NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 February 2025

    Cyber Security News
    1
    1
    581
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/02/21/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/174541/hacking/u-s-cisa-adds-microsoft-power-pages-flaw-known-exploited-vulnerabilities-catalog.html
      • Investigating LLM Jailbreaking Of Popular Generative AI Web Products
        "This article summarizes our investigation into jailbreaking 17 of the most popular generative AI (GenAI) web products that offer text generation or chatbot services. Large language models (LLMs) typically include guardrails to prevent users from generating content considered unsafe (such as language that is biased or violent). Guardrails also prevent users from persuading the LLM to communicate sensitive data, such as the training data used to create the model or its system prompt. Jailbreaking techniques are used to bypass those guardrails."
        https://unit42.paloaltonetworks.com/jailbreaking-generative-ai-web-products/

      Malware

      • LummaC2 Malware Distributed Disguised As Total Commander Crack
        "AhnLab SEcurity intelligence Center (ASEC) has discovered the LummaC2 malware being distributed disguised as the Total Commander tool. Total Commander is a file manager for Windows that supports various file formats. It offers convenient file management features such as copy and move features, advanced search using strings within files, folder synchronization, and FTP/SFTP features. The tool offers one-month free trial, after which users are required to purchase a full version (license)."
        https://asec.ahnlab.com/en/86435/
      • Angry Likho: Old Beasts In a New Forest
        "Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted, with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors. Given that the bait files are written in fluent Russian, we infer that the attackers are likely native Russian speakers."
        https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/
      • SPYLEND: The Android App Available On Google Play Store: Enabling Financial Cyber Crime & Extortion
        "At CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies employed by malicious entities targeting both organizations and individuals. In our ongoing commitment to providing timely insights into emerging threats, this report examines a sophisticated Android malware “SpyLend” disguised as a “Finance Simplified” app. The app, available on the Google Play Store, leverages location-based targeting to display a list of unauthorized loan applications tailored to Indian users, enabling malicious actors to engage in predatory lending, blackmail, and extortion."
        https://www.cyfirma.com/research/spylend-the-android-app-available-on-google-play-store-enabling-financial-cyber-crime-extortion/
        https://www.bleepingcomputer.com/news/security/spylend-android-malware-downloaded-100-000-times-from-google-play/
      • Patch Now: Check Point Research Explains Shadow Pad, NailaoLocker, And Its Protection
        "Recent developments have unveiled a previously unknown threat activity cluster that has leveraged a vulnerability in Check Point’s security framework, identified as CVE-2024-24919. This vulnerability, which was patched in May 2024, has been exploited to deploy ShadowPad malware. Reportedly, in some cases, this initial infection also led to the deployment of NailaoLocker."
        https://blog.checkpoint.com/security/check-point-research-explains-shadow-pad-nailaolocker-and-its-protection/
      • Cyber Criminals Using URL Tricks To Deceive Users
        "In a newly observed scam, Check Point researchers found 200,000 phishing emails that abused URL information to obfuscate phishing links. The scam was first observed on January 21st, and remains ongoing, although the daily threat volume is decreasing. Geographically, 75% of these emails have been distributed in the US, while 17% were distributed in the EMEA region, and 5% were distributed in Canada."
        https://blog.checkpoint.com/cyber-criminals-using-url-tricks-to-deceive-users/
      • An Inside Look At NSA (Equation Group) TTPs From China’s Lense
        "Since I reside in a Five Eyes country (Australia) and have publicly presented four cases I led on China’s APT41 attacking organisations in ASEAN, particularly concerning China’s cyber and political strategies, I was curious to explore what China publishes about Five Eyes operations. This led me down a rabbit hole of research into TTPs that Chinese cybersecurity entities have attributed to the NSA – or, as they coin “APT-C-40”."
        https://www.inversecos.com/2025/02/an-inside-look-at-nsa-equation-group.html
        https://www.securityweek.com/how-china-pinned-university-cyberattacks-on-nsa-hackers/
      • How Phished Data Turns Into Apple & Google Wallets
        "Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores."
        https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
      • Beware: PayPal "New Address" Feature Abused To Send Phishing Emails
        "An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers. For the past month, BleepingComputer and others [1, 2] have received emails from PayPal stating, "You added a new address. This is just a quick confirmation that you added an address in your PayPal account.""
        https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/
      • Streamjacking Scams On YouTube Leverage CS2 Pro Player Championships To Defraud Gamers
        "Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners. Bitdefender Labs is warning the Counter-Strike 2 (CS2) community that scammers are exploiting esports events such as IEM Katowice 2025 and PGL Cluj-Napoca 2025 to defraud gamers. By hijacking YouTube accounts to impersonate professional players like s1mple, NiKo, and donk, cybercriminals are luring fans into fraudulent CS2 skin giveaways that result in stolen Steam accounts, cryptocurrency theft, and the loss of valuable in-game items."
        https://www.bitdefender.com/en-us/blog/hotforsecurity/streamjacking-scams-on-youtube-leverage-cs2-pro-player-championships-to-defraud-gamers
        https://www.bleepingcomputer.com/news/security/fake-cs2-tournament-streams-used-to-steal-crypto-steam-accounts/
      • Ghost In The Shell: Null-AMSI Evading Traditional Security To Deploy AsyncRAT
        "Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file. Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users’ interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of malicious actions, including retrieving and executing additional payloads, ultimately leading to the deployment of a remote access trojan (RAT)."
        https://cyble.com/blog/null-amsi-evading-security-to-deploy-asyncrat/
      • Fingerprint Heists: How Your Browser Fingerprint Can Be Stolen And Used By Fraudsters
        "Fraudsters are continuously seeking innovative ways to exploit unsuspecting internet users. One of the latest and most concerning techniques revolves around browser fingerprinting — a method that allows cybercriminals to steal unique digital identifiers associated with user online activity. What makes browser fingerprinting particularly alarming is its invisibility. The victim might not even know that the fingerprint has been captured or misused. Fraudsters can bypass security measures, impersonate victims on trusted platforms, and commit fraudulent activities—all without triggering suspicion from security systems that rely on these fingerprints for authentication."
        https://www.group-ib.com/blog/fingerprint-heists/

      Breaches/Hacks/Leaks

      • Hacker Steals Record $1.46 Billion From Bybit ETH Cold Wallet
        "Cryptocurrency exchange Bybit revealed today that an unknown attacker stole over $1.46 billion worth of cryptocurrency from one of its ETH cold wallets. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated through a sophisticated attack that masked the signing interface, displaying the correct address while altering the underlying smart contract logic," Bybit explained. "As a result, the attacker was able to gain control of the affected ETH cold wallet and transfer its holdings to an unidentified address.""
        https://www.bleepingcomputer.com/news/security/hacker-steals-record-146-billion-from-bybit-eth-cold-wallet/
        https://therecord.media/hackers-drained-bybit-crypto-exchange-hack
        https://thehackernews.com/2025/02/bybit-confirms-record-breaking-146.html
        https://hackread.com/bybit-hack-billion-stolen-largest-crypto-exchange/
        https://www.securityweek.com/bybit-hack-drains-1-5-billion-from-cryptocurrency-exchange/
        https://hackread.com/investigators-link-bybit-hack-north-korea-lazarus-group/
        https://securityaffairs.com/174514/cyber-crime/lazarus-stole-1-5b-from-bybit-cryptocurrency-heist.html
      • Censorship As a Service | Leak Reveals Public-Private Collaboration To Monitor Chinese Cyberspace
        "SentinelLABS has analyzed a data leak from TopSec (北京天融), a Chinese cybersecurity firm offering services such as Endpoint Detection & Response (EDR) and vulnerability scanning, while offering boutique solutions to align with government initiatives and intelligence requirements. The data leak includes a document with 7,000+ lines of work logs and code used to orchestrate infrastructure for the firm’s DevOps practices and downstream customers and includes scripts that connect to several Chinese government hostnames, academic institutions and news sites."
        https://www.sentinelone.com/labs/censorship-as-a-service-leak-reveals-public-private-collaboration-to-monitor-chinese-cyberspace/
        https://thehackernews.com/2025/02/data-leak-exposes-topsecs-role-in.html
        https://hackread.com/leaked-files-chinese-cybersecurity-firm-govt-censorship/
      • B1ack’s Stash Releases 1 Million Credit Cards On a Deep Web Forum
        "On February 19, 2025, the illegal marketplace B1ack’s Stash released a massive collection of sensitive data containing over 1 million unique credit and debit cards. This free release follows the strategy previously used by BidenCash, where criminals distribute stolen data en masse to promote their marketplace."
        https://www.d3lab.net/b1acks-stash-releases-1-million-credit-cards-on-a-deep-web-forum/
        https://securityaffairs.com/174488/cyber-crime/b1acks-stash-released-1-million-credit-cards.html
      • Ukrainian Hackers Claim Breach Of Russian Loan Company Linked To Putin’s Ex-Wife
        "The pro-Ukraine hacking group Cyber Alliance has claimed responsibility for a cyberattack on CarMoney, a Russian microfinance company linked to the former wife of President Vladimir Putin. CarMoney confirmed earlier this week that it had suffered a cyber incident, forcing it to shut down all systems after attackers sent spam messages to customers claiming the company was closing its business, donating its proceeds to charity and writing off all debts. The organization has not attributed the attack to Ukrainian hackers or disclosed the full extent of the breach."
        https://therecord.media/russia-carmoney-data-breach-ukrainian-cyber-alliance

      General News

      • Mastering The Cybersecurity Tightrope Of Protection, Detection, And Response
        "In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is more crucial than mere defense, with AI playing a key role in managing threats, and calls for ongoing improvements, transparency, and proactive measures."
        https://www.helpnetsecurity.com/2025/02/21/chester-wisniewski-sophos-threats-strategy-response/
      • Nations Open 'Data Embassies' To Protect Critical Info
        "Worried about keeping data safe within their borders, a growing group of countries — typically, smaller nations — have hit upon a big idea: Redundantly hosting their citizens' information in "data embassies" in another region but maintaining jurisdiction over it."
        https://www.darkreading.com/cyber-risk/nations-data-embassies-protect-critical-info
      • Security And Privacy Concerns Challenge Public Sector’s Efforts To Modernize
        "For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds. Only 6% of respondents report having fully completed their digital transformation journey, while most indicate they are somewhere along the journey, with efforts either well underway (41%) or beginning implementation in some areas with limited progress (42%)."
        https://www.helpnetsecurity.com/2025/02/21/public-sector-digital-transformation/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) cffc7454-3d63-4a08-8a85-d0b2b42690d3-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post