NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 June 2024

    Cyber Security News
    2
    1
    73
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector
      • Healthcare Cybersecurity Needs a Check Up
        "In May 2021, San Diego-based hospital system Scripps Health suffered a massive ransomware attack lasting almost four weeks. The attack compromised the personal data of roughly 150,000 patients, and all five hospitals operated by Scripps Health faced significant limitations on their ability to provide care. With their data-sharing systems offline, hospital staff had to use paper records. Patients requiring emergency care had to be diverted to other hospitals. Not only did the attack cost Scripps Health a record $112 million in remediation costs and lost revenue, but the diversion of patients to other facilities resulted in overcrowding and degraded care."
        https://www.fdd.org/analysis/2024/06/04/healthcare-cybersecurity-needs-a-check-up/
        https://cyberscoop.com/rural-hospital-ransomware-cyber/
      Industrial Sector
      • Uniview NVR301-04S2-P4
        "An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01
      Vulnerabilities

      • Snowflake Recommends Customers Take Steps To Prevent Unauthorized Access
        "On June 2, Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access."
        https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access
        https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information
        https://thehackernews.com/2024/06/snowflake-warns-targeted-credential.html

      • Five New Vulnerabilities Found In Zyxel NAS Devices (including Code Execution And Privilege Escalation)
        "In August 2023, I started investigating CVE-2023-27992, a pre-authentication command injection found in some Zyxel NAS devices. Back then, IBM had yet to release their awesome blog post so I ended up taking an approach practically identical to Darren Martyn’s, and coincidentally, IBMs’ approach of finding the files (download the vulnerable firmware, unpack it with binwalk and compare the files to newer versions to figure out what changed). We also purchased an affected device for integration testing. Extracting the firmware files was made easier with that, since I could now just ssh into it and access the files."
        https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
        https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-nas-products-06-04-2024
        https://www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/

      • TikTok Fixes Zero-Day Bug Used To Hijack High-Profile Accounts
        "Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness."
        https://www.bleepingcomputer.com/news/security/tiktok-fixes-zero-day-bug-used-to-hijack-high-profile-accounts/
        https://therecord.media/tiktok-exploit-high-profile-accounts

      • 37 Vulnerabilities Patched In Android
        "Google this week started rolling out the June 2024 set of monthly security updates for Android, with patches for 37 vulnerabilities, including multiple high-severity elevation of privilege bugs. The first part of this month’s security update, which arrives on devices as the 2024-06-01 security patch level, resolves 19 flaws in the Framework and System components."
        https://www.securityweek.com/37-vulnerabilities-patched-in-android/

      Malware

      • DarkGate Again But... Improved?
        "During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans (RATs) by malicious actors. However, this momentum also required continuous updates to not only include the latest capabilities, but also to try to stay off the radar of security applications. Something we discussed in a blog published at the end of the previous year."
        https://www.trellix.com/blogs/research/darkgate-again-but-improved/
        https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html

      • FBI Warns Of Fake Remote Work Ads Used For Cryptocurrency Fraud
        "Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. These work-from-home scams are designed to lure potential victims with easy-to-accomplish tasks like rating various businesses online or "optimizing" a service."
        https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-remote-work-ads-used-for-cryptocurrency-fraud/
        https://www.ic3.gov/Media/Y2024/PSA240604

      • Hurdling Over Hazards: Multifaceted Threats To The Paris Olympics
        "The 2024 Paris Olympic Games face numerous threats due to their high-profile nature and international significance. Insikt Group's research identifies several key risks: cybercriminals targeting critical sectors with ransomware, hacktivists aiming to disrupt due to geopolitical conflicts, and state actors engaging in espionage and influence operations. Extensive security measures are in place to counter terrorist threats, but the event remains a potential target for violent extremists and opportunistic criminal groups."
        https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics
        https://go.recordedfuture.com/hubfs/reports/cta-2024-0604.pdf
        https://therecord.media/paris-olympics-cyberattacks-researchers-warn
        https://www.bankinfosecurity.com/russian-cyberthreat-looms-over-paris-olympics-a-25402

      • Lost In The Fog: A New Ransomware Threat
        "On May 2, 2024, Arctic Wolf Labs began monitoring deployment of a new ransomware variant referred to as Fog. The ransomware activity was observed in several Arctic Wolf Incident Response cases, each exhibiting similar elements. All victim organizations were located in the United States, 80% of which were in the education sector and 20% in the recreation sector. We are sharing details of this emerging variant to help organizations defend against this threat. Please note that we may add further detail to this article as we uncover additional information in our ongoing investigation."
        https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/
        https://www.darkreading.com/threat-intelligence/fog-ransomware-rolls-in-to-target-education-recreation-sectors

      • Utility Scams Update
        "Back in February, we reported on malicious ads related to utility bills (electricity, gas) that direct victims to call centers where scammers will collect their identity and try to extort money from them. A few months later, we checked and were able to find as many Google ads as before, following very much the same pattern. In addition, we can see that miscreants are trying to legitimize their operations by creating fake U.S.-based entities."
        https://www.malwarebytes.com/blog/scams/2024/06/utility-scams-update

      • INC Ransomware Behind Linux Threat
        "This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago."
        https://blog.sonicwall.com/en-us/2024/06/inc-ransomware-the-latest-linux-threat/

      • Hellhounds: Operation Lahat. Part 2
        "In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies' infrastructure: Operation Lahat. The report focused on the group's attacks on Linux hosts that relied on a new backdoor known as Decoy Dog. Hellhounds carried on attacks on organizations located in Russia, scoring at least 48 confirmed victims by Q2 2024."
        https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/
        https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html

      • UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry Of Defence
        "Mandiant Threat Intelligence has uncovered a persistent information operation called “Ghostwriter/UNC1151,” which is part of a larger influence campaign supporting Russian security interests and promoting narratives critical of NATO. Active since at least March 2017, this campaign mainly targets audiences in Ukraine, Lithuania, Latvia, and Poland, disseminating false information via compromised websites and spoofed email accounts. UNC1151 has been associated with the Belarusian government."
        https://cyble.com/blog/unc1151-strikes-again-unveiling-their-tactics-against-ukraines-ministry-of-defence/
        https://therecord.media/belarus-hackers-ukraine-ministry-defense

      • Inside The Box: Malware’s New Playground
        "Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. BoxedApp products are commercial packers that provide advanced features such as Virtual Storage (Virtual File System, Virtual Registry), Virtual Processes, and a universal instrumentation system (WIN/NT API hooking). Even though BoxedApp has been commercially available for a while, in the past year we detected a significant increase in its abuse to deploy numerous known malware families, primarily related to RATs and stealers. The majority of the attributed malicious samples targeted financial institutions and government industries."
        https://research.checkpoint.com/2024/inside-the-box-malwares-new-playground/
        https://www.theregister.com/2024/06/04/cybercriminals_abusing_boxedapp/

      Breaches/Hacks/Leaks

      • Australian Mining Company Discloses Breach After BianLian Leaks Data
        "Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. Northern Minerals is an Australian company focused on the exploration and development of heavy rare earth elements (HRE), specifically dysprosium and terbium, used in electronics, batteries, and aircraft."
        https://www.bleepingcomputer.com/news/security/australian-mining-company-discloses-breach-after-bianlian-leaks-data/

      • Major London Hospitals Disrupted By Synnovis Ransomware Attack
        "A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London. While Synnovis has yet to issue a public statement regarding the June 3 ransomware attack, memos sent by partner hospitals affected by the attack revealed that this "ongoing critical incident" has had a "major impact" on healthcare services across southeast London."
        https://www.bleepingcomputer.com/news/security/major-london-hospitals-disrupted-by-synnovis-ransomware-attack/
        https://therecord.media/london-hospitals-ransomware-attack-critical-incident-declared
        https://www.infosecurity-magazine.com/news/london-hospitals-cancel-operations/
        https://www.theregister.com/2024/06/04/suspected_cyberattack_hits_major_london/
        https://www.bankinfosecurity.com/uk-vendors-attack-disrupts-care-at-london-nhs-hospitals-a-25410
        https://hackread.com/london-nhs-ransomware-hospitals-targeted/
        https://securityaffairs.com/164142/cyber-crime/ransomware-attack-synnovis-london-hospitals.html
        https://www.itnews.com.au/news/london-hospital-services-impacted-by-ransomware-incident-608555

      • Hackers Claim They Breached Australian Logistics Company
        "Financially motivated hackers with a track record of data breaches claimed on a criminal forum to have stolen data from Australian logistics company Victorian Freight Specialists. The threat actor known as GhostR claimed in a Tuesday post on BreachForums that the group possesses 846 gigabytes of company data taken on May 26. Sample data appears to include internal data taken from an SQL database and screenshots of logon screens."
        https://www.bankinfosecurity.com/hackers-claim-they-breached-australian-logistics-company-a-25408

      • Collection Agency FBCS Ups Data Breach Tally To 3.2 Million People
        "Debt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February. FBCS is a nationally licensed debt collection agency in the U.S., specializing in collecting unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach incident on February 14, 2024."
        https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-ups-data-breach-tally-to-32-million-people/
        https://www.securityweek.com/number-of-people-impacted-by-fbcs-data-breach-increases-to-3-2-million/
        https://www.malwarebytes.com/blog/news/2024/06/debt-collection-agency-fbcs-leaks-information-of-3-million-us-citizens

      • Cyberattack May Have Hit 22 B.C. Government Email Boxes: Province
        "B.C.'s public safety minister says a series of cyberattacks on government systems conducted at the behest of a foreign state in recent months may have hit 22 email boxes containing sensitive information about 19 people. While saying little about the origins or motivations behind the attack, Mike Farnworth held a brief news conference Monday to detail the latest findings from investigations into the incidents."
        https://www.cbc.ca/news/canada/british-columbia/farnworth-cybersecurity-attack-security-1.7223125
        https://therecord.media/british-columbia-government-email-hack

      • Cyberattack Disrupts Operations Of Supermarkets Across Russia
        "A popular Russian discount retail chain with over 1,000 stores nationwide was hit by a cyberattack over the weekend that disrupted its services for several days. The supermarket chain Verny (“loyal” in Russian) confirmed the hack to several local news websites, adding they are still working to fully restore operations. The unknown attackers took down the company's website and mobile app. Due to the attack, Verny’s supermarkets couldn’t process bank cards or receive and deliver online orders, according to the reports."
        https://therecord.media/cyberattack-disrupts-supermarket-operations-russia

      General News

      • Security Challenges Mount As As Companies Handle Thousands Of APIs
        "Modern applications are taking over enterprise portfolios, with apps classed as modern now making up 51% of the total, up by more than a quarter in the last year, according to F5."
        https://www.helpnetsecurity.com/2024/06/04/companies-api-management-security/

      • #Infosec2024: UK Businesses Faced With Month-Long Recoveries From Supply Chain Attacks
        "Nearly two in five organizations (38%) grapple with month-long recovery times after falling victim to an attack targeting their software supply chain, according to new research by BlackBerry launched at Infosecurity Europe 2024. The survey of 200 IT decision-makers and cybersecurity leaders found that 74% of UK IT decision-makers have received a notification of an attack or vulnerability in their supply chain of software in the last 12 months."
        https://www.infosecurity-magazine.com/news/uk-businesses-recoveries-supply/

      • #Infosec2024: Conflicts Drive DDoS Attack Surge In EMEA
        "DDoS attacks have risen sharply in Europe, the Middle East and Africa (EMEA), surpassing North America as the most targeted region in Q1 2024, according to a new Akamai report launched at Infosecurity Europe 2024. EMEA is the only region of the world where DDoS attacks have consistently risen since 2019. This has partly been driven by the ongoing Russia-Ukraine war and more recently the Israel-Hamas conflict, the researchers noted."
        https://www.infosecurity-magazine.com/news/conflicts-drive-ddos-attacks-emea/

      • Ticketmaster Breach Showcases SaaS Data Security Risks
        "MFA and other mechanisms are critical to protect against unauthorized access to data in cloud application environments, but businesses still fall down on the job."
        https://www.darkreading.com/cloud-security/ticketmaster-breach-showcases-saas-data-security-risks

      • Perfecting The Proactive Security Playbook
        "Any good sports coach will tell you a playbook is a critical tool in ensuring a team's continued success — and the same applies to cybersecurity. Without an effective security playbook, organizations expose themselves to vulnerabilities by not preparing for potential outcomes, ramifications, and remediations. To stay ahead of bad actors and combat emerging attacks, security leaders must turn the focus from being reactive to being proactive — which starts with creating a comprehensive security playbook."
        https://www.darkreading.com/vulnerabilities-threats/perfecting-proactive-security-playbook

      • Account Takeovers Outpace Ransomware As Top Security Concern
        "A recent survey conducted by Abnormal Security has spotlighted account takeover attacks as the foremost threat facing today’s organizations. According to the company’s 2024 State of Cloud Account Takeover Attacks report, 83% of organizations experienced at least one account takeover in the past year. The report, based on responses from over 300 security professionals across diverse industries and organization sizes globally, also revealed that 77% of security leaders rank account takeover attacks among their top four cyber-threats."
        https://www.infosecurity-magazine.com/news/ato-outpace-ransomware-top/
        https://abnormalsecurity.com/resources/state-of-cloud-account-takeover-attacks

      • A SANS's 2024 Threat-Hunting Survey Review
        "In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year."
        https://www.trendmicro.com/en_us/research/24/f/sans-2024-threat-hunting-survey-review.html

      • The Murky World Of Password Leaks – And How To Check If You’ve Been Hit
        "Recently, I came across a report detailing “the mother of all breaches” – or to be more exact, the leak of a vast compilation of data that was stolen during a number of attacks on various companies and online services, including LinkedIn and Twitter (now X). The data cache reportedly comprised an astonishing 26 billion records that were replete with a range of sensitive information, including government data and people’s login credentials."
        https://www.welivesecurity.com/en/how-to/the-murky-world-of-password-leaks-and-how-to-check-if-youve-been-hit/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) be794e45-edfb-4045-a7a9-9e0bd5367bb0-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post