NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 March 2025

    Cyber Security News
    1
    1
    492
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • February 2025 Security Issues In Korean & Global Financial Sector
        "This report comprehensively covers actual cyber threats and security issues that have occurred in the financial industry in South Korea and abroad. This includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains that target the industry, and statistics on the industries of the Korean accounts leaked on Telegram. A case of phishing email distribution targeting the financial industry is also covered in detail."
        https://asec.ahnlab.com/en/86831/

      Telecom Sector

      • Europe's Telecoms Sector Under Increased Threat From Cyber Spies, Warns Denmark
        "Denmark’s cybersecurity agency published a threat assessment on Thursday warning of an increase in state-sponsored cyber espionage activities targeting the telecommunications sector in Europe. It is the first public warning by a European government agency that suggests governments on the continent share the alarm of the United States over a Chinese spying campaign tracked as Salt Typhoon, although the Danish authorities did not explicitly mention Salt Typhoon or China."
        https://therecord.media/europe-increased-cyber-espionage-telecoms-denmark-report
        https://securityaffairs.com/175479/intelligence/denmark-warns-of-increased-state-sponsored-campaigns-targeting-the-european-telcos.html

      New Tooling

      • Decrypting Encrypted Files From Akira Ransomware (Linux/ESXI Variant 2024) Using a Bunch Of GPUs
        "I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code. The code is here: https://github.com/yohanes/akira-bruteforce To clarify, multiple ransomware variants have been named Akira over the years, and several versions are currently circulating. The variant I encountered has been active from late 2023 to the present (the company was breached this year)."
        https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/
        https://github.com/yohanes/akira-bruteforce
        https://www.bleepingcomputer.com/news/security/gpu-powered-akira-ransomware-decryptor-released-on-github/

      Vulnerabilities

      • New CCA Jailbreak Method Works Against Most AI Models
        "Two Microsoft researchers have devised a new, optimization-free jailbreak method that can effectively bypass the safety mechanisms of most AI systems. Called Context Compliance Attack (CCA), the method exploits a fundamental architectural vulnerability present within many deployed gen-AI solutions, subverting safeguards and enabling otherwise suppressed functionality. “By subtly manipulating conversation history, CCA convinces the model to comply with a fabricated dialogue context, thereby triggering restricted behavior,” Microsoft’s Mark Russinovich and Ahmed Salem explain in a research paper (PDF)."
        https://www.securityweek.com/new-cca-jailbreak-method-works-against-most-ai-models/
        https://arxiv.org/pdf/2503.05264

      Malware

      • SocGholish’s Intrusion Techniques Facilitate Distribution Of RansomHub Ransomware
        "First observed in 2018, Trend Research has been closely monitoring the activities of the SocGholish – also known as FakeUpdates – malware-as-a-service (MaaS) framework. This particular intrusion set is tracked by Trend Micro under the name Water Scylla, whose activities lead to RansomHub ransomware deployment. SocGholish is characterised by its highly obfuscated JavaScript loader, which employs a range of evasion techniques that enable it to bypass traditional signature-based detection methods effectively."
        https://www.trendmicro.com/en_us/research/25/c/socgholishs-intrusion-techniques-facilitate-distribution-of-rans.html
      • Coinbase Phishing Email Tricks Users With Fake Wallet Migration
        "A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. The emails have a subject of "Migrate to Coinbase Wallet" and state that all customers must transition to self-custodial wallets. The email also provides instructions on how to download the legitimate Coinbase Wallet."
        https://www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/
      • Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework To Target Edge Network Devices
        "On February 11, 2025, a Russian speaking actor using the Telegram handle @ExploitWhispers [1], leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members [2]. These communications, spanning from September 2023 to September 2024, provide an insider look on the group's operational tactics."
        https://blog.eclecticiq.com/inside-bruted-black-basta-raas-members-used-automated-brute-forcing-framework-to-target-edge-network-devices
        https://www.bleepingcomputer.com/news/security/black-basta-ransomware-creates-automated-tool-to-brute-force-vpns/
      • Sophisticated Phishing Campaign Exploiting Microsoft 365 Infrastructure
        "As email security defenses, including Secure Email Gateways (SEGs) and advanced threat protection mechanisms, become more sophisticated, adversaries continuously refine their evasion techniques to bypass the most robust detection mechanism. Our latest research uncovered a highly sophisticated phishing campaign that exploits Microsoft 365’s trusted infrastructure to potentially facilitate credential harvesting and account takeover (ATO) attempts."
        https://guardz.com/blog/sophisticated-phishing-campaign-exploiting-microsoft-365-infrastructure/
        https://hackread.com/new-microsoft-365-phishing-scam-calling-fake-support/
      • Off The Beaten Path: Recent Unusual Malware
        "Recently, we discovered several new malware samples with unique characteristics that made attribution and function determination challenging. While many threat actors will strictly use tools released by the offensive security community, we also encounter novel, custom-built malware – sometimes with new tricks and techniques. This article describes three particularly unusual malware examples we came across last year."
        https://unit42.paloaltonetworks.com/unusual-malware/
      • Fake "Security Alert" Issues On GitHub Use OAuth App To Hijack Accounts
        "A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code. "Security Alert: Unusual Access Attempt We have detected a login attempt on your GitHub account that appears to be from a new location or device," reads the GitHub phishing issue. All of the GitHub phishing issues contain the same text, warning users that their was unusual activity on their account from Reykjavik, Iceland, and the 53.253.117.8 IP address."
        https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
      • Malicious Adobe, DocuSign OAuth Apps Target Microsoft 365 Accounts
        "Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as "highly targeted" in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. Malicious OAuth apps"
        https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/

      Breaches/Hacks/Leaks

      • Ransomware Attack Takes Down Health System Network In Micronesia
        "One of the four states that make up the Pacific nation of Micronesia is battling against ransomware hackers who have forced all of the computers used by its government health agency offline. On Wednesday, the Department of Health Services for the state of Yap warned the island’s 12,000 residents that a ransomware attack hit its systems on March 11."
        https://therecord.media/ransomware-attack-micronesia-health-system
        https://securityaffairs.com/175445/cyber-crime/a-ransomware-attack-hit-the-micronesian-state-of-yap.html
      • Insurer Notifying 335,500 Customers, Agents, Others Of Hack
        "A Texas-based insurance firm is notifying more than 335,500 people of a December hacking incident involving the access and copying of their sensitive personal and health information. The hack affects many - but not all - of the company's policyholders, agents and insurance carrier partners in multiple states. New Era Life Insurance Companies, which is based in Texas but also has operations in the Midwest and Pennsylvania, identified itself as a health plan in its HIPAA breach report filed to federal regulators on Feb. 11."
        https://www.bankinfosecurity.com/insurer-notifying-335500-customers-agents-others-hack-a-27733

      General News

      • February 2025 APT Group Trends (South Korea)
        "AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in February 2025, as well as the attack types."
        https://asec.ahnlab.com/en/86830/
      • Top 5 Threats Keeping CISOs Up At Night In 2025
        "Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing AI-driven security, ransomware resilience, supply chain risk management, insider threat mitigation, and compliance preparedness, CISOs can strengthen their security posture. Here are the top five threats keeping CISOs up at night in 2025 and what CISOs can do about them."
        https://www.helpnetsecurity.com/2025/03/14/top-threats-ciso-2025/
      • 94% Of Wi-Fi Networks Lack Protection Against Deauthentication Attacks
        "A recent report from Nozomi Networks Labs, based on an analysis of over 500,000 wireless networks worldwide, reveals that only 6% are adequately protected against wireless deauthentication attacks. Most wireless networks, including those in mission-critical environments, remain highly exposed to these attacks. In healthcare, for example, vulnerabilities in wireless networks could lead to unauthorized access to patient data or interference with critical systems. Similarly, in industrial environments, these attacks could disrupt automated processes, halt production lines, or create safety hazards for workers."
        https://www.helpnetsecurity.com/2025/03/14/wi-fi-networks-deauthentication-attacks/
      • Suspected LockBit Ransomware Dev Extradited To United States
        "A dual Russian-Israeli national, suspected of being a key developer for the LockBit ransomware operation, has been extradited to the United States to face charges. Rostislav Panev, 51, was arrested in Israel last August, where police reportedly found incriminating evidence on his laptop. This included credentials for LockBit's internal control panel and a repository containing source code for LockBit encryptors and the gang's custom data theft tool, StealBit. In December, the U.S. Department of Justice charged Panev, accusing him of developing LockBit's ransomware encryptors and StealBit."
        https://www.bleepingcomputer.com/news/security/suspected-lockbit-ransomware-dev-extradited-to-united-states/
        https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html
        https://therecord.media/lockbit-alleged-russian-developer-extradited-us-israel
        https://www.darkreading.com/cyberattacks-data-breaches/lockbit-developer-extradited-admits-working-ransomware-group
        https://www.bankinfosecurity.com/suspected-lockbit-ransomware-developer-extradited-to-us-a-27727
        https://www.infosecurity-magazine.com/news/lockbit-ransomware-developer/
        https://www.securityweek.com/lockbit-ransomware-developer-extradited-to-us/
        https://securityaffairs.com/175413/cyber-crime/lockbit-ransomware-developer-rostislav-panev-extradited-to-us.html
        https://hackread.com/lockbit-developer-rostislav-panev-extradited-israel-us/
      • Remote Access Infra Remains Riskiest Corp. Attack Surface
        "A recent analysis of a year's worth of chat logs from the infamous Black Basta ransomware group revealed that its members used nearly 3,000 unique credentials to attempt to compromise a variety of corporate networks. The top five uses of the credentials? Targeting remote-desktop software and virtual private networks (VPNs), according to threat intelligence firm KELA, which published its analysis of the chat logs last week."
        https://www.darkreading.com/cyber-risk/remote-access-infra-remains-riskiest-corp-attack-surface
      • Man-In-The-Middle Vulns Provide New Research Opportunities For Car Security
        "Several security vulnerabilities within the products of a well-known China-based automotive manufacturer affect hundreds of thousands of cars on the road. The name of the company remains disclosed due to regulations, but more than 150,000 of the company's automotive vehicles were sold in 2024, meaning many cars on the road in China are currently functioning with the flaws."
        https://www.darkreading.com/cybersecurity-operations/mitm-vulns-research-opportunities-car-security
      • Quantifying Cyber Risk Strategies To Resonate With CFOs And Boards
        "In this Help Net Security interview, Mir Kashifuddin, Data Risk & Privacy Leader at PwC, discusses how CISOs can translate cyber risk into business value and secure a more strategic role within their organizations. He explains that aligning cybersecurity with business objectives and leveraging data governance, AI, and financial risk quantification drives resilience and growth."
        https://www.helpnetsecurity.com/2025/03/14/mir-kashifuddin-pwc-business-cyber-risk/
      • Massive Research Into iOS Apps Uncovers Widespread Secret Leaks, Abysmal Coding Practices
        "Most apps on Apple’s App Store seem to leak at least one hard-coded secret. Many high-sensitivity secrets were found, including keys to cloud storage, various APIs, and even payment processors. Some endpoints are left completely unprotected, putting users at risk. Apple’s App Store is renowned for its walled garden approach and strict app review process. However, it doesn’t evaluate the app code for hardcoded secrets. Cybernews research into more than 156,000 iOS apps has unveiled more than 815,000 hardcoded secrets, including thousands that are very sensitive and could lead directly to breaches or data leaks."
        https://cybernews.com/security/ios-apps-leak-hardcoded-secrets-research/
        https://www.malwarebytes.com/blog/news/2025/03/research-on-ios-apps-shows-widespread-exposure-of-secrets
      • Enhancing CA Practices: Key Updates In Mozilla Root Store Policy, v3.0
        "Mozilla remains committed to fostering a secure, agile, and transparent Web PKI ecosystem. The new Mozilla Root Store Policy (MRSP) v3.0, effective March 15, 2025, introduces critical updates to strengthen Certificate Authority (CA) practices and enhance compliance."
        https://blog.mozilla.org/security/2025/03/12/enhancing-ca-practices-key-updates-in-mozilla-root-store-policy-v3-0/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 48edaa11-dbc3-42bb-a19e-0654ecd9c66b-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post