NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 January 2025

    Cyber Security News
    1
    1
    300
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Security Issues In The Financial Sector In December 2024
        "This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes the analysis of malware and phishing cases distributed to the financial sector, the Top 10 malware targeting the financial sector, and statistics on the industries of leaked South Korean accounts. A case of phishing emails distributed to the financial sector is also covered in detail."
        https://asec.ahnlab.com/en/85685/

      Industrial Sector

      • Schneider Electric Harmony HMI And Pro-Face HMI Products
        "Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious code into HMI product"
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-02
      • Delta Electronics DRASimuCAD
        "Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-03-0
      • Schneider Electric PowerChute Serial Shutdown
        "Successful exploitation of this vulnerability could cause a denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-010-01

      Vulnerabilities

      • Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
        "Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code," Samsung said in an advisory for the flaw released in December 2024 as part of its monthly security updates. "The patch adds proper input validation.""
        https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html
        https://project-zero.issues.chromium.org/issues/368695689
        https://securityaffairs.com/172909/hacking/samsung-zero-click-flaw.html
      • Microsoft DRM Hacking Raises Questions On Vulnerability Disclosures
        "A research project targeting vulnerabilities in widely used content access and protection technology from Microsoft raises some questions over certain aspects of responsible disclosure. For the past several years, Adam Gowdiak, founder and CEO of AG Security Research (formerly Security Explorations) has been looking into the security of digital content, specifically video streaming platforms. Gowdiak is best known for his Java and TV/streaming platform security research."
        https://www.securityweek.com/microsoft-drm-hacking-raises-questions-on-vulnerability-disclosures/
      • Facebook Awards Researcher $100,000 For Finding Bug That Granted Internal Access
        "In October 2024, security researcher Ben Sadeghipour was analyzing Facebook’s ad platform when he found a security vulnerability that allowed him to run commands on the internal Facebook server housing that platform, essentially giving him control of the server. After he reported the vulnerability to Facebook’s owner Meta, which Sadeghipour said took just one hour to fix it, the social networking giant awarded him $100,000 in a bug bounty payout. “My assumption is that it’s something you may want to fix because it is directly inside of your infrastructure,” Sadeghipour wrote in the report he sent to Meta, he told TechCrunch. Meta responded to his report, telling Sadeghipour to “refrain from testing any further” while they fix the vulnerability."
        https://techcrunch.com/2025/01/09/facebook-awards-researcher-100000-for-finding-bug-that-granted-internal-access/
        https://securityaffairs.com/172964/hacking/researcher-earned-100000-hacking-facebook-server.html

      Malware

      • Transaction Simulation Spoofing: A New Threat In Web3
        "In a concerning development, a crypto user lost 143.45 ETH (approximately $460,895) through a sophisticated transaction simulation spoofing attack. This incident highlights a growing trend of attackers exploiting advanced features in modern Web3 wallets."
        https://drops.scamsniffer.io/transaction-simulation-spoofing-a-new-threat-in-web3/
        https://www.bleepingcomputer.com/news/security/new-web3-attack-exploits-transaction-simulations-to-steal-crypto/
      • Increase In Distribution Of AutoIt Compile Malware Via Phishing Emails
        "AhnLab SEcurity intelligence Center (ASEC) posts information about malware distributed through phishing emails on a weekly basis on the ASEC Blog under the title “Weekly Phishing Email Distribution Cases.” While the distribution of EXE files was overwhelmingly dominated by malware of the “.NET” type, the distribution of malware compiled with AutoIt has been rapidly increasing. Additionally, XLoader had the highest distribution among all the other malware, and it was also found that various other malware such as SnakeKeylogger, RedLine, AgentTesla, and RemcosRAT are being distributed."
        https://asec.ahnlab.com/en/85687/
      • Meet FunkSec: A New, Surprising Ransomware Group, Powered By AI
        "Check Point Research (CPR) has been analyzing this emerging group, which claims to heavily target the United States. Here’s what organizations need to know: The FunkSec ransomware group first emerged publicly in late 2024, and rapidly gained prominence by publishing over 85 claimed victims—more than any other ransomware group in the month of December. Presenting itself as a new Ransomware-as-a-Service (RaaS) operation, FunkSec favors double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms. FunkSec appears to have no known connections to previously identified ransomware gangs, and little information is currently available about its origins or operations."
        https://blog.checkpoint.com/research/meet-funksec-a-new-surprising-ransomware-group-powered-by-ai/
        https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/
        https://therecord.media/funksec-ransomware-using-ai-malware
        https://thehackernews.com/2025/01/ai-driven-ransomware-funksec-targets-85.html
      • Tracking Deployment Of Russian Surveillance Technologies In Central Asia And Latin America
        "Several countries in Central Asia and Latin America almost certainly base their digital surveillance capabilities on Russia’s System for Operative Investigative Activities (SORM), indicating that Russian surveillance technology has proliferated in Russia’s near abroad and among its allies. Insikt Group identified evidence of at least eight SORM providers exporting to these regions, with at least fifteen telecommunications companies as likely customers. The largest Russian SORM providers like Citadel, Norsi-Trans, and Protei, export and participate in trade expositions across Africa, Latin America, and the Middle East, highlighting efforts to further expand globally."
        https://www.recordedfuture.com/research/tracking-deployment-russian-surveillance-technologies-central-asia-latin-america
        https://go.recordedfuture.com/hubfs/reports/ta-ru-2025-0107.pdf
        https://www.darkreading.com/threat-intelligence/russia-commercial-surveillance-success-globally
      • The SBI Fake Banking App Shows That SMS Authentication Has Had Its Day
        "As a company fortunate enough to have and maintain our own pentesting team, we often do outreach with other organizations to assist with or provide our expertise in offensive security. In collaboration with the Kerala Police Cyber unit, we were able to assist with investigating a prolific scam targeting the State bank of India (SBI). SBI is the largest bank in India and one of the top 50 largest banks in the world with over half a billion customers and account holders. It presents a significant target and sadly, is not the only institution to attract this kind of attention."
        https://www.helpnetsecurity.com/2025/01/10/sms-authentication-weakness/
      • Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, And Southeast Asia With Adapted PlugX Infection Chain
        "Between July 2023 and December 2024, Insikt Group observed the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor. The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an Association of Southeast Asian Nations (ASEAN) meeting. RedDelta likely compromised the Mongolian Ministry of Defense in August 2024 and the Communist Party of Vietnam in November 2024."
        https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia
        https://go.recordedfuture.com/hubfs/reports/cta-cn-2025-0109.pdf
        https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html
      • How Cracks And Installers Bring Malware To Your Device
        "The increase of fake installers bundled with info stealers is a growing threat for users looking for pirated software. These malicious programs disguise themselves as legitimate applications, often appearing in search results or comments on platforms like GitHub. Unfortunately, many users fall prey to these tricks. The Trend Micro™ Managed XDR service frequently sees the fallout, with the Lumma stealer being a prominent example. This highlights the hidden dangers of piracy that can jeopardize personal security and data integrity."
        https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
      • HexaLocker V2: Skuld Stealer Paving The Way Prior To Encryption
        "On August 9th, the HexaLocker ransomware group announced a new Windows-based ransomware on their Telegram channel. The post highlighted that the ransomware was developed in the Go programming language and claimed that their team included members from notable groups like LAPSUS$ and others. Following this announcement, researchers from Synacktiv analyzed this ransomware variant and published their findings shortly after."
        https://cyble.com/blog/hexalocker-v2-being-proliferated-by-skuld-stealer/
      • Muddling Meerkat Linked To Domain Spoofing In Global Spam Scams
        "In its latest report, cybersecurity firm Infoblox has revealed how scammers use domain spoofing in spam campaigns, a discovery made through a collaboration between the cybersecurity and networking community on research about the Chinese Great Firewall. This research project was initially aimed at understanding the activities of a threat actor known as a Muddling Meerkat. Muddling Meerkat is known for conducting strange DNS operations involving fake Chinese Great Firewall responses. The researchers could not determine the ultimate purpose of Muddling Meerkat’s activities, but they did learn a lot about how domain spoofing is used in malspam."
        https://hackread.com/muddling-meerkat-domain-spoofing-spam-scams/
        https://insights.infoblox.com/resources-research-report/infoblox-research-report-muddling-malspam-the-use-of-spoofed-domains-in-malicious-spam
      • Phishing Texts Trick Apple iMessage Users Into Disabling Protection
        "Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. With so much of our daily activities done from our mobile devices, whether paying bills, shopping, or communicating with friends and colleagues, threat actors increasingly conduct smishing (SMS phishing) attacks against mobile numbers. To protect users from such attacks, Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number."
        https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/
      • Pro-Russia Hackers NoName057 Targets Italy Again After Zelensky’s Visit To The Country
        "Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the weekend. The new wave of attacks coincides with the visit of Ukrainian President Volodymyr Zelensky to Italy. The group claimed responsibility for the attacks on its Telegram channel, below is the message published by NoName: “Italian Prime Minister Giorgia Meloni reaffirmed Italy’s commitment to comprehensive support for Ukraine during her meeting with Volodymyr Zelensky on his visit to Rome, the Chigi Palace announced. Meloni stated that Italy would assist Ukraine in defending its interests and achieving a just and lasting peace. The talks, which lasted about an hour, aimed to strengthen Kyiv’s position."
        https://securityaffairs.com/172982/hacktivism/noname057-targets-italy.html
      • Infostealer LummaC2 Spreading Through Fake CAPTCHA Verification Page
        "AhnLab SEcurity intelligence Center (ASEC) previously introduced the DarkGate malware which spreads using the paste function in a blog post. The distribution method in this case initially involved spreading malware through HTML attachments disguised as MS Word files in phishing emails. However, LummaC2 has been recently identified as spreading through a fake CAPTCHA verification page."
        https://asec.ahnlab.com/en/85699/

      Breaches/Hacks/Leaks

      • Telefónica Confirms Internal Ticketing System Breach After Data Leak
        "Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. Telefónica is a Spanish multinational telecommunications company operating in twelve countries with over 104,000 employees. The company is the largest telecommunications firm in Spain, operating under the name Movistar. In an email to BleepingComputer today, Telefónica confirmed its ticketing system was breached and are investigating the incident."
        https://www.bleepingcomputer.com/news/security/telefonica-confirms-internal-ticketing-system-breach-after-data-leak/
      • Chinese Hackers Breached US Government Office That Assesses Foreign Investments For National Security Risks
        "Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN. The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high."
        https://edition.cnn.com/2025/01/10/politics/chinese-hackers-breach-committee-on-foreign-investment-in-the-us/index.html
        https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/
        https://www.bankinfosecurity.com/report-chinese-hackers-breached-cfius-a-27274
        https://www.theregister.com/2025/01/10/china_treasury_foreign_investment/
      • STIIIZY Data Breach Exposes Cannabis Buyers’ IDs And Purchases
        "Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. STIIIZY is a a California-based cannabis brand known for its pod-based vaporizers and a variety of cannabis products, including flower, edibles, THC concentrates, and extracts. In a data breach notification published earlier this week, STIIIZY says it first suffered a data breach on November 20 when notified by its POS vendor."
        https://www.bleepingcomputer.com/news/security/stiiizy-data-breach-exposes-cannabis-buyers-ids-and-purchases/
        https://therecord.media/marijuana-dispensary-warns-of-data-breach
        https://securityaffairs.com/172950/data-breach/marijuana-dispensary-stiiizy-data-breach.html
      • Slovakia’s Land Registry Hit By Biggest Cyberattack In Country’s History, Minister Says
        "A cyberattack that hit Slovakia’s land registry earlier this week was the biggest in the country’s history, the minister of agriculture said on Friday. The attack targeted the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agency’s systems were shut down, and its physical offices were closed on Tuesday following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom. Agriculture Minister Richard Takac said in a press conference the systems would be restored with backups. He also assured that there is no risk of changes or fraudulent transcriptions of ownership data. Takac did not provide further details about the attack, mentioning only that there were “strong indications” it originated from Ukraine."
        https://therecord.media/slovakia-registry-cyberattack-land-agriculture
        https://www.infosecurity-magazine.com/news/slovakia-hit-by-large-scale/
      • Nine Months After Discovering a Ransomware Attack, Teton Orthopaedics Notifies Patients
        "On March 25, DataBreaches entered Teton Orthopaedics’ name on a monthly worksheet this site uses for tracking breaches in the healthcare sector. The entry wasn’t based on any report by Teton Orthopaedics or media, and DataBreaches had been unable to find any notice by the provider. The entry was based on a claim by the ransomware group known as DragonForce, who claimed to have exfiltrated 19.48GB of files and to have encrypted Teton’s files."
        https://databreaches.net/2025/01/12/nine-months-after-discovering-a-ransomware-attack-teton-orthopaedics-notifies-patients/

      General News

      • CISA Releases The Cybersecurity Performance Goals Adoption Report
        "Today, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals (CPGs) benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are voluntary practices that critical infrastructure owners can take to protect themselves against cyber threats."
        https://www.cisa.gov/news-events/alerts/2025/01/10/cisa-releases-cybersecurity-performance-goals-adoption-report
        https://cisa.gov/resources-tools/resources/cybersecurity-performance-goals-adoption-report
      • Operators Of Cryptocurrency Mixers Charged With Money Laundering
        "Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov have been indicted by a federal grand jury for their involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. “Blender.io and Sinbad.io were allegedly used by criminals across the world to launder funds stolen from victims of ransomware, virtual currency thefts, and other crimes,” said U.S. Attorney Ryan K. Buchanan. “This indictment demonstrates our continued commitment to dismantling infrastructure used by cybercriminals to steal from Americans and hide their ill-gotten gains.”"
        https://www.justice.gov/usao-ndga/pr/operators-cryptocurrency-mixers-charged-money-laundering
        https://www.bleepingcomputer.com/news/security/us-charges-operators-of-cryptomixers-linked-to-ransomware-gangs/
        https://therecord.media/russian-nationals-indicted-blender-sinbad-crypto-mixers
        https://thehackernews.com/2025/01/doj-indicts-three-russians-for.html
        https://www.bankinfosecurity.com/three-russian-cryptomixer-masterminds-indicted-in-us-a-27267
        https://cyberscoop.com/russians-crypto-mixers-doj-charges/
        https://securityaffairs.com/172957/cyber-crime/doj-charged-russian-citizens-with-operating-crypto-mixing-services.html
      • What Is ‘security Theater’ And How Can We Move Beyond It?
        "Conventional wisdom assumes that the more vulnerabilities a security tool flags, the easier it will be for a company to secure its infrastructure. In theory, layering more tools into a tech stack should equal more effective attack surface monitoring, right? Well, reality isn’t quite panning out like that. If anything, tool sprawl has created an illusion of security, drowning security teams in the performative theatrics of squashing countless alerts — most of them false positives. Observability solutions are getting more innovative, flagging more and more threats, but when you can’t tell which threat is more dangerous, any perceived security is just that: perceived."
        https://cyberscoop.com/security-theater-cybersecurity-tooling-ev-kontsevoy-op-ed/
      • NSO Ruling Is a Victory For WhatsApp, But Could Have a Small Impact On Spyware Industry
        "When a federal judge recently ruled that a major spyware manufacturer should be held liable for the phone hacks its technology allows, privacy advocates cheered. But within hours of the first-of-its-kind decision, close observers of the commercial surveillance marketplace were asking what impact the ruling might have on the company’s continued operations and on the industry as a whole. The answer could be: not that much."
        https://therecord.media/nso-whatsapp-ruling-may-have-limited-impact-on-spyware-ecosystem
      • Crypto Is Soaring, But So Are Threats: Here’s How To Keep Your Wallet Safe
        "Bitcoin is on a tear. For the first time in its history, the digital currency surpassed $100,000 in early December, having surged more than 30% since election night in the US. Whether or not the optimism about President-elect Donald Trump’s pro-crypto rhetoric on the campaign trail is be realized, the value of virtual coins continues to tick up. But so too do scams and malware designed to steal your crypto. ESET’s latest Threat Report reveals that detections of cryptostealers rose by 56 percent from H1 to H2 2024 – across Windows, Android and macOS. It’s time to take a look at the latest threats to your digital currency, and how to keep it safe."
        https://www.welivesecurity.com/en/cybersecurity/crypto-soaring-threats-how-keep-wallet-safe/
      • Taking Legal Action To Protect The Public From Abusive AI-Generated Content 
        "Microsoft’s Digital Crimes Unit (DCU) is taking legal action to ensure the safety and integrity of our AI services. In a complaint unsealed in the Eastern District of Virginia, we are pursuing an action to disrupt cybercriminals who intentionally develop tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft’s, to create offensive and harmful content. Microsoft continues to go to great lengths to enhance the resilience of our products and services against abuse; however, cybercriminals remain persistent and relentlessly innovate their tools and techniques to bypass even the most robust security measures. With this action, we are sending a clear message: the weaponization of our AI technology by online actors will not be tolerated."
        https://blogs.microsoft.com/on-the-issues/2025/01/10/taking-legal-action-to-protect-the-public-from-abusive-ai-generated-content/
        https://thehackernews.com/2025/01/microsoft-sues-hacking-group-exploiting.html
        https://cyberscoop.com/microsoft-generative-ai-lawsuit-hacking/
        https://arstechnica.com/security/2025/01/microsoft-sues-service-for-creating-illicit-content-with-its-ai-platform/
      • Statistical Report On Phishing Emails In Q4 2024
        "AhnLab SEcurity intelligence Center (ASEC) monitors phishing email threats with the automatic sample analysis system (RAPIT) and honeypot. This post will cover the cases of distribution of phishing emails during the fourth quarter of 2024 (October, November, and December) and provide statistical information on each type. Generally, phishing is cited as an attack that leaks users’ login account credentials by disguising as or impersonating an institute, company, or individual through social engineering methods."
        https://asec.ahnlab.com/en/85700/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 50a30954-b58b-4f21-8c55-cc1ce95b5d03-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post