NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 May 2024

    Cyber Security News
    2
    1
    55
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector
      • Vulnerabilities On GE HealthCare Vivid Ultrasound Could Allow Malicious Insiders To Locally Install Ransomware, Access And Manipulate Patient Data
        "In an effort to increase the resilience of medical systems, Nozomi Networks Labs has conducted research on a device from the GE HealthCare Vivid Ultrasound family, as well as the companion software used to review the generated medical data."
        https://www.nozominetworks.com/blog/ge-healthcare-vivid-ultrasound-vulnerabilities
        https://www.bankinfosecurity.com/report-11-vulnerabilities-found-in-ge-ultrasound-devices-a-25228
      Industrial Sector
      • ICS Patch Tuesday: Advisories Published By Siemens, Rockwell, Mitsubishi Electric
        "Several major industrial control systems (ICS) providers have released Patch Tuesday advisories to inform customers about vulnerabilities discovered and fixed in their products."
        https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-rockwell-mitsubishi-electric/
      Vulnerabilities

      • Google Patches Third Exploited Chrome Zero-Day In a Week
        "Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. "Google is aware that an exploit for CVE-2024-4947 exists in the wild," the search giant said in a security advisory published on Wednesday."
        https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/

      • New WiFi Vulnerability: The SSID Confusion Attack
        "A new vulnerability arising from a design flaw in the WiFi standard allows attackers to trick victims into connecting to less secure networks and intercept their traffic. Additionally, the attack can exploit the auto-disconnect feature in certain VPN clients, which automatically disables the VPN connection when the device connects to a predefined “trusted” WiFi network. Top10VPN has teamed up with highly-experienced security researcher Mathy Vanhoef to share this WiFi vulnerability ahead of its presentation at the WiSec ’24 conference in Seoul."
        https://www.top10vpn.com/research/wifi-vulnerability-ssid/
        https://www.darkreading.com/endpoint-security/flaw-in-wi-fi-standard-can-enable-ssid-confusion-attacks

      • Intel Publishes 41 Security Advisories For Over 90 Vulnerabilities
        "This Patch Tuesday, Intel published 41 new security advisories covering a total of more than 90 vulnerabilities found in the company’s products. The chip giant has released patches for a majority of these vulnerabilities, while for some it has provided mitigations."
        https://www.securityweek.com/intel-publishes-41-security-advisories-for-over-90-vulnerabilities/

      Malware

      • Threat Actors Misusing Quick Assist In Social Engineering Attacks Leading To Ransomware
        "Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks. Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware. The observed activity begins with impersonation through voice phishing (vishing), followed by delivery of malicious tools, including remote monitoring and management (RMM) tools like ScreenConnect and NetSupport Manager, malware like Qakbot, Cobalt Strike, and ultimately Black Basta ransomware."
        https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
        https://www.bleepingcomputer.com/news/security/windows-quick-assist-abused-in-black-basta-ransomware-attacks/

      • Detecting Compromise Of CVE-2024-3400 On Palo Alto Networks GlobalProtect Devices
        "Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. Palo Alto Networks released an advisory and threat protection signature for the vulnerability within 48 hours of Volexity's disclosure of the issue to Palo Alto Networks, with official patches and fixes following soon after."
        https://www.volexity.com/blog/2024/05/15/detecting-compromise-of-cve-2024-3400-on-palo-alto-networks-globalprotect-devices/

      • Unmasking a Cyber Attack That Targets Meta Business Accounts
        "The majority of businesses today utilize social media platforms for advertising products, sharing updates, and customer engagements. But what happens when a business account falls into the hands of a threat actor? This report explores the inner workings of an advanced phishing campaign capable of bypassing multi-factor authentication (MFA) to target Meta business accounts. Cofense has discovered a comprehensive toolkit enabling threat actors to create malicious links, verify if they are active threats, generate emails, and other additional tasks."
        https://cofense.com/blog/cyber-attack-that-targets-meta-business-accounts/

      • Cybercriminals Exploit Docusign With Customizable Phishing Templates
        "Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams."
        https://abnormalsecurity.com/blog/cybercriminals-exploit-docusign
        https://www.darkreading.com/threat-intelligence/scammers-fake-docusign-templates-blackmail-steal-companies

      • To The Moon And Back(doors): Lunar Landing In Diplomatic Missions
        "ESET researchers discovered two previously unknown backdoors – which we named LunarWeb and LunarMail – compromising a European ministry of foreign affairs (MFA) and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and, given the similarities between the tools’ tactics, techniques, and procedures (TTPs) and past activities, we attribute these compromises to the infamous Russia-aligned cyberespionage group Turla, with medium confidence."
        https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
        https://thehackernews.com/2024/05/turla-group-deploys-lunarweb-and.html
        https://therecord.media/backdoor-malware-european-government-turla-suspected

      • ViperSoftX Uses Deep Learning-Based Tesseract To Exfiltrate Information
        "AhnLab SEcurity intelligence Center (ASEC) has recently discovered ViperSoftX attackers using Tesseract to exfiltrate users’ image files. ViperSoftX is a malware strain responsible for residing on infected systems and executing the attackers’ commands or stealing cryptocurrency-related information."
        https://asec.ahnlab.com/en/65426/

      Breaches/Hacks/Leaks

      • Nissan North America Data Breach Impacts Over 53,000 Employees
        "Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. The car maker discovered the breach in early November 2023 and discovered recently that the incident exposed personal data belonging to more than 53,000 current and former employees."
        https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/

      • FBI Seize BreachForums Hacking Forum Used To Leak Stolen Data
        "The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. The seizure occurred on Wednesday morning, soon after the site was used last week to leak data stolen from a Europol law enforcement portal. The website is now displaying a message stating that the FBI has taken control over it and the backend data, indicating that law enforcement seized both the site's servers and domains."
        https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/
        https://therecord.media/breachforums-platform-seized-by-fbi-doj
        https://www.darkreading.com/threat-intelligence/fbi-doj-shut-down-breachforums-launch-investigation
        https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html
        https://www.bankinfosecurity.com/fbi-seizes-criminal-site-breachforums-a-25225
        https://cyberscoop.com/breachforums-a-key-english-language-cybercrime-forum-seized-by-the-fbi/
        https://www.hackread.com/cyber-crime-forum-breach-forums-seized-by-police/
        https://www.malwarebytes.com/blog/news/2024/05/notorious-data-leak-site-breachforums-seized-by-law-enforcement
        https://securityaffairs.com/163216/cyber-crime/fbi-seized-breachforums-hacking-forum.html
        https://www.theregister.com/2024/05/15/fbi_breachforums_ransomware/

      • Banco Santander Warns Of a Data Breach Exposing Customer Info
        "Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. With a strong presence in Spain, the United Kingdom, Brazil, Mexico, and the United States, Banco Santander is one of the largest and most significant banks in the world, known for a diverse range of financial products and services, serving over 140 million customers."
        https://www.bleepingcomputer.com/news/security/banco-santander-warns-of-a-data-breach-exposing-customer-info/
        https://www.infosecurity-magazine.com/news/santander-customer-data-compromised/
        https://www.securityweek.com/santander-data-breach-impacts-customers-employees/

      • Crook Brags About US Army And $75b Defense Biz Pwnage
        "An extortionist claims to have stolen files from the US Army Aviation and Missile Command in August 2023, and now claims they are selling access to a $75 billion aerospace and defense company. US Army Aviation and Missile Command (AMCOM) develops and maintains the Army's aviation, missile and drone capabilities"
        https://www.theregister.com/2024/05/15/us_army_contractor_data_loss/

      General News

      • Top 5 Most Dangerous Cyber Threats In 2024
        "Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multi-year supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year?"
        https://www.darkreading.com/cyber-risk/top-5-most-dangerous-cyber-threats-in-2024

      • Core Security Measures To Strengthen Privacy And Data Protection Programs
        "As privacy laws evolve globally, organizations face increasing complexity in adapting their data protection strategies to stay compliant. In this Help Net Security interview, Kabir Barday, CEO at OneTrust, emphasizes that embracing privacy by design enables organizations to navigate compliance challenges."
        https://www.helpnetsecurity.com/2024/05/15/kabir-barday-onetrust-data-privacy-compliance/

      • Cybersecurity Analysis Exposes High-Risk Assets In Power And Healthcare Sectors
        "Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty."
        https://www.helpnetsecurity.com/2024/05/15/cps-assets-vulnerability-management-approaches/

      • ESET APT Activity Report Q4 2023–Q1 2024
        "ESET APT Activity Report Q4 2023–Q1 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024. The highlighted operations are representative of the broader landscape of threats we investigated during this period, illustrating the key trends and developments, and contain only a fraction of the cybersecurity intelligence data provided to customers of ESET’s private APT reports."
        https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2023-q1-2024/
        https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q4-2023-q1-2024.pdf

      • A Third Of CISOs Have Been Dismissed “Out Of Hand” By The Board
        "Global CISOs are routinely belittled and dismissed as being overly negative by their board, according to new Trend Micro research highlighting a “credibility gap” within the function. The security vendor polled 2600 IT leaders with responsibility for cybersecurity to compile its latest report, The CISO Credibility Gap: How a Communication Breakdown in the Boardroom is Hurting Cyber-Resilience."
        https://www.infosecurity-magazine.com/news/third-cisos-dismissed-out-of-hand/
        https://www.trendmicro.com/explore/thecisocredibilitygap/2608-tl-en-rpt

      • App Store Stopped Over $7 Billion In Potentially Fraudulent Transactions In Four Years
        "Since launching the App Store in 2008, Apple has continued to invest in and develop industry-leading technologies designed to provide users with the safest and most secure experience for downloading apps, and a vibrant and innovative platform for developers to distribute their software. Today, the App Store stands at the forefront of app distribution, setting the standard for security, reliability, and user experience."
        https://www.apple.com/newsroom/2024/05/app-store-stopped-over-7-billion-usd-in-potentially-fraudulent-transactions/
        https://www.bleepingcomputer.com/news/security/apple-blocked-7-billion-in-fraudulent-app-store-purchases-in-4-years/

      • Brothers Arrested For $25 Million Theft In Ethereum Blockchain Attack
        "The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme. Anton Peraire-Bueno and James Pepaire-Bueno were arrested in Boston and New York on Tuesday on charges of wire fraud and conspiracy to commit wire fraud and money laundering. If convicted, each of them faces a maximum penalty of 20 years in prison for each count."
        https://www.bleepingcomputer.com/news/security/brothers-arrested-for-25-million-theft-in-ethereum-blockchain-attack/

      • New Cybersecurity Sheets From CISA And NSA: An Overview
        "The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments."
        https://securityintelligence.com/articles/cisa-nsa-cybersecurity-information-sheets/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)       be8ed97d-0776-4b23-a429-a9907cad891e-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post