NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 18 February 2025

    Cyber Security News
    1
    1
    220
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Orbit: Open-Source Nuclei Security Scanning And Automation Platform
        "Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation."
        https://www.helpnetsecurity.com/2025/02/17/orbit-open-source-security-scanning-tool-nuclei/
        https://github.com/orbitscanner/orbit

      Vulnerabilities

      • Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
        "During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks."
        https://www.rapid7.com/blog/post/2025/02/14/xerox-versalink-c7025-multifunction-printer-pass-back-attack-vulnerabilities-fixed/
        https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/

      Malware

      • Microsoft Spots XCSSET MacOS Malware Variant Used For Crypto Theft
        "A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. The malware is typically distributed through infected Xcode projects. It has been around for at least five years and each update represents a milestone in XCSSET's development. The current improvements are the first ones observed since 2022. Microsoft's Threat Intelligence team identified the latest variant in limited attacks and says that compared to past XCSSET variants, the new one features enhanced code obfuscation, better persistence, and new infection strategies."
        https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/
        https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html
        https://www.infosecurity-magazine.com/news/new-xcsset-macos-malware-variant/
        https://www.helpnetsecurity.com/2025/02/17/the-xcsset-info-stealing-malware-is-back-targeting-macos-users-and-devs/
        https://www.theregister.com/2025/02/17/macos_xcsset_malware_returns/
      • Telegram Abused As C2 Channel For New Golang Backdoor
        "As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram as its command and control (C2) channel."
        https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor
        https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html
        https://securityaffairs.com/174306/malware/golang-based-backdoor-uses-telegram-for-c2.html
        https://hackread.com/hackers-exploit-telegram-api-spread-golang-backdoor/
        https://www.infosecurity-magazine.com/news/telegram-c2-channel-golang-malware/
      • Pro-Russia Collective NoName057(16) Launched a New Wave Of DDoS Attacks On Italian Sites
        "The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and the ports of Taranto and Trieste. The attacks had a minor impact on the targets, the Italian National Cybersecurity Agency (ACN) promptly operated to support the impacted organizations and neutralize the attacks in an early stage. The group relied on well-known techniques that the Italian government can mitigate. The attacks are the response to President Mattarella’s statements, whom they labeled a “Russophobe,” regarding Russia and the Third Reich."
        https://securityaffairs.com/174294/hacktivism/noname05716-launched-ddos-attacks-on-italian-sites.html
        https://www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/
      • Earth Preta Mixes Legitimate And Malicious Components To Sidestep Detection
        "Trend Micro’s Threat Hunting team has come across a new technique employed by Earth Preta, also known as Mustang Panda. Earth Preta's attacks have been known to focus on the Asia-Pacific region: More recently, one campaign used a variant of the DOPLUGS malware to target Taiwan, Vietnam, Malaysia, among other countries. The group, which favors phishing in their campaigns and tends to target government entities, has had over 200 victims since 2022."
        https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html

      Breaches/Hacks/Leaks

      • Fintech Giant Finastra Notifies Victims Of October Data Breach
        "Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. London-based Finastra provides financial services software applications to more than 8,100 financial institutions across 130 countries, including 45 of the world's top 50 banks. As the company warned in breach notification letters sent to those impacted by the breach, the security incident was first detected on November 7 after Finastra identified malicious activity on some of its systems."
        https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-notifies-victims-of-october-data-breach/
      • Ransomware Attack Affects Michigan Casinos And Tribal Health Centers
        "On February 15, the RansomHub ransomware group claimed responsibility for an attack on the Sault Ste. Marie Tribe of Chippewa Indians. RansomHub claims to have “temporarily locked” the tribe’s infrastructure and to have acquired 119 GB of files (501, 211 files). The affected systems reportedly include casinos, convenience stores, government buildings, and telecommunications services, but also health centers in Sault Ste. Marie, St. Ignace, Manistique, Munising, Escanaba, and Hessel, as well as traditional medicine program facilities."
        https://databreaches.net/2025/02/17/ransomware-attack-affects-michigan-casinos-and-tribal-health-centers/

      General News

      • Trends Report On Phishing Emails In January 2025
        "This report provides statistics, trends, and case details on the distribution volume and attachment threats of phishing emails collected and analyzed in January 2025. The following is a part of the statistics and cases included in the original report."
        https://asec.ahnlab.com/en/86345/
      • How CISOs Can Balance Security And Business Agility In The Cloud
        "In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating cloud-native security solutions and mitigating misconfigurations at scale."
        https://www.helpnetsecurity.com/2025/02/17/natalia-belaya-cloudera-enterprise-cloud-security/
      • Is Russia Reining-In Ransomware-Wielding Criminals?
        "To be a ransomware hacker and Russian historically has been a blissful experience. So long as you avoided targets inside the Kremlin sphere of influence and possibly did the odd job for intelligence agencies, law enforcement mostly left you alone. It's a long-standing understanding that Russian President Vladimir Putin shows signs of reevaluating as a calculated move ahead of talks with the United States aimed at resolving Russia's stalemated war of conquest against Ukraine."
        https://www.bankinfosecurity.com/blogs/russia-reining-in-ransomware-wielding-criminals-p-3815
      • Advanced Ransomware Evasion Techniques In 2025
        "Ransomware has become more than a threat—it's a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn't an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead."
        https://www.tripwire.com/state-of-security/advanced-ransomware-evasion-techniques
      • Two Estonian Nationals Plead Guilty In $577M Cryptocurrency Fraud Scheme
        "Two Estonian nationals pleaded guilty yesterday for their operation of a massive, multi-faceted cryptocurrency Ponzi scheme that victimized hundreds of thousands of people from across the world, including in the United States. As part of the defendants’ guilty pleas, they agreed to forfeit assets valued over $400 million obtained during the conspiracy."
        https://www.justice.gov/opa/pr/two-estonian-nationals-plead-guilty-577m-cryptocurrency-fraud-scheme
        https://hackread.com/hashflare-fraud-two-estonians-running-crypto-scam/
        https://www.infosecurity-magazine.com/news/estonian-duo-guilty-577m-crypto/
        https://www.helpnetsecurity.com/2025/02/17/two-estonians-plead-guilty-in-577m-cryptocurrency-ponzi-scheme/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 7d8fb898-50f5-428e-9503-a965d5ad7cb2-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post