NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 July 2024

    Cyber Security News
    2
    1
    65
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      New Tooling

      • New Recovery Tool To Help With CrowdStrike Issue Impacting Windows Endpoints
        "As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: https://go.microsoft.com/fwlink/?linkid=2280386. In this post we include detailed recovery steps for Windows client, servers, and OS's hosted on Hyper-V."
        https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
        https://go.microsoft.com/fwlink/?linkid=2280386
        https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-repair-tool-to-remove-crowdstrike-driver/

      Vulnerabilities

      • Cisco Releases Security Updates For Multiple Products
        "Cisco released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
        https://www.cisa.gov/news-events/alerts/2024/07/18/cisco-releases-security-updates-multiple-products

      Malware

      • IT Teams Scramble To Recover From CrowdStrike Incident As Officials Warn Of ‘risks Of Consolidation'
        "Fallout from massive technology outages caused by the cybersecurity firm CrowdStrike continued throughout Friday as people around the world navigated canceled flights, paralyzed workspaces and downed 911 systems. White House cybersecurity leader Anne Neuberger said her morning began at 4 a.m. with a call from the Situation Room about the outages — which affected millions of Windows computers and was sourced back to a faulty software update issued by CrowdStrike."
        https://therecord.media/it-teams-scramble-recover-crowdstrike
        https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/
        https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
        https://www.bleepingcomputer.com/news/security/fake-crowdstrike-fixes-target-companies-with-malware-data-wipers/
        https://hackread.com/fake-hot-fix-crowdstrike-crowdstrike-hotfix-zip-remcos-rat/
        https://www.helpnetsecurity.com/2024/07/19/crowdstrike-it-outage-update/
        https://www.trendmicro.com/es_es/research/24/g/crowdstrike-windows-outage-insights.html
        https://www.bankinfosecurity.com/fake-websites-phishing-surface-in-wake-crowdstrike-outage-a-25817
        https://securityaffairs.com/165953/malware/threat-actors-capitalize-crowdstrike-incident.html
      • Beijing's Attack Gang Volt Typhoon Was a False Flag Inside Job Conspiracy: China
        "China has asserted that the Volt Typhoon gang, which Five Eyes nations accuse of being a Beijing-backed attacker that targets critical infrastructure, was in fact made up by the US intelligence community."
        https://www.theregister.com/2024/07/19/volt_typhoon_china_theory/
      • Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma
        "Our Threat Hunting team uncovered a Linux variant of the Play ransomware that only encrypts files when running in a VMWare ESXi environment. First detected in June 2022, the Play ransomware group became notable for its double-extortion tactic, evasion techniques, custom-built tools, and substantial impact on various organizations in Latin America."
        https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html
      • OilAlpha Malicious Applications Target Humanitarian Aid Groups Operating In Yemen
        "Insikt Group's research reveals that OilAlpha, a likely pro-Houthi group, continues to target humanitarian and human rights organizations operating in Yemen. They use malicious Android applications to steal credentials and gather intelligence, potentially to control aid distribution. Notable organizations affected include CARE International and the Norwegian Refugee Council. This report highlights the ongoing threat and suggests mitigation strategies, such as social engineering awareness, strong passwords, and multi-factor authentication."
        https://www.recordedfuture.com/research/oilalpha-spyware-used-to-target-humanitarian-aid-groups
        https://go.recordedfuture.com/hubfs/reports/cta-2024-0709.pdf
        https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html
      • Gamers Beware: There’s No Such Thing As ‘GTA VI Beta Version’ To Download From Sponsored Facebook Ads. It’s Malware!
        "Rockstar Games’ announcement about the upcoming videogame release in the long-running Grand Theft Auto series has been on every gamer’s lips this past year. GTA VI is scheduled for an Autumn 2025 release on PS5 and the Xbox Series, with PC gamers having to wait a bit longer. However, this hasn’t stopped threat actors from exploiting the highly anticipated action-adventure game from the US-based game publisher."
        https://www.bitdefender.com/blog/hotforsecurity/gamers-beware-theres-no-such-thing-as-gta-vi-beta-version-to-download-from-sponsored-facebook-ads-its-malware/
        https://hackread.com/grand-theft-auto-fake-gta-vi-beta-download-malware/

      Breaches/Hacks/Leaks

      • WazirX Cryptocurrency Exchange Loses $230 Million In Major Security Breach
        "Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets. "A cyber attack occurred in one of our [multi-signature] wallets involving a loss of funds exceeding $230 million," the company said in a statement. "This wallet was operated utilizing the services of Liminal's digital asset custody and wallet infrastructure from February 2023.""
        https://thehackernews.com/2024/07/wazirx-cryptocurrency-exchange-loses.html
        https://www.theregister.com/2024/07/19/wasirx_pauses_trade/

      General News

      • CrowdStrike Code Update Bricking Windows Machines Around The World
        "An update to a product from infosec vendor CrowdStrike is bricking computers running Windows. The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot. “We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal,” wrote one user."
        https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/
        https://www.cisa.gov/news-events/alerts/2024/07/19/widespread-it-outage-due-crowdstrike-update
        https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/
        https://thehackernews.com/2024/07/faulty-crowdstrike-update-crashes.html
        https://therecord.media/crowdstrike-update-crashes-windows-devices-globally
        https://www.darkreading.com/cyberattacks-data-breaches/crowdstrike-outage
        https://www.infosecurity-magazine.com/news/crowdstrike-fault-it-outages/
        https://www.bankinfosecurity.com/federal-agencies-scramble-to-fix-massive-software-outage-a-25814
        https://cyberscoop.com/crowdstrike-falcon-flaw-microsoft-outage-flights-grounded-windows/
        https://hackread.com/faulty-crowdstrike-update-ground-flights-disrupt-business/
        https://www.securityweek.com/major-outages-worldwide-linked-to-bsod-caused-by-bad-crowdstrike-update/
        https://securityaffairs.com/165920/security/crowdstrike-epic-fail-crashed-windows.html
        https://www.itnews.com.au/news/widespread-global-it-outages-attributed-to-crowdstrike-609951
        https://www.malwarebytes.com/blog/uncategorized/2024/07/crowdstrike-update-at-center-of-windows-blue-screen-of-death-outage
        https://www.helpnetsecurity.com/2024/07/19/crowdstrike-outage/
        https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
        https://www.securityweek.com/crowdstrike-says-logic-error-caused-windows-bsod-chaos/
        https://www.itnews.com.au/news/crowdstrike-explains-update-that-crippled-windows-environments-609964
        https://www.securityweek.com/crowdstrike-provides-remediation-guidance-after-software-update-causes-worldwide-it-chaos/
        https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-cloud-pcs-stuck-restarting-after-crowdstrike-update/
        https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
        https://www.securityweek.com/microsoft-says-8-5-million-windows-devices-impacted-by-crowdstrike-incident-publishes-recovery-tool/
      • GenAI Network Acceleration Requires Prior WAN Optimization
        "As GenAI models used for natural language processing, image generation, and other complex tasks often rely on large datasets that must be transmitted between distributed locations, including data centers and edge devices, WAN optimization is essential for robust deployment of GenAI applications at a scale."
        https://www.helpnetsecurity.com/2024/07/19/wan-optimization/
      • One-Third Of Dev Professionals Unfamiliar With Secure Coding Practices
        "Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development."
        https://www.helpnetsecurity.com/2024/07/19/devs-secure-coding-practices/
      • CISOs Must Shift From Tactical Defense To Strategic Leadership
        "Cyber threats are advancing quickly in size and sophistication, largely because of the rapid evolution of technology, increasing sophistication of cyber attackers, and the expansion of attack surfaces through interconnected systems and devices, according to Ivanti."
        https://www.helpnetsecurity.com/2024/07/19/cyber-threats-size-sophistication/
      • CrowdStrike's Falcon Sensor Also Linked To Linux Kernel Panics And Crashes
        "CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines. Red Hat in June warned its customers of a problem it described as "Kernel panic observed after booting 5.14.0-427.13.1.el9_4.x86_64 by falcon-sensor process" that impacted some users of Red Hat Enterprise Linux 9.4 after (as the warning suggests) booting on kernel version 5.14.0-427.13.1.el9_4.x86_64."
        https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
      • Two Foreign Nationals Plead Guilty To Participation In LockBit Ransomware Group
        "Two foreign nationals pleaded guilty today in Newark federal court to participating in the LockBit ransomware group – at various times the most prolific ransomware variant in the world – and to deploying LockBit attacks against victims in the United States and worldwide."
        https://www.justice.gov/usao-nj/pr/two-foreign-nationals-plead-guilty-participation-lockbit-ransomware-group
        https://www.bleepingcomputer.com/news/security/russians-plead-guilty-to-involvement-in-lockbit-ransomware-attacks/
        https://thehackernews.com/2024/07/two-russian-nationals-plead-guilty-in.html
        https://therecord.media/lockbit-affiliates-russia-plead-guilty
        https://securityaffairs.com/165941/cyber-crime/lockbit-ransomware-group-members-plead-guilty.html
      • Treasury Sanctions Leader And Primary Member Of The Cyber Army Of Russia Reborn
        "Today, the United States designated Yuliya Vladimirovna Pankratova (Pankratova) and Denis Olegovich Degtyarenko (Degtyarenko), two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for their roles in cyber operations against U.S. critical infrastructure. These two individuals are the group’s leader and a primary hacker, respectively."
        https://home.treasury.gov/news/press-releases/jy2473
        https://therecord.media/cyber-army-russia-us-sanctions
        https://cyberscoop.com/treasury-sanctions-russia-hacktivist-water/
      • Tech Giants Agree To Standardize AI Security
        "The largest and most influential artificial intelligence (AI) companies are joining forces to map out a security-first approach to the development and use of generative AI.The Coalition for Secure AI, also called CoSAI, aims to provide the tools to mitigate the risks involved in AI. The goal is to create standardized guardrails, security technologies, and tools for the secure development of models."
        https://www.darkreading.com/cloud-security/tech-giants-agree-to-standardize-ai-security
        https://www.securityweek.com/cosai-tech-giants-form-coalition-for-secure-ai/
      • In Cybersecurity, Mitigating Human Risk Goes Far Beyond Training
        "As the stakes of cyberattacks continue to rise, organizations are throwing more and more money at innovative new services and equipment to thwart them. But, at the same time, many are still taking a customary, one-size-fits-all approach to securing perhaps the most critical threat vector: the human element. There's little to be gained by spending more on locks and security guards if someone unknowingly leaves the door open for robbers into the building."
        https://www.darkreading.com/cyber-risk/in-cybersecurity-mitigating-human-risk-goes-far-beyond-training
      • UK Cops Arrest Teen Suspect In MGM Resorts Cyberattack Probe
        "Cops in the UK have arrested a suspected member of the notorious Scattered Spider crime gang, which is accused of crippling MGM Resorts in Las Vegas with ransomware last summer. West Midlands police - along with officials from Britain's National Crime Agency and the FBI - cuffed the 17-year-old, of Walsall, England, on Thursday. The suspect, whose name has not been released, was taken into custody on suspicion of blackmail and breaking the UK's Computer Misuse Act. He's now out on bail."
        https://www.theregister.com/2024/07/19/uk_mgm_suspect_arrested/
        https://www.westmidlands.police.uk/news/west-midlands/news/news/2024/july/walsall-teenager-arrested-in-joint-west-midlands-police-and-fbi-operation/
        https://therecord.media/mgm-hack-teenager-arrest-britain
        https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/
        https://thehackernews.com/2024/07/17-year-old-linked-to-scattered-spider.html
      • The Complexities Of Cybersecurity Update Processes
        "Cybersecurity is often about speed; a threat actor creates a malicious attack technique or code, cybersecurity companies react to the new threat and if necessary, adjust and adopt methods to detect the threat. That adoption may require updating cloud detection systems and/or updating endpoint devices to provide the protection needed against the threat. And speed is of the essence as the cybersecurity industry is there to protect, detect and respond to threats as they happen."
        https://www.welivesecurity.com/en/cybersecurity/complexities-cybersecurity-update-processes/
      • Beyond The Blue Screen Of Death: Why Software Updates Matter
        "In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system. The ominous screen with its cryptic error messages invokes a mix of alarm and frustration even among many seasoned technology users."
        https://www.welivesecurity.com/en/cybersecurity/beyond-blue-screen-death-software-updates/
      • Nationwide Policing Operation Targets Widespread SIM Box Fraud
        "Policing agencies across Australia have joined forces in a National Day of Action (Thursday 18 July, 2024), coordinated by the AFP-led Joint Policing Cybercrime Coordination Centre (JPC3), to disrupt cyber criminals allegedly using SIM boxes to scam hundreds of Australians. SIM boxes are allegedly used by criminals to commit large-scale SMS phishing attacks known as 'smishing'. Smishing is a malicious attack that uses deceptive text messages to deceive victims into downloading malware or sharing personal information."
        https://www.afp.gov.au/news-centre/media-release/nationwide-policing-operation-targets-widespread-sim-box-fraud
        https://www.itnews.com.au/news/australian-police-seize-devices-used-to-send-over-318-million-phishing-texts-610003

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5e50f87a-4a51-43e1-a99c-8f67834fcac1-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post