NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 May 2024

    Cyber Security News
    2
    1
    58
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • CyberPower PowerPanel
        "Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication and gaining administrator privileges, forging JWT tokens to bypass authentication, writing arbitrary files to the server and achieving code execution, gaining access to services with the privileges of a PowerPanel application, gaining access to the testing or production server, learning passwords and authenticating with user or administrator privileges, injecting SQL syntax, writing arbitrary files to the system, executing remote code, impersonating any client in the system and sending malicious data, or obtaining data from throughout the system after gaining access to any device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

      • Delta Electronics DIAEnergie
        "Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system on which DIAEnergie is deployed."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-02

      New Tooling
      • ReNgine: Open-Source Automated Reconnaissance Framework For Web Applications
        "reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process."
        https://www.helpnetsecurity.com/2024/05/02/rengine-open-source-automated-reconnaissance-framework/
        https://github.com/yogeshojha/rengine
      Vulnerabilities
      • “Dirty Stream” Attack: Discovering And Mitigating a Common Vulnerability Pattern In Android Apps
        "Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data."
        https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
        https://www.bleepingcomputer.com/news/security/microsoft-warns-of-dirty-stream-attack-impacting-android-apps/
        https://thehackernews.com/2024/05/popular-android-apps-like-xiaomi-wps.html
        https://www.darkreading.com/cloud-security/billions-android-devices-open-dirty-stream-attack
        https://www.infosecurity-magazine.com/news/android-flaw-apps-4-billion/
      Malware

      • Uncharmed: Untangling Iran's APT42 Operations
        "APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO)."
        https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations
        https://therecord.media/apt42-impersonating-media-think-tanks-iran-espionage
        https://cyberscoop.com/iranian-hackers-impersonate-journalists-in-social-engineering-campaign/

      • Hackers Target New NATO Member Sweden With Surge Of DDoS Attacks
        "Sweden has faced a wave of distributed denial of service (DDoS) attacks since it started the process of joining NATO, according to network performance management provider Netscout. After a 500 Gbps attack against the Swedish government infrastructure in May 2023, DDoS attacks against Swedish organizations increased consistently, picking up significantly in late 2023 with 730 Gbps attacks."
        https://www.infosecurity-magazine.com/news/nato-sweden-surge-ddos-attacks/

      • Watch Out For Tech Support Scams Lurking In Sponsored Search Results
        "A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. In the case of malicious sponsored ads, scammers tend to outbid the brands in order to be listed as the first search result."
        https://www.malwarebytes.com/blog/news/2024/05/watch-out-for-tech-support-scams-lurking-in-sponsored-search-results

      • A Web Of Surveillance
        "Highly invasive spyware and other rights-threatening surveillance technologies have been used to target human rights defenders, journalists and other members of civil society worldwide, as documented by an ever-growing body of research. Unfortunately, technical obstacles inherent in forensic investigations and a culture of secrecy surrounding the sale and transfer of surveillance tools keeps civil society and human rights defenders in the dark about the full extent of their deployment or use."
        https://securitylab.amnesty.org/latest/2024/05/a-web-of-surveillance/
        https://therecord.media/indonesia-commercial-spyware-acquisition-investigation

      • NSA Highlights Mitigations Against North Korean Actor Email Policy Exploitation
        "The National Security Agency (NSA) joins the Federal Bureau of Investigation (FBI) and the U.S. Department of State in releasing the Cybersecurity Advisory (CSA), “North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts,” to protect against Democratic People’s Republic of Korea (DPRK, aka North Korea) techniques that allow emails to appear to be from legitimate journalists, academics, or other experts in East Asian affairs."
        https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3762915/nsa-highlights-mitigations-against-north-korean-actor-email-policy-exploitation/
        https://media.defense.gov/2024/May/02/2003455483/-1/-1/0/CSA-NORTH-KOREAN-ACTORS-EXPLOIT-WEAK-DMARC.PDF
        https://www.ic3.gov/Media/News/2024/240502.pdf
        https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warn

      Breaches/Hacks/Leaks

      • A Million Australian Pubgoers Wake Up To Find Personal Info Listed On Leak Site
        "Over a million records describing Australians who visited local pubs and clubs have apparently been posted online. An anonymously published leak site claims the records came from a tech services company called Outabox."
        https://www.theregister.com/2024/05/02/australian_pubs_data_breach/

      • Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits
        "A Texas-based operator of rehabilitation hospitals is facing multiple federal proposed class action lawsuits in the wake of an apparent ransomware attack that affected dozens of its facilities in several states, potentially compromising the sensitive information of more than 101,000 individuals."
        https://www.bankinfosecurity.com/rehab-hospital-chain-hack-affects-101000-facing-6-lawsuits-a-25004

      • Managed Service Provider Denies Being Source Of Breach
        "A managed service provider says a customer is wrongly trying to shift blame for a data breach that exposed 1.1 million individuals' personal details."
        https://www.bankinfosecurity.com/managed-service-provider-denies-being-source-breach-a-24998

      General News

      • Securing Your Organization’s Supply Chain: Reducing The Risks Of Third Parties
        "When Stephen Hawking said that “we are all now connected by the internet, like neurons in a giant brain”, very few people understood the gravity of his statement. But ten years on from his famous interview with USA Today, it’s safe to say Hawking was accurate. Today the web has established a global village, interlinking organizations, and allowing all businesses – large and small – to form close relationships, regardless of their geographic location."
        https://www.helpnetsecurity.com/2024/05/02/supply-chain-third-parties-risks/

      • Understanding Emerging AI And Data Privacy Regulations
        "In this Help Net Security interview, Sophie Stalla-Bourdillon, Senior Privacy Counsel & Legal Engineer at Immuta, discusses the AI Act, the Data Act, and the Health Data Space Regulation. Learn how these regulations interact, their implications for both public and private sectors, and their role in shaping future AI and data privacy practices globally."
        https://www.helpnetsecurity.com/2024/05/02/sophie-stalla-bourdillon-immuta-ai-data-regulations/

      • AI-Driven Phishing Attacks Deceive Even The Most Aware Users
        "Vishing and deepfake phishing attacks are on the rise as attackers leverage GenAI to amplify social engineering tactics, according to Zscaler."
        https://www.helpnetsecurity.com/2024/05/02/genai-phishing-attacks-rise/

      • Sodinokibi/REvil Affiliate Sentenced For Role In $700M Ransomware Scheme
        "A Ukrainian national was sentenced today to 13 years and seven months in prison and ordered to pay over $16 million in restitution for his role in conducting over 2,500 ransomware attacks and demanding over $700 million in ransom payments."
        https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme
        https://therecord.media/revil-ransomware-yaroslav-vasinskyi-prison-sentence
        https://www.bleepingcomputer.com/news/security/revil-hacker-behind-kaseya-ransomware-attack-gets-13-years-in-prison/
        https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html
        https://www.infosecurity-magazine.com/news/revil-ransomware-affiliate/
        https://www.theregister.com/2024/05/02/revil_ransomware_prison/
        https://securityaffairs.com/162679/cyber-crime/revil-gang-member-sentenced.html

      • CISA And FBI Release Secure By Design Alert To Urge Manufacturers To Eliminate Directory Traversal Vulnerabilities
        "Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector."
        https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-and-fbi-release-secure-design-alert-urge-manufacturers-eliminate-directory-traversal
        https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-directory-traversal-vulnerabilities-software
        https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/

      • Operation PANDORA Shuts Down 12 Phone Fraud Call Centres
        "In the early hours of 18 April 2024, German, Albanian, Bosnian-Herzegovinian, Kosovar* and Lebanese police forces raided 12 call centres identified as the source of thousands of daily scam calls. 21 persons were taken into custody during this Europol-supported action day, which took down a criminal network responsible for defrauding thousands of victims through the use of various modus operandi."
        https://www.europol.europa.eu/media-press/newsroom/news/operation-pandora-shuts-down-12-phone-fraud-call-centres
        https://www.bleepingcomputer.com/news/security/police-shuts-down-12-fraud-call-centres-arrests-21-suspects/

      • Cybersecurity: The Battle Of Wits
        "With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies’ assets at all costs. One fundamental truth rings clear: it’s an ongoing and relentless battle of wits."
        https://www.tripwire.com/state-of-security/cybersecurity-battle-wits

      • Software Security: Too Little Vendor Accountability, Experts Say
        "Actual legislation is a long shot and a decade away, but policy experts are looking to jump-start the conversation around greater legal liability for insecure software products."
        https://www.darkreading.com/cyber-risk/software-security-too-little-vendor-accountability-experts-say

      • Microsoft Graph API Emerges As a Top Attacker Tool To Plot Data Theft
        "Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection."
        https://www.darkreading.com/cloud-security/microsoft-graph-api-emerges-as-top-attacker-tool-to-plot-data-theft

      • Three-Quarters Of CISOs Admit App Security Incidents
        "Three-quarters (72%) of global CISOs have experienced an application security incident in the past two years, causing lost revenue and market share, according to Dynatrace. The deep observability specialist polled 1300 CISOs and a handful of CEOs and CFOs to compile its latest report, The state of application security in 2024."
        https://www.infosecurity-magazine.com/news/threequarters-cisos-app-security/

      • Bitsight Reveals More Than 60 Percent Of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines In First-Of-Its-Kind Analysis Of CISA’s KEV Catalog
        "Study of 1.4 million organizations shows nearly a quarter of organizations had multiple known vulnerabilities in 2023 amid remediation struggles"
        https://www.bitsight.com/press-releases/bitsight-reveals-more-60-percent-known-exploited-vulnerabilities-remain-unmitigated
        https://www.bitsight.com/sites/default/files/2024-04/bitsight-a-global-view-of-cisa-kev-catalog.pdf
        https://therecord.media/kev-list-vulnerabilities-patched-significantly-faster

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       5a2a4617-676d-4c47-b4a5-b2bf6b57cd43-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post