NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 February 2025

    Cyber Security News
    1
    1
    414
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Beelzebub: Open-Source Honeypot Framework
        "Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot."
        https://www.helpnetsecurity.com/2025/02/10/beelzebub-open-source-honeypot-framework/
        https://github.com/mariocandela/beelzebub

      Vulnerabilities

      • Zimbra Releases Security Updates For SQL Injection, Stored XSS, And SSRF Vulnerabilities
        "Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting versions prior to 10.0.12 and 10.1.4. Stemming from a lack of adequate sanitization of a user-supplied parameter, the shortcoming could be weaponized by authenticated attackers to inject arbitrary SQL queries that could retrieve email metadata by "manipulating a specific parameter in the request.""
        https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html
      • Apple Fixes Zero-Day Exploited In 'extremely Sophisticated' Attacks
        "Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. "A physical attack may disable USB Restricted Mode on a locked device," the company revealed in an advisory targeting iPhone and iPad users. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.""
        https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/
        https://support.apple.com/en-us/122174
        https://securityaffairs.com/174066/hacking/apple-fixes-iphone-and-ipad-bug-exploited-in-extremely-sophisticated-attacks.html
        https://www.securityweek.com/apple-confirms-usb-restricted-mode-exploited-in-extremely-sophisticated-attack/
      • Over 12,000 KerioControl Firewalls Exposed To Exploited RCE Flaw
        "Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. KerioControl is a network security suite that small and medium-sized businesses use for VPNs, bandwidth management, reporting and monitoring, traffic filtering, AV protection, and intrusion prevention. The flaw in question was discovered in mid-December by security researcher Egidio Romano (EgiX), who demonstrated the potential for dangerous 1-click RCE attacks."
        https://www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/
      • Small Praise For Modern Compilers - A Case Of Ubuntu Printing Vulnerability That Wasn’t
        "Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing via Internet Printing Protocol (IPP). After wrapping up the macOS investigation, we decided to take a look at how other operating systems handle the same functionality."
        https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case-of-ubuntu-printing-vulnerability-that-wasnt/
      • Weaponizing Background Images For Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711
        "AnyDesk is a popular personal and enterprise software for remote administration distributed by AnyDesk Software GmbH. This post will dive into the vulnerability I found on AnyDesk mid of the year."
        https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754

      Malware

      • Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
        "At Sucuri, we are committed to protecting websites from malware and other cyber threats. Recently, we were contacted by a customer who had experienced credit card data theft from their Magento-based eCommerce website. After an extensive investigation, we were able to trace the malware responsible for what was happening back to the Google Tag Manager script and assist in restoring the site’s security. We have detailed a previous similar infection here Malicious Activities with Google Tag Manager."
        https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html
        https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html
        https://www.darkreading.com/cyberattacks-data-breaches/magecart-attackers-abuse-google-ad-tool-steal-data
      • NOVA: Blast From The Past
        "The BI.ZONE Threat Intelligence team continues to record a large‑scale campaign targeting Russian organizations across various industries. The adversaries employ NOVA stealer, a new commercial fork of SnakeLogger, with subscriptions starting at $50. They distribute phishing emails with the malware disguised as a contract archive."
        https://bi.zone/eng/expertise/blog/nova-khorosho-zabytoe-staroe/
      • Flesh Stealer : Unmasking The Blue Masked Thief
        "At CYFIRMA, we are dedicated to providing timely insights into emerging threats and tactics used by cybercriminals targeting individuals and organizations. This report examines Flesh Stealer, a .NET executable written in C#. The malware does not target CIS countries and is capable of bypassing app-bound encryption employed by Chrome. Developed by a Russian-speaking individual, Flesh Stealer includes various features such as anti-debugging and anti-VM capabilities."
        https://www.cyfirma.com/research/flesh-stealer-unmasking-the-blue-masked-thief/
      • The Anatomy Of Abyss Locker Ransomware Attack
        "Abyss Locker (AKA Abyss ransomware) is a relatively new threat group that emerged in 2023, specializing in swift and decisive intrusions designed to cripple victims with ransomware. Abyss Locker was active throughout 2024, causing multiple incidents investigated by Sygnia. However, no recent technical blogs provide detailed insights into the group’s modus operandi. The threat actors behind Abyss Locker consistently employ a TTP of deploying malware on critical network devices to tunnel their activity within the network. This includes targeting VPN appliances, network- attached storage (NAS) and ESXi servers."
        https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/

      Breaches/Hacks/Leaks

      • Cyberattack Disrupts Lee Newspapers' Operations Across The US
        "Lee Enterprises, one of the largest newspaper groups in the United States, says a cyberattack that hit its systems caused an outage last week and impacted its operations. In a Friday filing with the U.S. Securities and Exchange Commission (SEC), the company said the February 3 cyberattack was behind the outage that impacted its business operations. "On February 3, 2025, the Company experienced a technology outage due to a cyber incident affecting certain business applications, resulting in an operational disruption," Lee Enterprises revealed."
        https://www.bleepingcomputer.com/news/security/cyberattack-disrupts-lee-newspapers-operations-across-the-us/
        https://therecord.media/lee-enterprises-cyberattack-newspapers-priinting
        https://www.darkreading.com/cyber-risk/newspaper-giant-lee-enterprise-cyberattack
        https://www.theregister.com/2025/02/10/us_newspapers_lee_enterprises_cyberattack/
      • Georgia Hospital, Nursing Home Notifying 120,000 Of Hack
        "A small rural Georgia hospital and its nursing home are notifying more than 120,000 patients that their sensitive information was accessed and acquired by hackers in a cybersecurity incident last fall. Ransomware gang Embargo claims on its dark web site to have published 1.15 terabytes of the stolen data."
        https://www.bankinfosecurity.com/georgia-hospital-nursing-home-notifying-120000-hack-a-27487
        https://www.darkreading.com/cyber-risk/120k-victims-compromised-memorial-hospital-ransomware
        https://www.infosecurity-magazine.com/news/georgia-hospital-120000-data-breach/
        https://www.securityweek.com/information-of-120000-stolen-in-ransomware-attack-on-georgia-hospital/
      • Handala Hackers Claim Massive Data Breach On Israeli Police, Leak 350,000 Files
        "The infamous Handala hacking group, with suspected ties to Iranian intelligence, has claimed responsibility for a cyberattack against Israel’s police force, managing to exfiltrate 2.1 terabytes of sensitive data, including personnel records, weapons inventories, medical and psychological profiles, legal case files, weapon permits, and identity documents. Handala further claims to have disseminated 350,000 of these documents publicly."
        https://hackread.com/handala-hackers-israeli-police-breach-data-leak/

      General News

      • Police Arrests 4 Phobos Ransomware Suspects, Seizes 8Base Sites
        "A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base’s dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide. The arrested individuals, two men and two women, are Europeans who reportedly extorted $16,000,000 worth of Bitcoin from their victims over the years. The police operation, codenamed "Phobos Aetor," led to coordinated raids across four locations, where laptops, smartphones, and cryptocurrency wallets were seized for forensic analysis. The arrests were made at the request of the Swiss authorities, who have asked the Thai government to extradite the suspects."
        https://www.bleepingcomputer.com/news/legal/police-arrests-4-phobos-ransomware-suspects-seizes-8base-sites/
        https://therecord.media/8base-ransomware-site-taken-down-4-arrested
        https://cyberscoop.com/8base-ransomware-arrests-thailand-domain-seizure/
        https://hackread.com/police-dismantle-8base-ransomware-seize-dark-web-sites/
        https://www.theregister.com/2025/02/10/8base_police_arrrest/
      • Hacker Pleads Guilty To SIM Swap Attack On US SEC X Account
        "Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack. This comes after the defendant, 25-year-old Eric Council Jr., first pleaded not guilty to hacking the account and enabling his co-conspirators to make a fake announcement that Bitcoin ETFs were approved. "Today the SEC grants approval to Bitcoin ETFs for listing on registered national security exchanges. The approved Bitcoin ETFs will be subject to ongoing surveillance and compliance measures to ensure continued investor protection," read the fake post on X."
        https://www.bleepingcomputer.com/news/security/hacker-pleads-guilty-to-sim-swap-attack-on-us-sec-x-account/
        https://www.darkreading.com/cyber-risk/guilty-plea-in-hacking-of-the-sec-s-x-account-that-caused-bitcoin-value-spike
        https://therecord.media/hacker-hijacked-sec-account-maximum
      • Sky ECC Encrypted Service Distributors Arrested In Spain, Netherlands
        "Four distributors of the encrypted communications service Sky ECC, used extensively by criminals, were arrested in Spain and the Netherlands. According to an announcement by the Spanish police, the two suspects arrested in the country were the leading global distributors of the service, generating over €13.5 million ($14M) in profits. Investigation into the communications service, its sellers, and customers started back in 2019. According to what is known, the clients bought access to the service via a subscription-based scheme that cost €600 for three months."
        https://www.bleepingcomputer.com/news/legal/sky-ecc-encrypted-service-distributors-arrested-in-spain-netherlands/
      • Projecting The Next Decade Of Software Supply Chain Security
        "With the rapid pace of innovation accelerating under a new administration, discussions over whether software security will be sidelined in favor of speed are heating up. However, security leaders have long been saying that security protocols shouldn’t slow down development plans — and they don’t when done correctly. This perception must be adopted more widely so that innovation and security can happen in tandem."
        https://cyberscoop.com/projecting-the-next-decade-of-software-supply-chain-security/
      • Analyst Burnout Is An Advanced Persistent Threat
        "In the battle against cyber threats, we're losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn't just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure."
        https://www.darkreading.com/cybersecurity-operations/analyst-burnout-is-advanced-persistent-threat
      • AI’s Role In Cutting Costs And Cybersecurity Threats In Logistics
        "Supply chains are under immense pressure. Fuel costs are skyrocketing, delays are becoming the norm, and cybersecurity threats are more sophisticated than ever. Artificial intelligence (AI) has stepped in as the most powerful tool to combat these challenges, but it’s no longer just about automation; it’s about making real-time decisions that prevent losses before they happen."
        https://hackread.com/ai-role-cutting-costs-cybersecurity-threats-logistics/
      • Political Campaigns Struggle To Balance AI Personalization And Voter Privacy
        "In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and the influence of AI on campaign strategies in authoritarian regimes."
        https://www.helpnetsecurity.com/2025/02/10/mateusz-labuz-ifsh-ai-personalization-privacy/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c7b29e92-b6d4-4170-a370-7bebaecd8deb-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post