NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 January 2025

    Cyber Security News
    1
    1
    274
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Sara: Open-Source RouterOS Security Inspector
        "Sara is an open-source tool designed to analyze RouterOS configurations and identify security vulnerabilities on MikroTik hardware. Sara’s main feature is using regular expressions as the primary analysis mechanism. This allows you to quickly and accurately process RouterOS configuration text files, making the tool powerful and easy to use."
        https://www.helpnetsecurity.com/2025/01/09/sara-open-source-routeros-security-inspector/
        https://github.com/casterbyte/Sara

      Vulnerabilities

      • Major Vulnerabilities Patched In SonicWall, Palo Alto Expedition, And Aviatrix Controllers
        "Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system," the company said in an advisory. "These files include information such as usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software.""
        https://thehackernews.com/2025/01/major-vulnerabilities-patched-in.html
        https://security.paloaltonetworks.com/PAN-SA-2025-0001
        https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
        https://www.securityweek.com/palo-alto-networks-patches-high-severity-vulnerability-in-retired-migration-tool/

      Malware

      • Ivanti Connect Secure VPN Targeted In New Zero-Day Exploitation
        "On Wednesday, Jan. 8, 2025, Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. Mandiant has identified zero-day exploitation of CVE-2025-0282 in the wild beginning mid-December 2024. CVE-2025-0282 is an unauthenticated stack-based buffer overflow. Successful exploitation could result in unauthenticated remote code execution, leading to potential downstream compromise of a victim network."
        https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day
        https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/
        https://therecord.media/china-espionage-ivanti-vulnerabilities-mandiant
        https://cyberscoop.com/ivanti-vpn-vulnerabilities-zero-day-exploit-china-cisa/
        https://www.securityweek.com/exploitation-of-new-ivanti-vpn-zero-day-linked-to-chinese-cyberspies/
        https://www.helpnetsecurity.com/2025/01/09/ivanti-cve-2025-0282-zero-day-attacks-indicators-of-compromise/
        https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/
      • Information Stealer Masquerades As LDAPNightmare (CVE-2024-49113) PoC Exploit
        "In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities were deemed as highly significant due to the widespread use of LDAP in Windows environments:"
        https://www.trendmicro.com/en_us/research/25/a/information-stealer-masquerades-as-ldapnightmare-poc-exploit.html
        https://www.theregister.com/2025/01/09/security_pros_baited_by_fake/
      • Recruitment Phishing Scam Imitates CrowdStrike Hiring Process
        "On January 7, 2025, CrowdStrike identified a phishing campaign exploiting its recruitment branding to deliver malware disguised as an "employee CRM application." The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website. Victims are prompted to download and run a fake application, which serves as a downloader for the cryptominer XMRig."
        https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/
        https://www.bleepingcomputer.com/news/security/fake-crowdstrike-job-offer-emails-target-devs-with-crypto-miners/
      • Cracking The Code: How Banshee Stealer Targets MacOS Users
        "As macOS continues to gain popularity, with over 100 million users globally, it’s becoming an increasingly attractive target for cyber criminals. Despite its reputation as a secure operating system, the rise of sophisticated threats like the Banshee MacOS Stealer highlights the importance of vigilance and proactive cyber security measures. Check Point Research (CPR) has been monitoring this emerging malware, which targets macOS users. Here’s what businesses and users need to know."
        https://blog.checkpoint.com/research/cracking-the-code-how-banshee-stealer-targets-macos-users/
        https://thehackernews.com/2025/01/new-banshee-stealer-variant-bypasses.html
        https://www.bleepingcomputer.com/news/security/banshee-stealer-evades-detection-using-apple-xprotect-encryption-algo/
        https://www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs
        https://www.helpnetsecurity.com/2025/01/09/banshee-stealer-variant-targets-russian-speaking-macos-users/
      • Space Bears Ransomware: What You Need To Know
        "Space Bear is a relatively new ransomware group that first appeared on the radar in April 2024. The gang, which is aligned to the Phobos ransomware-as-a-service group, steals sensitive data from organisations, encrypts victims' computer systems, and demands that a ransom be paid for a decryption key or the data will be published on the dark web."
        https://www.tripwire.com/state-of-security/space-bears-ransomware-what-you-need-know
      • GroupGreeting e-Card Site Attacked In “zqxq” Campaign
        "Malwarebytes recently uncovered a widespread cyberattack—referred to here as the “zqxq” campaign as it closely mirrors NDSW/NDSX-style malware behavior—that compromised GroupGreeting[.]com, a popular platform used by major enterprises to send digital greeting cards. Upon learning of the attack, GroupGreeting quickly responded and resolved the threat."
        https://www.malwarebytes.com/blog/news/2025/01/groupgreeting-e-card-site-attacked-inzqxq-campaign

      Breaches/Hacks/Leaks

      • Largest US Addiction Treatment Provider Notifies Patients Of Data Breach
        "BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. The Texas-based organization provides medication-assisted treatment (MAT) services targeting both substance use and mental health disorders to more than 75,000 patients daily in over 400 service sites across 35 U.S. states and three Canadian provinces."
        https://www.bleepingcomputer.com/news/security/largest-us-addiction-treatment-provider-notifies-patients-of-data-breach/
      • US Treasury Hack Linked To Silk Typhoon Chinese State Hackers
        "Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. Last month, BleepingComputer reported that the Treasury disclosed a significant cybersecurity incident. The attackers used a stolen Remote Support SaaS API key to compromise a BeyondTrust instance used by the Treasury, allowing them to breach the department's network. The threat actors also hacked the Treasury's Office of Financial Research, but the impact of this breach is still being assessed. However, there was no evidence that the Chinese hackers maintained access to the Treasury systems after the compromised BeyondTrust instance was shut down. CISA also said on Monday that the Treasury Department breach did not impact other federal agencies."
        https://www.bleepingcomputer.com/news/security/us-treasury-hack-linked-to-silk-typhoon-chinese-state-hackers/
        https://www.darkreading.com/cyberattacks-data-breaches/hacking-group-silk-typhoon-linked-us-treasury-breach
      • Excelsior Orthopaedics Data Breach Impacts 357,000 People
        "Excelsior Orthopaedics is notifying approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024. Operating several clinics in Amherst, New York, including the Buffalo Surgery Center and Northtowns Orthopaedics, Excelsior Orthopaedics is a healthcare company that specializes in orthopaedical treatment care. In June 2024, Excelsior fell victim to a “data security incident” that was initially believed to have resulted in the information of current and former employees being compromised."
        https://www.securityweek.com/excelsior-orthopaedics-data-breach-impacts-357000-people/
      • Hackers Claim To Breach Russian State Agency Managing Property, Land Records
        "A group of hackers with unknown ties has claimed responsibility for breaching a Russian government agency, Rosreestr, which is responsible for managing property and land records. The group, which calls itself Silent Crow, created a Telegram channel in December to announce the breach, and Rosreestr is the only incident it has posted about. As evidence of the hack, the group publicly released a portion of a database containing names, dates of birth, addresses, phone numbers, email addresses and individual insurance account numbers of Russian citizens."
        https://therecord.media/hackers-claim-to-breach-russian-state-agency-land-records
      • Some Winston-Salem City Services Knocked Offline By Cyberattack
        "Winston-Salem, North Carolina, residents are not able to pay their utility bills online after a post-Christmas cyberattack knocked the city’s systems offline. City officials initially announced a cyberattack on December 30, telling residents that they discovered issues with their digital platforms one day after Christmas. “We are working diligently to investigate the source of the event with state and local agencies to confirm any impact to city systems and restore full functionality as quickly and securely as possible,” the city said. The message was still appearing Thursday as a banner on the city website."
        https://therecord.media/winston-salem-north-carolina-services-offline-cyberattack

      General News

      • December 2024 Threat Trend Report On APT Attacks (South Korea)
        "AhnLab has been using AhnLab Smart Defense (ASD) to monitor advanced persistent threat (APT) attacks against targets in Korea. This report will cover the types and statistics of APT attacks in Korea during December 2024 as well as features of each type."
        https://asec.ahnlab.com/en/85607/
      • December 2024 Threat Trend Report On Ransomware
        "This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in November 2024, as well as major Korean and international ransomware issues worth noting. Below are the summarized details."
        https://asec.ahnlab.com/en/85604/
      • Statistical Report On Malware Threat In Q4 2024
        "AhnLab SEcurity intelligence Center (ASEC) uses the automatic analysis system RAPIT to categorize and respond to malware collected through a variety of routes. This report categorizes and shares statistics on known malware among the ones collected during Q4 2024. This report categorizes malware by type and provides detailed statistics on the proportion of specific malware for each type. Moreover, it explains the distribution method of each malware and gives a summary of their features. However, CoinMiner and Banking malware are excluded from the statistics in this quarter due to their low numbers."
        https://asec.ahnlab.com/en/85605/
      • GitLab CISO On Proactive Monitoring And Metrics For DevSecOps Success
        "In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration, and using metrics to track DevSecOps success."
        https://www.helpnetsecurity.com/2025/01/09/josh-lemos-gitlab-devsecops-success/
      • Cybersecurity In 2025: Global Conflict, Grown-Up AI, And The Wisdom Of The Crowd
        "As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of individual organizations. Cyberattacks of all kinds have long been a feature of international conflict. These have been perpetrated by a wide range of parties, some directly controlled and commanded by national governments and some loosely affiliated. Understanding threat actors to counter these attacks is likely to become more difficult."
        https://www.helpnetsecurity.com/2025/01/09/2025-cybersecurity-community/
      • The Ongoing Evolution Of The CIS Critical Security Controls
        "For decades, the CIS Critical Security Controls (CIS Controls) have simplified enterprises’ efforts to strengthen their cybersecurity posture by prescribing prioritized security measures for defending against common cyber threats. In this article, we’ll review the story of the CIS Controls before taking a closer look at the current version."
        https://www.helpnetsecurity.com/2025/01/09/cis-security-controls-v8-1/
      • SOC Scalability: How AI Supports Growth Without Overloading Analysts
        "Scaling up a security operations center (SOC) is inevitable for many organizations. Although it might sting, keeping pace with business growth, increased threat volume and complexity, or compliance and regulatory demands requires enhancing and expanding SOC capabilities. Traditionally, SOC scaling efforts have translated to increased burdens on already-overworked analysts. However, the transformative potential of Artificial Intelligence (AI) is poised to reshape this trajectory."
        https://securityaffairs.com/172831/security/scaling-up-a-security-operations-center-soc.html
      • From Silos To Synergy: Transforming Threat Intelligence Sharing In 2025
        "As we look ahead to the New Year and think about what we are going to prioritize from a security and threat intelligence perspective, it struck me that it is the same problem of old with which we are challenged: collaborating and communicating more effectively to share vital intelligence in the face of ever-growing threats and adversaries."
        https://www.securityweek.com/from-silos-to-synergy-transforming-threat-intelligence-sharing-in-2025/
      • Understanding The Importance Of OSINT In Modern Research
        "As the world steadily moves toward digitalization, the global volume of digital data is increasing at an explosive rate. In 2024, the international data volume reached 149 zettabytes, with projections indicating a surge to 181 zettabytes by 2025. Nearly 90% of this data was generated within the past two years, with unstructured data comprising 80% of the total volume. Digitization opens numerous opportunities for businesses to increase productivity, enhance business efficiency, cut operational costs, and speed up access to information. A large volume of this data belongs to people, such as data on social media platforms and government public records. Knowing how to use public data becomes very important to support different intelligence needs in the private and public sectors."
        https://blog.barracuda.com/2025/01/09/understanding-osint-modern-research
      • 2024 By The Numbers
        "The threat landscape is always churning, with new threats emerging while others disappear or fade to irrelevance. Consider ALPHV, a ransomware-as-a-service (RaaS) group that provided the infrastructure, tools, and administrative services to the individual hacker who ransomed $22 million from Change Healthcare in February 2024. ALPHV apparently didn't want to share the ransom with the threat actor who carried out the attack. The group drained their cryptocurrency accounts and disbanded, and disappeared into one of the 33 new or rebranded ransomware groups that emerged in 2024. These 33 groups and the 40+ existing active groups appear to represent a 30% increase in ransomware threat actors. Some groups remained intact but turned their attention away from ransomware."
        https://blog.barracuda.com/2025/01/09/2024-by-the-numbers

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 8e21fe2a-8b48-4f1b-81ed-96d20b772bfa-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post