NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 02 May 2024

    Cyber Security News
    2
    1
    49
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector
      • CISA And Partners Release Fact Sheet On Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
        "Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors."
        https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-and-partners-release-fact-sheet-defending-ot-operations-against-ongoing-pro-russia-hacktivist
        https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity
        https://www.cisa.gov/sites/default/files/2024-05/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity-508c.pdf
        https://www.bleepingcomputer.com/news/security/us-govt-warns-of-pro-russian-hacktivists-targeting-water-facilities/
        https://therecord.media/cisa-warning-pro-russia-hacktivists-critical-infrastructure
        https://www.bankinfosecurity.com/us-allies-issue-cyber-alert-on-threats-to-ot-systems-a-24993
        https://cyberscoop.com/pro-russia-hacktivists-attacking-vital-tech-in-water-and-other-sectors-agencies-say/
      Vulnerabilities

      • HPE Aruba Networking Fixes Four Critical RCE Flaws In ArubaOS
        "HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. The advisory lists ten vulnerabilities, four of which are critical-severity (CVSS v3.1: 9.8) unauthenticated buffer overflow problems that can lead to remote code execution (RCE)."
        https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-four-critical-rce-flaws-in-arubaos/

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation."
        https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-says-gitlab-account-takeover-bug-is-actively-exploited-in-attacks/
        https://www.bankinfosecurity.com/gitlab-hackers-use-forgot-your-password-to-hijack-accounts-a-24991

      • CrushFTP Server-Side Template Injection (SSTI)
        "SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools have seen increased attention from attackers over the last several years. This vulnerability, CVE-2024-4040, has a CVSS score of 10.0 and has been reported to be exploited in the wild by CISA."
        https://blog.sonicwall.com/en-us/2024/05/crushftp-server-side-template-injection-ssti/

      Malware

      • Router Roulette: Cybercriminals And Nation-States Sharing Compromised Networks
        "Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives."
        https://www.trendmicro.com/en_us/research/24/e/router-roulette.html

      • Eight Arms To Hold You: The Cuttlefish Malware
        "The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN). A secondary function gives it the capacity to perform both DNS and HTTP hijacking for connections to private IP space, associated with communications on an internal network."
        https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
        https://www.bleepingcomputer.com/news/security/new-cuttlefish-malware-infects-routers-to-monitor-traffic-for-credentials/
        https://www.darkreading.com/cloud-security/cuttlefish-zero-click-malware-steals-private-cloud-data
        https://www.securityweek.com/cuttlefish-malware-targets-routers-harvests-cloud-authentication-data/
        https://securityaffairs.com/162603/malware/cuttlefish-malware-targets-routers.html

      • Spoofing Shein For Credential Harvesting
        "Shein is one of the most popular shopping apps in the world. In fact, it’s the second most downloaded shopping app globally, with over 251 million downloads. The e-commerce platform is Googled more frequently than major brands like Nike and adidas. Shein gained popularity for its inexpensive clothing and low prices. However, the company has faced significant criticism for its poor human rights record."
        https://blog.checkpoint.com/harmony-email/spoofing-shein-for-credential-harvesting/

      • New “Goldoon” Botnet Targeting D-Link Devices
        "In April, FortiGuard Labs observed a new botnet targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header."
        https://www.fortinet.com/blog/threat-research/new-goldoon-botnet-targeting-d-link-devices

      • Zloader Learns Old Tricks
        "Zloader (a.k.a. Terdot, DELoader, or Silent Night) is a modular trojan based on leaked ZeuS source code. As detailed in our previous blog, Zloader reemerged following an almost two-year hiatus with a new iteration that included modifications to its obfuscation techniques, domain generation algorithm (DGA), and network communication."
        https://www.zscaler.com/blogs/security-research/zloader-learns-old-tricks
        https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html

      • Analysis Of TargetCompany’s Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
        "While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware."
        https://asec.ahnlab.com/en/64921/

      Breaches/Hacks/Leaks

      • DropBox Says Hackers Stole Customer Data, Auth Secrets From eSignature Service
        "Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. DropBox Sign (formerly HelloSign) is an eSignature platform allowing customers to send documents online to receive legally binding signatures."
        https://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/
        https://www.sec.gov/Archives/edgar/data/1467623/000146762324000024/may2024exhibit991.htm
        https://therecord.media/dropbox-data-breach-notification
        https://www.theregister.com/2024/05/02/dropbox_sign_attack/

      • Qantas App Exposed Sensitive Traveler Details To Random Users
        "Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users. Qantas is Australia's flag carrier and the largest airline by fleet size, operating 125 aircraft and serving 104 destinations. Qantas has 23,500 employees and an annual revenue of almost $12.9 billion."
        https://www.bleepingcomputer.com/news/security/qantas-app-exposed-sensitive-traveler-details-to-random-users/
        https://www.darkreading.com/cyber-risk/qantas-customers-boarding-passes-exposed-flight-app-mishap
        https://www.bankinfosecurity.com/qantas-airways-says-app-showed-customers-each-others-data-a-24987
        https://www.theregister.com/2024/05/01/qanta_app_glitch/
        https://www.itnews.com.au/news/qantas-app-displays-wrong-flyer-info-to-users-607575

      • Panda Restaurants Discloses Data Breach After Corporate Systems Hack
        "Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of associates. Panda Express is the largest Chinese fast food chain in the United States, with over $3 billion in sales and 47,000 associates working in 2,300 branches."
        https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/

      • French Hospital CHC-SV Refuses To Pay LockBit Extortion Demand
        "The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. On April 17, the 840-bed hospital announced a severe operational disruption caused by a cyberattack that forced it to take all computers offline and reschedule non-emergency procedures and appointments."
        https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/

      General News

      • Why Cloud Vulnerabilities Need CVEs
        "When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk within these different paradigms and environments (e.g., the cloud). Patch network security isn’t applicable in the same way for cloud environments, and few cloud providers assign Common Vulnerabilities and Exposures (CVE) identifiers to vulnerabilities."
        https://www.helpnetsecurity.com/2024/05/01/cve-vulnerability-management/

      • 2024 Data Breach Investigations Report
        "Greetings! Welcome to Verizon’s 2024 Data Breach Investigations Report (DBIR). This year marks the 17th edition of this publication, and we are thrilled to welcome back our old friends and say hello to new readers. As always, the aim of the DBIR is to shine a light on the various Actor types, the tactics they utilize and the targets they choose. Thanks to our talented, generous and civic-minded contributors from around the world who continue to stick with us and share their data and insight, and deep appreciation for our very own Verizon Threat Research Advisory Center (VTRAC) team (rock stars that they are). These two groups enable us, to examine and analyze relevant trends in cybercrime that play out on a global stage across organizations of all sizes and types."
        https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
        https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
        https://www.darkreading.com/cyberattacks-data-breaches/verizon-dbir-basic-security-gaffes-underpin-bumper-crop-of-breaches
        https://cyberscoop.com/verizon-data-breach-report-vulnerabilities-moveit-hack/
        https://www.bankinfosecurity.com/verizon-dbir-cyber-defenders-are-facing-exploit-fatigue-a-24989
        https://www.infosecurity-magazine.com/news/dbir-vulnerability-exploits-triple/

      • Former NSA Employee Sentenced To Over 21 Years In Prison For Attempted Espionage
        "Jareh Sebastian Dalke, 32, of Colorado Springs, was sentenced today to 262 months in prison for attempted espionage in connections with his efforts to transmit classified National Defense Information (NDI) to an agent of the Russian Federation."
        https://www.justice.gov/opa/pr/former-nsa-employee-sentenced-over-21-years-prison-attempted-espionage
        https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html
        https://www.theregister.com/2024/04/30/nsa_employee_guilty_sentence/
        https://securityaffairs.com/162621/intelligence/ex-nsa-employee-sentenced-to-262-months.html

      • Advanced Mobile Solutions (AMS) Guidance Trailer
        "Accessing work resources on mobiles or tablets while out of the office has been standard business practice for most of this century. However, organisations with highly sensitive data and systems, which are under threat from the most capable attackers, have not been able to work in this way without taking significant security risk."
        https://www.ncsc.gov.uk/blog-post/advanced-mobile-solutions-update
        https://www.infosecurity-magazine.com/news/ncscs-mobile-risk-model-highthreat/

      • Private Internet Search Is Still Finding Its Way
        "A truly private Internet search — where databases can be queried while keeping search terms and results private — remains a work-in-progress as companies try to balance speed and security."
        https://www.darkreading.com/data-privacy/private-internet-search-is-still-finding-its-way

      • Shadow APIs: An Overlooked Cyber-Risk For Orgs
        "Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security."
        https://www.darkreading.com/application-security/shadow-apis-an-overlooked-cyber-risk-for-orgs

      • Ransomware And Cyber Extortion In Q1 2024
        "In Q1 2024, ReliaQuest identified 1,041 organizations posted to ransomware data-leak sites (DLS), representing an 18% decrease from Q4 2023. While Q1 2024’s figures indicate somewhat of a slowdown in ransomware activity, it likely only represents a temporary lull. We expect ransomware to rise in the second quarter of 2024, a trend we’ve seen in previous years."
        https://www.reliaquest.com/blog/q1-2024-ransomware/
        https://www.infosecurity-magazine.com/news/lockbit-black-basta-play/

      • Nearly 1 In 5 Ransomware Attacks Led To a Lawsuit In 2023
        "According to data collated by Comparitech researchers, almost 1 in 5 ransomware attacks led to a lawsuit in 2023. Over the past couple of years, lawsuits filed following ransomware attacks have increased, with the overall average over the last five years standing at 12 percent."
        https://www.comparitech.com/blog/vpn-privacy/ransomware-attacks-lawsuits/
        https://www.infosecurity-magazine.com/news/ransomware-attacks-trigger-lawsuit/

      • 2024 Hybrid Security Trends Report
        "Remote and hybrid work, along with business needs for flexibility and cost efficiency, keep driving cloud adoption. To track the evolution of the IT security landscape, Netwrix Research Lab surveyed 1,309 IT professionals from 104 countries via an online questionnaire and compared the results with historical data from 2023, 2022, and 2020. Netwrix security researchers commented on identified trends to help organizations strategize their security efforts."
        https://www.netwrix.com/2024-hybrid-security-trends-report.html
        https://www.infosecurity-magazine.com/news/lawsuits-company-devaluations/

      • Threat Spotlight: The Remote Desktop Tools Most Targeted By Attackers In The Last Year
        "Remote desktop software allows employees to connect into their computer network without being physically linked to the host device or even in the same location. This makes it a useful tool for a distributed or remote workforce. Unfortunately, remote desktop software is also a prime target for cyberattack."
        https://blog.barracuda.com/2024/05/01/threat-spotlight-remote-desktop-tools-most-targeted

      • CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap And Meta’s Guy Rosen
        "Facebook (with around 3 billion members) is the core product of its parent company, Meta Platforms Inc. Other platforms within Meta include WhatsApp (2 billion monthly users) and Instagram (2 billion monthly users). Meta oversees the operations of all three platforms. Guy Rosen is Meta’s CISO. LinkedIn (with around 1 billion members) is owned by Microsoft but operates as a semi-autonomous subsidiary. Geoff Belknap is LinkedIn’s CISO."
        https://www.securityweek.com/ciso-conversations-talking-cybersecurity-with-linkedins-geoff-belknap-and-metas-guy-rosen/

      • Our New Research: Enhancing Blockchain Analytics Through AI
        "At Elliptic we have always pushed the boundaries of blockchain analytics, to enable our customers to more accurately and efficiently assess risk in cryptoassets. Part of this innovation has been exploring how artificial intelligence can be leveraged to improve the detection of money laundering and other financial crime on blockchains."
        https://www.elliptic.co/blog/our-new-research-enhancing-blockchain-analytics-through-ai
        https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html

      • It’s Time To Rethink The National Vulnerabilities Database For The AI Era, Senators Say
        "Critical vulnerabilities in AI systems can be very different from those that affect regular software, so the federal government must update how it tracks such issues, two senators said Wednesday. Sens. Mark Warner (D-VA) and Thom Tillis (R-NC) are proposing legislation that would require changes in the National Vulnerability Database (NVD), the federal repository of information about flaws in computer software and hardware."
        https://therecord.media/senate-legislation-update-nvd-cve-program-artificial-intelligence

      0020291f-cb0c-4150-9a68-a6fd6321802d-image.png

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post