NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 July 2024

    Cyber Security News
    2
    1
    58
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • MySCADA MyPRO
        "Successful exploitation of this vulnerability could allow an attacker to remotely execute code on the affected device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02

      • Johnson Controls Kantech Door Controllers
        "Successful exploitation of this vulnerability could allow an attacker to gain access to sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-01

      • ICONICS And Mitsubishi Electric Products
        "Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-03

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog

      • Securing Passkeys: Thwarting Authentication Method Redaction Attacks
        "In the past year, the uptake of passkeys has surged, with industry giants such as Apple, Microsoft and Google championing their adoption. Joe Stewart, Principal Security Researcher with eSentire’s Threat Response Unit (TRU), has been reviewing many of the leading software providers’ implementation of passkey technology and their current “authentication process.”"
        https://www.esentire.com/blog/securing-passkeys-thwarting-authentication-method-redaction-attacks
        https://www.darkreading.com/cloud-security/passkey-redaction-attacks-subvert-github-microsoft-authentication

      • Splunk Patches High-Severity Vulnerabilities In Enterprise Product
        "Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful exploitation. The first of them, tracked as CVE-2024-36985, could be exploited by a low-privileged user through a lookup that likely references the ‘splunk_archiver’ application. The issue affects Splunk Enterprise versions 9.2.x, 9.1.x, and 9.0.x."
        https://www.securityweek.com/splunk-patches-high-severity-vulnerabilities-in-enterprise-product/

      • Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
        "Google has released patches for 25 documented security vulnerabilities in the Android operating system, including a critical-severity flaw in the Framework component. The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in an advisory."
        https://www.securityweek.com/google-patches-25-android-flaws-including-critical-privilege-escalation-bug/

      Malware
      • Hijacked: How Hacked YouTube Channels Spread Scams And Malware
        "As one of today’s most popular social media platforms, YouTube is often in the crosshairs of cybercriminals who exploit it to peddle scams and distribute malware. The lures run the gamut, but often involve videos posing as tutorials about popular software or ads for crypto giveaways. In other scenarios, fraudsters embed links to malicious websites in video descriptions or comments, disguising them as genuine resources related to the video’s content."
        https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/
      Breaches/Hacks/Leaks

      • Patelco Shuts Down Banking Systems Following Ransomware Attack
        "Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. Patelco is an American credit union with assets exceeding $9 billion. It offers a wide range of financial services, including checking and savings accounts, loans, credit cards, investment services, and insurance plans."
        https://www.bleepingcomputer.com/news/security/patelco-shuts-down-banking-systems-following-ransomware-attack/

      • Affirm Says Cardholders Impacted By Evolve Bank Data Breach
        "Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). Affirm is a fintech firm that provides consumer-friendly alternatives to traditional credit options. It also offers point-of-sale financing, virtual cards on a mobile app, and a fully integrated physical card called the 'Affirm Card.'"
        https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/
        https://therecord.media/affirm-lender-data-breach-evolve-bank-cyberattack
        https://techcrunch.com/2024/07/01/fintech-company-wise-says-some-customers-affected-by-evolve-bank-data-breach/
        https://www.darkreading.com/cyberattacks-data-breaches/fintech-frenzy-affirm-and-others-emerge-as-victims-in-evolve-breach
        https://www.bankinfosecurity.com/evolve-ransomware-hack-affects-affirm-fintech-companies-a-25680
        https://www.securityweek.com/evolve-bank-shares-data-breach-details-as-fintech-firms-report-being-hit/
        https://securityaffairs.com/165130/cyber-crime/evolve-bank-data-breach-impacted-wise-affirm.html
        https://www.theregister.com/2024/07/02/affirm_evolve_ransomware_breach/

      General News

      • The Impossibility Of “getting Ahead” In Cyber Defense
        "As a security professional, it can be tempting to believe that with sufficient resources we can achieve of state of parity, or even relative dominance, over cyber attackers. After all, if we got to an ideal state – fully staffed teams of highly capable experts, enough funding to buy the best defensive tools, and a fully mature defensive operation – why wouldn’t we be able to get to an ideal “secure” state? It seems reasonable enough."
        https://www.helpnetsecurity.com/2024/07/02/getting-ahead-resilience/

      • Stress-Testing Our Security Assumptions In a World Of New & Novel Risks
        "Categorizing and stress-testing fundamental assumptions is a necessary exercise for any leader interested in ensuring long-term security and resilience in the face of an uncertain future."
        https://www.darkreading.com/vulnerabilities-threats/stress-testing-our-security-assumptions-new-novel-risks

      • What Cybersecurity Defense Looks Like For School Districts
        "Dark Reading chats with Johnathan Kim, director of technology at the Woodland Hills School District in North Braddock, Penn., about why cybercriminals target schools — and what they can do about it."
        https://www.darkreading.com/cybersecurity-operations/what-cybersecurity-defense-looks-like-for-school-districts

      • Ransomware Attack Demands Reach a Staggering $5.2m In 2024
        "The average extortion demand per ransomware attack was over $5.2m (£4.1m) in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The biggest of these was a $100m (£78.9m) ransom following an attack on India’s Regional Cancer Center (RCC) in April 2024."
        https://www.infosecurity-magazine.com/news/ransomware-demands-staggering-5m/

      • Election 2024 Mobile Political Spam Volume Jumps 3X Compared With 2022 Midterms
        "U.S. voters’ appetite for digital information about the 2024 presidential election is growing. But as they consume news via digital media, including from mobile messaging channels, they must keep in mind that cybercriminals may be impersonating the sources that they trust."
        https://www.proofpoint.com/us/blog/email-and-cloud-threats/election-2024-mobile-political-spam-volume-jumps-3x-compared-2022
        https://www.infosecurity-magazine.com/news/political-spam-surges-threefold/

      • It All Adds Up: Pretexting In Executive Compromise
        "Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords."
        https://securityintelligence.com/articles/pretexting-in-executive-compromise-social-engineering/

      • From The SOC To Everyday Success: Data-Driven Life Lessons From a Security Analyst
        "Many of you have likely noticed that I enjoy looking for life lessons in the real-world that we can apply to the challenges we face in the security domain. In this piece, I’d like to take the opposite approach. I’d like to try and take the lessons I learned during my time as a security analyst working in various Security Operations Centers (SOCs) and apply them to life. My reason for this is simple. I believe that as security professionals, the healthier and happier we are, the better able we are to protect our respective organizations."
        https://www.securityweek.com/from-the-soc-to-everyday-success-data-driven-life-lessons-from-a-security-analyst/

      • Caught In The Net: Using Infostealer Logs To Unmask CSAM Consumers
        "In this proof-of-concept report, Recorded Future's Identity Intelligence analyzed infostealer malware data to identify consumers of child sexual abuse material (CSAM). Approximately 3,300 unique users were found with accounts on known CSAM sources. A notable 4.2% had credentials for multiple sources, suggesting a higher likelihood of criminal behavior. The study reveals how infostealer logs can aid investigators in tracking CSAM activities on the dark web. Data was escalated to law enforcement for further action."
        https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers
        https://go.recordedfuture.com/hubfs/reports/cta-2024-0702.pdf
        https://therecord.media/stolen-credentials-csam-unmasked-report

      • 3 Ways To Chill Attacks On Snowflake
        "Multifactor authentication is a good first step, but businesses should look to collect and analyze data to hunt for threats, manage identities more closely, and limit the impact of attacks."
        https://www.darkreading.com/cybersecurity-operations/three-ways-to-chill-attacks-on-snowflake

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5c3c9eed-0fcd-4736-934a-ab3af1715b71-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post