NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 February 2025

    Cyber Security News
    1
    1
    125
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • What Is The Board's Role In Cyber-Risk Management In OT Environments?
        "Boards of directors play an important role in managing the strategic risks faced by their organizations, particularly in sectors with high-risk operational technology (OT) environments such as energy, transportation, manufacturing, and production. Each of these industries relies heavily on OT — the hardware and software that controls physical processes and devices — to maintain safe, reliable operations, making them particularly concerned about cyberattacks. However, understanding and managing cyber-risks in OT systems can be challenging for boards, often due to the cyber-physical nature of OT and its integration with information technology (IT)."
        https://www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments

      New Tooling

      • Kunai: Open-Source Threat Hunting Tool For Linux
        "Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes a more advanced approach by correlating events on the host and providing enriched insights. This means fewer but more meaningful events, reducing noise and the strain on log ingestion while delivering deeper visibility into system activity,” Quentin Jerome, the creator of Kunai, told Help Net Security."
        https://www.helpnetsecurity.com/2025/02/19/kunai-open-source-threat-hunting-tool-for-linux/
        https://github.com/kunai-project/kunai
      • Free Diagram Tool Aids Management Of Complex ICS/OT Cybersecurity Decisions
        "Admeritia has announced the availability of a new tool designed to help organizations manage complex cybersecurity decisions related to industrial control systems (ICS) and other operational technology (OT). The newly launched tool, named Cyber Decision Diagrams (CDD), is available for free as a web-based application. The tool allows users to create simple diagrams that can enable them to more easily communicate cybersecurity thoughts and decisions."
        https://www.securityweek.com/free-diagram-tool-aids-management-of-complex-ics-ot-cybersecurity-decisions/
        https://cyber-decision-diagrams.com/
      • Check Out This Free Automated Tool That Hunts For Exposed AWS Secrets In Public Repos
        "A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released. Before you say anything, yes, we're pretty sure similar programs and services are out there, but hey, where's the harm in highlighting today the fact that this sort of software is easily available? Security engineer Anmol Singh Yadav built AWS-Key-Hunter after he found more than 100 exposed AWS access keys, some with high privileges, in public repositories, "just waiting to be exploited," as he wrote in a blog about the discovery and the custom-built tool."
        https://www.theregister.com/2025/02/19/automated_tool_scans_public_repos/
        https://medium.com/@IamLucif3r/how-i-found-100-exposed-aws-keys-in-public-git-repos-b475c9089764
        https://github.com/IamLucif3r/AWS-Key-Hunter

      Vulnerabilities

      • Creative SVG File Upload To Local File Inclusion Vulnerability Affecting 90,000 Sites Patched In Jupiter X Core WordPress Plugin
        "On January 6th, 2025, we received a submission for an SVG Upload to Local File Inclusion vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations. This vulnerability makes it possible for an authenticated attacker, with contributor privileges or higher, to upload SVG files to a vulnerable site with malicious content and then include it, and achieve remote code execution."
        https://www.wordfence.com/blog/2025/02/creative-svg-file-upload-to-local-file-inclusion-vulnerability-affecting-90000-sites-patched-in-jupiter-x-core-wordpress-plugin/
        https://www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/
      • Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities
        "Google and Mozilla on Tuesday announced fresh security updates for Chrome 133 and Firefox 135 to address high-severity memory safety vulnerabilities in the popular browsers. The latest Chrome update is rolling out to Windows, macOS, and Linux with patches for two high- and one medium-severity flaw, all reported by external researchers. The first is CVE-2025-0999, a heap buffer overflow issue in the V8 JavaScript engine that could be exploited to achieve remote code execution. Google says it handed out an $11,000 bug bounty reward for this bug."
        https://www.securityweek.com/chrome-133-firefox-135-updates-patch-high-severity-vulnerabilities/
      • Multiple Vulnerabilities Discovered In NVIDIA CUDA Toolkit
        "This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. We have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues."
        https://unit42.paloaltonetworks.com/nvidia-cuda-toolkit-vulnerabilities/

      Malware

      • Palo Alto Networks Tags New Firewall Bug As Exploited In Attacks
        "Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls. A day later, network threat intel firm GreyNoise reported that threat actors had begun actively exploiting the flaws, with attempts coming from two IP addresses."
        https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
        https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
        https://www.greynoise.io/blog/greynoise-observes-active-exploitation-of-pan-os-authentication-bypass-vulnerability-cve-2025-0108
        https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
        https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/
        https://www.helpnetsecurity.com/2025/02/19/palo-alto-networks-firewalls-cve-2025-0108-cve-2024-9474-cve-2025-0111/
      • ACRStealer Infostealer Exploiting Google Docs As C2
        "AhnLab SEcurity intelligence Center (ASEC) monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution."
        https://asec.ahnlab.com/en/86390/
      • Rhadamanthys Infostealer Being Distributed Through MSC Extension
        "AhnLab SEcurity intelligence Center (ASEC) has confirmed that Rhadamanthys Infostealer is being distributed as a file with the MSC extension. The MSC extension is an XML-based format that is executed by the Microsoft Management Console (MMC), and it can register and execute various tasks such as script code and command execution, and program execution."
        https://asec.ahnlab.com/en/86391/
      • CISA And Partners Release Advisory On Ghost (Cring) Ransomware
        "Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations. Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207."
        https://www.cisa.gov/news-events/alerts/2025/02/19/cisa-and-partners-release-advisory-ghost-cring-ransomware
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a
        https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ghost-ransomware-breached-orgs-in-70-countries/
        https://therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
      • Signals Of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
        "Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war."
        https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
        https://www.bleepingcomputer.com/news/security/russian-phishing-campaigns-exploit-signals-device-linking-feature/
        https://www.darkreading.com/mobile-security/russian-groups-target-signal-messenger-in-spy-campaign
        https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html
        https://therecord.media/russian-state-hackers-spy-on-ukraine-military-signal
        https://www.bankinfosecurity.com/ukrainian-signal-users-fall-to-russian-social-engineering-a-27550
        https://cyberscoop.com/russia-threat-groups-target-ukraine-signal/
        https://hackread.com/hackers-trick-users-link-device-steal-signal-messages/
        https://www.infosecurity-magazine.com/news/russian-hackers-signal-spy/
        https://www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/
      • Invisible Obfuscation Technique Used In PAC Attack
        "While investigating a sophisticated phishing attack1 targeting affiliates of a major American political action committee (PAC) in early January 2025, Juniper Threat Labs observed a new JavaScript obfuscation technique. This technique was first described by a security researcher on X back in October 2024, highlighting the speed with which offensive security research can be incorporated into real-world attacks. In this post, we’ll describe this technique and provide some short code snippets that defenders can use while reverse-engineering attacks."
        https://blogs.juniper.net/en-us/threat-research/invisible-obfuscation-technique-used-in-pac-attack
        https://www.bleepingcomputer.com/news/security/phishing-attack-hides-javascript-using-invisible-unicode-trick/
      • How Democratizing Threat Hunting Is Changing Mobile Security
        "In December, we published our groundbreaking investigation into mobile device threats. The public didn't just read the report—they took action, scanning over 18,000 unique devices through iVerify, revealing 11 new Pegasus detections. These latest detections reveal a clear pattern that demands attention. The availability of thousands of new scans for analysis from the business community demonstrates that Pegasus is not just a civil society problem. The victims of these new detections are mostly business executives, who have access to future business dealings, financial data, and influential professional networks."
        https://iverify.io/blog/how-democratizing-threat-hunting-is-changing-mobile-security
        https://therecord.media/pegasus-spyware-infections-iverify
      • XELERA Ransomware Campaign: Fake Food Corporation Of India Job Offers Targeting Tech Aspirants
        "Seqrite Labs APT-Team has recently discovered multiple campaigns involving fake Job Descriptions related to requirements at Food Corporations of India (FCI). These are targeted towards individuals aiming for various technical job positions at FCI with a variant of ransomware known as Xelera. In this case, the malware is written in Python and packed using PyInstaller which executes on the target machine."
        https://www.seqrite.com/blog/xelera-ransomware-fake-fci-job-offers/
      • Lumma Stealer Chronicles: PDF-Themed Campaign Using Compromised Educational Institutions' Infrastructure
        "The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation."
        https://www.cloudsek.com/blog/lumma-stealer-chronicles-pdf-themed-campaign-using-compromised-educational-institutions-infrastructure

      Breaches/Hacks/Leaks

      • Australian Fertility Services Giant Genea Hit By Security Breach
        "Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. Genea issued a statement on Wednesday, saying it's "urgently investigating a cyber incident" after detecting "suspicious activity" on its network."
        https://www.bleepingcomputer.com/news/security/australian-fertility-services-giant-genea-hit-by-security-breach/
        https://www.infosecurity-magazine.com/news/australian-ivf-data-breach-cyber/

      General News

      • Cyber Hygiene Habits That Many Still Ignore
        "Cybersecurity advice is everywhere. We’re constantly reminded to update our passwords, enable two-factor authentication, and avoid clicking suspicious links. Yet, beneath these practical steps lie deeper cyber hygiene habits that, despite their importance, are frequently overlooked. These underlying mindsets and systemic behaviors shape the security landscape."
        https://www.helpnetsecurity.com/2025/02/19/cyber-hygiene-habits/
      • Salt Typhoon Telecom Breach Remarkable For Its ‘indiscriminate’ Targeting, FBI Official Says
        "One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly remarkable in our investigation is the gigantic and seemingly indiscriminate collection of call records and data about American people, like your friends, your family, people in your community,” Cynthia Kaiser, deputy assistant director in the bureau’s cyber division, said at the 2025 Zero Trust Summit, presented by CyberScoop."
        https://cyberscoop.com/salt-typhoon-telecom-breach-remarkable-for-its-indiscriminate-targeting-fbi-official-says/
      • Edge Device Vulnerabilities Fueled Attack Sprees In 2024
        "Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks. Cybersecurity vendors shipped products that ultimately accounted for and became the initial access vector for the majority of the most significant attack campaigns last year, the report shows."
        https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/
        https://darktrace.com/resources/annual-threat-report-2024
      • Java Security: If You Ain’t Cheatin,’ You Ain’t Tryin’
        "Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we use to stop attackers. Meanwhile, attackers have no such constraints."
        https://cyberscoop.com/java-applications-security-op-ed/
      • ASIO Boss Warns Australian Critical Infrastructure Systems "routinely" Mapped
        "Australian critical infrastructure networks are being “routinely” targeted and “almost certainly” mapped by the cyber units of a single nation state, according to the boss of the country’s spy agency. Giving an annual threat speech, ASIO’s director-general of security Mike Burgess warned that foreign regimes are actively “pre-positioning cyber access vectors they can exploit in the future”."
        https://www.itnews.com.au/news/asio-boss-warns-australian-critical-infrastructure-systems-routinely-mapped-615140
        https://www.infosecurity-magazine.com/news/spies-eye-aukus-nuclear-submarine/
        https://therecord.media/australia-asio-report-foreign-intelligence-murder-plots
      • Macs Targeted By Infostealers In New Era Of Cyberthreats
        "The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of “infostealers,” which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners. And in 2024, one malicious program in particular is responsible for the lion’s share of infostealer activity—racking up 70% of known infostealer detections on Mac."
        https://www.malwarebytes.com/blog/apple/2025/02/macs-targeted-by-info-stealers-in-new-era-of-cyberthreats
        https://www.threatdown.com/dl-state-of-malware-2025/
      • Spam And Phishing In 2024
        "27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam. 18% of all spam emails were sent from Russia. Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments. Our Anti-Phishing system thwarted 893,216,170 attempts to follow phishing links. Chat Protection in Kaspersky mobile solutions prevented more than 60,000 redirects via phishing links from Telegram"
        https://securelist.com/spam-and-phishing-report-2024/115536/
      • How Hackers Manipulate Agentic AI With Prompt Engineering
        "The era of “agentic” artificial intelligence has arrived, and businesses can no longer afford to overlook its transformative potential. AI agents operate independently, making decisions and taking actions based on their programming. Gartner predicts that by 2028, 15% of day-to-day business decisions will be made completely autonomously by AI agents."
        https://www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/
      • CISO Conversations: Kevin Winter At Deloitte And Richard Marcus At AuditBoard
        "Deloitte is one of the largest professional services firms in the world, providing services in audit, consulting, financial advisory, risk management, and tax. AuditBoard is a compliance and risk management firm that agreed a $3 billion acquisition by private equity firm Hg in May 2024. Kevin Winter (Global CISO at Deloitte) and Richard Marcus (CISO at AuditBoard) are top CISOs for these major global firms."
        https://www.securityweek.com/ciso-conversations-kevin-winter-at-deloitte-and-richard-marcus-at-auditboard/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 9a3258f0-6d8b-4e0a-a7f6-25ada40aa4db-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post