NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 July 2024

    Cyber Security News
    2
    1
    60
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector

      • Philips Vue PACS
        "Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or affect system data integrity to negatively impact system confidentiality, integrity, or availability."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

      Industrial Sector

      • Mitsubishi Electric MELSOFT MaiLab
        "Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition in the target product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01
      • Subnet Solutions PowerSYSTEM Center
        "Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02

      New Tooling

      • Grype: Open-Source Vulnerability Scanner For Container Images, Filesystems
        "Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool."
        https://www.helpnetsecurity.com/2024/07/18/grype-open-source-vulnerability-scanner-container-images-filesystems/
        https://github.com/anchore/grype

      Vulnerabilities

      • Ivanti Releases Security Updates For Endpoint Manager
        "Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/07/18/ivanti-releases-security-updates-endpoint-manager
        https://forums.ivanti.com/s/article/Security-Advisory-EPM-July-2024-for-EPM-2024
        https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-for-Mobile-EPMM-July-2024
        https://www.securityweek.com/ivanti-issues-hotfix-for-high-severity-endpoint-manager-vulnerability/
      • SolarWinds Fixes 8 Critical Bugs In Access Rights Audit Software
        "SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. Access Rights Manager is a critical tool in enterprise environments that helps admins manage and audit access rights across their organization's IT infrastructure to minimize threat impact."
        https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/
      • Critical Cisco Bug Lets Hackers Add Root Users On SEG Devices
        "Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness that allows replacing any file on the underlying operating system."
        https://www.bleepingcomputer.com/news/security/critical-cisco-bug-lets-hackers-add-root-users-on-seg-devices/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
      • 20 Million Trusted Domains Vulnerable To Email Hosting Exploits
        "Three novel attack techniques that chain together vulnerabilities found in numerous email-hosting platforms are allowing threat actors to spoof emails from more than 20 million domains of trusted organizations.The flaws — discovered by several security researchers at PayPal — allow attackers to use simple mail transfer protocol (SMTP) smuggling to bypass SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) security protocols to deliver malicious emails from domains owned by reputable Fortune 500 companies and government agencies."
        https://www.darkreading.com/threat-intelligence/20-million-trusted-domains-vulnerable-to-email-hosting-exploits
      • SAPwned: SAP AI Vulnerabilities Expose Customers’ Cloud Environments And Private AI Artifacts
        "Over the past months, we on the Wiz Research Team have conducted extensive tenant isolation research on multiple AI service providers. We believe these services are more susceptible to tenant isolation vulnerabilities, since by definition, they allow users to run AI models and applications – which is equivalent to executing arbitrary code. As AI infrastructure is fast becoming a staple of many business environments, the implications of these attacks are becoming more and more significant."
        https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security
        https://thehackernews.com/2024/07/sap-ai-core-vulnerabilities-expose.html
        https://www.securityweek.com/sap-ai-core-vulnerabilities-allowed-service-takeover-customer-data-access/
        https://www.infosecurity-magazine.com/news/sap-ai-core-expose-customer-data/
        https://securityaffairs.com/165888/hacking/sap-ai-core-sapwned.html

      Malware

      • RDGAs: The Next Chapter In Domain Generation Algorithms
        "This trailblazing report explores a burgeoning technique that threat actors are using to covertly transform the DNS threat landscape with millions of new domains. You’ll learn how traditional malware-based domain generation algorithms (DGAs) have evolved into registered DGAs (RDGAs) that can be used for malware, phishing, spam, scams, gambling, traffic distribution systems (TDS), virtual private networks (VPNs), and more."
        https://blogs.infoblox.com/threat-intelligence/rdgas-the-next-chapter-in-domain-generation-algorithms/
        https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/
        https://hackread.com/threat-actor-revolver-rabbit-rdga-register-domains/
      • Warning Against The Distribution Of Malware Disguised As Software Cracks (Disrupts V3 Lite Installation)
        "AhnLab SEcurity intelligence Center (ASEC) has previously introduced the dangers of malware disguised as crack programs through a post titled “Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)”. Malware strains disguised as crack programs are primarily distributed through file-sharing platforms, blogs, and torrents, leading to the infection of multiple systems. These infected systems are continually managed by threat actors through periodic updates."
        https://asec.ahnlab.com/en/68011/
      • HotPage: Story Of a Signed, Vulnerable, Ad-Injecting Driver
        "Malware research involves studying threat actor TTPs, mapping infrastructure, analyzing novel techniques… And while most of these investigations build on existing research, sometimes they start from a hunch, something that looks too simple. At the end of 2023, we stumbled upon an installer named HotPage.exe that deploys a driver capable of injecting code into remote processes, and two libraries capable of intercepting and tampering with browsers’ network traffic."
        https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
        https://www.darkreading.com/threat-intelligence/microsoft-signed-chinese-adware-opens-the-door-to-kernel-privileges
        https://www.infosecurity-magazine.com/news/hotpage-hijacks-browsers-microsoft/
        https://thehackernews.com/2024/07/alert-hotpage-adware-disguised-as-ad.html
      • APT41 Has Arisen From The DUST
        "In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced persistent threat group APT41 targeting and successfully compromising multiple organizations operating within the global shipping and logistics, media and entertainment, technology, and automotive sectors. The majority of organizations were operating in Italy, Spain, Taiwan, Thailand, Turkey, and the United Kingdom."
        https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust
        https://www.securityweek.com/chinese-hacking-group-apt41-infiltrates-global-shipping-and-tech-sectors-mandiant-warns/
      • TAG-100 Uses Open-Source Tools In Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies
        "Recorded Future’s Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations. TAG-100 exploited internet-facing devices and used open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic and trade entities."
        https://www.recordedfuture.com/research/tag-100-uses-open-source-tools-in-suspected-global-espionage-campaign
        https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf
        https://therecord.media/tag-100-espionage-hacking-backdoors-asia-pacific
        https://thehackernews.com/2024/07/tag-100-new-threat-actor-uses-open.html
      • Container Breakouts: Escape Techniques In Cloud Environments
        "This article reviews container escape techniques, assesses their possible impact and reveals how to detect these escapes from the perspective of endpoint detection and response (EDR). As cloud services rise in popularity, so does the use of containers, which have become an integrated part of cloud infrastructure. Although containers provide many advantages, they are also susceptible to attack techniques like container escapes."
        https://unit42.paloaltonetworks.com/container-escape-techniques/

      Breaches/Hacks/Leaks

      • Nearly 13 Million Australians Affected By MediSecure Attack
        "Personal and health data of almost 13 million Australians has been impacted by the cyber- attack on medical prescription provider MediSecure. Following an investigation of a dataset accessed by the attackers in May 2024, the company has determined that 12.9 million individuals who used the MediSecure prescription delivery service during the period of March 2019 to November 2023 have been impacted by the incident. This includes information relating to patient prescriptions."
        https://www.infosecurity-magazine.com/news/13-million-australians-medisecure/
        https://www.itnews.com.au/news/medisecure-data-breach-affects-about-129-million-australians-609924

      General News

      • Fighting AI-Powered Synthetic ID Fraud With AI
        "Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud cases."
        https://www.helpnetsecurity.com/2024/07/18/ai-powered-synthetic-identity-fraud/
      • Laying The Groundwork For Zero Trust In The Military
        "In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, emphasizing foundational technologies and a unified taxonomy. Arnold provides insights into the DoD’s Zero Trust Overlays guide and the future evolution of zero-trust principles in a military context."
        https://www.helpnetsecurity.com/2024/07/18/curtis-arnold-core4ce-zero-trust-principles/
      • Small But Mighty: Top 5 Pocket-Sized Gadgets To Boost Your Ethical Hacking Skills
        "While blue teams defend, red teams attack. They share a common goal, however – help identify and address gaps in organizations’ defenses before these weaknesses can be exploited by malicious actors. The blue/red team exercises provide invaluable insights across the technical, procedural and human sides of security and can ultimately help organizations fend off actual attacks."
        https://www.welivesecurity.com/en/cybersecurity/small-but-mighty-top-5-pocket-sized-gadgets-boost-ethical-hacking-skills/
      • Identity Theft Resource Center Sees Third-Most Data Breach Victims In a Quarter In Q2 2024
        "Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the second quarter (Q2) and the first half (H1) of 2024. According to the ITRC, there were 732 publicly reported data compromises in Q2, a 12 percent decrease compared to the previous Quarter (838). Through the first half of the year, the ITRC tracked 1,571 compromises, putting 2024 ~14 percent higher compared to H1 2023 which ended in a record number of compromises (3,203)."
        https://www.idtheftcenter.org/post/itrc-sees-third-most-data-breach-victims-in-quarter/
        https://www.idtheftcenter.org/publication/itrc-h1-data-breach-analysis/
        https://www.infosecurity-magazine.com/news/us-data-breach-victims-surge-1170/
        https://www.darkreading.com/cyberattacks-data-breaches/us-data-breach-victim-numbers-increase-1000
      • Introducing Chainalysis Operation Spincaster: An Ecosystem-Wide Initiative To Disrupt And Prevent Billions In Losses To Crypto Scams
        "Approval phishing is an increasingly popular tactic used by criminals to steal funds through different scamming techniques such as fake crypto apps and romance scams (also known as pig butchering). With the approval phishing technique, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet, allowing the scammer to then drain the victim’s address of those tokens at will."
        https://www.chainalysis.com/blog/operation-spincaster/
        https://therecord.media/crypto-experts-law-enforcement-take-down-approval-phishing-scams
        https://www.bankinfosecurity.com/operation-spincaster-targets-crypto-pig-butchering-scams-a-25800
        https://www.infosecurity-magazine.com/news/chainalysis-operation-spincaster/
      • It's Best To Just Assume You’ve Been Involved In a Data Breach Somehow
        "Between AT&T, all the follow-on activity from Snowflake, Microsoft Outlook, and more, it’s best to probably just assume at this point that your personal information has somehow been involved in a data breach. We’re only halfway through 2024, and we’ve already seen some of the largest data breaches and leaks in history. Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers, which equates to about 110 million people."
        https://blog.talosintelligence.com/threat-source-newsletter-july-18-2024/
        • CISA Releases Playbook For Infrastructure Resilience Planning
          "Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a companion guide to the Infrastructure Resilience Planning Framework (IRPF), which provides guidance on how local governments and the private sector can work together to plan for the security and resilience of critical infrastructure services in the face of threats. Dubbed the IRPF Playbook, this supplemental manual will assist state, local, tribal, territorial (SLTT) and private sector stakeholders in planning for the security and resilience of infrastructure in their regions."
          https://www.cisa.gov/news-events/news/cisa-releases-playbook-infrastructure-resilience-planning
          https://www.cisa.gov/sites/default/files/2024-07/IRPF-Playbook-07-17-2024.pdf
          https://statescoop.com/cisa-cybersecurity-resilience-planning-playbook-critical-infrastructure/
      • Using Threat Intelligence To Predict Potential Ransomware Attacks
        "Ransomware Awareness Month, which takes place in July, firmly puts the topic front and center for organizations. While ransomware has been around since 1989, it continues to top the list of the most feared attack vectors."
        https://www.securityweek.com/using-threat-intelligence-to-predict-potential-ransomware-attacks/

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 00f3082d-463a-4da5-a728-d8a5e0909047-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post