NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 15 May 2024

    Cyber Security News
    2
    1
    75
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Rockwell Automation FactoryTalk Remote Access
        "Successful exploitation of this vulnerability could allow an attacker to enter a malicious executable and run it as a system user, resulting in remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-01

      • SUBNET PowerSYSTEM Center
        "Successful exploitation of the vulnerabilities in components used by PowerSYSTEM Center could allow privilege escalation, denial-of-service, or arbitrary code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02
        Johnson Controls Software House C-CURE 9000
        "Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03

      • Mitsubishi Electric Multiple FA Engineering Software Products
        "Successful exploitation of these vulnerabilities may allow a local attacker to cause a Windows blue screen error that results in a denial-of-service condition and/or to gain Windows system privileges and execute arbitrary commands."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-04

      New Tooling
      • BLint: Open-Source Tool To Check The Security Properties Of Your Executables
        "BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries."
        https://www.helpnetsecurity.com/2024/05/14/blint-open-source-check-security-properties-executables/
        https://github.com/owasp-dep-scan/blint
      Vulnerabilities

      • Microsoft May 2024 Patch Tuesday Fixes 3 Zero-Days, 61 Flaws
        "Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. This Patch Tuesday only fixes one critical vulnerability, a Microsoft SharePoint Server Remote Code Execution Vulnerability."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/
        https://www.darkreading.com/vulnerabilities-threats/microsoft-windows-dwm-zero-day-mass-exploit
        https://blog.talosintelligence.com/microsoft-patch-tuesday-may-2024/
        https://www.securityweek.com/microsoft-patches-60-windows-vulns-warns-of-active-zero-day-exploitation/
        https://www.tripwire.com/state-of-security/vert-threat-alert-may-2024-patch-tuesday-analysis
        https://www.helpnetsecurity.com/2024/05/14/patch-tuesday-cve-2024-30051-cve-2024-30040/
        https://securityaffairs.com/163172/security/microsoft-patch-tuesday-may-2024.html
        https://www.theregister.com/2024/05/14/microsoft_may_patch_tuesday/

      • PoC Exploit Released For RCE Zero-Day In D-Link EXO AX4800 Routers
        "The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link DIR-X4860 router is a high-performance Wi-Fi 6 router capable of speeds of up to 4800 Mbps and advanced features like OFDMA, MU-MIMO, and BSS Coloring that enhance efficiency and reduce interference."
        https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
        https://ssd-disclosure.com/ssd-advisory-d-link-dir-x4860-security-vulnerabilities/

      • Google Chrome Emergency Update Fixes 6th Zero-Day Exploited In 2024
        "Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component."
        https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2024/
        https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
        https://www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape
        https://www.securityweek.com/google-patches-second-chrome-zero-day-in-one-week/
        https://securityaffairs.com/163136/hacking/6th-chrome-zero-day-2024.html
        https://www.malwarebytes.com/blog/news/2024/05/update-chrome-now-google-releases-emergency-security-patch

      • SAP Patches Critical Vulnerabilities In CX Commerce, NetWeaver
        "Enterprise software maker SAP on Tuesday announced the release of 14 new and three updated security notes as part of its May 2024 Security Patch Day. Two new and one updated security notes are rated ‘hot news’, the highest severity in SAP’s playbook, addressing critical flaws in Business Client, CX Commerce, and NetWeaver Application Server ABAP and ABAP Platform."
        https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-cx-commerce-netweaver/

      • Adobe Patches Critical Flaws In Reader, Acrobat
        "Software maker Adobe on Tuesday documented 35 security vulnerabilities in a wide range of products and urged users to pay immediate attention to critical-severity bugs in its widely deployed Adobe Acrobat and Reader programs. As part of its scheduled batch of Patch Tuesday updates, Adobe patched a dozen security bugs in Acrobat and Reader and slapped a critical-severity label on several issues that expose users to code execution attacks."
        https://www.securityweek.com/adobe-patches-critical-flaws-in-reader-acrobat/

      • Critical Flaws In Cacti Framework Could Let Attackers Execute Malicious Code
        "The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code."
        https://thehackernews.com/2024/05/critical-flaws-in-cacti-framework-could.html

      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited
        https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

      • QakBot Attacks With Windows Zero-Day (CVE-2024-30051)
        "In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a curious document uploaded to VirusTotal on April 1, 2024. This document caught our attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS."
        https://securelist.com/cve-2024-30051/112618/
        https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-zero-day-exploited-in-qakbot-malware-attacks/
        https://www.bankinfosecurity.com/microsoft-patches-zero-day-exploited-by-qakbot-a-25210

      • VMware Fixes Three Zero-Day Bugs Exploited At Pwn2Own 2024
        "VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a use-after-free flaw in the vbluetooth device demoed by the STAR Labs SG and Theori teams."
        https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/
        https://thehackernews.com/2024/05/vmware-patches-severe-security-flaws-in.html
        https://www.securityweek.com/vmware-patches-vulnerabilities-exploited-at-pwn2own-2024/
        https://securityaffairs.com/163152/hacking/vmware-fixed-zero-days-demonstrated-pwn2own2024.html

      • Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking In Common Tools
        "PDF files have become an integral part of modern digital communication. PDFs have evolved into a standard format for presenting text, images, and multimedia content with consistent layout and formatting, irrespective of the software, hardware, or operating system used to view them."
        https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

      • NHS Digital Hints At Exploit Sightings Of Arcserve UDP Vulnerabilities
        "The UK's NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited. Originally disclosed in March, the three vulnerabilities all had proof of concept (PoC) exploit code released the day after disclosure by Tenable, which reported the bugs to Arcserve. In these cases, it doesn't usually take long before attackers try to abuse them."
        https://www.theregister.com/2024/05/14/nhs_arcserve_udp/

      Malware

      • Distribution Of DanaBot Malware Via Word Files Detected By AhnLab EDR
        "There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence and detection process with the AhnLab EDR product’s diagram."
        https://asec.ahnlab.com/en/65399/

      • Initial Access To IIS Web Servers Detected By AhnLab EDR
        "In the modern Internet society, one can easily obtain information on devices all over the world connected to the Internet using network and device search engines such as Shodan. Threat actors can use these search engines to engage in malicious behaviors such as collecting information on attack targets or performing port scanning attacks against any devices. The threat actor utilizes the information collected to find weaknesses in the target system and attempt initial access."
        https://asec.ahnlab.com/en/65390/

      • Ebury Is Alive But Unseen: 400k Linux Servers Compromised For Cryptocurrency Theft And Financial Gain
        "Ten years ago we raised awareness of Ebury by publishing a white paper we called Operation Windigo, which documented a campaign that leveraged Linux malware for financial gain. Today we publish a follow-up paper on how Ebury has evolved, and the new malware families its operators use to monetize their botnet of Linux servers."
        https://www.welivesecurity.com/en/eset-research/ebury-alive-unseen-400k-linux-servers-compromised-cryptotheft-financial-gain/
        https://web-assets.esetstatic.com/wls/en/papers/white-papers/ebury-is-alive-but-unseen.pdf
        https://www.bleepingcomputer.com/news/security/ebury-botnet-malware-infected-400-000-linux-servers-since-2009/
        https://www.infosecurity-magazine.com/news/ebury-botnet-diversify-crypto-theft/

      • From Document To Script: Insides Of Darkgate's Campaign
        "One of the primary propagation methods for Darkgate is phishing emails. By hijacking email accounts, distributing malicious attachment and it propagate itself to a wider network of potential victims. Darkgate uses some of the most common attachment filetypes such as XLSX, HTML and PDF. It is often designed to be stealthy and persistent, making it challenging to detect and remove. It may result in the loss of personal data, financial loss through fraud or extortion, and compromise of sensitive information."
        https://www.forcepoint.com/blog/x-labs/phishing-script-inside-darkgate-campaign

      • GitCaught: Threat Actor Leverages GitHub Repository For Malicious Infrastructure
        "In recent research, Recorded Future's Insikt Group uncovered a sophisticated cybercriminal campaign led by Russian-speaking threat actors from the Commonwealth of Independent States (CIS). These threat actors leveraged a GitHub profile to impersonate legitimate software applications like 1Password, Bartender 5, and Pixelmator Pro to distribute various malware types, such as Atomic macOS Stealer (AMOS) and Vidar. This malicious activity highlights the abuse of trusted internet services to orchestrate cyberattacks that steal personal information."
        https://www.recordedfuture.com/gitcaught-threat-actor-leverages-github-repository-for-malicious-infrastructure
        https://www.infosecurity-magazine.com/news/russian-legitimate-services/

      • How Scammers Hijack Your Instagram
        "Instagram, with its vast user base and dynamic platform, has become a hotbed for scams and fraudulent activities. From phishing attempts to fake giveaways, scammers employ a range of tactics to exploit user trust and vulnerability. These scams often prey on people’s desire for social validation, financial gain, or exclusive opportunities, luring them into traps that can compromise their personal accounts and identity."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/how-scammers-hijack-your-instagram/

      • Remcos Is Pairing With PrivateLoader To Extend Its Capabilities
        "This week, the SonicWall Capture Labs threat research team investigated a sample of the RemcosRAT that uses a PrivateLoader module to provide additional data and persistence on the victim’s machine. By installing VB scripts, altering the registry and setting up services to restart the malware at variable times or by control, this malware is able to infiltrate a system completely and remain undetected."
        https://blog.sonicwall.com/en-us/2024/05/remcos-is-pairing-with-privateloader-to-extend-its-capabilities/

      • ‘Got That Boomer!’: How Cybercriminals Steal One-Time Passcodes For SIM Swap Attacks And Raiding Bank Accounts
        "The incoming phone call flashes on a victim’s phone. It may only last a few seconds, but can end with the victim handing over codes that give cybercriminals the ability to hijack their online accounts or drain their crypto and digital wallets. “This is the PayPal security team here. We’ve detected some unusual activity on your account and are calling you as a precautionary measure,” the caller’s robotic voice says. “Please enter the six-digit security code that we’ve sent to your mobile device.”"
        https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/

      Breaches/Hacks/Leaks
      • Singing River Health System: Data Of 895,000 Stolen In Ransomware Attack
        "The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital, and the Singing River Gulfport Hospital, collectively providing over 700 beds."
        https://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/
      General News

      • Tailoring Responsible AI: Defining Ethical Guidelines For Industry-Specific Use
        "In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations, industry regulations, and proactive risk assessment to ensure that AI is used transparently."
        https://www.helpnetsecurity.com/2024/05/14/chris-peake-smartsheet-responsible-ai/

      • Log4J Shows No Sign Of Fading, Spotted In 30% Of CVE Exploits
        "Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey."
        https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

      • CISA And Partners Release Guidance For Civil Society Organizations On Mitigating Cyber Threats With Limited Resources
        "CISA, in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufactures to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable and high-risk communities."
        https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited
        https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society
        https://www.cisa.gov/sites/default/files/2024-05/joint-guide-mitigating-cyber-threats-with-limited-resources-guidance-for-civil-society-508c (3).pdf
        https://therecord.media/civil-society-under-threat-nation-state-hacking
        https://www.infosecurity-magazine.com/news/cisa-unveil-cybersecurity-guide/

      • Developer Of Tornado Cash Gets Jail Sentence For Laundering Billions Of Dollars In Cryptocurrency
        "The district court of Oost-Brabant has sentenced a 31 year old Russian, residing in Amstelveen, to an imprisonment of 5 years and 4 months. The court ruled that the man developed and maintained a software tool, called Tornado Cash, with which in total over 2 billion U.S. dollars was laundered."
        https://www.rechtspraak.nl/Organisatie-en-contact/Organisatie/Rechtbanken/Rechtbank-Oost-Brabant/Nieuws/Paginas/Developer-of-Tornado-Cash-gets-jail-sentence-for-laundering-billions-of-dollars-in-cryptocurrency.aspx
        https://therecord.media/tornado-cash-money-laundering-verdict-netherlands-alexey-pertsev
        https://www.bankinfosecurity.com/tornado-cash-developer-sentenced-to-5-years-in-prison-a-25202

      • Insider Threats Maintain a Rising Trend
        "“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report details further incidents of dishonest behavior as recorded this year by the UK’s National Fraud Database (NFD)."
        https://www.tripwire.com/state-of-security/insider-threats-maintain-rising-trend

      • A Cost-Effective Encryption Strategy Starts With Key Management
        "Key management is more complex than ever. Your choices are: Rely on your cloud provider or manage keys locally; Encrypt only the most critical data; Or encrypt everything."
        https://www.darkreading.com/cloud-security/a-cost-effective-encryption-strategy-starts-with-key-management

      • Heartbleed: When Is It Good To Name a Vulnerability?
        "Ten years have passed since Heartbleed was first identified, but the security industry is still grappling with the question of branded vulnerabilities and naming vulnerabilities appropriately."
        https://www.darkreading.com/vulnerabilities-threats/heartbleed-when-is-it-good-to-name-a-vulnerability

      • Data Breaches In US Schools Exposed 37.6M Records
        "Since 2005, educational institutions in the United States have experienced 3713 data breaches, impacting over 37.6m records. According to new data by Comparitech, 2023 marked a record year, with 954 breaches recorded – a dramatic rise from 139 in 2022 and 783 in 2021. This surge was primarily attributed to MOVEit file transfer software vulnerabilities, affecting over 800 institutions."
        https://www.infosecurity-magazine.com/news/data-breaches-us-schools-37m/

      • 44% Of Cybersecurity Professionals Struggle With Regulatory Compliance
        "Around half (44%) of cybersecurity professionals struggle to comply with cybersecurity legislation due to its complexity and time consumption, research from Infosecurity Europe has found. The survey of 200 IT security decision makers analysed perspectives on 12 cybersecurity-related regulations either in force or soon to be enforced, including US Sarbanes-Oxley Act (SOX) and the EU’s NIS2 directive."
        https://www.infosecurity-magazine.com/news/cyber-pros-struggle-regulatory/

      • Incident Response Analyst Report 2023
        "As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. All data is derived from working with organizations that requested our expertise in carrying out incident response (IR) or assisting their in-house expert team."
        https://securelist.com/kaspersky-incident-response-report-2023/112504/

      • MITRE Unveils EMB3D: A Threat-Modeling Framework For Embedded Devices
        "The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments. "The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said in a post announcing the move."
        https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.html
        https://www.mitre.org/news-insights/news-release/mitre-releases-emb3d-cybersecurity-threat-model-embedded-devices
        https://emb3d.mitre.org/
        https://www.securityweek.com/mitre-emb3d-threat-model-officially-released/
        https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/
        https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

      • Threat Intelligence To Protect Vulnerable Communities
        "Key members of civil society—including journalists, political activists and human rights advocates—have long been in the cyber crosshairs of well-resourced nation-state threat actors but have scarce resources to protect themselves from cyber threats. On May 14, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released a High-Risk Communities Protection (HRCP) report developed through the Joint Cyber Defense Collaborative that addresses the threat to these vulnerable groups, with findings contributed by the X-Force Threat Intelligence team."
        https://securityintelligence.com/posts/threat-intelligence-protect-vulnerable-communities/
        https://www.cisa.gov/audiences/high-risk-communities/cybersecurity-resources-high-risk-communities

      • Cybersec Chiefs Team Up With Insurers To Say 'no' To Ransomware Bullies
        "The latest effort to reduce the number of ransom payments sent to cybercriminals in the UK involves the country's National Cyber Security Centre (NCSC) locking arms with insurance associations. Announced today by NCSC CEO Felicity Oswald at the annual CYBERUK conference, a new guidance book aims to prevent organizations from reacting in a knee-jerk fashion to ransomware incidents."
        https://www.theregister.com/2024/05/14/uk_ncsc_partners_with_insurance/
        https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

      • Singapore Cybersecurity Update Puts Cloud Providers On Notice
        "Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government."
        https://www.darkreading.com/cyber-risk/singapore-cybersecurity-update-puts-cloud-providers-on-notice

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       93805ac6-c673-40dc-a012-5c3502a4fa61-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post