NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 February 2025

    Cyber Security News
    1
    1
    409
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Third-Party Risk Management Failures Expose UK Finance Sector
        "Over half (58%) of large UK financial services firms suffered at least one third-party supply chain attack in 2024, according to a study by Orange Cyberdefense. Nearly a quarter (23%) of these companies were hit three or more times by third-party attacks. The research identified significant gaps in financial services third-party risk management strategies. Close to half (44%) of these institutions admitted that they only assess third-party risk during the initial supplier onboarding stage. A similar proportion (41%) perform periodic risk assessments. Just 14% said they continuously assess risk and use dedicated third-party risk management tools."

      https://www.infosecurity-magazine.com/news/third-party-risk-failures-uk/

      Vulnerabilities

      • Trimble Releases Security Updates To Address a Vulnerability In Cityworks Software
        "CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server."
        https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-security-updates-address-vulnerability-cityworks-software
        https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-06-docx/0?
        https://www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/
        https://www.securityweek.com/trimble-cityworks-customers-warned-of-zero-day-exploitation/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/02/07/cisa-adds-one-known-exploited-vulnerability-catalog
        https://thehackernews.com/2025/02/cisa-warns-of-active-exploitation-in.html
        https://therecord.media/hackers-exploiting-trimble-cityworks-bug-used-by-local-govs
        https://securityaffairs.com/173975/hacking/u-s-cisa-adds-trimble-cityworks-flaw-to-its-known-exploited-vulnerabilities-catalog.html
      • NowSecure Uncovers Multiple Security And Privacy Flaws In DeepSeek iOS Mobile App
        "A NowSecure mobile application security and privacy assessment has uncovered multiple security and privacy issues in the DeepSeek iOS mobile app that lead us to urge enterprises to prohibit/forbid its usage in their organizations. As the top iOS app since Jan 25, 2025, the DeepSeek iOS app has already been downloaded and used on millions of devices belonging to individuals enterprise and government employees, prompting swift bans from countries, state and federal governments and the U.S. military to protect their organizations and safeguard national security."
        https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
        https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html

      Malware

      • Massive Brute Force Attack Uses 2.8 Million IPs To Target VPN Devices
        "A large-scale brute force password attack using almost 2.8 million IP addresses is underway, attempting to guess the credentials for a wide range of networking devices, including those from Palo Alto Networks, Ivanti, and SonicWall. A brute force attack is when threat actors attempt to repeatedly log into an account or device using many usernames and passwords until the correct combination is found. Once they have access to the correct credentials, the threat actors can then use them to hijack a device or gain access to a network. According to the threat monitoring platform The Shadowserver Foundation, a brute force attack has been ongoing since last month, employing almost 2.8 million source IP addresses daily to perform these attacks."
        https://www.bleepingcomputer.com/news/security/massive-brute-force-attack-uses-28-million-ips-to-target-vpn-devices/
      • CVE-2023-6080: A Case Study On Third-Party Installer Abuse
        "Building upon the insights shared in a previous Mandiant blog post, Escalating Privileges via Third-Party Windows Installers, this case study explores the ongoing challenge of securing third-party Windows installers. These vulnerabilities are rooted in insecure coding practices when creating Microsoft Software Installer (MSI) Custom Actions and can be caused by references to missing files, broken shortcuts, or insecure folder permissions. These oversights create gaps that inadvertently allow attackers the ability to escalate privileges."
        https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse
        https://www.bankinfosecurity.com/lakeside-software-msi-flaw-identified-by-google-mandiant-a-27478
      • LLMjacking Targets DeepSeek
        "Since the Sysdig Threat Research Team (TRT) discovered LLMjacking in May 2024, we have continued to observe new insights into and applications for these attacks. Large language models (LLMs) are rapidly evolving and we are all still learning how best to use them, but in the same vein, attackers continue to evolve and grow their use cases for misuse. Since our original discovery, we have observed new motives and methods by which attackers conduct LLMjacking — including rapid expansion to new LLMs, such as DeepSeek."
        https://sysdig.com/blog/llmjacking-targets-deepseek/
        https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys
        https://hackread.com/hackers-monetize-llmjacking-selling-stolen-ai-access/
      • Chinese-Speaking Group Manipulates SEO With BadIIS
        "In 2024, we observed a substantial distribution of malware known as "BadIIS" in Asia. BadIIS targets Internet Information Services (IIS) and can be used for SEO fraud or to inject malicious content into the browsers of legitimate users. This includes displaying unauthorized ads, distributing malware, and even conducting watering hole attacks aimed at specific groups. In this campaign, threat actors exploit vulnerable IIS servers to install the BadIIS malware on the compromised servers. Once users send a request to a compromised server, they might receive altered content from attackers."
        https://www.trendmicro.com/en_us/research/25/b/chinese-speaking-group-manipulates-seo-with-badiis.html
      • Scalable Vector Graphics Files Pose a Novel Phishing Threat
        "Criminals who conduct phishing attacks over email have ramped up their abuse of a new threat vector designed to bypass existing anti-spam and anti-phishing protection: The use of a graphics file format called SVG. The attacks, which begin with email messages that have .svg file attachments, started to spread late last year, and have ramped up significantly since mid-January. The file format is designed as a method to draw resizable, vector-based images on a computer. By default, SVG files open in the default browser on Windows computers. But SVG files are not just composed of binary data, like the more familiar JPEG, PNG, or BMP file formats. SVG files contain text instructions in an XML format for drawing their pictures in a browser window."
        https://news.sophos.com/en-us/2025/02/05/svg-phishing/
        https://www.infosecurity-magazine.com/news/cybercriminals-graphics-files/

      Breaches/Hacks/Leaks

      • HPE Notifies Employees Of Data Breach After Russian Office 365 Hack
        "Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. According to filings with Attorney General offices in New Hampshire and Massachusets, HPE started sending the breach notification letters last month to at least 16 people who had their driver's licenses, credit card numbers, and Social Security numbers stolen."
        https://www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
      • US Health System Notifies 882,000 Patients Of August 2023 Breach
        "Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. Established in 1875, HSHS works with over 2,200 physicians and has around 12,000 employees. It also operates a network of physician practices and 15 local hospitals across Illinois and Wisconsin, including two children's hospitals. The non-profit healthcare system said in data breach notifications sent to those impacted that the incident was discovered on August 27, 2023, after detecting that the attacker had gained access to HSHS' network."
        https://www.bleepingcomputer.com/news/security/us-health-system-notifies-882-000-patients-of-august-2023-breach/
        https://www.bankinfosecurity.com/catholic-hospital-chain-2023-hack-affected-nearly-900000-a-27473
        https://securityaffairs.com/173965/data-breach/hospital-sisters-health-system-data-breach.html
        https://www.securityweek.com/information-of-883000-stolen-in-crippling-attack-on-hospital-sisters-health-system/
      • 20 Million OpenAI Accounts Offered For Sale
        "A cybercriminal acting under the monicker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself."
        https://www.malwarebytes.com/blog/news/2025/02/20-million-openai-accounts-offered-for-sale
      • 430,000 Impacted By Data Breaches At New York, Pennsylvania Healthcare Organizations
        "The personal and health information of over 430,000 individuals was compromised in October and November 2024 data breaches at Allegheny Health Network (AHN) and University Diagnostic Medical Imaging (UDMI). UDMI, a medical imaging center in New York, says threat actors accessed certain information on its systems for a brief period on November 26, before the suspicious activity was discovered. The hackers, which it did not name, accessed personal information such as names, addresses, dates of birth, referring physicians, and diagnosis and treatment information."
        https://www.securityweek.com/430000-impacted-by-data-breaches-at-new-york-pennsylvania-healthcare-organizations/
      • Label Maker Avery Says Ransomware Investigation Also Found Credit-Card Scraper
        "The world’s largest supplier of labels said a ransomware attack in December prompted an investigation that led to the discovery of a data breach impacting the information of about 67,000 customers. In breach notification letters, Avery Products said a ransomware attack was discovered on December 9 and prompted an in-depth investigation led by forensic experts. They found that “an unauthorized actor inserted malicious software that was used to ‘scrape’ credit card information used on our website” between July 18, 2024, and January 5, 2025, the company said in letters provided to regulators in Maine."
        https://therecord.media/avery-products-ransomware-data-breach-notification
      • Phones, Email, Classes Disrupted In University Of The Bahamas Ransomware Attack
        "A ransomware gang has shut down the internet and telephone systems used by the University of The Bahamas, forcing changes on administrators, professors and students. The school, which serves 5,000 students across three campuses, said the attack began on February 2 and impacted all online applications including email platforms and systems used for classwork. All online classes were cancelled. A day later, the school confirmed it was dealing with a ransomware attack and said it is working with law enforcement to contain the incident."
        https://therecord.media/bahamas-university-ransomware-attack

      General News

      • Data Breaches In UK Legal Sector Increase By More Than a Third, Impacting Almost 8 Million People
        "A new analysis of data from the Information Commissioner’s Office (ICO) by NetDocuments has revealed a sharp increase in data breaches across the UK legal sector. In the period between Q3 2023 andQ2 2024, the number of identified data breaches in the UK legal sector rose by39% (2,284 cases were reported to the ICO, compared to 1,633 the previous year).In total, data relating to 7.9 million people was compromised, amounting to 12% of the UK population."
        https://www.netdocuments.com/press-releases/data-breaches-in-uk-legal-sector-increase-by-more-than-a-third-impacting-almost-8-million-people
        https://www.tripwire.com/state-of-security/research-reveals-data-breaches-rise-uk-law-firms
      • 2.3 Million Organizations Embrace DMARC Compliance
        "It has been one year since Google and Yahoo implemented stricter requirements for bulk email senders. Eleven months ago, Red Sift shared an update based on data from BIMI Radar, which revealed a concerning global readiness picture. Now, with a full year behind us, it’s time to evaluate the progress organizations have made in addressing these requirements. In February 2024, 91.38% of global domains lacked a Domain-based Message Authentication, Reporting, and Conformance (DMARC) record, leaving them vulnerable to compliance failures and cyber threats."
        https://blog.redsift.com/email/dmarc/2-3-million-organizations-embrace-dmarc-compliance/
        https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges
      • Behavioral Analytics In Cybersecurity: Who Benefits Most?
        "Last year, the cost of a data breach rose 10%, from $4.4 million to $4.8 million, as stated by IBM's annual "Cost of a Data Breach Report." According to cybersecurity firm Vectra AI, more than 70% of security operations center (SOC) leaders fear that a real attack will be hidden under an overwhelming flood of false-positive alerts and other security noise. The resulting burnout may be contributing to the labor shortage plaguing the industry."
        https://www.darkreading.com/cyberattacks-data-breaches/behavioral-analytics-cybersecurity-who-benefits-most
      • Cybercrime Forces Local Law Enforcement To Shift Focus
        "Last November, an Idaho man was sentenced to 10 years in prison for hacking into the computer servers of 19 victims across the United States, stealing personally identifiable information (PII) belonging to more than 132,000 people, and attempting to extort a Florida orthodontist for payment in Bitcoin cryptocurrency. The perpetrator, Robert Purbeck, had also purchased access to the computer server belonging to a medical clinic in Griffin, Ga., from a cybersecurity forum and used stolen credentials to remove records containing sensitive PII, such as birth dates and Social Security numbers for 43,000 individuals, according to the US Department of Justice."
        https://www.darkreading.com/cyberattacks-data-breaches/cybercrime-forces-local-law-enforcement-to-shift-focus
      • Using Exposed Ollama APIs To Find DeepSeek Models
        "The explosion of AI has led to the creation of tools that make it more accessible, leading to more adoption and more numerous, less sophisticated users. As with cloud computing, that pattern of growth leads to misconfigurations and, ultimately, leaks. One vector for AI leakage is exposed Ollama APIs that allow access to running AI models. Those exposed APIs create potential information security problems for the models’ owners. Of greater interest at the current moment, however, the metadata about the models, which also provides a gauge for the extent of DeepSeek adoption. By examining exposed Ollama APIs, we can see how AI users are already running DeepSeek in the U.S. and around the world."
        https://www.upguard.com/blog/deepseek-adoption
        https://hackread.com/exposed-ollama-apis-leave-deepseek-ai-models-attack/
      • Self-Sovereign Identity Could Transform Fraud Prevention, But…
        "The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database, the bigger the prize."
        https://www.helpnetsecurity.com/2025/02/07/ssi-self-sovereign-identity/
      • Infosec Pros Struggle Under Growing Compliance
        "The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard. The research showed 91% of respondents report feeling concerned about cybersecurity threats to their organization, and 86% are aware of incidents within their industry in the past year."
        https://www.helpnetsecurity.com/2025/02/07/infosec-pros-compliance-pressure/
      • Overconfident Execs Are Making Their Companies Vulnerable To Fraud
        "Cyber fraud (which includes activity such as hacking, deepfakes, voice cloning and highly sophisticated phishing schemes) rose by 14% year over year, according to Trustpair."
        https://www.helpnetsecurity.com/2025/02/07/cyber-fraud-growth/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 25506985-021e-4dc4-86e3-8e42b131ba60-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post