NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 February 2025

    Cyber Security News
    1
    1
    455
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • CISA Releases Fact Sheet Detailing Embedded Backdoor Function Of Contec CMS8000 Firmware
        "CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed."
        https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-fact-sheet-detailing-embedded-backdoor-function-contec-cms8000-firmware
        https://www.cisa.gov/resources-tools/resources/contec-cms8000-contains-backdoor
        https://www.cisa.gov/sites/default/files/2025-01/fact-sheet-contec-cms8000-contains-a-backdoor-508c.pdf
        https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html
        https://therecord.media/contec-cms8000-firmware-backdoor-fda-cisa-warning
        https://www.securityweek.com/cisa-fda-warn-of-dangerous-backdoor-in-contec-patient-monitors/
        https://securityaffairs.com/173694/security/cisa-fda-warned-hidden-backdoor-in-contec-cms8000.html
        https://www.helpnetsecurity.com/2025/01/31/contec-cms8000-patient-monitor-backdoor-china/

      Vulnerabilities

      • Broadcom Patches VMware Aria Flaws – Exploits May Lead To Credential Theft
        "Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information."
        https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html
        https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329
        https://securityaffairs.com/173677/security/vmware-aria-operations-flaws.html
      • Analyzing DeepSeek’s System Prompt: Jailbreaking Generative AI
        "DeepSeek, a disruptive new AI model from China, has shaken the market, sparking both excitement and controversy. While it has gained attention for its capabilities, it also raises pressing security concerns. Allegations have surfaced about its training data, with claims that it may have leveraged models like OpenAI’s to cut development costs. Amid these discussions, one critical aspect remains underexplored—the security of AI agents and the vulnerabilities that allow for jailbreaks. In this blog post, Wallarm takes a deeper dive into this overlooked risk, uncovering how AI restrictions can be bypassed and what that means for the future of AI security."
        https://lab.wallarm.com/jailbreaking-generative-ai/
        https://www.darkreading.com/application-security/deepseek-jailbreak-system-prompt
      • DeepSeek's Flagship AI Model Under Fire For Security Vulnerabilities
        "R1, the latest large language model (LLM) from Chinese startup DeepSeek, is under fire for multiple security weaknesses. The company’s spotlight on the performance of its reasoning LLM has also brought scrutiny. A handful of security research reports released in late January have highlighted flaws in the model. Additionally, the LLM critically underperforms in a newly launched AI security benchmark designed to help security practitioners and developers test LLM applications for prompt injection attacks that can lead to exploitation."
        https://www.infosecurity-magazine.com/news/deepseek-r1-security/

      Malware

      • ClickFix Vs. Traditional Download In New DarkGate Campaign
        "During the past several months there have been numerous malware campaigns that use a technique something referred to as “ClickFix”. It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started to see ClickFix attacks more and more via malicious Google ads as well. This is in contrast to typical phishing pages where victims download a so-called installer that contains malware."
        https://www.malwarebytes.com/blog/news/2025/01/clickfix-vs-traditional-download-in-new-darkgate-campaign
      • One Policy To Rule Them All
        "Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In particular, attackers are increasingly using group policies to distribute malware, execute hidden scripts and deploy ransomware."
        https://securelist.com/group-policies-in-cyberattacks/115331/
      • WhatsApp Says Journalists And Civil Society Members Were Targets Of Israeli Spyware
        "Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised”. It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks."
        https://www.theguardian.com/technology/2025/jan/31/whatsapp-israel-spyware
        https://therecord.media/whatsapp-paragon-spyware-targeting-users
        https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html
        https://cyberscoop.com/whatsapp-says-it-disrupted-spyware-campaign-aimed-at-reporters-civil-society/
        https://hackread.com/israeli-spyware-firm-paragon-whatsapp-zero-click-attack/
        https://securityaffairs.com/173721/security/whatsapp-disrupted-paragon-spyware-campaign.html
      • Hackers Use Fake Wedding Invitations To Spread Android Malware In Southeast Asia
        "Cybercriminals are using fake wedding invitations targeting users in Malaysia and Brunei to distribute a newly discovered Android malware called Tria. Since mid-2024, the attackers have been spreading the malware through private and group chats on Telegram and WhatsApp, inviting users to weddings and prompting them to install a mobile app to receive the invitation, according to a report published Thursday by Russian cybersecurity firm Kaspersky. Once installed, the malware steals sensitive data from SMS messages, emails, including Gmail and Outlook, call logs, and messaging apps like WhatsApp and WhatsApp Business."
        https://therecord.media/hackers-wedding-invitations-southeast-asia
      • Stealing Seconds: Web Skimmer Compromises Casio UK And Growing Number Of Websites
        "We just uncovered a new batch of web skimmer infections affecting multiple websites, including casio.co.uk. So far, we have confirmed 17 victim websites, though this number will likely increase as our investigation continues. We are actively reaching out to the affected websites so they can take down the infections. For that reason, we are not disclosing the names of all victims' websites."
        https://jscrambler.com/blog/stealing-seconds-web-skimmer-compromises-websites
        https://hackread.com/casio-16-websites-double-entry-web-skimming-attack/

      Breaches/Hacks/Leaks

      • Indian Tech Giant Tata Technologies Hit By Ransomware Attack
        "Tata Technologies Ltd. had to suspend some of its IT services following a ransomware attack that impacted the company network. A subsidiary of Tata Motors, Tata Technologies is an Indian public multinational tech firm that focuses on automotive design, aerospace engineering, and R&D engineering in general. It is one of India’s key tech developers and state project contractors, employs over 11,000 people, has an annual revenue of $600 million, and operates 18 locations in India, North America, Europe, and Asia-Pacific."
        https://www.bleepingcomputer.com/news/security/indian-tech-giant-tata-technologies-hit-by-ransomware-attack/
        https://therecord.media/tata-ransomware-attack-report-incident
        https://www.infosecurity-magazine.com/news/tata-technologies-ransomware-attack/
        https://securityaffairs.com/173712/cyber-crime/tata-technologies-ransomware-attack.html
      • US Healthcare Provider Data Breach Impacts 1 Million Patients
        "Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. The non-profit organization provides primary medical, dental, and mental health services to more than 145,000 active patients. CHC said in a Thursday filing with Maine's attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025."
        https://www.bleepingcomputer.com/news/security/data-breach-at-us-healthcare-provider-chc-impacts-1-million-patients/
        https://www.darkreading.com/cyberattacks-data-breaches/community-health-center-notifies-1m-stolen-data-breach
        https://therecord.media/connecticut-california-healthcare-networks-data-breaches
        https://www.bankinfosecurity.com/connecticut-health-clinic-hack-affects-nearly-11-million-a-27421
        https://securityaffairs.com/173687/data-breach/community-health-center-data-breach.html
      • Globe Life Data Breach May Impact An Additional 850,000 Clients
        "Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. Globe Life was founded in 1900 and is one of the largest providers of life and health insurance plans in the United States. It has a market capitalization of $12 billion and a total revenue that exceeds $5.3 billion. On June 13, 2024, the company discovered during a security review of its networks that it had been compromised by hackers who had gained unauthorized access to one of its web portals."
        https://www.bleepingcomputer.com/news/security/globe-life-data-breach-may-impact-an-additional-850-000-clients/
        https://therecord.media/globe-life-updated-sec-filing-hackers-extortion-data-breach
      • Mizuno USA Says Hackers Stayed In Its Network For Two Months
        "Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. Headquartered in Peachtree Corners, Georgia, Mizuno USA manufactures and distributes golf, running, baseball, volleyball, softball, swimming, and tennis equipment, apparel, and footwear for North America."
        https://www.bleepingcomputer.com/news/security/mizuno-usa-says-hackers-stayed-in-its-network-for-two-months/
      • NorthBay Health Data Breach Impacts 569,000 Individuals
        "Non-profit healthcare system NorthBay Healthcare Corporation (NorthBay Health) is notifying over 569,000 individuals that their personal information was stolen in a data breach following a ransomware attack a year ago. According to the organization, the unauthorized access to its network was identified on February 23, 2024, but the attackers had access to its systems between January 11 and April 1."
        https://www.securityweek.com/northbay-health-data-breach-impacts-569000-individuals/
      • BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers Via Compromised API Key
        "BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged on December 5, 2024. "The investigation determined that a zero-day vulnerability of a third-party application was used to gain access to an online asset in a BeyondTrust AWS account," the company said this week."
        https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html
        https://www.beyondtrust.com/remote-support-saas-service-security-investigation

      General News

      • Deploying AI At The Edge: The Security Trade-Offs And How To Manage Them
        "Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer AI systems to use them against their creators. In this Help Net Security interview, Jags Kandasamy, CEO at Latent AI, discusses the technical and strategic measures necessary to safeguard AI models, the balance between security and performance in constrained environments, and the lessons professionals can learn as they deploy AI in high-risk sectors."
        https://www.helpnetsecurity.com/2025/01/31/jags-kandasamy-latent-ai-edge-ai-security/
      • Platformization Is Key To Reduce Cybersecurity Complexity
        "Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high degree of security platformization report their cybersecurity investments have helped business outcomes such as operational efficiencies and revenue generation."
        https://www.helpnetsecurity.com/2025/01/31/security-platformization-complexity/
      • Nine Out Of Ten Emails Are Spam
        "Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group. The report is based on an analysis of 7.2 billion emails globally in 2024."
        https://www.helpnetsecurity.com/2025/01/31/malicious-spam-emails/
      • Another Banner Year For Ransomware Gangs Despite Takedowns By The Cops
        "If the nonstop flood of ransomware attacks doesn't already make every day feel like Groundhog Day, then a look back at 2024 – and predictions for 2025 – definitely will. Last year broke previous years' ransomware records with 5,263 observed attacks - a 15 percent year-over-year jump - despite several high-profile law enforcement takedowns and arrests, according to the infosec gurus at the UK-based NCC Group today. Critical national infrastructure emerged as a prime target for these digital extortionists, and the security shop's glum outlook for 2025: More of the same."
        https://www.theregister.com/2025/01/31/banner_year_for_ransomware_gangs/
      • How Scammers Are Exploiting DeepSeek's Rise
        "It’s become almost a cliché to say that cybercriminals are remarkably quick to latch onto the latest trends and technologies and exploit them for their own nefarious gains. The buzz around DeepSeek and its state-of-the-art AI models is no exception. In fact, the past few days have provided a stark reminder that while the tech world is evolving at a breakneck speed, the tactics of online scammers often remain strikingly familiar."
        https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/
      • DeepSh*t: Exposing The Security Risks Of DeepSeek-R1
        "DeepSeek recently released several foundation models that set new levels of open-weights model performance against benchmarks. Their reasoning model, DeepSeek-R1, shows state-of-the-art levels of reasoning performance for open-weights and is comparable to the highest-performing closed-weights reasoning models. Benchmark results for DeepSeek-R1 vs OpenAI-o1, as reported by DeepSeek, can be found in their technical report."
        https://hiddenlayer.com/innovation-hub/deepsht-exposing-the-security-risks-of-deepseek-r1/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 86bd804f-9bad-4b61-96f6-1a99727b6766-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post