NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 July 2024

    Cyber Security News
    2
    1
    32
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • National Instruments IO Trace
        "Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-01
      • Hitachi Energy AFS/AFR Series Products
        "Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-02
      • National Instruments LabVIEW
        "Successful exploitation of these vulnerabilities could allow a local attacker to disclose information and execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-24-205-03
      • FrostyGoop Malware Attack Cut Off Heat In Ukraine During Winter
        "Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. FrostyGoop, the Windows malware used in this attack, is designed to target industrial control system (ICS) using the Modbus TCP communications, a standard ICS protocol across all industrial sectors."
        https://www.bleepingcomputer.com/news/security/frostygoop-malware-attack-cut-off-heat-in-ukraine-during-winter/
        https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_.pdf
        https://therecord.media/frostygoop-malware-ukraine-heat
        https://www.darkreading.com/ics-ot-security/novel-ics-malware-sabotaged-water-heating-services-in-ukraine
        https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html
        https://www.bankinfosecurity.com/hackers-froze-ukrainian-heating-systems-in-winter-a-25830
        https://cyberscoop.com/frostygoop-ics-malware-dragos-ukraine/
        https://www.securityweek.com/frostygoop-ics-malware-left-ukrainian-citys-residents-without-heating/
        https://securityaffairs.com/166087/malware/frostygoop-ics-malware-modbus.html

      Vulnerabilities

      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability
        CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication
        "Microsoft's Windows Hello for Business (WHfB) default phishing-resistant authentication model recently was found susceptible to downgrade attacks, allowing threat actors to crack into even biometrically protected PCs and laptops. WHfB authentication, which uses cryptographic keys embedded in a computer's Trusted Platform Module (TPM) and enabled by biometric or PIN-based verification, can be bypassed by altering the parameters within an authentication request."
        https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
      • Vulnerabilities In LangChain Gen AI
        "Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub:"
        https://unit42.paloaltonetworks.com/langchain-vulnerabilities/

      Malware

      • The Tap-Estry Of Threats Targeting Hamster Kombat Players
        "In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. Even though the gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game."
        https://www.welivesecurity.com/en/eset-research/tap-estry-threats-targeting-hamster-kombat-players/
        https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/
      • Daggerfly: Espionage Group Makes Major Update To Toolset
        "The Daggerfly (aka Evasive Panda, Bronze Highland) espionage group has extensively updated its toolset, introducing several new versions of its malware, most likely in response to exposure of older variants. The new tooling was deployed in a number of recent attacks against organizations in Taiwan and a U.S. NGO based in China, which indicates the group also engages in internal espionage. In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware."
        https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset
        https://www.bleepingcomputer.com/news/security/evasive-panda-hackers-deploy-new-macma-macos-backdoor-version/
        https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html
        https://therecord.media/china-linked-daggerfly-revamps-toolset
        https://www.darkreading.com/threat-intelligence/china-evasive-panda-apt-spies-taiwan-targets-across-platforms
        https://www.bankinfosecurity.com/chinese-cyberespionage-group-expands-malware-arsenal-a-25823
        https://www.infosecurity-magazine.com/news/chinese-group-malware-target-os/
      • Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
        "CVE-2024-21412 is a security bypass vulnerability in Microsoft Windows SmartScreen that arises from an error in handling maliciously crafted files. A remote attacker can exploit this flaw to bypass the SmartScreen security warning dialog and deliver malicious files. Over the past year, several attackers, including Water Hydra, Lumma Stealer, and Meduza Stealer, have exploited this vulnerability."
        https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
      • Ukrainian Institutions Targeted Using HATVIBE And CHERRYSPY Malware
        "When it comes to the cyber threat landscape, change is the only The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using keyloggers and backdoors. constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable."
        https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html
        https://therecord.media/ukraine-scientific-institutions-espionage-russia
      • Attackers Abuse Swap File To Steal Credit Cards
        "When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in a recent incident we investigated, where bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the malware to survive multiple cleanup attempts — that is, until our analysts wrapped up their investigation. In this post, we’ll peel back the layers of this sophisticated ecommerce attack, offering valuable insights into how you can protect your own online store from similar threats."
        https://blog.sucuri.net/2024/07/attackers-abuse-swap-file-to-steal-credit-cards.html
        https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html
        https://securityaffairs.com/166073/malware/threat-actors-abused-swap-files-e-skimming.html

      Breaches/Hacks/Leaks

      • DeFi Exchange dYdX v3 Website Hacked In DNS Hijack Attack
        "Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. dYdX also warned users not to visit or interact with the hacked dydx[.] exchange platform and cautioned against withdrawing assets until the platform was safe to use."
        https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/
      • BreachForums v1 Hacking Forum Data Leak Exposes Members’ Info
        "The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. Multiple forums have operated under the name BreachForums, all devoted to building a community of collectors and threat actors who trade, sale, and leak data stolen from breached companies. The first data breach forum to rise to prominence was RaidForums, and after the FBI seized it in 2022, a threat actor known as Pompompurin launched a remake called BreachForums (aka Breached) to fill the void."
        https://www.bleepingcomputer.com/news/security/breachforums-v1-hacking-forum-data-leak-exposes-members-info/
      • Enterprise Resource Planning (ERP) Software Provider Exposed Millions Of Records In Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained 769 million records belonging to ClickBalance — a software provider that offers multiple cloud-based business services for automating administration, accounting, inventory, payroll processes, and more."
        https://www.websiteplanet.com/news/clickbalance-breach-report/
        https://hackread.com/mexico-erp-clickbalance-769-million-records-data-leak/

      General News

      • The CISO’s Approach To AI: Balancing Transformation With Trust
        "As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these new dangers."
        https://www.helpnetsecurity.com/2024/07/23/establishing-ai-tools-guardrails/
      • Confidential AI: Enabling Secure Processing Of Sensitive Data
        "In this Help Net Security interview, Anand Pashupathy, VP & GM, Security Software & Services Division at Intel, explains how Intel’s approach to confidential computing, particularly at the silicon level, enhances data protection for AI applications and how collaborations with technology leaders like Google Cloud, Microsoft, and Nvidia contribute to the security of AI solutions."
        https://www.helpnetsecurity.com/2024/07/23/anand-pashupathy-intel-ai-data-protection/
      • Russia’s Cyber Campaign Shifts To Ukraine’s Frontlines
        "Russian intelligence services have now adapted their thinking about how to optimally integrate cyber and conventional capabilities. With the main thrust of Russia's anticipated summer offensive underway, it is an opportune moment to take stock of the significant and underappreciated changes that have taken hold in Moscow’s approach to cyber operations in Ukraine."
        https://rusi.org/explore-our-research/publications/commentary/russias-cyber-campaign-shifts-ukraines-frontlines
        https://www.darkreading.com/ics-ot-security/russia-adjusts-cyber-strategy-for-the-long-haul-in-ukraine-war
        https://www.infosecurity-magazine.com/news/russia-cyber-focus-battlefield/
      • QR Codes: Convenience Or Cyberthreat?
        "Evolving phishing threats, such as QR code attacks, pose significant risks to organizations across various industries, including retail, healthcare, construction, and engineering. Such modern attacks urge businesses targeted by cybercriminals to adopt robust protection to safeguard sensitive information against data breaches, exfiltration, un-authorization, or illegal access. These vulnerabilities could further be leveraged for additional attacks."
        https://www.trendmicro.com/en_us/research/24/g/mitigate-risk-of-QR-code-phising-attacks.html
      • SonicWall 2024 Mid-Year Cyber Threat Report: IoT Madness, PowerShell Problems And More
        "The first half of 2024 is in the rearview mirror, and SonicWall’s 2024 Mid-Year Cyber Threat Report uses the data we gathered in that time to paint a clearer picture of the current threat landscape and industry trends. Business email compromise (BEC) attacks are on the rise, supply chain attacks and the risks associated with them are increasing and IoT malware is becoming more and more of an issue. Plus, we provide a SOC perspective on the year’s threats and trends so far. And to measure it all, we have a more accurate system in place."
        https://blog.sonicwall.com/en-us/2024/07/sonicwall-2024-mid-year-cyber-threat-report-iot-madness-powershell-problems-and-more/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 8a92627d-7fbb-4f7a-855d-d1b729a07135-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post