NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 January 2025

    Cyber Security News
    1
    1
    425
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • CVE-2024-50050: Critical Vulnerability In Meta-Llama/llama-Stack
        "Recently, the Oligo Research team has been carefully looking at open-source Artificial Intelligence (AI) frameworks to ensure the security of these tools that enterprises are leveraging more and more. Through our analysis, we have noticed a common thread among several of these frameworks: they leverage an open-source library (pyzmq) in an unsafe way, which enables arbitrary code execution for attackers. To shed light on this foundational issue, this blog is Part 1 of a series of vulnerabilities that Oligo has uncovered related to the misuse of the pyzmq open-source library. More to come, but please read on to learn about CVE-2024-50050, a critical vulnerability in the GenAI open-source framework, meta-llama, which could enable arbitrary code execution on servers, leading to things like resource theft, data breaches, and even control over hosted AI models."
        https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack
        https://security.snyk.io/vuln/SNYK-PYTHON-LLAMASTACK-8302915
        https://thehackernews.com/2025/01/metas-llama-framework-flaw-exposes-ai.html
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/01/24/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/173417/security/u-s-cisa-adds-sonicwall-sma1000-flaw-known-exploited-vulnerabilities-catalog.html
      • Hacking Subaru: Tracking And Controlling Cars Via The STARLINK Admin Panel
        "On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan. Using the access provided by the vulnerability, an attacker who only knew the victim’s last name and ZIP code, email address, phone number, or license plate could have done the following:"
        https://samcurry.net/hacking-subaru
        https://www.bleepingcomputer.com/news/security/subaru-starlink-flaw-let-hackers-hijack-cars-in-us-and-canada/
        https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/
        https://securityaffairs.com/173434/security/subaru-starlink-vulnerability-remote-attacks.html
      • RANsacked: Over 100 Security Flaws Found In LTE And 5G Network Implementations
        "A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN – and three 5G implementations – Open5GS, Magma, OpenAirInterface, according to researchers from the University of Florida and North Carolina State University."
        https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
      • Exploit Me, Baby, One More Time: Command Injection In Kubernetes Log Query
        "Kubernetes and containers in general have become a predominant force in the security world — and, as such, they’ve been a point of interest for researchers worldwide (including us). Our research journey initially led us to CVE-2023-3676: a command injection vulnerability that could be exploited by applying a malicious YAML file to the cluster. That research led to discovering several other issues in the Kubernetes source code that also allow for complete cluster takeover."
        https://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows
        https://www.theregister.com/2025/01/24/kubernetes_windows_nodes_bug/

      Malware

      • "Crazy Evil" Cryptoscam Gang: Unmasking a Global Threat In 2024
        "Since 2021, the "Crazy Evil" cryptoscam gang has escalated into one of the most prolific cybercriminal groups targeting digital assets. Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a well-coordinated network of traffers — social engineering experts tasked with redirecting legitimate traffic to malicious phishing pages. Crazy Evil’s operation is both vast and meticulous. Its six subteams — AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND — run bespoke scams targeting specific victim profiles. From phishing lures aimed at cryptocurrency influencers to malware payloads designed for cross-platform infection, the group's tactics reflect an advanced understanding of cybersecurity loopholes."
        https://www.recordedfuture.com/research/crazy-evil-cryptoscam-gang
        https://go.recordedfuture.com/hubfs/reports/cta-2025-0123.pdf
        https://www.infosecurity-magazine.com/news/crazy-evil-crypto-scam-influencers/
      • No Honour Among Thieves: Uncovering a Trojanized XWorm RAT Builder Propagated By Threat Actors And Disrupting Its Operations
        "Discover how a trojanized version of the XWorm RAT builder exploited novice cybersecurity enthusiasts, spreading malware through GitHub, Telegram, and file-sharing platforms to compromise over 18,000 devices globally. This malicious tool exfiltrates sensitive data, employs advanced virtualization and registry techniques, and operates via Telegram-based command-and-control servers. Learn about the identified threat actors, their operational methods, and the disruption efforts that leveraged the malware's "kill switch" to mitigate its impact. Stay informed on proactive measures to protect against evolving cybersecurity threats."
        https://www.cloudsek.com/blog/no-honour-among-thieves-uncovering-a-trojanized-xworm-rat-builder-propagated-by-threat-actors-and-disrupting-its-operations
        https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/
        https://hackread.com/hackers-script-kiddes-xworm-rat-compromise-devices/
      • RID Hijacking Technique Utilized By Andariel Attack Group
        "AhnLab SEcurity intelligence Center (ASEC) has identified the Andariel attack group using a malicious file to perform an RID Hijacking attack during the breach process. RID Hijacking is an attack technique that involves modifying the Relative Identifier (RID) value of an account with restricted privileges, such as a regular user or guest account, to match the RID value of an account with higher privileges, such as an administrator."
        https://asec.ahnlab.com/en/85942/
        https://www.bleepingcomputer.com/news/security/hackers-use-windows-rid-hijacking-to-create-hidden-admin-account/
      • Seasoning Email Threats With Hidden Text Salting
        "Hidden text salting (or "poisoning") is an effective technique employed by threat actors to craft emails that can evade parsers, confuse spam filters, and bypass detection systems that rely on keywords. In this approach, features of the Hypertext Markup Language (HTML) and Cascading Style Sheets (CSS) are used to include comments and irrelevant content that are not visible to the victim when the email is rendered in an email client but can impact the efficacy of parsers and detection engines. Due to the simplicity of hidden text salting and the number of ways threat actors can insert gibberish content in emails, this approach can introduce significant challenges to email parsers, spam filters, and detection engines."
        https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/
      • ESXi Ransomware Attacks: Stealthy Persistence Through SSH Tunneling
        "Ransomware attacks targeting virtualized environments such as VMware ESXi infrastructure, where threat actors exfiltrate and encrypt files on the ESXi hosts, are increasingly common. ESXi appliances host critical servers for the organization. Damaging them renders virtual machines inaccessible, severely disrupting the business operations of affected organizations."
        https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/
        https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-ssh-tunnels-for-stealthy-vmware-esxi-access/

      Breaches/Hacks/Leaks

      • At Least $69 Million Stolen From Crypto Platform Phemex In Suspected Cyberattack
        "Singapore-based cryptocurrency platform Phemex was forced to pause some of its operations on Thursday after a suspected cyberattack led to the theft of more than $69 million in digital coins. The company’s CEO said on Friday morning that they are in the process of restoring withdrawals on the platform and will be manually reviewing requests to pull money out of Phemex for the time being. “We have also taken a snapshot of all users' balances as of 12pm UTC for a reward for your support and loyalty, more on this soon,” Phemex CEO Federico Variola said."
        https://therecord.media/69-million-stolen-cyberattack-crypto-platform-phemex
      • TalkTalk Investigates Breach After Data For Sale On Hacking Forum
        "UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. "As part of our regular security monitoring, given our ongoing focus on protecting customers' personal data, we were made aware of unexpected access to, and misuse of, one of our third-party supplier's systems, however, no billing or financial information was stored on this system," TalkTalk told BleepingComputer. "Our Security Incident Response team are continuing to work with the supplier regarding this matter and protective containment steps were taken immediately.""
        https://www.bleepingcomputer.com/news/security/talktalk-investigates-breach-after-data-for-sale-on-hacking-forum/
        https://www.theregister.com/2025/01/25/uk_telco_talktalk_confirms_investigation/
      • 270K+ Lines Of Sensitive Data From American National Insurance Posted Online
        "In a recent development, SafetyDetectives’ Cybersecurity Team stumbled upon a forum post on the clear web where a threat actor posted a link to a database allegedly belonging to American National Insurance Company’s 2023 data breach that contained 279,332 lines of sensitive data of customers and some employees’ data, according to the post."
        https://www.safetydetectives.com/news/anico-leak-report/
        https://hackread.com/american-national-insurance-company-anico-moveit-breach/
      • UnitedHealth Updates Number Of Data Breach Victims To 190 Million
        "The number of people impacted by last year’s ransomware attack on Change Healthcare has increased to nearly 200 million. UnitedHealth, the company that owns Change Healthcare, provided an updated figure on Friday evening that was first reported by the Wall Street Journal. In a statement, a UnitedHealth spokesperson told Recorded Future News that the estimated total number of individuals impacted by the cyberattack is now “approximately 190 million.”"
        https://therecord.media/unitedhealth-updates-change-healthcare-data-breach-190-million
        https://www.bleepingcomputer.com/news/security/unitedhealth-now-says-190-million-impacted-by-2024-data-breach/
        https://hackread.com/unitedhealth-groups-data-breach-impacts-americans/
        https://securityaffairs.com/173467/data-breach/change-healthcare-data-breach-190m-people.html

      General News

      • Hackers Get $886,250 For 49 Zero-Days At Pwn2Own Automotive 2025
        "The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. According to the Pwn2Own Tokyo 2025 contest rules, all devices targeted ran the latest operating system versions and had all security updates installed."
        https://www.bleepingcomputer.com/news/security/hackers-get-886-250-for-49-zero-days-at-pwn2own-automotive-2025/
        https://www.securityweek.com/hackers-earn-886000-at-pwn2own-automotive-2025-for-charger-os-infotainment-exploits/
        https://securityaffairs.com/173426/breaking-news/pwn2own-automotive-2025-final-results.html
      • Post-Quantum Cryptography 2025: The Enterprise Readiness Gap
        "The urgency to adopt quantum technology stems from emerging security threats such as the "harvest now, decrypt later," or HNDL, attack. The fear is that adversaries will capture encrypted data today with plans to decrypt it in the future using quantum computers. While the encrypted information may currently be secure, the advent of cryptographically relevant quantum computers could render widely used encryption methods such as RSA-2048 obsolete."
        https://www.bankinfosecurity.com/post-quantum-cryptography-2025-enterprise-readiness-gap-a-27367
      • MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses
        "In 2025, an international fintech firm will face attacks through its hybrid cloud infrastructure by some of the most sophisticated cyber operators on the Internet, targeting the company's Active Directory instance, employees' LinkedIn profiles, and shared code repositories to further their compromises. A prediction? Not quite."
        https://www.darkreading.com/cybersecurity-operations/mitre-simuluations-shine-light-on-attackers-techniques
      • 3 Use Cases For Third-Party API Security
        "API security often involves third-party, rather than first-party, APIs, and each use case can have different requirements. Rather than trying to make one technological approach work for all instances, security and risk management leaders must adapt their approach to the specific use case. According to a recent Gartner survey, 71% of IT leaders report using third-party application programming interfaces (APIs) in their organizations. Many security and risk management leaders must focus on API security when dealing with consumption and integration with third-party APIs, rather than exposure of first-party APIs."
        https://www.darkreading.com/cloud-security/3-use-cases-for-third-party-api-security
      • Cyber Insights 2025: Social Engineering Gets AI Wings
        "Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect in Social Engineering. Social engineering underpins the greater part of criminal cyber activity. We are yet to find a solution, because social engineering is hard-wired into everyone’s psyche."
        https://www.securityweek.com/cyber-insights-2025-social-engineering-gets-ai-wings/
      • Training Efficacy: How To Maximize Learning From Phishing Simulations
        "As a cybersecurity administrator tasked with educating your entire organization, you face a significant challenge. Your mission is to train employees on the dangers of phishing and the increasingly sophisticated tactics employed by cybercriminals. So, where do you begin? For the past two decades, the standard recommendation has been a two-part educational strategy. First, provide training to explain key cybersecurity concepts. Then, follow up by assessing the effectiveness of that training through high-fidelity simulations."
        https://www.proofpoint.com/us/blog/security-awareness-training/phishing-training-efficacy-maximize-simulation-learning
      • The Evolving Landscape Of Data Privacy: Key Trends To Shape 2025
        "As Data Privacy Week (January 27-31) and Data Protection Day (January 28) approach, it's the perfect time to spotlight the critical role data protection plays in the success of modern organizations. In fact, privacy and data protection go hand-in-hand with cybersecurity. Important laws like the GDPR stress not only the need to uphold the privacy rights of your customers, but also to protect their most sensitive personal information (PII) through state-of-the-art technologies like encryption. Campaigns like Data Privacy Week are more than just annual events – they should be thought as calls to action to prioritize the security and privacy of data in an ever-evolving digital landscape."
        https://www.welivesecurity.com/en/business-security/evolving-landscape-data-privacy-key-trends-shape-2025/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 4652a0f3-6cd2-4482-88f8-7d5c14e53581-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post