NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 14 May 2024

    Cyber Security News
    2
    1
    49
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation."
        https://www.cisa.gov/news-events/alerts/2024/05/13/cisa-adds-one-known-exploited-vulnerability-catalog

      • Apple Patch Day: Code Execution Flaws In iPhones, iPads, MacOS
        "Apple on Monday rolled out urgent security-themed updates to its flagship mobile and desktop operating systems and warned that hackers may have already exploited an IOS vulnerability in the wild."
        https://www.securityweek.com/apple-patch-day-code-execution-flaws-in-iphones-ipads-macos/
        https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/
        https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

      • XWiki Remote Code Execution Vulnerability
        "The SonicWall Capture Labs threat research team became aware of CVE-2024-31984, which is a code injection vulnerability in XWiki’s management of space titles and has a critical CVSS score of 9.9. After assessing the impact, we developed mitigation measures to address the vulnerability. This vulnerability, originating from insufficient input validation, allows remote, authenticated attackers to execute arbitrary code on the target server by creating documents with maliciously crafted titles."
        https://blog.sonicwall.com/en-us/2024/05/xwiki-remote-code-execution-vulnerability/

      Malware

      • Malicious Go Binary Delivered Via Steganography In PyPI
        "On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into a large version of the actual requests side-bar PNG logo, which the author purported to be."
        https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
        https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html
        https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/

      • Leveraging DNS Tunneling For Tracking And Scanning
        "This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes."
        https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns/
        https://www.bleepingcomputer.com/news/security/hackers-use-dns-tunneling-for-network-scanning-tracking-victims/

      • INC Ransomware Source Code Selling On Hacking Forums For $300,000
        "A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. INC has previously targeted the U.S. division of Xerox Business Solutions (XBS), Yamaha Motor Philippines, and, more recently, Scotland's National Health Service (NHS)."
        https://www.bleepingcomputer.com/news/security/inc-ransomware-source-code-selling-on-hacking-forums-for-300-000/

      • New LockBit Black Campaign Observed
        "The NJCCIC’s email security solution detected a new LockBit campaign dubbed LockBit Black. This campaign was also reported to the NJCCIC via incident reports and observed by information-sharing and analysis centers. The emails in this campaign contain malicious ZIP attachments and were seen using the same sender email address, “JennyBrown3422[@]gmail[.]com,” and “Jenny[@]gsd[.]com.”"
        https://www.cyber.nj.gov/Home/Components/News/News/1312/214?fsiteid=2&loadingmode=PreviewContent
        https://www.bleepingcomputer.com/news/security/botnet-sent-millions-of-emails-in-lockbit-black-ransomware-campaign/

      • Ongoing Social Engineering Campaign Linked To Black Basta Ransomware Operators
        "Rapid7 has identified an ongoing social engineering campaign that has been targeting multiple managed detection and response (MDR) customers. The incident involves a threat actor overwhelming a user's email with junk and calling the user, offering assistance. The threat actor prompts impacted users to download remote monitoring and management software like AnyDesk or utilize Microsoft's built-in Quick Assist feature in order to establish a remote connection."
        https://www.rapid7.com/blog/post/2024/05/10/ongoing-social-engineering-campaign-linked-to-black-basta-ransomware-operators/
        https://www.darkreading.com/cyberattacks-data-breaches/500-victims-later-black-basta-reinvents-novel-vishing-strategy
        https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/

      • Mallox Affiliate Leverages PureCrypter In MS-SQL Exploitation Campaigns
        "Recently, our team observed an incident involving our MS-SQL (Microsoft SQL) honeypot. It was targeted by an intrusion set leveraging brute-force tactics, aiming to deploy the Mallox ransomware via PureCrypter through several MS-SQL exploitation techniques. Our investigation of Mallox samples led us to identify two affiliates with distinct modus operandi. The first focuses on exploiting vulnerable assets, while the second aims at broader compromises of information systems on a larger scale."
        https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/
        https://www.infosecurity-magazine.com/news/mallox-ransomware-deployed-via-ms/

      • Christie's Takes Website Offline After Cyberattack, Delays Live Auction
        "British auction house Christie's said a cyberattack has forced it to take down its website and move one live auction. In a Sunday post on LinkedIn, Christie’s CEO Guillaume Cerutti confirmed that the auction house was dealing with a “technology security incident” after the organization’s website went down on Thursday."
        https://therecord.media/christies-website-down-auction-delayed-cyberattack
        https://www.theregister.com/2024/05/13/cyberattack_shutters_christies_website/

      Breaches/Hacks/Leaks

      • Russian Hackers Hijack Ukrainian TV To Broadcast Victory Day Parade
        "Russia-aligned hackers hijacked several Ukrainian television channels on Thursday to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II. According to the Ukrainian agency responsible for television and radio broadcasting, Nacrada, the hackers replaced the broadcast of at least 15 TV channels owned by Starlight Media."
        https://therecord.media/russian-hackers-hijack-ukraine-tv
        https://www.darkreading.com/cyberattacks-data-breaches/ukrainian-latvian-tv-hijacked-to-broadcast-russian-celebrations

      • Largest Non-Bank Lender In Australia Warns Of a Data Breach
        "Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. Firstmac is a significant player in Australia's financial services industry, focusing primarily on mortgage lending, investment management, and securitization services."
        https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/
        https://securityaffairs.com/163064/data-breach/firstmac-limited-disclosed-data-breach.html

      • Helsinki Suffers Data Breach After Hackers Exploit Unpatched Flaw
        "The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. Though information about the attack was circulated on May 2, 2024, the city's authorities shared more details in a press conference earlier today."
        https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/
        https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

      • The Post Millennial Hack Leaked Data Impacting 26 Million People
        "Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. The Post Millennial is a conservative Canadian online news magazine belonging to the Human Events Media Group, which also operates the American 'Human Events' news platform."
        https://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/

      • FBCS Collection Agency Data Breach Impacts 2.7 Million
        "Debt collection agency Financial Business and Consumer Solutions (FBCS) now says that the personal information of roughly 2.7 million individuals was compromised in a recently disclosed data breach."
        https://www.securityweek.com/fbcs-collection-agency-data-breach-impacts-2-7-million/

      • 'Russian' Hackers Deface Potentially Hundreds Of Local British News Sites
        "A group declaring itself to be “first-class Russian hackers” defaced potentially hundreds of local and regional British newspaper websites on Saturday. The group published a breaking news story titled “PERVOKLASSNIY RUSSIAN HACKERS ATTACK” on the sites of titles owned by Newsquest Media Group. There is no evidence the story was reproduced in print."
        https://therecord.media/newsquest-media-group-british-newspaper-websites-defaced
        https://securityaffairs.com/163080/cyber-crime/russian-hackers-british-newspaper-websites.html

      General News

      • Red Teaming: The Key Ingredient For Responsible AI
        "Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements."
        https://www.helpnetsecurity.com/2024/05/13/responsible-ai-red-teaming/

      • Establishing a Security Baseline For Open Source Projects
        "In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges."
        https://www.helpnetsecurity.com/2024/05/13/dana-wang-openssf-oss-security/

      • AI’s Rapid Growth Puts Pressure On CISOs To Adapt To New Security Risks
        "The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix."
        https://www.helpnetsecurity.com/2024/05/13/genai-ciso-role/

      • Critical Vulnerabilities Take 4.5 Months On Average To Remediate
        "Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight."
        https://www.helpnetsecurity.com/2024/05/13/kev-catalog-prevalent-vulnerabilities/

      • Okta’s Security Chief On The Company’s Own Cyberattack And How The ‘battleground’ Has Shifted
        "Okta is one of the largest security companies in the world, helping big-name clients in the public and private sector protect themselves. But the company has had several of its own security incidents, including the most recent last October."
        https://therecord.media/okta-security-chief-cyberattack-lessons-battleground

      • Experts Warn The NVD Backlog Is Reaching a Breaking Point
        "The United States' federal database for tracking security vulnerabilities has virtually ground to a halt. Analysis of newly disclosed vulnerabilities and exposures has become nearly nonexistent as experts warn that the massive backlog and ongoing issues could result in supply chain risks across critical sectors."
        https://www.bankinfosecurity.com/experts-warn-nvd-backlog-reaching-breaking-point-a-25191

      • Why Tokens Are Like Gold For Opportunistic Threat Actors
        "Authentication tokens aren't actual physical tokens, of course. But when these digital identifiers aren't expired regularly or pinned for use by a specific device only, they may as well be made of gold in the hands of threat actors."
        https://www.darkreading.com/cyberattacks-data-breaches/why-tokens-are-like-gold-for-opportunistic-threat-actors

      • NATO Draws a Cyber Red Line In Tensions With Russia
        "There has long been a military red line that NATO says Russia must not cross. Now it has drawn a cyber red line."
        https://www.securityweek.com/nato-draws-a-cyber-red-line-in-tensions-with-russia/

      • Transnational Crime In Southeast Asia: A Growing Threat To Global Peace And Security
        "Organized crime is a significant driver of conflict globally. It preys on weak governance, slack law enforcement, and inadequate regulation. It tears at the fabric of societies by empowering and enriching armed actors and fueling violent conflict. In Asia, criminal groups prop up corrupt and dangerous regimes from Myanmar to North Korea, posing a direct threat to regional stability."
        https://www.usip.org/publications/2024/05/transnational-crime-southeast-asia-growing-threat-global-peace-and-security
        https://www.usip.org/sites/default/files/2024-05/ssg_transnational-crime-southeast-asia.pdf
        https://therecord.media/southeast-asian-scam-syndicates-stealing-billions-annually

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       8ddd3594-44df-42d0-add0-5af640dc1db3-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post