NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 January 2025

    Cyber Security News
    1
    1
    391
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • New HIPAA Cybersecurity Rules Pull No Punches
        "An unmitigated revamp of healthcare cybersecurity is coming in 2025, and experts warn that the compliance burden for organizations will be steep. Since 2005, healthcare organizations have been subject to Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a set of national standards designed to protect electronic protected health information (ePHI). But while threats to ePHI have risen year after year, the Security Rule has remained staid, last updated in January 2013."
        https://www.darkreading.com/vulnerabilities-threats/hipaa-security-rules-pull-no-punches

      Vulnerabilities

      • Breaking The Chain: Wiz Uncovers a Signature Verification Bypass In Nuclei, The Popular Vulnerability Scanner (CVE-2024-43405)
        "In our continuous effort to enhance cybersecurity, Wiz engineering team has identified and helped mitigate a significant vulnerability in Nuclei, a widely-used open-source security tool by ProjectDiscovery. This reflects our dedication to fortifying the entire security ecosystem, including the tools we and many others rely on. Nuclei, with over 21,000 stars on GitHub and an impressive 2.1 million downloads, has become a cornerstone in many organizations' security stacks, including our own at Wiz."
        https://www.wiz.io/blog/nuclei-signature-verification-bypass
        https://www.bleepingcomputer.com/news/security/nuclei-flaw-lets-malicious-templates-bypass-signature-verification/
        https://thehackernews.com/2025/01/researchers-uncover-nuclei.html
        https://securityaffairs.com/172692/security/nuclei-flaw-execute-malicious-code.html

      Malware

      • Malicious Npm Campaign Targets Ethereum Developers With Fake Hardhat Packages
        "Hardhat, maintained by the Nomic Foundation, is a vital tool for Ethereum developers. As a versatile development environment for Ethereum, it streamlines the creation, testing, and deployment of smart contracts and dApps. Its flexible plugin architecture allows developers to customize workflows with tools and extensions, optimizing productivity and supporting the entire Ethereum development lifecycle. A supply chain attack is currently targeting the Nomic Foundation and Hardhat platforms, two integral components of the Ethereum development ecosystem. By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, and configuration details."
        https://socket.dev/blog/malicious-npm-campaign-targets-ethereum-developers
        https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/
        https://hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/
        https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html
      • Hackers Spoof Social Security Administration To Deliver ScreenConnect Remote Access Tool
        "Cofense Intelligence has recently issued a Flash Alert regarding a Social Security Administration-spoofing campaign that delivers ConnectWise RAT. In short, an email claiming to be from the United States Social Security Administration delivered an embedded link that downloaded a ConnectWise RAT installer. This campaign is particularly notable for beginning several weeks before the 2024 United States presidential election and ramping up in frequency leading up to Election Day."
        https://cofense.com/blog/hackers-spoof-social-security-administration-to-deliver-screenconnect-remote-access-tool
      • “Can You Try a Game I Made?” Fake Game Sites Lead To Information Stealers
        "A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in beta testing a new videogame (targets can also receive a text message or an email). Often, the message comes from the “developer” themselves, as asking whether you can try a game that they personally made is a common method to lure victims. If interested, the victim will receive a download link and a password for the archive containing the promised installer. The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility."
        https://www.malwarebytes.com/blog/news/2025/01/can-you-try-a-game-i-made-fake-game-sites-lead-to-information-stealers
      • Inside FireScam : An Information Stealer With Spyware Capabilities
        "At CYFIRMA, we are dedicated to providing current insights into prevalent threats and the strategies employed by malicious entities targeting both organizations and individuals. This report explores the mechanics of FireScam, a sophisticated Android malware masquerading as a Telegram Premium app. Through in-depth analysis, we aim to shed light on its distribution methods, operational features, and the broader implications of its malicious activities. The findings highlight the malware’s capabilities and the critical need for robust security measures to counteract such threats."
        https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/
        https://www.bleepingcomputer.com/news/security/new-firescam-android-data-theft-malware-poses-as-telegram-premium-app/
        https://www.securityweek.com/firescam-android-malware-packs-infostealer-spyware-capabilities/
        https://securityaffairs.com/172656/malware/firescam-android-malware.html
        https://hackread.com/firescam-infostealer-spyware-android-fake-telegram-premium/
      • Finding Malware: Unveiling PLAYFULGHOST With Google Security Operations
        "The "Finding Malware" blog series from Managed Defense is designed to empower the Google Security Operations community to detect emerging and persistent malware threats. This post dives into the PLAYFULGHOST malware family and the detection opportunities available within the Google Security Operations (SecOps) platform. You can read the other installments to the series here. Happy hunting!"
        https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Unveiling-PLAYFULGHOST-with-Google-Security/ba-p/850676
        https://thehackernews.com/2025/01/playfulghost-delivered-via-phishing-and.html
        https://securityaffairs.com/172707/malware/playfulghost-backdoor-capabilities.html

      Breaches/Hacks/Leaks

      • No Need To Hack When It’s Leaking: Roomster Edition
        "There are leaks and then there are leaks. Hundreds of thousands of people who shared houses via Roomster might want to say a mental “Thank you” to the researcher known as @JayeLTee, who discovered a long-standing data leak and took steps to get it secured. As JayeLTee relates, he first spotted the misconfigured server in November. One of the folders contained more than 320,000 image files with personally identifiable information such as driver’s licenses, passports, state ID cards, work permits, etc. From what he could determine, more than 44 million files had been exposed since mid-2022, and possibly earlier."
        https://databreaches.net/2025/01/02/no-need-to-hack-when-its-leaking-roomster-edition/
      • French Govt Contractor Atos Denies Space Bears Ransomware Attack Claims
        "French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. Atos, which has approximately 82,000 employees and an annual revenue of around €10 billion, describes itself as Europe's leading cybersecurity, cloud, and high-performance computing company. The company is listed on the Euronext Paris stock exchange and has over 1,200 clients from 70 countries. In November, the French State offered to acquire its Advanced Computing unit for an enterprise value of €500 million and up to €625 million, including earn-outs."
        https://www.bleepingcomputer.com/news/security/french-govt-contractor-atos-denies-space-bears-ransomware-attack-claims/
        https://therecord.media/atos-dismisses-ransomware-claims
        https://www.infosecurity-magazine.com/news/atos-denies-space-bears-ransomware/
        https://www.theregister.com/2025/01/04/atos_denies_space_bears_ransomware/
      • New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
        "The Richmond University Medical Center in New York has been investigating a ransomware attack since May 2023 and it recently determined that the incident resulted in a data breach affecting more than 670,000 people. The healthcare facility, which serves residents in Staten Island, New York, suffered significant disruptions in May 2023 after being targeted in a ransomware attack. It took the organization several weeks to restore impacted services."
        https://www.securityweek.com/new-york-hospital-says-ransomware-attack-data-breach-impacts-670000/
        https://securityaffairs.com/172641/data-breach/richmond-university-medical-center-data-breach.html

      General News

      • The Modern CISO Is a Cornerstone Of Organizational Success
        "The chief information security officer (CISO) role has undergone a remarkable transformation, evolving from a purely technical position to a role that bridges business strategy, operational efficiency, and cybersecurity. Historically, CISOs focused on technical responsibilities, including managing firewalls, monitoring networks, and responding to breaches. Today, they are integral to the C-suite, contributing to decisions that align security initiatives with organizational goals."
        https://www.helpnetsecurity.com/2025/01/03/tomorrow-ciso-role-transformation/
      • Best Practices For Ensuring a Secure Browsing Environment
        "In this Help Net Security interview, Devin Ertel, CISO at Menlo Security, discusses how innovations like AI and closer collaboration between browser vendors and security providers will shape the future of browser security. The two biggest challenges businesses are patch management and configuring browser settings."
        https://www.helpnetsecurity.com/2025/01/03/devin-ertel-menlo-security-browser-security/
      • Every Minute, 4,080 Records Are Compromised In Data Breaches
        "A recent Domo report shows that the world’s internet population has reached a record high of 5.52 billion people and uncovers signs that AI may be unseating digital juggernauts as it brings in new forms of engagement. “The phenomenal acceleration of generative AI over the past two years has dominated the digital conversation, and this year’s Data Never Sleeps report shows how we’ve reached a new tipping point – AI is primed to dethrone competitive mainstays of the internet era,“ said Josh James, CEO of Domo."
        https://www.helpnetsecurity.com/2025/01/03/digital-activity-2024/
      • Bad Tenable Plugin Updates Take Down Nessus Agents Worldwide
        "Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline "for certain users on all sites." This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down."
        https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/
      • Treasury Sanctions Technology Company For Support To Malicious Cyber Group
        "Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its role in multiple computer intrusion incidents against U.S. victims. These incidents have been publicly attributed to Flax Typhoon, a Chinese malicious state-sponsored cyber group that has been active since at least 2021, often targeting organizations within U.S. critical infrastructure sectors. Chinese malicious cyber actors continue to be one of the most active and most persistent threats to U.S. national security, as highlighted in the most recent Office of the Director of National Intelligence Annual Threat Assessment. These actors continue to target U.S. government systems as part of their efforts, including the recent targeting of Treasury’s own IT infrastructure."
        https://home.treasury.gov/news/press-releases/jy2769
        https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-company-linked-to-flax-typhoon-hackers/
        https://therecord.media/us-sanctions-chinas-integrity-cyber-company-flax-typhoon
        https://www.darkreading.com/cybersecurity-operations/treasury-department-sanctions-chinese-tech-vendor
        https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html
        https://cyberscoop.com/treasury-sanctions-chinese-company-flax-typhoon/
        https://www.infosecurity-magazine.com/news/us-sanctions-chinese-firm-botnet/
        https://securityaffairs.com/172665/intelligence/us-sanctioned-chinese-cybersecurity-firm-linked-flax-typhoon.html
      • Why Small Businesses Can't Rely Solely On AI To Combat Threats
        "As cybersecurity threats continue to surge, it has become crucial for small businesses to adopt proactive strategies to ensure they are protected. While artificial intelligence (AI) is starting to provide value to security organizations, it also has enabled more sophisticated attacks, leaving too much room for hackers to slip through."
        https://www.darkreading.com/vulnerabilities-threats/why-small-businesses-cant-rely-solely-ai-combat-threats
      • Chrome Extension Compromises Highlight Software Supply Challenges
        "On Christmas Eve, developers at data detection and response firm Cyberhaven received a troubling email that seemed to come from Google, threatening to remove access to the company's Chrome extension for violation of excessive metadata. One employee clicked on the "Go To Policy" link, they were taken to Google's authorization application for adding privileges to a third-party application — in this case, a seemingly innocuous application named "Privacy Policy Extension" — and granted the software rights to see, edit, update, and publish to the Chrome Web Store."
        https://www.darkreading.com/application-security/chrome-extension-compromises-highlight-software-supply-challenges
      • Thousands Of Buggy BeyondTrust Systems Remain Exposed
        "A remarkable number of BeyondTrust instances remain connected to the Internet, despite dire warnings Chinese state-sponsored threat actors are actively exploiting a critical vulnerability in unpatched systems. The BeyondTrust bug, tracked under CVE-2024-12356, has an assigned CVSS score of 9.8 and affects Privileged Remote Access (PRA) and Remote Support (RS). It was first reported by BeyondTrust on Dec. 16, 2024. Three days later, the vulnerability was added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities list. By the end of the month, a Chinese state-sponsored hacker group had used the flaw to break into the US Department of the Treasury and steal data."
        https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed
      • Web3 Attacks Result In $2.3Bn In Cryptocurrency Losses
        "Web3 security incidents resulted in over $2.3bn worth of cryptocurrency in losses in 2024, a 31.6% increase in the value stolen compared to 2023, according to new figures from blockchain security firm Certik. These losses took place across 760 incidents, 29 less than in 2023. The average amount stolen per hack was $3.1m in 2024, a 23% increase from 2023. The crypto value stolen in 2024 is still significantly lower than the amount lost in 2021 and 2022, which was $5.2bn and $3.5bn, respectively."
        https://www.infosecurity-magazine.com/news/web3-attacks-cryptocurrency-losses/
      • Experts Look Back At 2024’s Cybersecurity News
        "The year 2024 was full of cybersecurity news. It was a year of data breaches, ransomware, the rise of quantum computing, and much more. The only constant was change. As ransomware continued to wreak havoc, according to Security Intelligence, ransomware payments reached record highs in 2024, with victims paying approximately $459.8 million in the first half of the year. The largest single ransom payment disclosed was $75 million to the Dark Angels ransomware group by an undisclosed Fortune 50 company."
        https://blog.barracuda.com/2025/01/02/experts-look-back-at-2024-cybersecurity-news
      • AI Pulse: Top AI Trends From 2024 - A Look Back
        "2024 may go down as the year AI stopped being a technological novelty and became—more consequentially—a Fact of Life. Big names like Microsoft, Salesforce, and Intuit built AI into mainstream enterprise solutions; specialized AI apps and services sprung up for everything from copywriting to data analysis; and governments, think tanks, and regulators poured effort into setting up meaningful guardrails for AI development and use. Meanwhile, bad actors made good on finding new ways to dupe, intimidate, and extort using AI tools. This special issue of AI Pulse looks back over the AI trends in 2024 and what they mean for the year ahead."
        https://www.trendmicro.com/en_us/research/25/a/top-ai-trends-from-2024-review.html
      • Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million
        "Wallet Drainer is a type of malware deployed on phishing websites that steals crypto assets by inducing users to sign malicious transactions. In 2024, such attacks caused approximately $494 million in losses, a 67% increase year-over-year. The number of victims only increased by 3.7% (reaching 332,000 addresses), and the loss per attack increased significantly, with the largest single theft amounting to $55.48M USD."
        https://drops.scamsniffer.io/scam-sniffer-2024-web3-phishing-attacks-wallet-drainers-drain-494-million/
        https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/
      • Many Researchers Are Pseudonymous. That Doesn’t Justify Ignoring Their Alerts.
        "For many years, the FTC has published guidance for businesses to Start with Security. Their advice has always included having a clear way to receive security alerts about vulnerabilities. That advice has been repeated in all updates, including their 2023 version. Why do I mention that now? Because once again, attempts to warn a company that they were exposing personally identifiable information of customers failed to be received or handled properly."
        https://databreaches.net/2025/01/05/many-researchers-are-pseudonymous-that-doesnt-justify-ignoring-their-alerts/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 949f1d70-b4b0-4a2a-9ee9-3f9bd8a334bc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post