NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 15 January 2025

    Cyber Security News
    1
    1
    179
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Hitachi Energy FOXMAN-UN
        "Successful exploitation of these vulnerabilities could allow an unauthenticated malicious user to interact with the services and the post-authentication attack surface."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-01
      • Belledonne Communications Linphone-Desktop
        "Successful exploitation of this vulnerability could could result in a remote attacker causing a denial-of-service condition on the affected devices."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-04
      • Schneider Electric Vijeo Designer
        "Successful exploitation of these vulnerabilities could cause a non-admin authenticated user to perform privilege escalation by tampering with the binaries."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-02
      • Schneider Electric EcoStruxure
        "Successful exploitation of these vulnerabilities could allow an attacker to tamper with folder names within the context of the product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-03

      Vulnerabilities

      • SAP Patches Critical Vulnerabilities In NetWeaver
        "Enterprise software maker SAP on Tuesday announced the release of 14 new security notes as part of its January 2025 Patch Day. The most important of the notes are marked ‘hot news’ (the highest SAP severity rating) and address two critical vulnerabilities in NetWeaver AS for ABAP and ABAP Platform, both with a CVSS score of 9.9. Tracked as CVE-2025-0070, the first of the security defects is described as an improper authentication bug. It could allow an attacker to steal credentials from the internal RFC communication between an HTTP client and a server of the same system."
        https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver/
      • Microsoft January 2025 Patch Tuesday Fixes 8 Zero-Days, 159 Flaws
        "Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. This Patch Tuesday also fixes twelve "Critical" vulnerabilities, including information disclosure, privileges elevation, and remote code execution flaws."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/
        https://blog.talosintelligence.com/january-patch-tuesday-release/
        https://www.tripwire.com/state-of-security/vert-threat-alert-january-2025-patch-tuesday-analysis
        https://www.darkreading.com/application-security/microsoft-january-2025-record-security-update
        https://cyberscoop.com/microsoft-patch-tuesday-january-2025/
        https://www.securityweek.com/microsoft-patches-trio-of-exploited-windows-hyper-v-zero-days/
        https://www.helpnetsecurity.com/2025/01/14/january-2025-patch-tuesday-microsoft-hyper-v-zero-day-cve-2025-21333-cve-2025-21334-cve-2025-21335/
        https://www.theregister.com/2025/01/15/patch_tuesday_january_2025/
      • Adobe: Critical Code Execution Flaws In Photoshop
        "Software maker Adobe on Tuesday rolled out fixes for more than a dozen security defects in multiple products and warned that malicious hackers can exploit these bugs in remote code execution attacks. The company said the vulnerabilities affect Adobe Photoshop, Substance 3D Stager, Illustrator for iPad, Adobe Animate, and the Adobe Substance 3D Designer. According to Adobe’s documentation, the Photoshop update is available for Windows and macOS and should be treated with urgency because of the risk of code execution exploitation via booby-trapped files."
        https://www.securityweek.com/adobe-critical-code-execution-flaws-in-photoshop/
      • CISA Adds Four Known Exploited Vulnerabilities To Catalog
        "CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability
        CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability
        CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
        CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog
      • Millions Of Accounts Vulnerable Due To Google’s OAuth Flaw
        "Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable. I demonstrated this flaw by logging into accounts I didn’t own, and Google responded that this behavior was ‘working as intended’."
        https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw
        https://www.bleepingcomputer.com/news/security/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/
        https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html

      Malware

      • Over 5,000 WordPress Sites Caught In WP3.XYZ Malware Attack
        "We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally. The malicious domain: https://wp3[.]xyz/td.js. One of our users was affected. c/side caught and stopped the attack."
        https://cside.dev/blog/over-5k-wordpress-sites-caught-in-wp3xyz-malware-attack
        https://www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/
      • FBI Wipes Chinese PlugX Malware From Over 4,000 US Computers
        "The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to spread through USB flash drives. According to court documents, the list of victims targeted using this malware includes "European shipping companies in 2024, several European Governments from 2021 to 2023, worldwide Chinese dissident groups, and governments throughout the Indo-Pacific (e.g., Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, Philippines, Thailand, Vietnam, and Pakistan).""
        https://www.bleepingcomputer.com/news/security/fbi-wipes-chinese-plugx-malware-from-over-4-000-us-computers/
        https://therecord.media/doj-deletes-china-linked-plugx-malware
        https://www.darkreading.com/cybersecurity-operations/fbi-wraps-up-eradication-chinese-plugx-malware
        https://www.bankinfosecurity.com/fbi-deletes-more-than-4000-plugx-malware-instances-a-27285
        https://cyberscoop.com/plugx-malware-mustang-panda-doj-takedown/
        https://securityaffairs.com/173073/malware/fbi-deleted-china-linked-plugx-malware-from-over-4200-us-computers.html
        https://www.theregister.com/2025/01/14/fbi_french_cops_boot_chinas/
        https://www.itnews.com.au/news/us-removes-malware-allegedly-planted-on-computers-by-chinese-backed-hackers-614338
      • Fasthttp Used In New Bruteforce Campaign
        "On January 13th, the SpearTip Security Operations Center, in collaboration with the Managed SaaS Alerts team, identified an emerging threat leveraging the fasthttp library. Fasthttp is a high-performance HTTP server and client library for the Go programming language, designed to handle HTTP requests more efficiently than Go’s standard net/http package. It offers improved throughput and lower latency, particularly under high load."
        https://www.speartip.com/fasthttp-used-in-new-bruteforce-campaign/
        https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/
      • Hackers Using Fake YouTube Links To Steal Login Credentials
        "Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and layered obfuscation techniques. According to a recent discovery by cybersecurity analysts at ANY.RUN, cybercriminals have been leveraging fake YouTube links to redirect unsuspecting users to phishing pages, stealing login credentials in the process. This attack employs Uniform Resource Identifier (URI) manipulation to obscure malicious intent while maintaining the appearance of authenticity."
        https://hackread.com/hackers-fake-youtube-links-steal-login-credentials/
      • Malicious Kong Ingress Controller Image Found On DockerHub
        "A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version."
        https://hackread.com/malicious-kong-ingress-controller-image-dockerhub/
      • Snyk Security Researcher Deploys Malicious NPM Packages Targeting Cursor.com
        "Every morning I get up and check what malicious packages my detector had found the night before. It’s like someone checking their fishing nets to see what fish they caught. As I was looking at last nights malicious packages I noticed something strange: Someone from Snyk had deployed several packages to NPM. Even weirder, the names of those packages appeared to show they were targeting Cursor, the hot new AI coding company."
        https://sourcecodered.com/snyk-malicious-npm-package/
        https://www.securityweek.com/snyk-says-malicious-npm-packages-part-of-research-project/
        https://www.theregister.com/2025/01/14/snyk_npm_deployment_removed/
      • One Step Ahead In Cyber Hide-And-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
        "When launching and persisting attacks at scale, threat actors can inadvertently leave behind traces of information. They often reuse, rotate and share portions of their infrastructure when automating their campaign’s setup before launching an attack. Defenders can leverage this behavior by pivoting on a few known indicators to uncover newer infrastructure. This article describes the benefits of automated pivoting and uses three case studies to show how we can discover new indicators. Using a network crawler leveraging relationships among domains, we discovered network artifacts around known indicators and trained a graph neural network (GNN) to detect additional malicious domains."
        https://unit42.paloaltonetworks.com/graph-neural-networks/

      Breaches/Hacks/Leaks

      • Tennessee-Based Mortgage Lender Confirms December Cyberattack
        "One of the largest mortgage lenders in the Southeast U.S. said it suffered a cybersecurity incident last month that exposed troves of customer information. Tennessee-based Mortgage Investors Group (MIG) did not outline how many customers were impacted by the attack but said they have hired a vendor to identify the affected individuals. The company said it expects to notify those customers directly once the process is completed in several weeks."
        https://therecord.media/tennessee-mortgage-lender-confirms-cyberattack
      • Connecticut City Of West Haven Assessing Impact Of Cyberattack
        "The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. In an update on January 11, Mayor Dorinda Borer said “an IT system security incident” on an unspecified day had forced the shutdown. The city initially said in a Facebook post on December 26 that the government was “experiencing a network disruption.” The city is still assessing what data might have been affected by the incident, the update said."
        https://therecord.media/west-haven-connecticut-city-government-cyberattack
      • Russia's Largest Platform For State Procurement Hit By Cyberattack From Pro-Ukraine Group
        "Russia’s main electronic trading platform for government and corporate procurement confirmed on Monday that it had been targeted by a cyberattack after initially claiming that outages were caused by “maintenance work.” Roseltorg is one of the largest electronic trading operators selected by the Russian government to conduct public procurement, including contracts in the defense and construction industries. The platform also offers tools for electronic document management and procurement planning."
        https://therecord.media/russian-platform-for-state-procurement-hit-cyberattack

      General News

      • December 2024 Deep Web And Dark Web Trend Report
        "This trend report on the deep web and dark web of December 2024 is sectioned into Ransomware, Forums & Black Markets, and Threat Actor. We would like to state beforehand that some of the content has yet to be confirmed to be true."
        https://asec.ahnlab.com/en/85733/
      • This Is The Year CISOs Unlock AI’s Full Potential
        "In 2025, CISOs will have powerful new capabilities as generative artificial intelligence (GenAI) continues to mature. Evolving beyond providing answers to questions, GenAI will provide proactive recommendations, take action, and communicate in a personalized manner. This transition will enable CISOs and their teams to unlock the true impact of GenAI to bolster cybersecurity defenses."
        https://www.helpnetsecurity.com/2025/01/14/genai-cisos/
      • How AI And ML Are Transforming Digital Banking Security
        "In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security. He talks about how AI and ML are reshaping fraud detection, the growing trend of passwordless authentication, and the security risks facing mobile banking apps. Nuno also discusses the balance between ensuring security and providing a seamless, user-friendly experience for customers."
        https://www.helpnetsecurity.com/2025/01/14/nuno-martins-da-silveira-teodoro-solaris-ai-digital-banking-security/
      • CISA Releases The JCDC AI Cybersecurity Collaboration Playbook And Fact Sheet
        "Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats."
        https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-jcdc-ai-cybersecurity-collaboration-playbook-and-fact-sheet
        https://cisa.gov/resources-tools/resources/ai-cybersecurity-collaboration-playbook
        https://www.bankinfosecurity.com/new-federal-playbook-aims-to-boost-ai-cyber-incident-sharing-a-27293
      • Joint Statement On Cryptocurrency Thefts By The Democratic People’s Republic Of Korea And Public-Private Collaboration
        "The United States, Japan, and the Republic of Korea join together to provide a new warning to the blockchain technology industry regarding the ongoing targeting and compromise of a range of entities across the globe by Democratic People’s Republic of Korea (DPRK) cyber actors. The DPRK’s cyber program threatens our three countries and the broader international community and, in particular, poses a significant threat to the integrity and stability of the international financial system. Our three governments strive together to prevent thefts, including from private industry, by the DPRK and to recover stolen funds with the ultimate goal of denying the DPRK illicit revenue for its unlawful weapons of mass destruction and ballistic missile programs."
        https://www.state.gov/office-of-the-spokesperson/releases/2025/01/joint-statement-on-cryptocurrency-thefts-by-the-democratic-peoples-republic-of-korea-and-public-private-collaboration
        https://www.bleepingcomputer.com/news/security/us-govt-says-north-korea-stole-over-659-million-in-crypto-last-year/
      • Cyber Threat Alliance Publishes 2025 Cybersecurity In The Age Of Generative AI
        "The Cyber Threat Alliance (CTA) today announced the publication of its Cybersecurity in the Age of Generative AI Joint Analytic Report (JAR). This report is broken into two parts. Part I, Combating GenAI Assisted Cyber Threats, addresses the use of GenAI tools for malicious purposes. Part II, Navigating Cyber Threats to GenAI Systems, examines cyber threats to these tools. The rise of GenAI represents both opportunities and challenges in cybersecurity, empowering the community to leverage AI for innovation, efficiency, and enhanced defenses, while also enabling malicious actors to exploit the technology for a new dimension of AI-assisted threats. While GenAI lowers barriers to entry for adversaries and makes them more efficient, the foundational principles of cybersecurity remain integral to combating these threats effectively."
        https://www.cyberthreatalliance.org/cyber-threat-alliance-publishes-2025-cybersecurity-in-the-age-of-generative-ai/
        https://www.cyberthreatalliance.org/resources/assets/cybersecurity-in-the-age-of-generative-ai-joint-analytic-report-part-i-combating-genai-assisted-cyber-threats/
        https://www.cyberthreatalliance.org/resources/assets/cybersecurity-in-the-age-of-generative-ai-joint-analytic-report-part-ii-navigating-cyber-threats-to-genai-systems/
        https://www.helpnetsecurity.com/2025/01/14/malicious-actors-genai-use-hype-deepfakes-phishing-scams/
      • Browser-Based Cyber-Threats Surge As Email Malware Declines
        "Browser-based cyber-threats have surged throughout 2024, marking a significant shift in the tactics employed by malicious actors. According to new findings from the 2024 Threat Data Trends report by the eSentire Threat Response Unit (TRU), while malware delivered via email declined last year, browser-sourced threats, including drive-by downloads and malicious advertisements, rose sharply. These techniques are being increasingly used to deliver malware, such as Lumma Stealer and NetSupport Manager RAT, with attackers favoring them due to their ability to bypass traditional email filters and security controls."
        https://www.infosecurity-magazine.com/news/browser-cyberthreats-surge-email/
      • How To Eliminate “Shadow AI” In Software Development
        "In a recent column, I wrote about the nearly ubiquitous state of artificial intelligence (AI) in software development, with a GitHub survey showing 92 percent of U.S.-based developers using AI coding tools both in and outside of work. Seeing a subsequent surge in their productivity, many are taking part in what’s called “shadow AI” by leveraging the technology without the knowledge or approval of their organization’s IT department and/or chief information security officer (CISO)."
        https://www.securityweek.com/how-to-eliminate-shadow-ai-in-software-development/
      • Cyber Insights 2025: Cyber Threat Intelligence
        "SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect with Cyber Threat Intelligence (CTI). CTI is valuable and beneficial to cybersecurity, but only if it is complete, accurate, and actionable."
        https://www.securityweek.com/cyber-insights-2025-cyber-threat-intelligence/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) df61766a-3d0b-407e-8d9d-289a521d3823-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post