NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 31 December 2024

    Cyber Security News
    1
    1
    145
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • New HIPAA Rules Mandate 72-Hour Data Restoration And Annual Compliance Audits
        "The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the cybersecurity of critical infrastructure, the OCR said. The rule is designed to strengthen protections for electronic protected health information (ePHI) by updating the HIPAA Security Rule's standards to "better address ever-increasing cybersecurity threats to the healthcare sector.""
        https://thehackernews.com/2024/12/new-hipaa-rules-mandate-72-hour-data.html
        https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/factsheet/index.html

      Government/Law/Policy

      • US Issues Final Rule For Protecting Personal Data Against Foreign Adversaries
        "The US Department of Justice has issued a final rule carrying out Executive Order (EO) 14117, which addresses the risk of Americans’ bulk sensitive personal data being accessed and exploited by China, Russia, and other foreign adversaries. Also covering certain US government-related data, the final rule (PDF) and the executive order aim to prevent data brokers from providing Americans’ bulk personal information to China, Russia, North Korea, Iran, Cuba, and Venezuela, as well as to certain individuals and entities classified as ‘covered persons’."
        https://www.securityweek.com/us-issues-final-rule-for-protecting-personal-data-against-foreign-adversaries/
        https://www.justice.gov/nsd/media/1382521/dl

      New Tooling

      • ReconFTW: Open-Source Reconnaissance Automation
        "reconFTW is an open-source tool that simplifies and automates the reconnaissance process, delivering subdomain enumeration, vulnerability assessment, and gathering intelligence about a target. Using various techniques — such as passive and brute-force methods, permutations, certificate transparency analysis, source code scraping, analytics tracking, and DNS record analysis — reconFTW ensures comprehensive subdomain enumeration. This approach helps you uncover the most relevant and intriguing subdomains, giving you a competitive edge."
        https://www.helpnetsecurity.com/2024/12/30/reconftw-open-source-reconnaissance-automation/
        https://github.com/six2dez/reconftw

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-3393 Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/12/30/cisa-adds-one-known-exploited-vulnerability-catalog

      Malware

      • Palo Alto Firewalls Backdoored By Suspected Chinese Hackers
        "A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls to install custom malware backdoor for espionage. The unnamed malware backdoor is a variant of Littlelamb.Wooltea, said researchers from cybersecurity firm Northwave. The malware has been previously linked to a Chinese hacking group tracked as UNC5325. This campaign began in November shortly after Palo Alto disclosed a medium-severity privilege escalation flaw tracked as CVE-2024-9474 impacting its PAN-OS software, Northwave said. The flaw allows threat actors to run actions on the firewall with root privileges."
        https://www.bankinfosecurity.com/palo-alto-firewalls-backdoored-by-suspected-chinese-hackers-a-27182
        https://northwave-cybersecurity.com/hubfs/LITTLELAMB WOOLTEA technical writeup Schrijver and Oudenaarden.pdf
      • Catching "EC2 Grouper"- No Indicators Required!
        "Through the years of analyzing identity compromises in the cloud, we’ve seen the same attackers pop up regularly, some more frequently than others. Among the more prolific ones we’ve come to know is one we’ve dubbed “EC2 Grouper”. Over the past couple of years, we’ve seen this actor in several dozen customer environments, making them one of the more active groups we’ve tracked. This usual suspect is attributed by their penchant for using similar user agents and the same security group naming convention in their attacks."
        https://www.fortinet.com/blog/threat-research/catching-ec2-grouper-no-indicators-required
      • On The Sixth Day Of Christmas, An X Account Gave To Me: a Fake 7-Zip ACE
        "A social media user with what we assume is the inauthentic handle of @NSA_Employee39 claimed on Monday to have dropped a zero-day vulnerability for the popular, free and open-source file archive software 7-Zip. In a post on X, the user’s verified account said it would be “dropping 0days all this week” to thank his new followers, which number just over 1,400 in total. The first of these, they said, was an arbitrary code execution (ACE) vulnerability in 7-Zip — a vulnerability that would allow an attacker to run any code they wanted on the victim device — demonstrated by what the user claimed was exploit code uploaded to Pastebin."
        https://therecord.media/fake-zero-day-7Zip
        https://securityaffairs.com/172467/hacking/an-x-user-claimed-a-7-zip-zero-day-vulnerability.html

      Breaches/Hacks/Leaks

      • AT&T And Verizon Say Networks Secure After Salt Typhoon Breach
        "AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. "We have not detected threat actor activity in Verizon's network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident," Verizon's Chief Legal Officer told Reuters."
        https://www.bleepingcomputer.com/news/security/atandt-and-verizon-say-networks-secure-after-salt-typhoon-breach/
        https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/
        https://www.itnews.com.au/news/chinese-salt-typhoon-cyber-espionage-targets-att-verizon-614128
      • China Hacked Treasury Dept. In ‘Major’ Breach, U.S. Says
        "A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said on Monday. The announcement comes after revelations in recent months that China had penetrated deep into U.S. telecommunications systems, gaining access to the phone conversations and text messages of U.S. officials and others."
        https://www.nytimes.com/2024/12/30/us/politics/china-hack-treasury.html
        https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
        https://edition.cnn.com/2024/12/30/investing/china-hackers-treasury-workstations/index.html
        https://therecord.media/beijing-hackers-penetrated-treasury-systems
        https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/
        https://www.darkreading.com/cyberattacks-data-breaches/chinese-state-hackers-breach-us-treasury-department
        https://www.bankinfosecurity.com/chinese-hackers-breach-us-treasury-in-major-incident-a-27183
        https://cyberscoop.com/treasury-workstations-hacked-china-beyondtrust-identity-access-management/
        https://www.itnews.com.au/news/us-treasury-says-chinese-hackers-stole-documents-in-major-incident-614127

      General News

      • The Sixth Sense Of Cybersecurity: How AI Spots Threats Before They Strike
        "In this Help Net Security interview, Vineet Chaku, President of Reaktr.ai, discusses how AI is transforming cybersecurity, particularly in anomaly detection and threat identification. Chaku talks about the skills cybersecurity professionals need to collaborate with AI systems and address the ethical concerns surrounding deployment."
        https://www.helpnetsecurity.com/2024/12/30/vineet-chaku-reaktr-ai-ai-powered-cybersecurity/
      • Machine Identities Are The Next Big Target For Attackers
        "86% of organizations had a security incident related to their cloud native environment within the last year, according to Venafi. As a result, 53% of organizations had to delay an application launch or slow down production time; 45% suffered outages or disruption to their application service; and 30% said attackers could gain unauthorized access to data, networks and systems."
        https://www.helpnetsecurity.com/2024/12/30/machine-identities-cyberattack-target/
      • Majority Of UK SMEs Lack Cybersecurity Policy
        "More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct. The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies. This included 43% admitting that their employees are not trained on best practices and potential threats, while just 35% encourage their employees to update passwords."
        https://www.infosecurity-magazine.com/news/uk-smes-lack-cybersecurity-policy/
      • What's Next For Cybersecurity In 2025 And Beyond? Fortra Experts Weigh In
        "We are fast approaching the end of (another) turbulent year for cybersecurity. Looking back, it's hard to believe that so much can happen in such a short time. As we finish up our work for the year, head home to our families, and prepare to close the book on 2024, it's worth considering what's next. And who better than Fortra's experts to offer insights into the year to come? Keep reading for expert predictions of cybersecurity in 2025."
        https://www.tripwire.com/state-of-security/whats-next-cybersecurity-2025-and-beyond-fortra-experts-weigh
      • What Security Lessons Did We Learn In 2024?
        "From the growing sophistication of zero-day exploits to the entrenchment of nation-state and cybercriminal alliances, 2024 delivered more evidence of how quickly the threat landscape continues to evolve. The year reinforced hard truths about the persistence of attackers and the systemic challenges of defense. We look back on some of the events that defined 2024 and the tactical insights that security teams can apply to stay ahead in the ongoing battle in 2025."
        https://www.darkreading.com/cyber-risk/security-lessons-learn-2024

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) ab390ca7-2ce3-494f-947d-830081b10180-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post