defeat computer security programs. With AI, this process has just become easier and we are seeing more and more cases of fake content produced for deception purposes. In the criminal underground, web pages or sites that are meant to be decoys are sometimes called “white pages,” as opposed to the “black pages” (malicious landing pages)."
        https://www.malwarebytes.com/blog/news/2024/12/ai-generated-malvertising-white-pages-are-fooling-detection-engines
      • Spyware Distributed Through Amazon Appstore
        "As smartphones have become an integral part of our daily lives, malicious apps have grown increasingly deceptive and sophisticated. Recently, we uncovered a seemingly harmless app called “BMI CalculationVsn” on the Amazon App Store, which is secretly stealing the package name of installed apps and incoming SMS messages under the guise of a simple health tool. McAfee reported the discovered app to Amazon, which took prompt action, and the app is no longer available on Amazon Appstore."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyware-distributed-through-amazon-appstore/
        https://therecord.media/a-lightweight-app-comes-with-some-heavy-consequences-mcafee
      • Analysis Of Cyber Anarchy Squad Attacks Targeting Russian And Belarusian Organizations
        "C.A.S (Cyber Anarchy Squad) is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group’s attacks exploit vulnerabilities in publicly available services and make extensive use of free tools. Our latest investigation unearthed new activity by the group, explored the attack stages, and analyzed the tools and malware used. In addition, we discovered links between C.A.S and other hacktivist groups, such as the Ukrainian Cyber Alliance and DARKSTAR."
        https://securelist.com/cyber-anarchy-squad-attacks-with-uncommon-trojans/114990/

      Breaches/Hacks/Leaks

      • Regional Care Data Breach Impacts 225,000 People
        "Nebraska-based healthcare insurance firm Regional Care has disclosed a data breach impacting more than 225,000 individuals. The third-party insurance administrator is informing impacted individuals that their personal and medical information may have been compromised as a result of an incident identified in mid-September 2024. Regional Care discovered at the time that there had been some unusual activity on an account in its network. The compromised account was immediately shut down."
        https://www.securityweek.com/regional-care-data-breach-impacts-225000-people/

      General News

      • CISO Accountability: Navigating a Landscape Of Responsibility
        "What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing cybersecurity operations enterprise-wide is not feasible for just one person."
        https://www.helpnetsecurity.com/2024/12/18/ciso-accountability/
      • Key Steps To Scaling Automated Compliance While Maintaining Security
        "In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-party contracts. From leveraging automation and AI-driven tools to streamline vendor onboarding to practical strategies for updating thousands of contracts with evolving privacy requirements, this interview explores actionable solutions for organizations aiming to build scalable compliance frameworks."
        https://www.helpnetsecurity.com/2024/12/18/vivek-agarwal-meta-vendor-risk/
      • Consumers Wrongly Attribute All Data Breaches To Cybercriminals
        "Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the role they may play in cyber incidents. The research reveals that consumers are unaware of the impact of insider threats, and instead assume bad actors are to blame for most attacks."
        https://www.helpnetsecurity.com/2024/12/18/data-breach-consumers-trust/
      • CISA Releases Best Practice Guidance For Mobile Communications
        "Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing “highly targeted” individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors."
        https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
        https://www.cisa.gov/resources-tools/resources/mobile-communications-best-practice-guidance
        https://www.bleepingcomputer.com/news/security/cisa-urges-switch-to-signal-like-encrypted-messaging-apps-after-telecom-hacks/
        https://therecord.media/cisa-urges-senior-officials-to-lock-down-devices-salt-typhoon
        https://www.bankinfosecurity.com/us-cisa-endorses-encrypted-apps-amid-chinese-telecom-hack-a-27097
        https://cyberscoop.com/cisa-mobile-security-best-practices-salt-typhoon/
      • Raccoon Stealer Malware Operator Gets 5 Years In Prison After Guilty Plea
        "Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. According to unsealed court documents, Sokolovsky (also known as raccoon-stealer, Photix, and black21jack77777) and his conspirators rented the malware to other threat actors under a MaaS (malware-as-a-service) model for $75 per week or $200 monthly."
        https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/
        https://www.bankinfosecurity.com/key-raccoon-figure-receives-60-month-us-prison-sentence-a-27096
      • The Importance Of Empowering CFOs Against Cyber Threats
        "Cybersecurity has spurred many changes in the past five years, from the technology and tools needed to protect an organization from cyberattackers to the skill sets required by IT professionals. The consistent and ongoing ripple effect has also influenced organizational roles and responsibilities. Arguably, one of the most dramatic shifts has been the role of the chief financial officer (CFO)."
        https://www.darkreading.com/vulnerabilities-threats/empowering-cfos-against-cyber-threats
      • Interpol Replaces Dehumanizing "Pig Butchering" Term With "Romance Baiting"
        "Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. The term "pig butchering" comes from how scammers perform social engineering scams where the victims are described as "pigs" to be "fattened" up before they are slaughtered. These social engineering scams involve targeting people on social media to build trust by engaging in long-term communication and establishing a fabricated friendship or romantic partnership."
        https://www.bleepingcomputer.com/news/security/interpol-replaces-dehumanizing-pig-butchering-term-with-romance-baiting/
        https://www.darkreading.com/cyberattacks-data-breaches/interpol-time-drop-term-pig-butchering
        https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html
        https://www.theregister.com/2024/12/17/interpol_stop_saying_pig_butchering/
      • Biggest Crypto Scam Tactics In 2024 And How To Avoid Them
        "Stay alert to crypto scams with our guide to 2024’s top threats, including phishing, malware, Ponzi schemes, and fake wallets. Learn how to protect your assets today! With the increasing adoption and user base of cryptocurrencies and crypto markets also comes a growing number of scammers and frauds. There are many ways in which conmen and hackers can exploit your trust, data, and wallets. To help you prevent any threat to your privacy and finances, we have looked into the most widely used crypto scam tactics of 2024."
        https://hackread.com/biggest-crypto-scam-tactics-in-2024-avoid-them/
      • Phishing Attacks Double In 2024
        "A sharp increase in phishing attacks, including a 202% rise in overall phishing messages in the second half of 2024, has been identified by cybersecurity experts. According to SlashNext’s 2024 Phishing Intelligence Report, a substantial 703% surge in credential phishing attacks was also observed in the same period. Key findings from the study reveal that users encounter an average of one advanced phishing attack per mailbox every week. Mobile users face up to 600 threats annually, underscoring a shift away from email-only phishing to multichannel approaches."
        https://www.infosecurity-magazine.com/news/2024-phishing-attacks-double/
      • Cybersecurity Trends On The Horizon Across APAC For 2025 And Beyond
        "As we look ahead to 2025, businesses across Asia Pacific (APAC) are expected to accelerate their adoption of artificial intelligence (AI) in cybersecurity, using it as a critical tool to combat evolving AI-powered threats. With 43% of security professionals predicting that these sophisticated threats will increasingly evade traditional detection methods, organizations are poised to leverage AI-driven strategies to proactively mitigate risks. At the same time, there is a growing push to secure AI systems themselves, evidenced by initiatives like Singapore’s recent AI security guidelines – trends that are likely to shape cybersecurity practices across the region in the coming year."
        https://www.paloaltonetworks.com/blog/2024/12/cybersecurity-trends-across-apac-2025/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c9cd19a2-182d-4ffa-b657-2d335ba86aa6-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post