NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 February 2025

    Cyber Security News
    1
    1
    449
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Is AI a Friend Or Foe Of Healthcare Security?
        "Some say artificial intelligence (AI) has changed healthcare in ways we couldn't have imagined just a few years ago. It's now used for everything from paperwork to helping doctors make better diagnoses. But like any new tech, there are risks involved. Currently, AI is both a potent defense mechanism and an attacker enabler. Therefore, the question that must be asked is clear: Is AI an enemy or a friend of cybersecurity in healthcare? Honestly, the answer is both."
        https://www.darkreading.com/vulnerabilities-threats/is-ai-friend-foe-healthcare-security

      Industrial Sector

      • ICS Patch Tuesday: Vulnerabilities Addressed By Schneider Electric, Siemens
        "Industrial giants Schneider Electric and Siemens have released their February 2025 Patch Tuesday ICS security advisories."
        https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-schneider-electric-siemens/

      New Tooling

      • SysReptor: Open-Source Penetration Testing Reporting Platform
        "SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting. Reports are designed as HTML/CSS and rendered to PDFs. Pentesters can write their reports in markdown format."
        https://www.helpnetsecurity.com/2025/02/12/sysreptor-open-source-penetration-testing-reporting-platform/
        https://github.com/Syslifters/sysreptor

      Vulnerabilities

      • Ivanti Patches Critical Flaws In Connect Secure And Policy Secure – Update Now
        "Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution."
        https://thehackernews.com/2025/02/ivanti-patches-critical-flaws-in.html
        https://www.ivanti.com/blog/february-security-update
        https://www.bleepingcomputer.com/news/security/ivanti-fixes-three-critical-flaws-in-connect-secure-and-policy-secure/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability
        CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/02/12/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Google Fixes Flaw That Could Unmask YouTube Users' Email Addresses
        "Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. The flaws were discovered by security researchers Brutecat (brutecat.com) and Nathan (schizo.org), who found that YouTube and Pixel Recorder APIs could be used to obtain user's Google Gaia IDs and convert them into their email addresses. The ability to convert a YouTube channel into an owner's email address is a significant privacy risk to content creators, whistleblowers, and activists relying on being anonymous online."
        https://www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/
        https://brutecat.com/articles/leaking-youtube-emails
      • Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities
        "Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found recently in their products."
        https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-nvidia-fix-high-severity-vulnerabilities/
      • How Wiz Found a Critical NVIDIA AI Vulnerability:  Deep Dive Into a Container Escape (CVE-2024-0132)
        "In September of last year, Wiz Research uncovered a critical security vulnerability, tracked as CVE-2024-0132, in the widely used NVIDIA Container Toolkit, which provides containerized AI applications with access to GPU resources. Our initial blog post was purposely vague because the vulnerability was under embargo for an extended period, allowing both NVIDIA and cloud providers to address the issue. As we detailed in our initial blog post, this vulnerability affects any AI application—whether in the cloud or on-premises—that is running the vulnerable container toolkit. Today, we are ready to release the technical details of the vulnerability."
        https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132
        https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html

      Malware

      • CISA And FBI Warn Of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities To Compromise Software
        "CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. “Eliminating Buffer Overflow Vulnerabilities” describes proven techniques to prevent or mitigate buffer overflow vulnerabilities through secure by design principles and best practices."
        https://www.cisa.gov/news-events/alerts/2025/02/12/cisa-and-fbi-warn-malicious-cyber-actors-using-buffer-overflow-vulnerabilities-compromise-software
        https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-buffer-overflow-vulnerabilities
        https://www.theregister.com/2025/02/13/fbi_cisa_unforgivable_buffer_overflow/
      • DPRK Hackers Dupe Targets Into Typing PowerShell Commands As Admin
        "North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic inspired from the now widespread ClickFix campaigns. ClickFix is a social engineering tactic that has gained traction in the cybercrime community, especially for distributing infostealer malware. It involves deceptive error messages or prompts that direct victims to execute malicious code themselves, often via PowerShell commands. These actions typically lead to malware infections."
        https://www.bleepingcomputer.com/news/security/dprk-hackers-dupe-targets-into-typing-powershell-commands-as-admin/
        https://thehackernews.com/2025/02/north-korean-hackers-exploit-powershell.html
        https://securityaffairs.com/174142/apt/emerald-sleet-is-using-a-new-tactic.html
      • New Exploitation Surge: Attackers Target ThinkPHP And OwnCloud Flaws At Scale
        "GreyNoise has identified a significant spike in exploitation activity targeting two vulnerabilities — one already flagged by government agencies as a top target, and another flying under the radar despite real-world attacks increasing."
        https://www.greynoise.io/blog/new-exploitation-surge-attackers-target-thinkphp-and-owncloud-flaws-at-scale
        https://www.bleepingcomputer.com/news/security/surge-in-attacks-exploiting-old-thinkphp-and-owncloud-flaws/
      • The BadPilot Campaign: Seashell Blizzard Subgroup Conducts Multiyear Global Access Operation
        "Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”. This subgroup has conducted globally diverse compromises of Internet-facing infrastructure to enable Seashell Blizzard to persist on high-value targets and support tailored network operations. This blog details this subgroup’s recently observed tactics, techniques, and procedures (TTPs), and describes three of its distinct exploitation patterns. The geographical targeting to a near-global scale of this campaign expands Seashell Blizzard’s scope of operations beyond Eastern Europe. Additionally, the opportunistic access methods outlined in this campaign will continue to offer Russia opportunities for niche operations and activities."
        https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/
        https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html
        https://therecord.media/sandworm-subgroup-russia-europe
        https://www.bleepingcomputer.com/news/security/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/
        https://www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally
        https://cyberscoop.com/russian-state-threat-group-shifts-focus/
        https://www.securityweek.com/russian-seashell-blizzard-hackers-gain-maintain-access-to-high-value-targets-microsoft/
        https://www.theregister.com/2025/02/12/russias_sandworm_caught_stealing_credentials/
      • Samoa Issues Alert On APT40 Hackers Targeting Pacific Region
        "Chinese state-sponsored cyber group APT40 intensified its attacks on government and critical infrastructure networks in the Pacific region, prompting Samoa's national cybersecurity agency to issue an urgent advisory. Samoa's Computer Emergency Response Team, or SamCERT, warned that APT40 is deploying fileless malware and modified commodity malware to infiltrate and persist within networks while evading detection."
        https://www.bankinfosecurity.com/samoa-issues-alert-on-apt40-hackers-targeting-pacific-region-a-27503
        https://www.samcert.gov.ws/sites/default/files/documents/2025-02/APT40 - SamCERT Cyber Threat Advisory_FINAL_0.pdf
      • Stolen Information Used In Personalized Immigration-Themed Attack
        "A new phishing campaign that initially targeted travelers to Singapore by exploiting immigration arrival card submission requirements has begun to target the immigration process for other countries as well. This campaign was first seen in September 2023. However, it is a highly targeted attack making overall volumes low. This campaign mimics Singapore’s official Immigration & Checkpoint Authority (ICA) website to deceive victims into providing credit card information for fraudulent payments."
        https://cofense.com/blog/stolen-information-used-in-personalized-immigration-themed-attack
      • Fake Etsy Invoice Scam Tricks Sellers Into Sharing Credit Card Information
        "As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers. Unfortunately, a new scam is making the rounds, and it’s crucial to recognize the warning signs before you fall victim. In this post, we’ll walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure."
        https://www.malwarebytes.com/blog/news/2025/02/fake-etsy-invoice-scam-tricks-sellers-into-sharing-credit-card-information
      • BTMOB RAT: Newly Discovered Android Malware Spreading Via Phishing Sites
        "Cyble analyzes BTMOB RAT, advanced Android malware actively spreading via phishing sites, leveraging Accessibility Services to steal credentials, control devices remotely, and execute various malicious activities."
        https://cyble.com/blog/btmob-rat-newly-discovered-android-malware/
        “LegionLoader” Exposed !
      • "LegionLoader, also known as Satacom, CurlyGate, and RobotDropper, is an active downloader that has been operating in the shadows, gained significant traction in recent months, quietly amassing over 2,000 samples in just a matter of weeks. VirusTotal (VT) retro-hunting and live-hunting have allowed us to uncovered an ongoing campaign using LegionLoader that appears to have kicked off on December 19, 2024. This is TEHTRIS Threat Intelligence team analysis. Wee’ll break down everything we’ve uncovered so far (including: list of IoCs, phishing url, IDAPython script etc.)."
        https://tehtris.com/en/blog/legionloader-exposed/

      Breaches/Hacks/Leaks

      • ZkLend Loses $9.5M In Crypto Heist, Asks Hacker To Return 90%
        "Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time. zkLend is a decentralized money-market protocol built on Starknet, a Layer 2 scaling solution for Ethereum. It enables users to deposit, borrow, and lend various assets. The attack took place yesterday afternoon, with zkLend warning on X they were suffering a cybersecurity incident. According to the EthSecurity Telegram channel, the threat actors exploited a rounding error bug in zkLend's smart contract mint() function."
        https://www.bleepingcomputer.com/news/cryptocurrency/zklend-loses-95m-in-crypto-heist-asks-hacker-to-return-90-percent/
      • Sarcoma Ransomware Claims Breach At Giant PCB Maker Unimicron
        "A relatively new ransomware operation named ‘Sarcoma’ has claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. The cybercriminals have published samples of files allegedly stolen from the company’s systems during the attack and threaten to leak everything next week if a ransom is not paid. In a new listing added to Sarcoma’s leak site yesterday, the threat actors claim to be holding 377 GB of SQL files and documents exfiltrated from the Taiwanese company."
        https://www.bleepingcomputer.com/news/security/sarcoma-ransomware-claims-breach-at-giant-pcb-maker-unimicron/
      • 2.7 Billion Records Exposed In IoT Devices Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained nearly 2.7 billion records belonging to Mars Hydro — a China-based company offering IoT grow lights and software applications that allow users worldwide to control devices, timers, and settings remotely."
        https://www.vpnmentor.com/news/report-marshydro-breach/
        https://hackread.com/1tb-data-leak-expose-billions-iot-grow-light-records/
        https://www.infosecurity-magazine.com/news/iot-data-breach-exposes-27-billion/
      • Ransomware Attack Disrupting Michigan's Sault Tribe Operations
        "A recent ransomware attack on the Sault Tribe in Michigan has knocked many of its most critical services offline. In a statement on Monday, Sault Tribe Chairman Austin Lowes said the incident began on Sunday morning and impacted “multiple computer and phone systems across tribal administration, including the casinos, health centers and various businesses.” “In response, the tribe has had to temporarily close many departments and businesses,” Lowes said."
        https://therecord.media/ransomware-disrupting-sault-michigan

      General News

      • India's Cybercrime Problems Grow As Nation Digitizes
        "India continues to see a surge in cybercrime affecting both citizens and businesses, with cyber fraud against citizens jumping 51% over the past year and cyberattackers targeting businesses in volumes significantly higher than global averages. Overall, Indian citizens filed more than 1.7 million cybercrime complaints in 2024, up from 1.1 million complaints in 2023, according to the latest data from India's National Cyber Reporting Platform (NCRP) released in early February. While many of those cyber scams came from domestic sources, about 45% of the cyberattacks came from cybercriminal havens in Cambodia, Myanmar, and Laos, according to the report."
        https://www.darkreading.com/cyber-risk/indias-cybercrime-problems-nation-digitizes
      • It’s Time To Secure The Extended Digital Supply Chain
        "Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of the cloud has only exacerbated this challenge. Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network."
        https://www.helpnetsecurity.com/2025/02/12/supply-chain-risk/
      • Silent Breaches Are Happening Right Now, Most Companies Have No Clue
        "The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report. Researchers revealed how silent breaches underscore the risk posed by unseen vulnerabilities in third-party networks. By exploiting these hidden weaknesses, attackers disrupted individual organizations and exposed the fragility of entire supply chains."
        https://www.helpnetsecurity.com/2025/02/12/silent-breaches-third-party-dependencies/
      • CEOs Must Act Now To Embrace AI Or Risk Falling Behind
        "While 4 out of 5 CEOs recognize AI’s potential, many worry gaps in their understanding will impact strategic decisions, risking missed opportunities and falling behind competitors, according to Cisco. Yet, CEOs are not standing still. With support from IT leaders and trusted partners, they plan to empower their people, modernize infrastructure, and strengthen cybersecurity to sharpen their competitive edge in an AI-driven future. “Leaders who act decisively today to build resilient, future-proofed networks will be the AI-forward leaders driving real value for their business. Eventually there will be only two kinds of companies: those that are AI companies, and those that are irrelevant,” said Jeetu Patel, CPO at Cisco."
        https://www.helpnetsecurity.com/2025/02/12/ceos-ai-potential/
      • Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals
        "Only 14% of security and risk management leaders can effectively secure organizational data assets while also enabling the data to achieve business objectives, according to Gartner. In a recent survey, Gartner found that 35% of respondents secure data assets and 21% use data to achieve business goals, but only one in seven (14%) could do both effectively. This gap exposes organizations to threats, regulatory penalties, and operational inefficiencies, Gartner said."
        https://www.darkreading.com/cybersecurity-operations/gartner-most-security-leaders-cannot-balance-data-security-business-goals
      • Online Threats Are Rising -Here’s Why Companies Must Improve Their Cybersecurity
        "Cybersecurity is a must as online threats rise. Businesses must train employees, back up data, and adopt strong security practices to prevent cyberattacks and data breaches. The Internet has provided businesses with endless opportunities to grow, expand into new markets, and operate more efficiently. However, it has also created new risks. Cybercriminals constantly look for ways to exploit vulnerabilities and steal sensitive data from both individuals and organizations. These attacks can cause financial losses and operational disruptions."
        https://hackread.com/online-threats-are-rising-cybersecurity-companies/
      • Romance Scams Cost Americans $697.3M Last Year
        "Nearly 59,000 Americans have fallen victim to romance scams in 2024, losing an estimated $697.3m. According to a new report from Comparitech, while reported cases dropped by 6% compared to 2023, the financial toll remains staggering. Romance scams, which often involve emotional manipulation, are now increasingly tied to cryptocurrency and investment fraud schemes, where victims are lured into transferring funds under the guise of love and financial opportunities. According to the report, Arizona had the highest rate of scams per 100,000 residents while California led in total losses with $104.8m from 6687 cases."
        https://www.infosecurity-magazine.com/news/romance-scams-cost-americans/
      • Security Detection Tech Failing, Say Cyber Leaders In Regulated Industries
        "Almost three-quarters (74%) of IT security directors in regulated industries in the US and UK believe detection-based security technologies are outdated and inadequate. This surprising finding comes from Everfox’s latest CYBER360 report, a survey of 1000 IT and security leaders in government, defense and financial services across the US and UK. The report, published on February 12, 2025, lays bare the exceptionally high volume of cyber-attacks suffered by regulated organizations, with 97% of respondents saying they reported a cyber incident between October 2023 and 2024."
        https://www.infosecurity-magazine.com/news/security-detection-tech-failing/
      • Ransomware Isn't Always About The Money: Government Spies Have Objectives, Too
        "Ransomware gangsters and state-sponsored online spies fall on opposite ends of the cyber-crime spectrum. The former move fast, make a lot of noise, and then intentionally draw attention to say "Hi, we've broken into your network," usually sending the victim some encrypted files and a ransom note. The latter often play the long game, moving stealthily and making seemingly innocuous moves to maintain a silent presence on your network, allowing them to snoop for as long as possible."
        https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
      • Exploring The Depths: Analysis Of The 2024 Ransomware Landscape And Insights For 2025
        "To better understand ransomware attacks and trends, the Information Technology - Information Sharing and Analysis Center (IT-ISAC) started tracking ransomware attacks in 2020. To date, we have tracked over 8,600 ransomware incidents. To monitor and summarize the activity of threat actors, the IT-ISAC team built its own scripts and tools to build lists of ransomware events. By doing this, we have been able to automate information gathering from across public reports, RSS feeds, and internal threat intelligence."
        https://files.constantcontact.com/39055ba1701/1da34e07-3c90-4bbc-8ae2-3e59ef3f2ec5.pdf
      • Where Do I Begin? 4 Ways To Make Faster Security Decisions
        "We hear a great deal about the need for soft skills in cybersecurity - things like communication, team building and critical thinking. But all too often, we don't place enough emphasis on applying practical strategies to help get the work done. Cybersecurity professionals frequently deal with multiple issues - all demanding immediate attention. How can you demonstrate the ability to make sound decisions to advance your career? Decision-making in high-stakes environments demands clear methodologies that promote both efficiency and accuracy. Here's a high-level overview of four different decision making approaches you can use when faced with critical choices."
        https://www.bankinfosecurity.com/blogs/where-do-i-begin-4-ways-to-make-faster-security-decisions-p-3812

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) fd4d0409-0737-498e-975f-251ed4cd2f56-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post