NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 January 2025

    Cyber Security News
    1
    1
    395
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Vulnerable Moxa Devices Expose Industrial Networks To Attacks
        "Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution."
        https://www.bleepingcomputer.com/news/security/vulnerable-moxa-devices-expose-industrial-networks-to-attacks/
        https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
        https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/

      Vulnerabilities

      • MediaTek Rings In The New Year With a Parade Of Chipset Vulns
        "MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. The fabless semiconductor biz gave the RCE a "critical" severity assessment but didn't provide a specific rating after running it through the CVSS frameworks, so it could be anywhere between nine and ten."
        https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/
        https://corp.mediatek.com/product-security-bulletin/January-2025

      Malware

      • EAGERBEE, With Updated And Novel Components, Targets The Middle East
        "In our recent investigation into the EAGERBEE backdoor, we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation. These enabled a range of malicious activities such as deploying additional payloads, exploring file systems, executing command shells and more."
        https://securelist.com/eagerbee-backdoor/115175/
        https://www.bleepingcomputer.com/news/security/eagerbee-backdoor-deployed-against-middle-eastern-govt-orgs-isps/
        https://www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets
      • Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites Into Phishing Traps
        "One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripe’s payment process."
        https://slashnext.com/blog/phishwp-turns-sites-into-phishing-traps/
        https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/
        https://www.infosecurity-magazine.com/news/phishwp-plugin-enables-payment/

      Breaches/Hacks/Leaks

      • CISA Says Recent Government Hack Limited To US Treasury
        "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. "At this time, there is no indication that any other federal agencies have been impacted by this incident," CISA said. "CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.""
        https://www.bleepingcomputer.com/news/security/cisa-says-recent-government-hack-limited-to-us-treasury/
        https://content.govdelivery.com/accounts/USDHSCISA/bulletins/3cafdc4
        https://therecord.media/cisa-treasury-only-agency-affected-recent-china-breach
        https://www.bankinfosecurity.com/cisa-investigates-chinese-hacking-treasury-department-a-27227
      • Chinese Hackers Also Breached Charter And Windstream Networks
        "More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. This comes after AT&T, Verizon, and Lumen confirmed on December 30 that they have evicted the hackers from their networks. After breaching their networks, the Salt Typhoon hackers gained access to targeted individuals' text messages, voicemails, and phone calls, as well as wiretap information of those investigated by U.S. law enforcement."
        https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/
        https://www.darkreading.com/cyberattacks-data-breaches/china-salt-typhoon-charter-windstream-telecom-victims
        https://www.bankinfosecurity.com/chinas-hacking-us-telecoms-officials-name-more-victims-a-27222
        https://securityaffairs.com/172724/intelligence/china-linked-salt-typhoon-breached-multiple-us.html
        https://www.theregister.com/2025/01/06/charter_consolidated_windstream_salt_typhoon/
        https://www.theregister.com/2025/01/06/opinion_column_cybersec/
      • School Districts In Maine, Tennessee Respond To Holiday Cyberattacks
        "At least two U.S. school districts suffered from cyberattacks over the Christmas and New Years holidays, continuing an annual trend of hackers targeting K-12 schools and colleges during periods when IT staffing is at its lowest. South Portland Public Schools in Maine said it was forced to take its network down on Sunday after a cyberattack was discovered over the weekend. Andrew Wallace, director of technology at the South Portland School Department, sent a letter to parents on Monday explaining that officials took the network down in an effort to protect student data and other information that was at risk."
        https://therecord.media/school-cyberattacks-holidays-maine-tennessee
      • Hackers Reportedly Compromise Argentina’s Airport Security Payroll System
        "Argentina’s airport security police (PSA) have fallen victim to a cyberattack that reportedly compromised the personal and financial data of its officers and civilian personnel. The unknown threat actor gained access to PSA’s payroll records and deducted small amounts of money from employees' salaries, local media reported on Monday, citing sources at the agency. The hackers listed these fraudulent deductions — ranging from 2,000 to 5,000 pesos ($100 to $245) — under false labels, such as “DD mayor” and “DD seguros.”"
        https://therecord.media/hackers-target-airport-security-payroll

      General News

      • Balancing Proprietary And Open-Source Tools In Cyber Threat Research
        "In this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in cybersecurity operations. Roccia provides insights into balancing internal and external research strategies, the influence of AI and geopolitical events, and how organizations can strengthen their security posture to counter threats."
        https://www.helpnetsecurity.com/2025/01/06/thomas-roccia-microsoft-threat-research/
      • Only 26% Of Europe’s Top Companies Earn a High Rating For Cybersecurity
        "With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard. The report highlights the role of SecurityScorecard’s A-to-F rating system in delivering actionable insights into cyber resilience. Companies with an A rating were found to be 13.8 times less likely to experience a breach than those with an F rating."
        https://www.helpnetsecurity.com/2025/01/06/european-companies-cybersecurity-rating/
      • Users Receive At Least One Advanced Phishing Link Every Week
        "Phishing remains one of the most significant cyber threats impacting organizations worldwide, according to SlashNext. Credential theft attacks surged dramatically in the second half of 2024 (703%), signaling a sharp escalation in the use of sophisticated phishing kits and social engineering tactics. These attack methods frequently overlap, as many credential phishing attempts incorporate malicious links as part of their strategy."
        https://www.helpnetsecurity.com/2025/01/06/phishing-cyber-threats/
      • IoT's Regulatory Reckoning Is Overdue
        "The regulatory clock is ticking on the Internet of Things (IoT). In October, European lawmakers officially adopted the Cyber Resilience Act, ushering in much-needed security thresholds for connected devices across the region. Meanwhile, United Kingdom makers are already navigating world-first device security and privacy rules, and the United States is preparing to launch its Cyber Trust Mark."
        https://www.darkreading.com/ics-ot-security/iot-regulatory-reckoning-overdue
      • Chinese Hackers Double Cyber-Attacks On Taiwan
        "Taiwanese government networks experienced a daily average of 2.4 million cyber-attacks in 2024, most of which were attributed to Chinese state-backed hackers. This represents double the daily average from 2023 which saw 1.2 million daily attacks targeting government networks, Taiwan’s National Security Bureau said in a new report. “Although many of those attacks have been effectively detected and blocked, the growing numbers of attacks pinpoint the increasingly severe nature of China’s hacking activities,” the Bureau warned."
        https://www.infosecurity-magazine.com/news/chinese-hackers-attacks-taiwan/
      • Anticipating The Cyber Frontier: Top Predictions For 2025
        "The year 2024 witnessed heightened cybersecurity activity, with security professionals and adversaries locked in a continuous game of cat and mouse. The dynamic nature of cyber threats and the ever-expanding digital attack surface have compelled organizations to refine and bolster their security architectures. Despite hopes for a respite from the relentless tide of phishing, ransomware, and credential-stuffing attacks, cybercriminals are poised to escalate their efforts in 2025, leveraging lessons learned and refining their tactics."
        https://www.securityweek.com/anticipating-the-cyber-frontier-top-predictions-for-2025/
      • Cybersecurity Teams Need More Business Acumen
        "While the divide between cybersecurity professionals and the organizations they serve has narrowed in recent years, there is clearly still plenty of room for improvement. Too many cybersecurity professionals are still struggling with conveying the level of risk to the business that any given specific threat represents. Much of that lack of communication is still attributable to the simple fact that cybersecurity professionals still don’t alway communicate in a way that business leaders can easily comprehend. There is a clear need for additional training that specifically addresses that shortcoming."
        https://blog.barracuda.com/2025/01/06/cybersecurity-teams-need-more-business-acumen

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b7fd0216-aa9a-4e7f-868e-6bf77ed66fc5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post