NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 28 January 2025

    Cyber Security News
    1
    1
    441
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Unlocking Vulnrichment: Enhancing CVE Data For Smarter Vulnerability Management
        "The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more than just basic CVE information—it offers the insights needed to make informed, timely decisions regarding vulnerability management. As part of a mid-year update, CISA’s Tod Beardsley, Vulnerability Response Section Chief, provides an overview of how this resource can be leveraged to improve vulnerability management."
        https://cyble.com/blog/cisa-reveals-vulnrichment-management-for-cve-data/

      Vulnerabilities

      • Apple Fixes This Year’s First Actively Exploited Zero-Day Bug
        "Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple's Core Media framework. "A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2," Apple said today. According to the company's official documentation, Core Media "defines the media pipeline used by AVFoundation and other high-level media frameworks found on Apple platforms.""
        https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/
        https://nvd.nist.gov/vuln/detail/CVE-2025-24085
        https://securityaffairs.com/173536/hacking/apple-fixed-the-first-zero-day-vulnerability-of-2025.html
        https://www.darkreading.com/endpoint-security/apple-patches-actively-exploited-zero-day-vulnerability
      • Brave Desktop Browser Vulnerability Lets Malicious Sites Appear Trusted
        "A critical vulnerability in Brave Browser allows malicious websites to appear as trusted sources during file uploads/downloads. Learn how to protect yourself and update your browser to the latest version. A critical security vulnerability has been discovered in the popular Brave Browser, enabling malicious websites to deceive users into believing they are interacting with trusted sources. This flaw tracked as CVE-2025-23086 (classified under CWE-60), impacts desktop versions of Brave from 1.70.x to 1.73.x."
        https://hackread.com/brave-desktop-browser-vulnerability-malicious-sites-trusted/
      • LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity
        "Vulnerabilities in open source and commercial LTE and 5G implementations could lead to persistent denial-of-service (DoS) conditions, leaving entire metropolitan areas or cities without cellular connectivity, academic researchers say. While scrutinizing seven LTE and three 5G implementations, a group of seven researchers from the Florida Institute for Cybersecurity Research and the North Carolina State University identified 119 flaws, including issues remotely exploitable to compromise and access the cellular core."
        https://www.securityweek.com/lte-5g-vulnerabilities-could-cut-entire-cities-from-cellular-connectivity/

      Malware

      • MintsLoader: StealC And BOINC Delivery
        "In early January 2025, the eSentire Threat Response Unit (TRU) identified an ongoing campaign involving MintsLoader delivering second stage payloads like Stealc and the Berkeley Open Infrastructure for Network Computing (BOINC) client. MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file. MintsLoader features a Domain Generation Algorithm (DGA) with a seed value based on the addition of the current day of the month and a constant, combined with anti-VM techniques to evade sandboxes and malware researchers. Impacted organizations in the United States and Europe include the Electricity, Oil & Gas and Law Firms & Legal Services industries."
        https://www.esentire.com/blog/mintsloader-stealc-and-boinc-delivery
        https://thehackernews.com/2025/01/mintsloader-delivers-stealc-malware-and.html
      • Clone2Leak: Your Git Credentials Belong To Us
        "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper. The credential helper is a program that stores and provides credentials for Git. Some examples of the credential helper are git-credential-store, git-credential-winstore, and git-credential-osxkeychain. Because of improper handling of messages, many projects were vulnerable to credential leakage in various ways."
        https://flatt.tech/research/posts/clone2leak-your-git-credentials-belong-to-us/
        https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/
        https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
        https://www.securityweek.com/git-vulnerabilities-led-to-credentials-exposure/
        https://securityaffairs.com/173520/security/multiple-git-flaws-led-to-credentials-compromise.html
      • Hidden In Plain Sight: PDF Mishing Attack
        "As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a phishing campaign impersonating the United States Postal Service (USPS) which is exclusively targeting mobile devices. This campaign employs sophisticated social engineering tactics and a never-before-seen means of obfuscation to deliver malicious PDF files designed to steal credentials and compromise sensitive data."
        https://www.zimperium.com/blog/hidden-in-plain-sight-pdf-mishing-attack/
        https://www.darkreading.com/endpoint-security/usps-impersonators-pdfs-smishing-campaign
        https://www.infosecurity-magazine.com/news/phishing-campaign-targets-mobile/
      • Royal Mail SMS Phishing Scam Targets Victims With Fake Delivery Fee Requests
        "Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn how to identify and protect yourself from this threat. Cybercriminals are leveraging a highly convincing SMS phishing (smishing) scam, impersonating Royal Mail to deceive victims into providing sensitive personal and financial information. The scam, first spotted by the Hackread.com research team, uses fake delivery updates, and preys on users’ urgency and fear of missed deliveries."
        https://hackread.com/royal-mail-sms-phishing-scam-fake-delivery-fee-requests/
      • Google Takes Action After Coder Reports 'most Sophisticated Attack I've Ever Seen'
        "Google says it's now hardening defenses against a sophisticated account takeover scam documented by a programmer last week. Zach Latta, founder of Hack Club, told of how close he was to succumbing to voice phishers who attempted to take over his Google account. He said: "Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.""
        https://www.theregister.com/2025/01/27/google_confirms_action_taken_to/

      Breaches/Hacks/Leaks

      • DeepSeek Halts New Signups Amid "large-Scale" Cyberattack
        "Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. DeepSeek is a relatively new AI platform that has quickly gained attention over the past week for its development and release of an advanced AI model that allegedly matches or outperforms the capabilities of US tech giant's models at significantly lower costs. The news of the new model led to a massive sell-off in the US stock market as the AI arms race heats up."
        https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/
        https://therecord.media/deepseek-limits-registration-blames-malicious-attacks
        https://www.bankinfosecurity.com/deepseeks-new-ai-model-shakes-american-tech-industry-a-27381
        https://cyberscoop.com/deepseek-website-malicious-attack-ai-china/
        https://hackread.com/deepseek-large-scale-cyberattack-halts-user-registrations/
        https://www.theregister.com/2025/01/27/deepseek_suspends_new_registrations_amid/
      • Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000
        "A chain of more than two dozen skilled nursing and rehabilitation facilities is notifying tens of thousands of patients whose information was compromised in a hacking incident last fall. Russian-speaking cybercriminal gang RansomHub claims to have published 250 Gbytes of data stolen in the heist. HCF Management, a family of companies based in Lima, Ohio, operates healthcare and nursing home facilities in the Buckeye state and Pennsylvania, as well as a home healthcare unit. The company submitted at least 25 data breach reports to federal and state regulators on Jan. 9 related to the hack."
        https://www.bankinfosecurity.com/nursing-home-rehab-chain-says-hack-affects-nearly-70000-a-27386
      • Hackers Hijack Emergency Sirens In Kindergartens Across Israel
        "A pro-Palestinian hacker group called Handala reportedly breached emergency systems used in Israeli schools and broadcast rocket sirens and Arabic songs that Israel’s cyber agency called supportive of “terrorism.” Videos shared by Israeli local media appear to show the emergency devices activating and playing songs."
        https://therecord.media/hackers-hijack-sirens-iran-israel
      • Texas County Issues Disaster Declaration Following Cyberattack
        "A Texas county government that serves about 40,000 residents is suffering from a cyberattack that forced officials to declare a disaster over the weekend. On Friday, Matagorda County’s Emergency Operation Center published a statement warning that a cybersecurity breach had been discovered “involving a virus that has affected several internal systems.” Matagorda County Judge Bobby Seiferman issued a declaration of disaster based on the security breach."
        https://therecord.media/texas-county-disaster-declaration-cyberattack

      General News

      • AI Security Posture Management Will Be Needed Before Agentic AI Takes Hold
        "As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing AI bot frameworks for enterprise security teams are beginning to crystallize. The first comparison that comes to mind is what we experienced during the “on-prem to cloud” days, when we were suddenly faced with limitations in our existing security toolsets."
        https://www.helpnetsecurity.com/2025/01/27/ai-bot-frameworks/
      • Cyber-Attacks: Three Individuals Added To EU Sanctions List For Malicious Cyber Activities Against Estonia
        "The Council today adopted additional restrictive measures against three Russian individuals responsible for a series of cyberattacks carried out against the Republic of Estonia in 2020. The individuals listed are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155. The cyber-attacks granted attackers unauthorized access to classified information and sensitive data stored within several government ministries, —including Economic Affairs and Communications, Social Affairs, and Foreign Affairs—leading to the theft of thousands of confidential documents. These documents included business secrets, health records, and other critical information compromising the security of the affected institutions. Unit 29155 is also responsible for conducting cyber-attacks against other EU member states and partners, notably Ukraine."
        https://www.consilium.europa.eu/en/press/press-releases/2025/01/27/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia/
        https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-gru-hackers-for-cyberattacks-against-estonia/
      • Crisis Simulations: A Top 2025 Concern For CISOs
        "In 2025, chief information security officers (CISOs) will be directing their attention to becoming more cyber prepared in the event of an attack, by enhancing their crisis simulation capabilities. That's according to a study conducted by researchers at Hack The Box, which found that out of 200 US- and UK-based CISOs, 74% said they plan to up their crisis simulation budgets this year."
        https://www.darkreading.com/endpoint-security/crisis-simulations-2025-concern-cisos
        https://www.infosecurity-magazine.com/news/ciso-boost-crisis-simulation/
      • World Economic Forum Annual Meeting 2025: Collectively Disrupting Cybercrime
        "Cybercrime has evolved from isolated incidents into a sophisticated, collaborative ecosystem. While it’s typical for enterprises to focus on strengthening individual defense mechanisms to manage emerging risks, the reality is that cybercriminals are working together more effectively than ever before. They’ve created resilient networks, built new Cybercrime-as-a-Service (CaaS) models, and are communicating through a thriving underground marketplace, all threatening organizations worldwide. Organizations everywhere must work together in response, taking a coordinated approach to collectively disrupting cybercrime operations."
        https://www.fortinet.com/blog/industry-trends/wef-annual-meeting-2025-collectiveliy-disrupting-cybercrime
      • SaaS Breaches Skyrocket 300% As Traditional Defenses Fall Short
        "Software as a Service (SaaS) breaches surged by 300% from in the 12 months from September 2023 as traditional security measures fail to prevent such attacks. This according to new findings by Obsidian Security, which observed that sophisticated cybercriminal groups and nation state actors are now focusing on SaaS platforms to steal sensitive data. Generally, organizations are increasingly relying on SaaS applications for critical operations."
        https://www.infosecurity-magazine.com/news/saas-breaches-defenses-short/
      • Cyber Insights 2025: Cybersecurity Regulatory Mayhem
        "Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect with cybersecurity regulations. Regulations are facing a tipping point. There are too many and they are too complex to manage – and it’s getting worse."
        https://www.securityweek.com/cyber-insights-2025-cybersecurity-regulatory-mayhem/
      • Building Automation Protocols Increasingly Targeted In OT Attacks: Report
        "Industrial automation protocols continue to be the most targeted in attacks aimed at operational technology (OT), but building automation systems have been increasingly targeted, according to a new report from cybersecurity firm Forescout. Forescout on Monday published its 2024 Threat Roundup report, which is based on attacks recorded by the company’s honeypots last year, including port scanning, brute force attacks, and attempts to exploit vulnerabilities."
        https://www.securityweek.com/building-automation-protocols-increasingly-targeted-in-ot-attacks-report/
        https://www.forescout.com/resources/2024-global-threat-roundup-report/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) f65319da-3641-45b7-8dfc-0abe43d68c76-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post