NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 July 2024

    Cyber Security News
    2
    1
    61
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      New Tooling

      • Realm: Open-Source Adversary Emulation Framework
        "Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code, defenders can replay attack actions, and red teams can create repositories of their TTPs and processes for multiple engagements. Realm is also extremely scalable! Group actions are easy to create in our Web GUI, allowing you to get information from multiple hosts at once,” a spokesperson for the project told Help Net Security."
        https://www.helpnetsecurity.com/2024/07/15/realm-open-source-adversary-emulation-framework/
        https://github.com/spellshift/realm

      Vulnerabilities

      • Critical Vulnerability Patched In Backup And Staging By WP Time Capsule Plugin
        "This blog post is about the WP Time Capsule plugin vulnerability. If you’re a WP Time Capsule plugin user, please update to at least version 1.22.21."
        https://patchstack.com/articles/critical-vulnerability-patched-in-backup-and-staging-by-wp-time-capsule-plugin/
        https://www.infosecurity-magazine.com/news/wp-time-capsule-plugin-flaw/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/07/15/cisa-adds-one-known-exploited-vulnerability-catalog
      • CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer In Zero-Day Attacks
        "Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched."
        https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html

      Malware

      • MuddyWater Threat Group Deploys New BugSleep Backdoor
        "CPR has been tracking MuddyWater, the Iranian threat group affiliated with the country’s Ministry of Intelligence and Security (MOIS), since 2019. Now, the group has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. In addition to their usual phishing campaigns, with malicious deployment of legitimate Remote Management Tools, MuddyWater has begun deploying a new, previously undocumented backdoor. This backdoor, which Check Point Research has named BugSleep, is being specifically used to target organizations in Israel."
        https://blog.checkpoint.com/research/muddywater-threat-group-deploys-new-bugsleep-backdoor/
        https://research.checkpoint.com/2024/new-bugsleep-backdoor-deployed-in-recent-muddywater-campaigns/
        https://www.bleepingcomputer.com/news/security/new-bugsleep-malware-implant-deployed-in-muddywater-attacks/
      • SEXi Ransomware Rebrands To APT INC, Continues VMware ESXi Attacks
        "The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. The threat actors started attacking organizations in February 2024 using the leaked Babuk encryptor to target VMware ESXi servers and the leaked LockBit 3 encryptor to target Windows. The cybercriminals soon gained media attention for a massive attack on IxMetro Powerhost, a Chilean hosting provider whose VMware ESXi servers were encrypted in the attack."
        https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/
        https://www.darkreading.com/threat-intelligence/sexi-ransomware-rebrands-maintains-original-methods-of-operation
      • Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01
        "The Trustwave SpiderLabs Threat Intelligence team's ongoing study into how threat actors use Facebook for malicious activity has uncovered a new version of the SYS01 stealer. This stealer is designed to take over Facebook accounts, steal credential information from affected users' browsers, and then leverage legitimate accounts to further the spread of the malware."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/facebook-malvertising-epidemic-unraveling-a-persistent-threat-sys01/
        https://www.trustwave.com/en-us/resources/library/documents/facebook-malvertising-epidemic-unraveling-a-persistent-threat-sys01/
        https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/
      • Threat Spotlight: Attackers Abuse URL Protection Services To Mask Phishing Links
        "As defenders tighten their grip on the tools and techniques used in phishing attacks, adversaries are finding new ways to bypass detection and target potential victims. For example, many phishing attacks rely on convincing users to click on a compromised link that leads them to a webpage where attackers try to harvest their credentials."
        https://blog.barracuda.com/2024/07/15/threat-spotlight-attackers-abuse-url-protection-services
        https://www.infosecurity-magazine.com/news/attackers-exploit-url-protections/
      • Beware Of The Latest Phishing Tactic Targeting Employees
        "Phishing attacks are becoming increasingly sophisticated, and the latest attack strategy targeting employees highlights this evolution. In this blog post, we’ll dissect a recent phishing attempt that impersonates a company’s Human Resources (HR) department, and we’ll provide detailed insights to help you recognize and avoid falling victim to such scams. This phishing email is designed to look like an official communication from your company’s HR department. It arrives in your inbox with a subject line that grabs attention, urging you to review the employee handbook."
        https://cofense.com/blog/beware-of-the-latest-phishing-tactic-targeting-employees/
      • Malicious Python Packages Reveal Extensive Cybercriminal Operation Based In Iraq
        "Recently, malicious Python packages – uploaded to PyPI by user “dsfsdfds” – were found to be exfiltrating sensitive user data without consent, to a Telegram chat bot. The Telegram bot is linked to multiple cybercriminal operations based in Iraq. The bot has activity dating back to 2022 and contains over 90,000 messages, mostly in Arabic. The bot functions also as an underground marketplace offering social media manipulation services. It has been linked to financial theft and exploits victims by exfiltrating their data."
        https://checkmarx.com/blog/malicious-python-packages-reveal-extensive-cybercriminal-operation-based-in-iraq/
        https://www.darkreading.com/threat-intelligence/cybercriminal-ecosystem-flourishes-iraq
      • Hacktivist Groups “People’s Cyber Army” And “HackNeT” Launch Trial DDoS Attacks On French Websites; Prior To The Onslaught During Paris Olympics
        "On June 23, 2024, Cyble Research & Intelligence Labs (CRIL) researchers noted that a Russian hacktivist group with a wide audience called “People​’s​ Cyber Army” (aka Народная Cyber Армия) and their allies HackNeT announced DDoS attacks on multiple French websites ahead of the Olympics. People’s Cyber Army stated that this attack was a “training DDoS attack.” This is the first documented attack on French websites by state-affiliated Russian hacktivists during the run-up to the Paris Olympics. People’s Cyber Army is linked to APT441 (commonly known as Sandworm, FROZENBARENTS, and Seashell Blizzard)."
        https://cyble.com/blog/hacktivist-groups-peoples-cyber-army-and-hacknet-launch-trial-ddos-attacks-on-french-websites-prior-to-the-onslaught-during-paris-olympics/
        https://www.darkreading.com/cyberattacks-data-breaches/trial-ddos-attacks-on-french-sites-portend-greater-olympics-threats
      • Cybersecurity Stop Of The Month: Reeling In DarkGate Malware Attacks From The Beach
        "Last year, the number of malware attacks worldwide reached 6.08 billion. That’s a 10% increase compared with 2022. Why are cybercriminals developing so much malware? Because it is a vital tool to help them infiltrate businesses, networks or specific computers to steal or destroy sensitive data. or destroy sensitive data. There are many types of malware infections. Here are just three examples."
        https://www.proofpoint.com/us/blog/email-and-cloud-threats/darkgate-malware
        https://www.theregister.com/2024/07/16/darkgate_malware/

      Breaches/Hacks/Leaks

      • Binary Secret Scanning Helped Us Prevent (what Might Have Been) The Worst Supply Chain Attack You Can Imagine
        "The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious packages and leaked secrets. The team reports any findings to the relevant maintainers before attackers can take advantage of them."
        https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
        https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html

      General News

      • How Manufacturers Can Secure Themselves Against Cyber Threats
        "Manufacturers have been feeling urgency around cybersecurity for several years — and it's little wonder given their sector remains the No. 1 ransomware target. Ransomware attacks threaten to affect manufacturers by interrupting operations that ripple through supply chains, leading to significant financial losses through ransom payments, revenue decline, and recovery costs."
        https://www.darkreading.com/ics-ot-security/securing-manufacturers-against-cyber-threats
      • Crypto Scammer Returns $9.27 Million Out Of $24M Crypto Theft
        "A crypto scammer has returned $9.27 million in stablecoins to a victim. This restitution, equating to 38.26% of the total stolen amount, was reported by Scam Sniffer, an anti-scam platform focused on the cryptocurrency industry. Scam Sniffer disclosed the details of this unusual event on its official X account, revealing that the original theft occurred in September 2023. During this incident, the victim lost $24.23 million in various crypto assets, including rETH and stETH coins."
        https://hackread.com/crypto-scammer-returns-9m-24m-crypto-theft/
      • Risk Related To Non-Human Identities: Believe The Hype, Reject The FUD
        "The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related breaches is causing some of the chatter surrounding NHI risk to veer into FUD (fear, uncertainty and doubt). Given the rate at which NHis are outnumbering human identities – by some reports by as much as 45-to-1 – the hype seems warranted. The FUD, however, is not."
        https://www.helpnetsecurity.com/2024/07/15/non-human-identities-nhi-risk/
      • Discover The Growing Threats To Data Security
        "In this Help Net Security interview, Pranava Adduri, CEO at Bedrock Security, discusses how businesses can identify and prioritize their data security risks. Adduri emphasizes the necessity of ongoing monitoring and automation to keep up with evolving threats and maintain the shortest possible MTTD/MTTR. He also discusses the role of AI in enhancing security measures while acknowledging the new risks it introduces."
        https://www.helpnetsecurity.com/2024/07/15/pranava-adduri-bedrock-security-data-security-risks/
      • Pressure Mounts For C-Suite Executives To Implement GenAI Solutions
        "87% of C-Suite executives feel under pressure to implement GenAI solutions at speed and scale, according to RWS. Despite these pressures, 76% expressed an overwhelming excitement across their organization for the potential benefits of GenAI."
        https://www.helpnetsecurity.com/2024/07/15/genai-organizations-approach/
      • Cybersecurity Crisis Communication: What To Do
        "Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication."
        https://securityintelligence.com/articles/cybersecurity-crisis-communication-what-to-do/
      • 10,000 Victims a Day: Infostealer Garden Of Low-Hanging Fruit
        "Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it."
        https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html
      • Tether Freezes $29 Million Of Cryptocurrency Connected To Cambodian Marketplace Accused Of Fueling Scams
        "The cryptocurrency company Tether has frozen more than 29 million of its stablecoins reportedly connected to a massive Cambodian online marketplace offering up services for so-called pig butchering scams. Researchers from Elliptic last week pulled back the curtain on Huione Guarantee, documenting how the online marketplace has become a critical ecosystem for cybercriminal operations in Southeast Asia. Merchants across thousands of instant messaging channels sell money laundering services, deepfake technology, stolen data and even equipment like shackles for restraining trafficked workers, with Huione acting as a guarantor for all transactions. Over three years, the researchers tracked $11 billion in transactions on the platform they believe to be connected to scams."
        https://therecord.media/tether-freezes-29-million-crypto-connected-to-scam-marketplace
        https://www.itnews.com.au/news/north-korean-hackers-sent-stolen-crypto-to-wallet-used-by-asian-payment-firm-609780
      • ZDI Shames Microsoft For – Yet Another – Coordinated Vulnerability Disclosure Snafu
        "A Microsoft zero-day vulnerability that Trend Micro's Zero Day Initiative team claims it found and reported to Redmond in May was disclosed and patched by the Windows giant in July's Patch Tuesday – but without any credit given to ZDI. The flaw, tracked as CVE-2024-38112, is in MSHTML aka Trident aka Microsoft's proprietary browser engine for Internet Explorer. Redmond called it a spoofing vulnerability, noted that it was being exploited in the wild, and assigned it a 7.5-out-of-10 CVSS severity score."
        https://www.theregister.com/2024/07/15/zdi_microsoft_vulnerability/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 14291a17-b2c1-4ee2-bc63-73820c2aa264-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post