NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 8 May 2024

    Cyber Security News
    2
    1
    66
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • PTC Codebeamer
        "Successful exploitation of this vulnerability could allow an attacker to inject malicious code in the application."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-01

      • SUBNET Substation Server
        "Successful exploitation of the vulnerabilities in components used by Substation Server could allow privilege escalation, denial-of-service, or arbitrary code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02

      Vulnerabilities

      • Surge Of JavaScript Malware In Sites With Vulnerable Versions Of LiteSpeed Cache Plugin
        "If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections."
        https://wpscan.com/blog/surge-of-javascript-malware-in-sites-with-vulnerable-versions-of-litespeed-cache-plugin/
        https://www.bleepingcomputer.com/news/security/hackers-exploit-litespeed-cache-flaw-to-create-wordpress-admins/

      • Remote Access Risks On The Rise With CVE-2024-1708 And CVE-2024-1709
        "On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code."
        https://securityintelligence.com/articles/remote-access-risks-cve20241708-cve20241709/

      Malware

      • Technical Deep Dive: Understanding The Anatomy Of a Cyber Intrusion
        "This is the second blog post in a series, sharing MITRE’s experiences detecting and responding to a nation-state cyber threat actor incident in our research and experimentation network, NERVE. It follows our April 19, 2024 posting, “Advanced Cyber Threats Impact Even the Most Prepared”."
        https://medium.com/mitre-engenuity/technical-deep-dive-understanding-the-anatomy-of-a-cyber-intrusion-080bddc679f3
        https://thehackernews.com/2024/05/china-linked-hackers-used-rootrot.html
        https://www.darkreading.com/cloud-security/chinese-hackers-deployed-backdoor-quintet-to-down-mitre
        https://www.securityweek.com/mitre-hack-china-linked-group-breached-systems-in-december-2023/
        https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

      • China Hacked Ministry Of Defence, Sky News Learns
        "The Chinese state has hacked the Ministry of Defence, Sky News understands. MPs will be told today of a massive data breach involving the MoD, targeting service personnel. The government will not name the country involved, but Sky News understands this to be China."
        https://news.sky.com/story/china-hacked-ministry-of-defence-sky-news-learns-13130757
        https://www.infosecurity-magazine.com/news/china-major-mod-payroll-breach/
        https://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/
        https://therecord.media/uk-ministry-of-defence-payment-system-hacked
        https://www.bankinfosecurity.com/suspected-chinese-hackers-hacked-uk-defense-contractor-a-25138
        https://www.itnews.com.au/news/malign-actor-may-have-compromised-uk-defence-ministry-payroll-607754
        https://www.nytimes.com/2024/05/07/world/europe/uk-armed-forces-data-hack.html
        https://www.securityweek.com/the-uk-says-a-huge-payroll-data-breach-by-a-malign-actor-has-exposed-details-of-military-personnel/

      • New Attack Leaks VPN Traffic Using Rogue DHCP Servers
        "A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The method, described in detail in a report by Leviathan Security, relies on the abuse of Dynamic Host Configuration Protocol's (DHCP) option 121, which permits the configuration of classless static routes on a client's system."
        https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/
        https://www.leviathansecurity.com/blog/tunnelvision
        https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/

      • zEus Stealer Distributed Via Crafted Minecraft Source Pack
        "Many game makers allow users to alter a game's appearance or behavior to increase its enjoyment and replay value. Players can often also download packages created by others. However, this is also a chance for attackers to distribute their malware. This article examines a batch stealer distributed via a crafted Minecraft source pack."
        https://www.fortinet.com/blog/threat-research/zeus-stealer-distributed-via-crafted-minecraft-source-pack

      • RemcosRAT Distributed Using Steganography
        "AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed."
        https://asec.ahnlab.com/en/65111/

      • CHM Malware Stealing User Information Being Distributed In Korea
        "AhnLab SEcurity intelligence Center (ASEC) has recently discovered circumstances of a CHM malware strain that steals user information being distributed to Korean users. The distributed CHM is a type that has been constantly distributed in various formats such as LNK, DOC, and OneNote from the past. A slight change to the operation process was observed in the recent samples."
        https://asec.ahnlab.com/en/65245/

      • Case Of Malware Distribution Linking To Illegal Gambling Website Targeting Korean Web Server
        "AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating a poorly managed Windows Internet Information Services (IIS) web server in Korea, the threat actor installed the Meterpreter backdoor, a port forwarding tool, and an IIS module malware tool."
        https://asec.ahnlab.com/en/65131/

      Breaches/Hacks/Leaks

      • DocGo Discloses Cyberattack After Hackers Steal Patient Health Data
        "Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. DocGo is a healthcare provider that offers mobile health services, ambulance services, and remote monitoring for patients in thirty US states and across the United Kingdom."
        https://www.bleepingcomputer.com/news/security/docgo-discloses-cyberattack-after-hackers-steal-patient-health-data/

      • Over 1.2 Million Documents, Including Security Guards And Offenders, Exposed In Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to WebsitePlanet about a non-password-protected database that contained over 1.2 million documents belonging to UK-based Amberstone Security Ltd, a technology and physical security services company."
        https://www.websiteplanet.com/news/amberstone-breach-report/
        https://www.hackread.com/uk-security-provider-leaks-guard-suspect-data/
        https://www.theregister.com/2024/05/07/uk_security_company_breach/

      • Nearly 184,000 MedStar Health Patients’ Personal Data Possibly Breached
        "A major Washington, D.C.-area health network says the personal information of about 184,000 people was likely hacked when an outsider accessed emails and files belonging to three employees. MedStar Health reported that it alerted 183,709 patients that their data was exposed. The company also filed a notice with the Department of Health and Human Services."
        https://therecord.media/medstar-health-data-breach

      General News

      • 6 Tips To Implement Security Gamification Effectively
        "There’s not a CISO in the industry who’s not aware of the extremely short median CISO tenure. That’s why the best CISOs are those who constantly seek ways to strengthen their teams."
        https://www.helpnetsecurity.com/2024/05/07/security-gamification-tips/

      • Only 45% Of Organizations Use MFA To Protect Against Fraud
        "Most businesses struggle with identity verification and have concerns over ability to protect against AI, according to Ping Identity. Despite stronger protection solutions available, many organizations aren’t taking full advantage."
        https://www.helpnetsecurity.com/2024/05/07/identity-verification-ai-concerns/

      • Ransomware Evolves From Mere Extortion To 'psychological Attacks'
        "Ransomware infections have morphed into "a psychological attack against the victim organization," as criminals use increasingly personal and aggressive tactics to force victims to pay up, according to Google-owned Mandiant."
        https://www.theregister.com/2024/05/07/ransomware_evolves_from_mere_extortion/

      • Russian Operator Of BTC-e Crypto Exchange Pleads Guilty To Money Laundering
        "A Russian operator of a now-dismantled BTC-e cryptocurrency exchange has pleaded guilty to money laundering charges from 2011 to 2017."
        https://thehackernews.com/2024/05/russian-operator-of-btc-e-crypto.html
        https://www.infosecurity-magazine.com/news/btce-9bn-cryptomoney-launderer/

      • LockBit Leader Unmasked And Sanctioned
        "A leader of what was once the world’s most harmful cyber crime group has been unmasked and sanctioned by the UK, US and Australia, following a National Crime Agency-led international disruption campaign. The sanctions against Russian national Dmitry Khoroshev (pictured), the administrator and developer of the LockBit ransomware group, are being announced today by the FCDO alongside the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) and the Australian Department of Foreign Affairs."
        https://www.nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned
        https://www.bleepingcomputer.com/news/security/lockbit-ransomware-admin-identified-sanctioned-in-us-uk-australia/
        https://therecord.media/lockbitsupp-suspect-accused-lockbit-ransomware-gang
        https://www.darkreading.com/vulnerabilities-threats/lockbit-honcho-sanctions-aussie-org-ramifications
        https://www.bankinfosecurity.com/lockbitsupps-identity-revealed-dmitry-yuryevich-khoroshev-a-25132
        https://thehackernews.com/2024/05/russian-hacker-dmitry-khoroshev.html
        https://www.infosecurity-magazine.com/news/lockbit-leader-identity-revealed/
        https://cyberscoop.com/us-uk-authorities-unmask-russian-national-as-lockbit-administrator/
        https://www.hackread.com/lockbit-ransomware-leader-dmitry-yuryevich-khoroshev/
        https://www.securityweek.com/lockbit-ransomware-mastermind-unmasked-charged/
        https://securityaffairs.com/162823/cyber-crime/lockbit-ransomware-admin-identified.html
        https://www.helpnetsecurity.com/2024/05/07/lockbit-lockbitsupp-unmasked/
        https://www.itnews.com.au/news/uk-and-allies-unmask-and-sanction-leader-of-lockbit-cybercrime-gang-607753
        https://www.theregister.com/2024/05/07/alleged_lockbit_kingpin_charged_sanctioned/
        https://flashpoint.io/blog/usa-vs-lockbit-administrator/

      • Spies Among Us: Insider Threats In Open Source Environments
        "If you have not yet heard about a critical vulnerability found in XZ Utils, you aren't paying attention to critical security news. After all, the discovery of a backdoor in a widely used Linux tool was serious enough to provoke comparisons to the infamous SolarWinds hack. Even Linux creator Linus Torvalds himself talked about it at Open Source Summit North America in Seattle."
        https://www.darkreading.com/vulnerabilities-threats/spies-among-us-insider-threats-in-open-source-environments

      • Does CISA's KEV Catalog Speed Up Remediation?
        "When the Cybersecurity and Infrastructure Security Agency first introduced the Known Exploited Vulnerabilities (KEV) list in 2021, the intent was to provide government agencies and enterprises with a heads up about the most risky threats out in the wild. Nearly three years later, research shows the KEV list is speeding up remediation times, but there's more work to be done."
        https://www.darkreading.com/vulnerabilities-threats/cisa-kev-catalog-speed-up-remediation
        https://www.theregister.com/2024/05/07/cisas_vulnerability_deadlines/

      • What's The Future Path For CISOs?
        "A panel of former CISOs will lead the closing session of this week's RSA Conference to discuss challenges and opportunities."
        https://www.darkreading.com/cyber-risk/what-s-the-future-path-for-cisos

      • RSAC: Three Battle-Tested Tips For Surviving a Cyber-Attack
        "Experiencing a cyber-attack as a chief information security officer (CISO) or a cybersecurity leader in your organization can be daunting. Russell Ayres, SVP of cyber operations and deputy CISO at Equifax, knows it better than anyone. He was appointed interim CSO in 2017 after his organization suffered a significant data breach that exposed the private records of 147.9 million Americans, 15.2 million British citizens and about 19,000 Canadian citizens."
        https://www.infosecurity-magazine.com/news/three-tips-for-surviving-a/

      • The AI Reality: New Research From ISACA Identifies Gaps In AI Knowledge Training And Policies
        "According to an ISACA pulse poll of 3,270 digital trust professionals, only 15% of organizations have AI policies, and 40% of organizations offer no AI training at all. These gaps are concerning given that 70% of respondents say staff are using AI, and 60% say employees are using generative AI (e.g., Microsoft CoPilot, Google Gemini, and OpenAI’s ChatGPT)."
        https://www.isaca.org/about-us/newsroom/press-releases/2024/the-ai-reality-new-research-from-isaca-identifies-gaps-in-ai-knowledge-training-and-policies
        https://www.infosecurity-magazine.com/news/failing-address-ai-risks-isaca/

      • RSAC: Log4J Still Among Top Exploited Vulnerabilities, Cato Finds
        "Three years after its discovery, the Log4J vulnerability (CVE-2021-44228) exploit remains one of the most attempted exploits observed by cloud security provider Cato Networks. Cato Cyber Threat Research Labs (CTRL) published its inaugural SASE Threat Report for Q1 2024 on May 6 during the RSA Conference 2024."
        https://www.infosecurity-magazine.com/news/log4j-top-exploited-vulnerabilities/

      • Exploits And Vulnerabilities In Q1 2024
        "We at Kaspersky continuously monitor the evolving cyberthreat landscape to ensure we respond promptly to emerging threats, equipping our products with detection logic and technology. Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of that landscape."
        https://securelist.com/vulnerability-report-q1-2024/112554/

      • Volt Typhoon Operation Came Up 'directly' In US-China Talks, Ambassador Says
        "Recent high-level talks between U.S. and Chinese officials “directly” addressed a sweeping espionage campaign that targeted American critical infrastructure, the nation’s top cyber diplomat said on Monday. “We did speak about Volt Typhoon directly,” Nathaniel Fick, the State Department’s ambassador-at-large for cyberspace and digital policy, told reporters during a roundtable at the RSA Conference."
        https://therecord.media/china-volt-typhoon-direct-talks-us-china

      • Scattered Spider Group a Unique Challenge For Cyber Cops, FBI Leader Says
        "The FBI must “evolve” if it hopes to successfully thwart a group of hackers who have wrought chaos on some of the largest companies in the U.S., according to a senior bureau official, who urged the public to be patient as law enforcement fights the criminal network."
        https://therecord.media/scattered-spider-challenge-for-FBI

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 7396f866-53e3-496f-8bd9-eeed15d439fd-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post