NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 04 February 2025

    Cyber Security News
    1
    1
    430
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • BadDNS: Open-Source Tool Checks For Subdomain Takeovers
        "BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types."
        https://www.helpnetsecurity.com/2025/02/03/baddns-open-source-tool-check-domain-subdomain-takeover/
        https://github.com/blacklanternsecurity/baddns

      Vulnerabilities

      • Google Fixes Android Kernel Zero-Day Exploited In Attacks
        "The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver does not accurately parse frames of the type UVC_VS_UNDEFINED within the uvc_parse_format function. As a result, the frame buffer size is miscalculated, leading to potential out-of-bounds writes that can be exploited in arbitrary code execution or denial-of-service attacks."
        https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-attacks/
        https://securityaffairs.com/173812/hacking/google-android-kernel-zero-day-flaw.html

      Malware

      • Malicious Packages Deepseeek And Deepseekai Published In Python Package Index
        "As part of our threat research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package Index (PyPI) package repository. The attack targeted developers, ML engineers, and ordinary AI enthusiasts who might be interested in integrating DeepSeek into their systems. PyPI is used as a default package repository in popular package managers: pip, pipenv, and poetry."
        https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/malicious-packages-deepseeek-and-deepseekai-published-in-python-package-index
        https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/
        https://www.darkreading.com/application-security/ai-malware-deepseek-packages-pypi
        https://www.helpnetsecurity.com/2025/02/03/deepseeks-popularity-exploited-to-push-malicious-packages-via-pypi/
        https://hackread.com/hackers-hide-malware-fake-deepseek-pypi-packages/
      • XE Group: From Credit Card Skimming To Exploiting Zero-Days
        "This blog provides an in-depth analysis of XE Group’s recent operations based on a collaborative research effort with Solis Security. The team’s findings include detailed technical insights into the exploits used by XE Group, including their utilization of zero-day vulnerabilities (CVE-2024-57968, CVE-2025-25181), persistence mechanisms, and attack methodologies."
        https://intezer.com/blog/research/xe-group-exploiting-zero-days/
        https://cyberscoop.com/xegroup-zero-day-exploit-intezer-labs-solis-security-vietnam/
        https://www.securityweek.com/xe-group-cybercrime-gang-moves-from-credit-card-skimming-to-zero-day-exploits/
      • X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams
        "Thanks to tips from targets and collaboration with industry partners, SentinelLABS has observed a variety of phishing lures tied to this campaign over the past few weeks. One example is the classic account login notice. The links in the email received by the target are not legitimate and lead to credential phishing sites. Other observed lures use copyright violation themes. However, SentinelLABS notes that directly phishing users may not be the only access method employed by this attacker."
        https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns/
        https://therecord.media/hackers-x-accounts-security-crypto
        https://www.darkreading.com/endpoint-security/one-click-phishing-campaign-high-profile-x-accounts
        https://www.infosecurity-magazine.com/news/x-accounts-targeted-phishing/

      Breaches/Hacks/Leaks

      • Hundreds Of Thousands Hit By Data Breaches At Healthcare Firms In Colorado, North Carolina
        "Asheville Eye Associates and Delta County Memorial Hospital District last week disclosed separate data breaches that impacted hundreds of thousands of individuals. On Friday, Asheville Eye Associates said the personal and medical information of a subset of its patients was compromised as a result of a cybersecurity incident. The potentially compromised information, the North Carolina eye care center said, includes names, addresses, medical treatment information, and health insurance information. The incident did not impact Social Security numbers, credit card numbers, or financial information."
        https://www.securityweek.com/hundreds-of-thousands-hit-by-data-breaches-at-healthcare-firms-in-colorado-north-carolina/
      • Mississippi Electric Utility Warns 20,000 Residents Of Data Breach
        "An electric utility serving multiple counties in Mississippi was attacked by cybercriminals last summer in an incident that exposed the information of more than 20,000 residents. The Yazoo Valley Electric Power Association initially warned customers through social media on August 26 that, due to software problems, they were unable to process payments. The system was restored by August 30. In breach notification letters filed with regulators last week, the utility confirmed it discovered “suspicious activity” on August 26 and initiated an investigation."
        https://therecord.media/mississippii-electric-utility-residents-breach
      • Russian Hackers Suspected Of Compromising British PM’s Personal Email Account
        "Russia is suspected of compromising the personal email account of the British prime minister, Keir Starmer, before he entered office, according to a recently published book. As reported by The Times — which is serializing the book, titled "Get In" — it “reveals that in 2022 Starmer, then the Labour leader in opposition, was told that his email account may have been compromised in a sophisticated ­campaign by Kremlin-linked hackers.”"
        https://therecord.media/keir-starmer-email-hack-russia-suspected

      General News

      • Only 3% Of Organizations Have a Dedicated Budget For SaaS Security
        "Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance."
        https://www.helpnetsecurity.com/2025/02/03/mid-market-organizations-saas-risks/
      • Canadian Charged With Stealing $65 Million Using DeFI Crypto Exploits
        "The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols. DeFI platforms are blockchain-based systems that facilitate peer-to-peer financial services, eliminating the need for conventional centralized financial intermediaries like banks or brokerages. These platforms deliver various financial services related to digital assets, enabling their users to lend, invest, earn interest, and trade assets through smart contracts and decentralized applications (dApps)."
        https://www.bleepingcomputer.com/news/security/canadian-charged-with-stealing-65-million-using-defi-crypto-exploits/
        https://therecord.media/indictment-canadian-two-cryptocurrency-platform-hacks
      • Ransomware Groups Weathered Raids, Profited In 2024
        "A surge in ransomware groups in 2024 left companies facing increased attacks, even as law enforcement ramped up investigations against well-known groups such as LockBit, and dismantled popular cybercriminal services, such as phishing-as-a-service provider LabHost and the encrypted messaging platform Ghost."
        https://www.darkreading.com/endpoint-security/ransomware-weathered-raids-profited-2024
      • 'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks
        "Researchers at Anthropic, the company behind the Claude AI assistant, have developed an approach they believe provides a practical, scalable method to make it harder for malicious actors to jailbreak or bypass the built-in safety mechanisms of a range of large language models (LLMs). The approach employs a set of natural language rules — or a "constitution" — to create categories of permitted and disallowed content in an AI model's input and output, and then uses synthetic data to train the model to recognize and apply those content classifiers."
        https://www.darkreading.com/application-security/constitutional-classifiers-mitigate-genai-jailbreaks
        https://arxiv.org/pdf/2501.18837
      • Proactive Vulnerability Management For Engineering Success
        "As cyber threats grow more sophisticated, organizations must prioritize secure software development practices. Vulnerability management is a critical aspect of this, but its success depends on clear ownership and collaboration between information security and engineering teams. By shifting left and embedding vulnerability management into the development life cycle, organizations can empower engineering teams to deliver secure code efficiently. Here's how infosec teams can drive this transformation."
        https://www.darkreading.com/vulnerabilities-threats/proactive-vulnerability-management-engineering-success
      • Insights On AI-Enabled Cybercrime Through Collaboration With UC Berkeley’s Center For Long-Term Cybersecurity
        "Over the last year, discussions about AI-enabled cybercrime have shifted from speculation about impacts to real-world observations. Malicious actors continue to find ways to harness AI to their advantage, resulting in an increased volume and velocity of threats, keeping the cybersecurity community on their toes. As defenders, having an awareness of AI’s impacts on the threat landscape is certainly vital, as is understanding strategies to combat the shifts occurring in the wake of this new technology. Gaining hands-on practice mitigating AI-focused threats is the next crucial step in fighting increasingly sophisticated cybercrime operations."
        https://www.fortinet.com/blog/industry-trends/insights-on-ai-enabled-cybercrime-through-collaboration-with-uc-berkeley
      • Cyber Insights 2025: Quantum And The Threat To Encryption
        "SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect with Quantum computing and the threat to encryption. We (probably) will not get a cryptographically relevant quantum computer (CRQC) in 2025. Public key encryption (PKE) will (probably) remain safe through 2025. But… Well, there are issues. It is those issues we wish to explore here. Quantum decryption is getting perilously close. This article is a call to arms. We need to arm ourselves with quantum safe encryption – and crypto-agility – in 2025."
        https://www.securityweek.com/cyber-insights-2025-quantum-and-the-threat-to-encryption/
      • 2024 Trends In Vulnerability Exploitation
        "2024 marked another banner year for threat actors targeting the exploitation of vulnerabilities. Exploitation disclosures came from various sources, including product companies, security vendors, government agencies, non-profits, and media outlets worldwide. This blog post examines broader trends across exploited vulnerabilities where exploitation was first publicly disclosed in 2024, leveraging insights from VulnCheck KEV, a free community resource launched at the beginning of 2024."
        https://vulncheck.com/blog/2024-exploitation-trends
        https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html
        https://www.infosecurity-magazine.com/news/cves-exploited-wild-2024/
      • Woman Nabbed By Thai Police On Alleged Link To $182 Million Romance Scam
        "A woman with alleged ties to the costliest romance scam in Thailand’s history was arrested on Saturday. According to Thailand’s Central Investigation Bureau (CIB), police apprehended the 52-year-old woman — identified only as Orathai — at Hat Yai International Airport in the country’s south. Orathai is accused of opening bank accounts at the behest of her Nigerian boyfriend that were allegedly used to launder the proceeds of a 6.2 billion Baht ($182.8 million) romance scam."
        https://therecord.media/arrest-thai-police-woman-romance-scam

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) cbd36c53-d5b5-4dfc-9fc0-b903cec32c03-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post