NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 June 2024

    Cyber Security News
    2
    1
    44
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • No Way, PHP Strikes Again! (CVE-2024-4577)
        "Orange Tsai tweeted a few hours ago about “One of [his] PHP vulnerabilities, which affects XAMPP by default”, and we were curious to say the least. XAMPP is a very popular way for administrators and developers to rapidly deploy Apache, PHP, and a bunch of other tools, and any bug that could give us RCE in its default installation sounds pretty tantalizing.Fortunately, for defenders, the bug has only been exploited on Windows-based PHP installations (where PHP is specifically used in CGI mode), under some specific locales: Chinese (both simplified and traditional), and Japanese."
        https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
        https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
        https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
        https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/
        https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html
        https://www.bankinfosecurity.com/critical-php-vulnerability-threatens-windows-servers-a-25460
        https://securityaffairs.com/164302/breaking-news/php-critical-rce.html

      • POC Exploit Code Published For 9.8-Rated Apache HugeGraph RCE Flaw
        "If you haven't yet upgraded to version 1.3.0 of Apache HugeGraph, now's a good time because at least two proof-of-concept exploits for a CVSS 9.8-rated remote command execution bug in the open-source graph database have been made public. Apache HugeGraph lets developers build applications based on graph databases and is commonly used in Java 8 and Java 11 environments. In late April, the Apache Software Foundation disclosed a critical vulnerability, tracked as CVE-2024-27348, in versions of HugeGraph-Server 1.0.0 before April’s 1.3.0 release. Now exploit code to find and crack such systems is on GitHub."
        https://www.theregister.com/2024/06/07/poc_apache_hugegraph/
        https://blog.securelayer7.net/remote-code-execution-in-apache-hugegraph/
        https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9

      • 1/6 | How We Hacked Multi-Billion Dollar Companies In 30 Minutes Using a Fake VSCode Extension
        "30 minutes. 30 minutes is how long it took us to develop, publish, and polish a Visual Studio Code (The most popular IDE on the planet with over 15m monthly users) extension that changes your IDE’s colors while leaking all your source code to a remote server. We wrote the code, designed the assets, registered a domain, published the extension, generated fake reviews, got our first victim, and reached trending status on the VSCode Marketplace (A page that gets 4.5 million views a month), and confirmed to be installed inside multiple multi-billion dollar market cap companies, all within 30 minutes of work."
        https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
        https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/

      • SolarWinds Flaw Flagged By NATO Pen Tester
        "SolarWinds has released its version 2024.2, including a variety of new features and upgrades, along with patches for three different security vulnerabilities.Notably, one high-severity SWQL injection bug, tracked under CVE-2024-28996 (CVSS 7.5), was reported to SolarWinds security by Nils Putnins, a penetration tester affiliated with the North Atlantic Treaty Organization (NATO), the company reported along with the new release. The other flaws fixed in the latest SolarWinds update included a high-severity cross-site scripting flaw, tracked under CVE-2024-29004 (CVSS 7.1), and a medium-severity race condition vulnerability affecting the Web console, tracked under CVE-2024-28999 (CVSS 7.1), the company said."
        https://www.darkreading.com/vulnerabilities-threats/solarwinds-flaw-flagged-by-nato-pen-tester
        https://www.helpnetsecurity.com/2024/06/07/cve-2024-28995/
        https://www.securityweek.com/solarwinds-patches-high-severity-vulnerability-reported-by-nato-pentester/
        https://securityaffairs.com/164270/security/solarwinds-flaws-serv-u-platform.html

      • Multiple Vulnerabilities In WooCommerce Amazon Affiliates Plugin
        "This blog post is about WooCommerce Amazon Affiliates (WZone) plugin vulnerabilities. If you're a WooCommerce Amazon Affiliates (WZone) user, please deactivate and delete the plugin since there is still no known patched version."
        https://patchstack.com/articles/multiple-vulnerabilities-in-woocommerce-amazon-affiliates-plugin/
        https://www.infosecurity-magazine.com/news/security-flaws-found-woocommerce/

      Malware

      • New Agent Tesla Campaign Targeting Spanish-Speaking People
        "A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent Tesla variant targeting Spanish-speaking people. Security researchers have detected Agent Tesla campaigns from time to time for years. Agent Tesla is a well-known .Net-based Remote Access Trojan (RAT) designed to stealthily infiltrate victim’s computers and steal their sensitive information, such as their computer’s hardware information, login user information, keystrokes, email contacts, web browser cookies files, system clipboard data, screenshots, and basic information like login user name, computer name, OS information, CPU and RAM information, as well as saved credentials in widely installed software."
        https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-people
        https://hackread.com/phishing-campaign-stealthy-jpgs-drop-agent-tesla/

      • Decoding Router Vulnerabilities Exploited By Mirai: Insights From SonicWall’s Honeypot Data
        "SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks."
        https://blog.sonicwall.com/en-us/2024/06/decoding-router-vulnerabilities-exploited-by-mirai-insights-from-sonicwalls-honeypot-data/

      • Dutch Political Websites Hit By Cyber Attacks As EU Voting Starts
        "The 2024 European Parliament election started in the Netherlands today, June 6, 2024, and will continue through June 9 in the other 26 countries that are part of the European Union. Cloudflare observed DDoS attacks targeting multiple election or politically-related Internet properties on election day in the Netherlands, as well as the preceding day. These elections are highly anticipated. It’s also the first European election without the UK after Brexit."
        https://blog.cloudflare.com/dutch-political-websites-hit-by-cyber-attacks-as-eu-voting-starts
        https://www.bleepingcomputer.com/news/security/ddos-attacks-target-eu-political-parties-as-elections-begin/

      Breaches/Hacks/Leaks

      • Christie's Starts Notifying Clients Of RansomHub Data Breach
        "British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. Christie's discovered that it was the victim of a security breach that affected some of its systems on May 9, 2024. After becoming aware of the event, Christie's took measures to secure its network and hired external cybersecurity experts to help investigate the incident's impact."
        https://www.bleepingcomputer.com/news/security/christies-starts-notifying-clients-of-ransomhub-data-breach/

      • 'New York Times Source Code' Leaks Online Via 4chan
        "A 4chan user claims to have leaked 270GB of internal New York Times data, including source code, via the notorious image board. According to the unnamed netizen, the information includes "basically all source code belonging to The New York Time Company," amounting to roughly 5,000 repositories and 3.6 million files now available for download from peer-to-peer networks. Details on how to get the files were shared by the poster on 4chan."
        https://www.theregister.com/2024/06/07/4chan_nyt_code/
        https://www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/
        https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html

      • Hackers Claim They Breached Telecom Firm In Singapore
        "A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom PTE Ltd. Information Security Media Group could not immediately verify the legitimacy of the data. The sample data appear to include internal data such as login details, passwords and subscribers information."
        https://www.bankinfosecurity.com/hackers-claim-they-breached-telecom-firm-in-singapore-a-25461

      General News

      • Microsoft Reverses Course, Makes Recall Feature Opt-In Only After Security Backlash
        "Microsoft announced changes on Friday to its controversial Recall feature that will allow users to proactively opt in to the tool before it is activated on devices. Recall allows the company’s new line of Windows 11 Copilot+ devices to screenshot every action a person takes on their PC. Microsoft CEO Satya Nadella hailed the tool as a way to “recreate moments from the past” — allowing customers to look back on their previous actions and search for things they may have forgotten."
        https://therecord.media/microsoft-reverses-course-recall-opt-in
        https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/
        https://www.securityweek.com/microsoft-bows-to-public-pressure-disables-controversial-windows-recall-by-default/
        https://www.helpnetsecurity.com/2024/06/07/windows-recall-changes/
        https://www.zdnet.com/article/after-brutal-critiques-microsoft-recall-will-get-these-major-privacy-and-security-changes/
        https://www.theregister.com/2024/06/07/microsoft_recall_changes/
        https://thehackernews.com/2024/06/microsoft-revamps-controversial-ai.html

      • Developing a Plan To Respond To Critical CVEs In Open Source Software
        "In 2020, the SolarWinds incident served as a wake-up call for the tech industry, highlighting the urgent need for organizations to refine their response strategies to critical CVEs (common vulnerabilities and exposures) and security incidents. It prompted many companies to scrutinize their operational frameworks, particularly the transparency and security of their open source supply chain. Organizations recognized the critical need to bridge gaps in their processes and to empower developers with the knowledge of secure development practices, and began figuring out how to guide developers to using secure open source components."
        https://www.darkreading.com/vulnerabilities-threats/developing-plan-to-respond-to-critical-cves-open-source-software

      • Cyber Insurance Isn’t The Answer For Ransom Payments
        "Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack, according to Veeam. “Ransomware is endemic, impacting 3 out of 4 organizations in 2023. AI is now enabling the creation of smarter, more advanced security, but it’s also facilitating growth in the volume of sophistication of attacks,” said Dave Russell, SVP, Head of Strategy at Veeam."
        https://www.helpnetsecurity.com/2024/06/07/ransomware-attacks-impact-cost-on-organizations/

      • 26% Of Organizations Lack Any Form Of IT Security Training
        "26% of organizations don’t provide IT security training to end-users, according to Hornetsecurity. The Hornetsecurity survey, which compiled feedback from industry professionals worldwide, also reveals that 8% of organizations offer adaptive training that evolves based on the results of regular security tests."
        https://www.helpnetsecurity.com/2024/06/07/organizations-it-security-training-effectiveness/

      • #Infosec2024: Cyber Resilience Means Being Willing To Learn From a Crisis
        "Most CISOs now plan on the basis that a cyber-attack or data breach will happen, but there is still work to do to if organizations are to survive a crisis and recover, warned industry experts. Effective cyber crisis management is a key part of resilience. According to a panel of CISOs and cyber experts at Infosecurity Europe, security leaders need to develop, update and above all rehearse their crisis management plans."
        https://www.infosecurity-magazine.com/news/infosec2024-cyber-resilience-learn/

      • #Infosec2024: Collaboration Is Key To An Effective Security Culture
        "Security leaders need to foster a culture where their colleagues do more than just follow the rules, according to a CISO panel at Infosecurity Europe. Creating a security culture is about more than just encouraging people in the business to report incidents, although this remains important. CISOs should also aim to create environments where the business actively looks to work with security teams. This, in turn, means explaining how security helps everyone in the business meet their goals."
        https://www.infosecurity-magazine.com/news/infosec2024-collaboration-security/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 7e22738d-ed33-465a-b825-4cd992c56550-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post