NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 18 June 2024

    Cyber Security News
    2
    1
    59
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities
      • New ARM 'TIKTAG' Attack Impacts Google Chrome, Linux Systems
        "A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. The paper, co-signed by a team of Korean researchers from Samsung, Seoul National University, and the Georgia Institute of Technology, demonstrates the attack against Google Chrome and the Linux kernel. MTE is a feature added in the ARM v8.5-A architecture (and later), designed to detect and prevent memory corruption."
        https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/
        https://arxiv.org/pdf/2406.08719
        https://www.theregister.com/2024/06/18/arm_memory_tag_extensions_leak/
      Malware

      • Malicious Emails Trick Consumers Into False Election Contributions
        "Major regional and global events – such as military exercises, political or economic summits, political conventions, and elections – drove cyber threat activities, according to Trellix."
        https://www.helpnetsecurity.com/2024/06/17/global-cyber-threat-activities/

      • Backdoor BadSpace Delivered By High-Ranking Infected Websites
        "Imagine visiting your favorite website with the same address that you always use and it tells you that your browser needs an update. After downloading and executing the update, there's an unwelcome surprise: the BadSpace backdoor. What is this new threat capable of, and how is it eerily similar to a warm cookie?"
        https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
        https://thehackernews.com/2024/06/hackers-exploit-legitimate-websites-to.html

      • From Clipboard To Compromise: A PowerShell Self-Pwn
        "Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware. Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various information stealers."
        https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn
        https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/
        https://www.helpnetsecurity.com/2024/06/17/social-engineering-malware-installation/

      • China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers For Persistence
        "In late 2023, a large organization was the victim of a serious cyber attack. Sygnia’s forensic investigation into the attack revealed a sophisticated threat actor who exhibited robust capabilities and employed a methodical approach. The evidence gathered suggests the involvement of a China-nexus state-sponsored threat actor."
        https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/
        https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/
        https://thehackernews.com/2024/06/china-linked-hackers-infiltrate-east.html
        https://www.darkreading.com/cyberattacks-data-breaches/china-velvet-ant-apt-multiyear-espionage
        https://securityaffairs.com/164598/apt/velvet-ant-malware-target-f5-big-ip.html

      Breaches/Hacks/Leaks
      • Los Angeles Public Health Department Discloses Large Data Breach
        "Los Angeles County Department of Public Health (DPH) has disclosed a data breach impacting more than 200,000 individuals. The data stolen includes personal, medical and financial information. The incident, which took place between February 19 and 20, 2024, was caused by an attacker gaining the log-in credentials of 53 Public Health employees through a phishing email."
        https://www.infosecurity-magazine.com/news/los-angeles-health-data-breach/
        https://www.darkreading.com/remote-workforce/la-county-dept-of-public-health-data-breach-impacts-200k
        https://securityaffairs.com/164585/data-breach/la-countys-department-of-public-health-dph-data-breach.html
        https://www.securityweek.com/200000-impacted-by-data-breach-at-los-angeles-county-public-health-agency/
      General News

      • Low Code, High Stakes: Addressing SQL Injection
        "Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies that lack mature code, and a growing use of open-source code that diminishes control for developers."
        https://www.helpnetsecurity.com/2024/06/17/sqli-attacks/

      • The Rise Of SaaS Security Teams
        "In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms."
        https://www.helpnetsecurity.com/2024/06/17/hillary-baron-csa-saas-security-teams/

      • Empire Market Owners Charged For Enabling $430M In Dark Web Transactions
        "Two men have been charged in a Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions between February 2018 and August 2020. Empire Market was a popular dark web marketplace that sold illegal drugs, chemicals, jewelry, credit card numbers, counterfeit money bills, malware, and other illicit goods, offering payment options including Monero, Litecoin, and Bitcoin."
        https://www.bleepingcomputer.com/news/legal/empire-market-owners-charged-for-enabling-430m-in-dark-web-transactions/
        https://therecord.media/empire-market-suspects-charged-potential-life-sentences
        https://securityaffairs.com/164619/deep-web/empire-market-owners-charged.html
        https://www.theregister.com/2024/06/17/empire_market_arrests/

      • Hackers Plead Guilty After Breaching Law Enforcement Portal
        "Two hackers pleaded guilty Monday in federal court to conspiring to commit computer intrusion and aggravated identity theft. Authorities said they used a law enforcement officer's stolen password to gain unauthorized access to a nonpublic portal maintained by a U.S. law enforcement agency, according to the Justice Department."
        https://www.bankinfosecurity.com/hackers-plead-guilty-after-breaching-law-enforcement-portal-a-25544

      • Ratted Out: Group-IB Contributes To Operation DISTANTHILL Leading To The Arrest Of 16 Cybercriminals Behind The Android Remote Access Trojan Campaigns Resulting In Over US$25 Million In Financial Losses Across Southeast Asia
        "Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced today that it contributed to a joint operation by the Singapore Police Force (SPF), the Hong Kong Police Force (HKPF) and the Royal Malaysia Police (RMP). Dubbed “Operation DISTANTHILL”, it culminated in the arrest of the cyber fraud syndicates that were responsible for an Android Remote Access Trojan (RAT) campaign which gained notoriety in Singapore and Hong Kong in 2023. In the lead-up to the operation, Group-IB spent months collecting and analysing the data derived from the Android trojans, uncovering the scale of the cybercriminals network used for attacks and its administrators."
        https://www.group-ib.com/media-center/press-releases/operation-distanthill/
        https://www.bankinfosecurity.com/police-dismantle-asian-crime-ring-behind-25m-android-fraud-a-25541

      • Addressing Misinformation In Critical Infrastructure Security
        "The Francis Scott Key Bridge collapse in Baltimore, Md., in late March sent shockwaves through the country. Almost immediately, there was widespread speculation and conspiracy theories regarding its cause, including fears of a cyberattack. Although investigations ruled out deliberate sabotage, the incident raised public concern about the vulnerability of physical infrastructure."
        https://www.darkreading.com/cyber-risk/addressing-misinformation-in-critical-infrastructure-security

      • Space: The Final Frontier For Cyberattacks
        "A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race."
        https://www.darkreading.com/cyber-risk/space-final-frontier-cyberattacks

      • Academics Develop Testing Benchmark For LLMs In Cyber Threat Intelligence
        "Large language models (LLMs) are increasingly used for cyber defense applications, although concerns about their reliability and accuracy remain a significant limitation in critical use cases. A team of researchers from the Rochester Institute of Technology (RIT) launched CTIBench, the first benchmark designed to assess the performance of LLMs in cyber threat intelligence applications."
        https://www.infosecurity-magazine.com/news/testing-benchmark-llm-cyber-threat/

      • Online Job Offers, The Reshipping And Money Mule Scams
        "Often, behind these enticing offers are pyramid schemes in which profits are generated through the recruitment of new participants, rather than through actual service, sometimes even causing significant financial losses. Other false offers may require initial investment without ever seeing a significant return or promise job opportunities with hidden fees. t is into this scenario that illicit practices such as moneny mules and reshipping scams can fit."
        https://securityaffairs.com/164566/security/online-job-offers-reshipping-money-mule-scams.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) e0e22acd-d269-48b4-bd25-4ea33e4092f8-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post