NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 June 2024

    Cyber Security News
    2
    1
    110
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector
      • MicroDicom DICOM Viewer
        "Successful exploitation of these vulnerabilities could allow an attacker to both retrieve and plant medical image files on a victim's system and cause a stack-based buffer overflow, which could result in sensitive information disclosure and arbitrary code execution."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-163-01
      Industrial Sector

      • Intrado 911 Emergency Gateway
        "Successful exploitation of this vulnerability could allow an attacker to execute malicious code, exfiltrate data, or manipulate the database."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-04

      • Rockwell Automation ControlLogix, GuardLogix, And CompactLogix
        "Successful exploitation of this vulnerability could compromise the availability of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-01

      • AVEVA PI Web API
        "Successful exploitation of this vulnerability could allow an attacker to perform remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-02
        AVEVA PI Asset Framework Client
        "Successful exploitation of this vulnerability could allow malicious code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-163-03

      Vulnerabilities

      • Microsoft June 2024 Patch Tuesday Fixes 51 Flaws, 18 RCEs
        "Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. This Patch Tuesday fixed 18 RCE flaws but only one critical vulnerability, a remote code execution vulnerability in Microsoft Message Queuing (MSMQ)."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2024-patch-tuesday-fixes-51-flaws-18-rces/
        https://www.cisa.gov/news-events/alerts/2024/06/11/microsoft-releases-june-2024-security-updates
        https://www.tripwire.com/state-of-security/vert-threat-alert-june-2024-patch-tuesday-analysis
        https://blog.talosintelligence.com/only-one-critical-issue-disclosed-as-part-of-microsoft-patch-tuesday/
        https://www.darkreading.com/vulnerabilities-threats/critical-msmq-rce-bug-microsoft-servers-complete-takeover
        https://www.helpnetsecurity.com/2024/06/11/cve-2024-30080-cve-2024-30103/
        https://www.securityweek.com/patch-tuesday-remote-code-execution-flaw-in-microsoft-message-queuing/
        https://www.theregister.com/2024/06/12/june_patch_tuesday/

      • Adobe Plugs Code Execution Holes In After Effects, Illustrator
        "Software maker Adobe on Tuesday rolled out patches to fix security defects in several products and warned of the risk of code execution attacks on Windows and macOS platforms. As part of its scheduled Patch Tuesday updates, Adobe documented six security issues affecting three widely deployed products — Adobe Photoshop, Adobe After Effects and Adobe Illustrator — that could be exploited to take control of unpatched machines."
        https://www.securityweek.com/adobe-plugs-code-execution-holes-in-after-effects-illustrator/

      • Fortinet Releases Security Updates For FortiOS
        "Fortinet has released security updates to address a vulnerability in FortiOS. A cyber threat actor could exploit this vulnerability to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/06/11/fortinet-releases-security-updates-fortios
        https://www.fortiguard.com/psirt/FG-IR-23-460

      • QR Code SQL Injection And Other Vulnerabilities In a Popular Biometric Terminal
        "Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scanner analysis. These approaches are admittedly fairly well known and applied to analysis of any type of device."
        https://securelist.com/biometric-terminal-vulnerabilities/112800/
        https://www.bankinfosecurity.com/chinese-made-biometric-access-system-has-24-vulnerabilities-a-25490

      • JetBrains Warns Of IntelliJ IDE Bug Exposing GitHub Access Tokens
        "JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. Tracked as CVE-2024-37051, this security flaw affects all IntelliJ-based IDEs from 2023.1 onwards, where the JetBrains GitHub plugin is enabled and configured/used."
        https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
        https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
        https://www.helpnetsecurity.com/2024/06/11/cve-2024-37051/

      • You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes As Email Is Opened
        "In the ever-evolving landscape of cybersecurity, staying ahead of threats is paramount. At Morphisec, our team of dedicated researchers continuously strives to identify and mitigate emerging vulnerabilities to protect organizations worldwide. Morphisec Threat Labs researchers are disclosing a critical discovery that underscores the importance of timely updates and proactive security measures."
        https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

      • SAP Patches High-Severity Vulnerabilities In Financial Consolidation, NetWeaver
        "Enterprise software maker SAP on Tuesday announced the release of ten new and two updated security notes as part of its June 2024 Security Patch Day. SAP’s new set of patches includes two high-priority security notes, the most severe of which addresses a cross-site scripting (XSS) bug in Financial Consolidation. According to application security firm Onapsis, the security note addresses two XSS flaws in SAP’s product, collectively tracked as CVE-2024-37177 (CVSS score of 8.1)."
        https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-financial-consolidation-netweaver/

      • Apple Patches Vision Pro Vulnerability Used In Possibly ‘First Ever Spatial Computing Hack’
        "Apple on Monday updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product. visionOS 1.2 patches nearly two dozen vulnerabilities. However, a vast majority of them are in components that visionOS shares with other Apple products, such as iOS, macOS and tvOS."
        https://www.securityweek.com/apple-patches-vision-pro-vulnerability-used-in-first-ever-spatial-computing-hack/

      Malware

      • RansomHub. Because Every Abandoned Affiliate Needs a Home.
        "Sometimes life just isn’t fair. One day, you’re an intrepid little ALPHV/BlackCat affiliate going about your business and trying to make a dishonest living. The next, your partner-in-cybercrime scores big and closes shop, leaving you with no brand, no infrastructure, and no dignity. Where do you go from there? No worries, all abandoned affiliates are welcome to join RansomHub, a relatively new ransomware brand that many experienced threat actors now call home."
        https://blog.barracuda.com/2024/06/10/ransomhub--because-every-abandoned-affiliate-needs-a-home-

      • Noodle RAT: Reviewing The New Backdoor Used By Chinese-Speaking Groups
        "Since 2022, we have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, we unearthed the truth: this backdoor is not merely a variant of existing malware, but is a new type altogether. We suspect it is being used by Chinese-speaking groups engaged in either espionage or cybercrime. We dubbed this formerly undocumented malware as “Noodle RAT.”"
        https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html

      • Technical Analysis Of The Latest Variant Of ValleyRAT
        "ValleyRAT is a remote access trojan (RAT) that was initially documented in early 2023. Its main objective is to infiltrate and compromise systems, providing remote attackers with unauthorized access and control over infected machines. ValleyRAT is commonly distributed through phishing emails or malicious downloads. In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs. Zscaler ThreatLabz recently identified a new campaign delivering the latest version of ValleyRAT, which involves multiple stages."
        https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat
        https://thehackernews.com/2024/06/china-linked-valleyrat-malware.html

      • Dipping Into Danger: The WARMCOOKIE Backdoor
        "Elastic Security Labs observed a wave of email campaigns in late April targeting environments by deploying a new backdoor we’re calling WARMCOOKIE based on data sent through the HTTP cookie parameter. During initial triage, our team identified code overlap with a previously publicly reported sample by eSentire. The unnamed sample (resident2.exe) discussed in the post appears to be an older or deviated version of WARMCOOKIE. While some features are similar, such as the implementation of string obfuscation, WARMCOOKIE contains differing functionality. Our team is seeing this threat distributed daily with the use of recruiting and job themes targeting individuals."
        https://www.elastic.co/security-labs/dipping-into-danger
        https://www.bleepingcomputer.com/news/security/new-warmcookie-windows-backdoor-pushed-via-fake-job-offers/
        https://www.darkreading.com/cyberattacks-data-breaches/warmcookie-cyberattackers-backdoor-initial-access

      • Update: CVE-2024-4577 Quickly Weaponized To Distribute “TellYouThePass” Ransomware
        "Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the “TellYouThePass” ransomware campaign."

      https://www.imperva.com/blog/update-cve-2024-4577-quickly-weaponized-to-distribute-tellyouthepass-ransomware/
      https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/
      https://www.bankinfosecurity.com/ransomware-gang-tellyouthepass-exploits-php-vulnerability-a-25491

      • What a Show! An Amplified Internet Scale DNS Probing Operation
        "A global scale domain name system (DNS) probing operation that targets open resolvers has been underway since at least June 2023. We analyzed queries to Infoblox and many other recursive DNS resolvers in January 2024. While there are numerous commercial and academic DNS measurement operations conducted daily on the internet, this one stood out because of its size and the invasive structure of the queries. These probes utilize name servers in the China Education and Research Network (CERNET) to identify open DNS resolvers and measure how they react to different responses."
        https://blogs.infoblox.com/threat-intelligence/what-a-show-an-amplified-internet-scale-dns-probing-operation/
        https://thehackernews.com/2024/06/chinese-actor-secshow-conducts-massive.html

      • **##### Breaches/Hacks/Leaks

      • Pure Storage Confirms Data Breach After Snowflake Account Hack**
        "Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information. While the exposed information also included customer names, usernames, and email addresses, it did not contain credentials for array access or any other data stored on customer systems."
        https://www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack/
        https://www.theregister.com/2024/06/11/pure_storage_snowflake_breach/

      • Crypto Platform UwU Lend Dealing With $20 Million Theft
        "The UwU Lend crypto platform says it has made an offer to a hacker behind the theft of nearly $20 million worth of ETH. Early on Monday, several blockchain security companies reported an issue with the platform, warning that someone appeared to be siphoning what amounted to $19.3 million worth of ETH. UwU Lend is a decentralized finance (DeFi) protocol that allows people to deposit and borrow cryptocurrency."
        https://therecord.media/uwu-lend-reimbursing-crypto-theft-customers

      General News

      • Cloud Migration Expands The CISO Role Yet Again
        "The CISO role used to be focused primarily on information security — creating and implementing policies to safeguard an organization’s data and IT infrastructure from cybersecurity threats. However, as organizations rapidly migrate to cloud environments, the responsibilities and challenges for CISOs have expanded significantly. The cloud both increases the overall attack surface and introduces new compliance challenges."
        https://www.helpnetsecurity.com/2024/06/11/cisos-grc-frameworks/

      • Security Providers View Compliance As a High-Growth Opportunity
        "85% of managed service and security providers face significant challenges maintaining compliance for customers, with lack of resources, expertise, or technology cited as the most common roadblocks to offering managed compliance, according to Apptega."
        https://www.helpnetsecurity.com/2024/06/11/security-compliance-maintaining-challenges/

      • The CEO Is Next
        "If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity."
        https://www.darkreading.com/cybersecurity-operations/the-ceo-is-next

      • Phishing Attacks Targeting US And European Organizations Double
        "Phishing continues to be one of the most favored ways of compromising systems for hacking groups, Abnormal Security has found. In its latest report, Email Security Threats in Europe: Insights into Attack Trends, the email security provider observed that the volume of phishing attacks targeting organizations in Europe increased by 112.4% between April 2023 and April 2024. In the US, they rose by 91.5% over the same period."
        https://www.infosecurity-magazine.com/news/phishing-attacks-us-europe-double/

      *** When Things Go Wrong: A Digital Sharing Warning For Couples**
      "“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice."
      https://www.malwarebytes.com/blog/news/2024/06/when-things-go-wrong-a-digital-sharing-warning-for-couples

      • Top 10 Critical Pentest Findings 2024: What You Need To Know
        "One of the most effective ways for information technology (IT) professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's security posture, revealing weaknesses that could potentially lead to data breaches or other security incidents."
        https://thehackernews.com/2024/06/top-10-critical-pentest-findings-2024.html
        https://www.vonahi.io/pentest-report-2024

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 27e4db8a-eea7-447a-8a10-fc0e67daa538-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post