NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 15 July 2024

    Cyber Security News
    2
    1
    28
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • Critical Exim Bug Bypasses Security Filters On 1.5 Million Mail Servers
        "Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. Tracked as CVE-2024-39929 and patched by Exim developers on Wednesday, the security flaw impacts Exim releases up to and including version 4.97.1. The vulnerability is due to the incorrect parsing of multiline RFC2231 header filenames, which can let remote attackers deliver malicious executable attachments into end users' mailboxes by circumventing the $mime_filename extension-blocking protection mechanism."
        https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/
        https://censys.com/cve-2024-39929/
        https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
        https://securityaffairs.com/165649/hacking/critical-flaw-exim-mta.html
        https://www.securityweek.com/critical-exim-flaw-allows-attackers-to-deliver-malicious-executables-to-mailboxes/
        https://www.bankinfosecurity.com/millions-exim-servers-still-exposed-to-critical-flaw-a-25763

      • Netgear Warns Users To Patch Auth Bypass, XSS Router Flaws
        "Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router."
        https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-authentication-bypass-xss-router-flaws/
        https://kb.netgear.com/000066264/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2023-0122
        https://kb.netgear.com/000066265/Security-Advisory-for-Authentication-Bypass-on-Some-Cable-Modem-Routers-PSV-2023-0138

      Malware

      • DNS Hijacks Target Crypto Platforms Registered With Squarespace
        "A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. DNS hijacking is when an attacker modifies a target's Domain Name System records to redirect traffic from a legitimate website to one under their control, such as phishing pages. These attacks are typically done by compromising a DNS server or the target's account at a DNS service provider and making changes to the DNS records."
        https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/
        https://hackread.com/defi-hack-alert-squarespace-domains-dns-hijacking/

      • ShadowRoot Ransomware Targeting Turkish Businesses
        "Our X-Labs team’s research seems to have discovered and identified basic ransomware targeting Turkish businesses. The attack vector initiates through a PDF attachment disseminated via suspicious emails originating from the "internet[.]ru" domain. The embedded links within the PDF facilitate the download of a subsequent stage exe payload upon user interaction. It encrypts files with “.shadowroot” extension. Currently, ransomware is actively targeting numerous businesses worldwide, including those in the healthcare and online shopping sectors."
        https://www.forcepoint.com/blog/x-labs/shadowroot-ransomware-targeting-turkish-businesses

      • Fake Microsoft Teams For Mac Delivers Atomic Stealer
        "Competition between stealers for macOS is heating up, with a new malvertising campaign luring Mac users via a fraudulent advert for Microsoft Teams. This attack comes on the heels of the new Poseidon (OSX.RodStealer) project, another threat using a similar code base and delivery techniques. Based on our tracking, Microsoft Teams is once again a popular keyword threat actors are bidding on, and it is the first time we have seen it used by Atomic Stealer. Communication tools like Zoom, Webex or Slack have been historically coveted by criminals who package them as fake installers laced with malware."
        https://www.malwarebytes.com/blog/threat-intelligence/2024/07/fake-microsoft-teams-for-mac-delivers-atomic-stealer

      • Smishing Triad Is Targeting India To Steal Personal And Payment Data At Scale
        "Internet users from India have reported a spike of fraudulent smishing activity impersonating India Post, an Indian government-operated postal system in India, and the trade name of the Department of Post under the Ministry of Communications. In June, the Press Information Bureau (PIB), an official agency of the Government of India under the Ministry of Information and Broadcasting, has warned users about the increasing smishing activity and urged citizens to remain vigilant and cautious towards any suspicious messages claiming to be from postal services such as India Post, which could be impersonated by fraudsters."
        https://www.resecurity.com/blog/article/smishing-triad-is-targeting-india-to-steal-personal-and-payment-data-at-scale
        https://securityaffairs.com/165632/cyber-crime/smishing-triad-is-targeting-india.html

      • Disarming DarkGate: A Deep Dive Into Thwarting The Latest DarkGate Variant
        "The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data."
        https://blog.sonicwall.com/en-us/2024/07/disarming-darkgate-a-deep-dive-into-thwarting-the-latest-darkgate-variant/

      • Experts Warn Of Post-Trump Shooting Misinformation, Scams
        "Within hours of the assassination attempt against former President Donald Trump on Saturday, social media platforms became the hotbeds of speculation and wild claims. Posts on X, formerly Twitter, blamed President Joe Biden, the Deep State and two Antifa activists. Others called the incident a GOP-led false flag operation."
        Priority: 3 - Important
        Relevance: General
        https://www.bankinfosecurity.com/experts-warn-post-trump-shooting-misinformation-scams-a-25764

      Breaches/Hacks/Leaks

      • Rite Aid Confirms Data Breach After June Ransomware Attack
        "Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Rite Aid is the third-largest drugstore chain in the United States, employing over 6,000 pharmacists (out of a total workforce of over 45,000) in more than 1,700 retail pharmacy stores across 16 states."
        https://www.bleepingcomputer.com/news/security/rite-aid-confirms-data-breach-after-june-ransomware-attack/
        https://securityaffairs.com/165674/data-breach/rite-aid-corporation-data-breach.html
      • Massive AT&T Data Breach Exposes Call Logs Of 109 Million Customers
        "AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. The company confirmed to BleepingComputer that the data was stolen from the Snowflake account between April 14 and April 25, 2024."
        https://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/
        https://www.cisa.gov/news-events/alerts/2024/07/12/att-discloses-breach-customer-data
        https://therecord.media/hackers-stole-call-logs-att-months
        https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html
        https://www.darkreading.com/cyberattacks-data-breaches/att-breach-may-also-impact-millions-of-boost-cricket-h2o-customers
        https://www.bankinfosecurity.com/att-details-massive-breach-customers-call-text-logs-a-25754
        https://www.infosecurity-magazine.com/news/hackers-downloaded-call-logs-cloud/
        https://cyberscoop.com/att-data-breach-snowflake/
        https://www.malwarebytes.com/blog/news/2024/07/nearly-all-att-customers-had-phone-records-stolen-in-new-data-breach-disclosure
        https://www.securityweek.com/att-data-breach-nearly-all-wireless-customers-exposed-in-massive-hack/
        https://hackread.com/att-data-breach-hackers-steal-call-text-records/
        https://www.helpnetsecurity.com/2024/07/12/att-stolen-records/
        https://securityaffairs.com/165658/data-breach/att-disclosed-a-new-data-breach.html
        https://www.nytimes.com/2024/07/12/business/att-data-breach.html
        https://www.theregister.com/2024/07/12/att_admits_110_million_ppl_data_lost/
        https://www.itnews.com.au/news/att-says-data-from-109-million-us-customer-accounts-illegally-downloaded-609732
        https://www.wired.com/story/atandt-paid-hacker-300000-to-delete-stolen-call-records/
        Dangerous Monitoring Tool mSpy Suffers Data Breach, Exposes Customer Details
        "In a new episode of Spy vs Spy, the mobile monitoring app mSpy has suffered a data breach that exposed information about millions of its customers. As Malwarebytes Labs has reported before, the types of companies that make mobile applications that enable users to non-consensually spy and monitor on other users are also—unsurprisingly—rather lax when it comes to their own security. This is the third known mSpy data breach since the company began in around 2010."
        https://www.malwarebytes.com/blog/news/2024/07/dangerous-monitoring-tool-mspy-suffers-data-breach-exposes-customer-details
      • Disney’s Internal Slack Breached? NullBulge Leaks 1.1 TiB Of Data
        "Hacktivist group NullBulge claims to have breached Disney, leaking 1.1 TiB of internal Slack data. The leak allegedly includes messages, files, code, and more. This comes amidst breaches affecting AT&T and Ticketmaster."
        https://hackread.com/disneys-internal-slack-breached-nullbulge-leak-data/

      General News
      RansomHub Ransomware - What You Need To Know
      "Despite first appearing earlier this year, RansomHub is already considered one of the most prolific ransomware groups in existence. It operates a ransomware-as-a-service (RaaS) operation, meaning that a central core of the group creates and maintains the ransomware code and infrastructure, and rents it out to other cybercriminals who act as affiliates."
      https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

      • Unprecedented: Cloud Giants, Feds Team On Unified Security Intelligence
        "The Cloud Safe Task Force aims to unite the US government and cloud service providers, like Amazon, Google, IBM, Microsoft, and Oracle, to provide a "National Cyber Feed": a continuous threat-monitoring tool for federal agencies."
        https://www.darkreading.com/cloud-security/unprecedented-cloud-giants-feds-team-unified-security-intelligence
      • How To Design a Third-Party Risk Management Framework
        "Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain insights into the risk profiles of their partners, thus safeguarding operations."
        https://www.helpnetsecurity.com/2024/07/12/tprm-framework/
      • Managing Cyberattack Fallout: Financial And Operational Damage
        "In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners."
        https://www.helpnetsecurity.com/2024/07/12/ashley-harrington-aspida-cyberattack-reputation-impact/
      • Top Priorities For Compliance Leaders This Year
        "Legal, compliance and privacy leaders list strengthening their personal impact on company strategy as their top priority for 2024, according to Gartner. Improving third party risk management (TPRM), and ensuring compliance programs can keep pace with fast-moving regulatory requirements are the top three priorities for this year."
        https://www.helpnetsecurity.com/2024/07/12/compliance-leaders-priorities/
      • Brands Are Changing Cybersecurity Strategies Due To AI Threats
        "Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges."
        https://securityintelligence.com/articles/brands-changing-cybersecurity-strategies-due-to-ai-threats/
      • Wallets Tied To CDK Ransom Group Received $25 Million Two Days After Attack
        "The ransomware group linked to a June cyberattack against auto industry software provider CDK Global received a payment of more than $25 million two days after the attack that hobbled software used by roughly 15,000 car dealerships in the U.S. became public, researchers told CyberScoop."
        https://cyberscoop.com/cdk-ransom-blacksuit-25-million/
        https://www.theregister.com/2024/07/12/cdk_ransom_payout/
      • Application Security Report: 2024 Update
        "Over the last twelve months, the Internet security landscape has changed dramatically. Geopolitical uncertainty, coupled with an active 2024 voting season in many countries across the world, has led to a substantial increase in malicious traffic activity across the Internet. In this report, we take a look at Cloudflare’s perspective on Internet application security."
        https://blog.cloudflare.com/application-security-report-2024-update
        https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/
      • The Evolution Of Cybercrime Investigation
        "Cybercrime costs trillions, rising yearly. Criminals operate globally, teaching their methods. This article explores major cyberattacks from 1962 to 2024 and how investigators use advanced technology to combat them."
        https://hackread.com/the-evolution-of-cybercrime-investigations/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 9914a9f2-bd2d-4723-84ba-5ceb366ab145-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post