NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 May 2024

    Cyber Security News
    2
    1
    118
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Tinyproxy HTTP Connection Headers Use-After-Free Vulnerability
        "A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability."
        https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
        https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html

      • Citrix Addresses High-Severity Flaw In NetScaler ADC And Gateway
        "Citrix appears to have quietly addressed a vulnerability in its NetScaler Application Delivery Control (ADC) and Gateway appliances that gave remote, unauthenticated attackers a way to obtain potentially sensitive information from the memory of affected systems."
        https://www.darkreading.com/cyber-risk/citrix-addresses-high-severity-flaw-in-netscaler-adc-and-gateway
        https://bishopfox.com/blog/netscaler-adc-and-gateway-advisory

      • Using MITM To Bypass FIDO2 Phishing-Resistant Protection
        "FIDO2 is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate using a physical or embedded key. FIDO2 is mostly known to protect people from man-in-the-middle (MITM), phishing and session hijacking attacks."
        https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/
        https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/

      • 20 Security Issues Found In Xiaomi Devices
        "Oversecured found and resolved significant mobile security vulnerabilities in Xiaomi devices. Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users. The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, disclosure of phone, settings and Xiaomi account data, and other vulnerabilities."
        https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/
        https://thehackernews.com/2024/05/xiaomi-android-devices-hit-by-multiple.html

      Malware

      • Behind Closed Doors: The Rise Of Hidden Malicious Remote Access
        "In this Threat Analysis Report, Cybereason’s Security Research Team explores the security implications, vulnerabilities, and potential mitigation strategies surrounding Hidden VNC (hVNC) and Hidden RDP (hRDP), as well as showcasing examples of current usage by malware authors to shed light on the evolving landscape of virtualized infrastructure security."
        https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access

      • Malware: Cuckoo Behaves Like Cross Between Infostealer And Spyware
        "On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young."
        https://blog.kandji.io/malware-cuckoo-infostealer-spyware
        https://thehackernews.com/2024/05/new-cuckoo-persistent-macos-spyware.html
        https://www.hackread.com/cuckoo-mac-malware-music-converter-passwords-crypto/

      • Analysis Of ArcaneDoor Threat Infrastructure Suggests Potential Ties To Chinese-Based Actor
        "On April 24, Cisco Talos released a report shedding light on a campaign by a previously unknown state-sponsored threat actor tracked as “UAT4356”. The campaign, dubbed “ArcaneDoor,” targeted government-owned perimeter network devices from various vendors as part of a global effort. Talos’ investigation found that actor infrastructure was established between November and December 2023, with initial activity first detected in early January 2024."
        https://censys.com/analysis-of-arcanedoor-threat-infrastructure-suggests-potential-ties-to-chinese-based-actor/
        https://thehackernews.com/2024/05/china-linked-hackers-suspected-in.html

      • LNK File Disguised As Certificate Distributing RokRAT Malware
        "AhnLab SEcurity intelligence Center (ASEC) has confirmed the continuous distribution of shortcut files (.LNK) of abnormal sizes that disseminate backdoor-type malware. The recently confirmed shortcut files (.LNK) are found to be targeting South Korean users, particularly those related to North Korea."
        https://asec.ahnlab.com/en/65076/

      Breaches/Hacks/Leaks

      • City Of Wichita Shuts Down IT Network After Ransomware Attack
        "The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. Wichita is the largest city in Kansas, with a population of 400,000 people, ranking it among the top 50 largest cities in the United States."
        https://www.bleepingcomputer.com/news/security/city-of-wichita-shuts-down-it-network-after-ransomware-attack/
        https://therecord.media/wichita-kansas-government-ransomware-attack
        https://www.securityweek.com/city-of-wichita-shuts-down-network-following-ransomware-attack/
        https://securityaffairs.com/162799/security/city-of-wichita-ransomware.html

      • Massive Dump Of Hacked Salvadorean Headshots And PII Highlights Growing Threat-Actor Interest In Biometric Data
        "A threat actor leaked the personally identifiable information (PII) of over five million citizens from El Salvador on the Dark Web, impacting more than 80% of the country’s population. The threat actor, going by the alias ‘CiberinteligenciaSV,’ posted the 144 GB data dump to Breach Forums, writing that the leak included 5,129,518 high-definition photos, each labeled with the corresponding Salvadorian’s document identification (DUI) number. Additionally, the leaked database features Salvadorian citizens’ first names, last names, birthdates, telephone numbers, email addresses, and residential addresses."
        https://www.resecurity.com/blog/article/massive-dump-of-hacked-salvadorean-headshots-and-pii-highlights-growing-threat-actor-interest-in-biometric-data
        https://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html

      General News

      • Strategies For Preventing AI Misuse In Cybersecurity
        "As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing cybersecurity frameworks. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the integration of AI tools in cybersecurity."
        https://www.helpnetsecurity.com/2024/05/06/pukar-hamal-securitypal-ai-tools-in-cybersecurity/

      • Organizations Go Ahead With AI Despite Security Risks
        "AI adoption remains sky high, with 54% of data experts saying that their organization already leverages at least four AI systems or applications, according to Immuta. 79% also report that their budget for AI systems, applications, and development has increased in the last 12 months."
        https://www.helpnetsecurity.com/2024/05/06/ai-adoption-security-challenges/

      • Privacy Requests Increased 246% In Two Years
        "Data Subject Requests (DSRs) — formal requests made to a company by a person to access, delete, or request not to sell/share the personal data that the company holds on them — increased by 32% from 2022 to 2023, according to DataGrail’s 2024 Privacy Trends Report."
        https://www.helpnetsecurity.com/2024/05/06/data-subject-requests-dsr/

      • LLMs & Malicious Code Injections: 'We Have To Assume It's Coming'
        "A rise in prompt injection engineering into large language models (LLMs) could emerge as a significant risk to organizations, an unintended consequence of AI discussed during a CISO roundtable discussion on Monday. The panel was held during Purple Book Community Connect–RSAC, an event at this week's RSA Conference in San Francisco."
        https://www.darkreading.com/application-security/llms-malicious-code-injections-we-have-to-assume-its-coming-

      • Key Findings From The 2H 2023 FortiGuard Labs Threat Report
        "In the second half of 2023, the cybersecurity landscape experienced various significant developments—like the rise in sophisticated attacks targeting large-scale enterprises and critical industries—that impact every organization. In our 2H 2023 Threat Landscape Report, we examine the cyberthreat landscape over the year’s second half to identify trends and offer insights on what security professionals should know to effectively protect their organizations."
        https://www.fortinet.com/blog/threat-research/key-findings-2h-2023-fortiguard-labs-threat-report
        https://www.fortinet.com/resources/analyst-reports/threat-report-2h-2023

      • RSAC: Threat Actors Weaponize Hacktivism For Financial Gain
        "Hacktivism has become increasingly blurred with financial cybercrime and nation-state activities, with threat actors deliberately aligning with causes to facilitate their various motivations, according to Alexander Leslie, threat intelligence analyst at Recorded Future. Speaking during the RSA Conference 2024, Leslie highlighted how purported hacktivists are increasingly attaching themselves to geopolitical events around the world, such as the Israel-Hamas war, and using those causes to launch attacks for financial gain or in support of nation states."
        https://www.infosecurity-magazine.com/news/hacktivism-financial-gain-threat/

      • Examining The Impact Of Ransomware Disruptions: Qakbot, LockBit, And BlackCat
        "A historic surge of ransomware incidents and payment totals in 2023 was not without resistance, as significant actions were taken against ransomware actors in 2023 and early 2024, including notable disruptions on Qakbot malware, and the LockBit and ALPHV-BlackCat ransomware-as-a-service (RaaS) groups."
        https://www.chainalysis.com/blog/ransomware-disruptions-impact/
        https://www.infosecurity-magazine.com/news/law-enforcement-takedowns/

      • Securing Generative AI
        "As organizations rush to create value from generative AI, many are speeding past a critical element: security. In a recent study of C-suite executives, the IBM Institute for Business Value (IBM IBV) found that only 24% of current gen AI projects have a component to secure the initiatives, even though 82% of respondents say secure and trustworthy AI is essential to the success of their business. In fact, nearly 70% say innovation takes precedence over security.This perceived trade-off contrasts with executives’ views of the wide-ranging risks of gen AI. Security vulnerabilities are among their biggest areas of concern."
        https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/securing-generative-ai
        https://www.infosecurity-magazine.com/news/businesses-innovation-security/

      • Financial Cyberthreats In 2023
        "Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommendations to effectively mitigate risks and enhance security posture."
        https://securelist.com/financial-threat-report-2023/112526/

      • It Costs How Much?!? The Financial Pitfalls Of Cyberattacks On SMBs
        "Cybercriminals are vipers. They're like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into."
        https://thehackernews.com/2024/05/it-costs-how-much-financial-pitfalls-of.html

      • Key Insights From The OpenText 2024 Threat Perspective
        "As we navigate through 2024, the cyber threat landscape continues to evolve, bringing new challenges for both businesses and individual consumers. The latest OpenText Threat Report provides insight into these changes, offering vital insights that help us prepare and protect ourselves against emerging threats. Here’s what you need to know:"
        https://www.webroot.com/blog/2024/05/06/key-insights-from-the-opentext-2024-threat-perspective/

      • Online Scams: Are These All Scams? Distinguishing The Legit From The Scam
        "With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by carefully observing discrepancies such as logo size, layout, wording, domain, etc., which scammers often overlooked when creating spoofed websites or emails. However, modern scammers now produce designs and content of such sophistication that they closely resemble genuine websites and emails."
        https://asec.ahnlab.com/en/65091/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b13b9c78-39e0-401b-845f-7bc5bed8031c-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post