NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 31 July 2024

    Cyber Security News
    2
    1
    97
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector

      • Insecure File-Sharing Practices In Healthcare Put Patient Privacy At Risk
        "Healthcare organizations continue to put their business and patients at risk of exposing their most sensitive data, according to Metomic. 25% of publicly shared files owned by healthcare organizations contain Personally Identifiable Information (PII). 68% of private files that have been shared externally (giving access to people outside of the organization) contained PII and 77% of private files shared internally."
        https://www.helpnetsecurity.com/2024/07/30/healthcare-sensitive-data/

      Industrial Sector

      • Securing Remote Access To Mission-Critical OT Assets
        "In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments. Geyer also addresses the challenges and solutions for securing remote access to critical OT assets."
        https://www.helpnetsecurity.com/2024/07/30/grant-geyer-claroty-ot-assets-remote-access/
      • Four Key Trends In Operational Technology
        "Today, threat actors are increasingly targeting operational technology (OT) infrastructure. According to the Fortinet 2024 State of Operational Technology and Cybersecurity Report, OT organizations struggle to keep up as cyberattacks on OT systems surge by 73%. But the news isn’t all bad. Even though OT professionals report more intrusions and worse outcomes, security is evolving in many organizations. Everything from leadership structure to technologies that protect OT systems are moving forward. Yet even as many organizations improve security, they still face challenges securing converged IT/OT environments."
        https://www.fortinet.com/blog/business-and-technology/four-key-trends-in-operational-technology

      Vulnerabilities

      • Apple Rolls Out Security Updates For iOS, MacOS
        "Apple on Monday announced a hefty round of security updates that address dozens of vulnerabilities impacting both newer and older iOS and macOS devices. iOS 17.6 and iPadOS 17.6 were released for the latest generation iPhone and iPad devices with fixes for 35 security defects that could lead to authentication and policy bypasses, unexpected application termination or system shutdown, information disclosure, denial-of-service (DoS), and memory leaks."
        https://www.securityweek.com/apple-rolls-out-security-updates-for-ios-macos/
        https://www.cisa.gov/news-events/alerts/2024/07/30/apple-releases-security-updates-multiple-products
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-warns-of-vmware-esxi-bug-exploited-in-ransomware-attacks/
        https://securityaffairs.com/166362/security/cisa-vmware-esxi-bug-known-exploited-vulnerabilities-catalog.html

      Malware

      • OneDrive Pastejacking: The Crafty Phishing And Downloader Campaign
        "Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems."
        https://www.trellix.com/blogs/research/onedrive-pastejacking/
        https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html
        https://securityaffairs.com/166312/hacking/microsoft-onedrive-phishing.html
        https://www.infosecurity-magazine.com/news/phishing-campaign-targets/
      • SideWinder Utilizes New Infrastructure To Target Ports And Maritime Facilities In The Mediterranean Sea
        "As part of our continuous threat hunting efforts, the BlackBerry Threat Research and Intelligence team has discovered a new campaign by the nation-state threat actor known as SideWinder. We have been actively tracking this threat actor since our last report on the group in mid-2023. SideWinder has since upgraded its infrastructure and now utilizes new techniques and tactics in its efforts to compromise victims."
        https://blogs.blackberry.com/en/2024/07/sidewinder-targets-ports-and-maritime-facilities-in-the-mediterranean-sea
        https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html
        https://securityaffairs.com/166325/breaking-news/sidewinder-phishing-campaign-maritime-facilities.html
        https://www.securityweek.com/indian-apt-targeting-mediterranean-ports-and-maritime-facilities/
      • Unmasking The SMS Stealer: Targeting Several Countries With Deceptive Apps
        "One-time passwords (OTPs) are designed to add an extra layer of security to online accounts, and most enterprises have become very dependent upon them for controlling access to sensitive data and applications. However, these passwords are just as valuable to attackers. Mobile malware has become increasingly sophisticated, employing cunning tactics to steal these crucial codes and bypass their added protection to enable malicious infiltration to corporate networks and data."
        https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/
        https://www.bleepingcomputer.com/news/security/massive-sms-stealer-campaign-infects-android-devices-in-113-countries/
      • UNC4393 Goes Gently Into The SILENTNIGHT
        "In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware indicators. This marked Mandiant's initial identification of UNC4393, the primary user of BASTA ransomware. Mandiant has responded to over 40 separate UNC4393 intrusions across 20 different industry verticals. While healthcare organizations have not traditionally been a focus for UNC4393, several breaches in the industry this year indicate a possible expansion of their interests. However, this represents only a fraction of the cluster's victims, with the Black Basta data leak site purporting over 500 victims since inception."
        https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight/
        https://www.bleepingcomputer.com/news/security/black-basta-ransomware-switches-to-more-evasive-custom-malware/
      • Crooks Bypassed Google’s Email Verification To Create Workspace Accounts, Access 3rd-Party Services
        "Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google Workspace account, and leverage that to impersonate a domain holder at third-party services that allow logins through Google’s “Sign in with Google” feature. Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google had blocked."
        https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/
        https://hackread.com/google-workspace-vulnerability-hackers-access-services/
      • Do Shoot The Messenger: Telegram-Controlled Backdoor Trojan Targets Linux Servers
        "Doctor Web virus analysts exposed a Linux version of the well-known TgRat trojan, which is used for targeted attacks on computers. One notable feature of this trojan is that it is controlled via a Telegram bot. This malware belongs to the Remote Access Trojan type, better known by its rather unpleasant but very apt acronym — RAT. Essentially, RATs are the same remote access and administration tools we have all become accustomed to since the COVID lockdowns, only this time they are playing for the bad guys. The main difference is that the targeted user should not suspect that someone else is controlling their machine."
        https://news.drweb.com/show/?i=14877&lng=en
        https://hackread.com/telegram-controlled-tgrat-trojan-targets-linux-servers/
      • Threat Actor Impersonates Google Via Fake Ad For Authenticator
        "We have previously reported on the brand impersonation issue with Google ads: users who search for popular keywords are shown malicious ads that purport to be from an official vendor. Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself."
        https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
      • The Scam Strikes Back: Exploiting The CrowdStrike Outage
        "Recently we witnessed one of the most significant IT disruptions in history, affecting a wide range of sectors such as banking, airlines, and emergency services. At the heart of this disruption was CrowdStrike, known for its Falcon enterprise security solutions. The issue stemmed from a faulty security update that corrupted the Windows OS kernel, leading to a widespread Blue Screen of Death (BSOD)."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/the-scam-strikes-back-exploiting-the-crowdstrike-outage/
      • Phishing Targeting Polish SMBs Continues Via ModiLoader
        "Just a few months back, ESET Research published a blogpost about massive phishing campaigns across Central and Eastern Europe carried out during the second half of 2023. In those campaigns Rescoms malware (also known as Remcos), protected by AceCryptor, was delivered to potential victims with the goals of credential theft and potential gain of initial access to company networks."
        https://www.welivesecurity.com/en/eset-research/phishing-targeting-polish-smbs-continues-modiloader/
        https://thehackernews.com/2024/07/cybercriminals-target-polish-businesses.html
      • Russia, Moldova Targeted By Obscure Hacking Group In New Cyberespionage Campaign
        "A cyberespionage group known as XDSpy recently targeted victims in Russia and Moldova with a new malware variant, researchers have found. In a campaign earlier this month, the suspected nation state-linked group sent phishing emails to targets in Russia, including a tech company that develops software for cash registers, as well as to an unidentified organization in Transnistria, the Russian-controlled breakaway region in Moldova."
        https://therecord.media/russia-moldova-cyberespionage-campaign
      • 'LockBit Of Phishing' EvilProxy Used In More Than a Million Attacks Every Month
        "The developers of EvilProxy – a phishing kit dubbed the "LockBit of phishing" – have produced guides on using legitimate Cloudflare services to disguise malicious traffic. This adds to the ever-growing arsenal of tools offering criminals who lack actual technical expertise to get into the digital thievery biz. EvilProxy is a reverse-proxy phishing kit sold on dark-web marketplaces, earning it the moniker "phishing-as-a-service" (PhaaS). The tool has helped crooks launch attacks since at least mid 2022, according to Resecurity – one of the first threat hunters to warn of the toolkit's existence."
        https://www.theregister.com/2024/07/30/evilproxy_phishing_kit_analysis/
      • Beware Of Fake AI Tools Masking Very Real Malware Threats
        "Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or probe for vulnerabilities."
        https://www.welivesecurity.com/en/cybersecurity/beware-fake-ai-tools-masking-very-real-malware-threat/

      Breaches/Hacks/Leaks

      • ICO Reprimands The Electoral Commission After Cyber Attack Compromises Servers
        "We have issued a reprimand to the Electoral Commission after hackers gained access to servers that contained the personal information of approximately 40 million people. In August 2021, hackers successfully accessed the Electoral Commission’s Microsoft Exchange Server by impersonating a user account and exploiting known software vulnerabilities in the system that had not been secured."
        https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/07/ico-reprimands-the-electoral-commission-after-cyber-attack-compromises-servers/
        https://www.bleepingcomputer.com/news/security/uk-govt-links-2021-electoral-commission-breach-to-exchange-server/
        https://therecord.media/elections-agency-flaws-ico-hackers
        https://www.bankinfosecurity.com/uk-ico-reprimands-electoral-commission-for-2021-hack-a-25888
        https://www.infosecurity-magazine.com/news/ico-electorial-commission-security/
      • Hackers Are Stealing GenAI Credentials, So What Sensitive Company Data Are They Getting Their Hands On?
        "On the Underground Hacker Markets, a criminal can purchase any number of illegal goods. They can get everything from online banking credentials, credit card numbers, guns, Fullz (full identity packets used for identity theft), drugs, PayPal credentials, passports, and now they can even purchase your Generative AI (GenAI) account credentials. As seen in (Figure 1), these include credentials for ChatGPT, Quillbot, Notion, Huggingface, Replit and the list goes on, as discovered by eSentire’s cybersecurity research team, the Threat Response Unit (TRU)."
        https://www.esentire.com/blog/hackers-are-stealing-genai-credentials-so-what-sensitive-company-data-are-they-getting-their-hands-on
        https://www.darkreading.com/threat-intelligence/criminal-hackers-add-genai-credentials-to-underground-markets
        https://www.infosecurity-magazine.com/news/genai-dark-web-400-daily-listings/
      • Western Sydney Uni Attackers Accessed Isilon Storage Directories Over Eight Months
        "Western Sydney University has revealed that attackers had access to its Isilon storage infrastructure and 580TB of data for over eight months. The university said that the attackers accessed “83 of the 400 directories in Isilon” and with that, a trove of personally identifiable and sensitive information. Isilon is a network-attached storage system that was once made by a company of the same name, before being bought by EMC, which in turn was bought by Dell."
        https://www.itnews.com.au/news/western-sydney-uni-attackers-accessed-isilon-storage-directories-over-eight-months-610256
        https://www.westernsydney.edu.au/news/cyber-incident

      General News

      • Re-Extortion: How Ransomware Gangs Re-Victimize Victims
        "Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics."
        https://www.tripwire.com/state-of-security/re-extortion-how-ransomware-gangs-re-victimize-victims
      • Surging Data Breach Disruption Drives Costs To Record Highs
        "Security teams are getting better at detecting and responding to breach incursions, but attackers are inflicting greater pain on organizations’ bottom lines. IBM’s recent Cost of a Data Breach Report 2024 found the global average breach hit a record $4.88 million. That’s a 10% increase from 2023 and the largest spike since the pandemic. While the study notes that organizations, on average, improved their time to identify and contain breaches, rising business costs drove the global average breach cost higher. Among the largest contributors were lost business costs, expenses from post-breach customer support (such as setting up help desks and credit monitoring services) and paying regulatory fines. Some 70% of the 604 organizations studied reported that their operations were either significantly or moderately disrupted."
        https://securityintelligence.com/posts/whats-new-2024-cost-of-a-data-breach-report/
        https://therecord.media/ibm-breach-report-cost-rise-to-5-million
        https://www.helpnetsecurity.com/2024/07/30/ibm-cost-data-breach-report-2024/
      • Dark Angels Ransomware Receives Record-Breaking $75 Million Ransom
        "A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount— an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics (which we describe below)," reads the 2024 Zscaler Ransomware Report."
        https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-receives-record-breaking-75-million-ransom/
        https://www.zscaler.com/resources/industry-reports/threatlabz-ransomware-report.pdf
        https://hackread.com/75-million-ransom-paid-dark-angels-ransomware-group/
      • DigiCert Mass-Revoking TLS Certificates Due To Domain Validation Bug
        "DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. It is unclear how many certificates will be revoked during this process, but the company says it affects approximately 0.4% of the applicable domain validations they have conducted between August 2019 and June 2024."
        https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/
        https://www.digicert.com/support/certificate-revocation-incident
        https://www.theregister.com/2024/07/31/digicert_certificates_revoked/
      • Account Takeover Fraud Declines In Financial Services
        "Account takeover fraud in the financial services industry is declining in contrast with other industries such as retail and hospitality. Researchers at Human Security attribute the nearly 50% reduction to one of the basic controls in cybersecurity: multifactor authentication. Human Security, which blocked more than 352 billion attempts at account takeover, carding attacks and web scraping across its customer base in 2023, said the percentage of ATO attacks against banks fell from 49% in 2022 to 26% in 2023, as attacks on the travel and hospitality industry jumped from 32% of traffic on login pages to 52% of traffic during the same period, according to a new report."
        https://www.bankinfosecurity.com/account-takeover-fraud-declines-in-financial-services-a-25884
        https://www.humansecurity.com/hubfs/HUMAN_Report_Quadrillion-Cyberthreat-Benchmarks_2024.pdf
      • Threat Spotlight: How Company Size Affects The Email Threats Targeting Your Business
        "It takes less than a minute for someone to fall for a phishing scam. According to the 2024 Data Breach Investigations Report, the median time for a recipient to click on a malicious link after opening the email is 21 seconds, followed by 28 seconds to enter the requested data. Email-based attacks are not just fast — they are widespread and successful. This is because they are relatively low cost and easy to implement and can be scaled and adapted as new tools and capabilities become available."
        https://blog.barracuda.com/2024/07/30/threat-spotlight-company-size-email-threats
      • The CrowdStrike Meltdown: A Wake-Up Call For Cybersecurity
        "On July 19, the world experienced one of the largest IT outages in history, affecting millions of users globally, and systems and people will be reeling from its impact for weeks. The cause? A faulty update on CrowdStrike's Falcon platform. This seemingly minor error in code cascaded into a major outage, affecting critical infrastructure worldwide. Airports, hospital systems, and other large enterprises relying on CrowdStrike were brought to a standstill, highlighting the vulnerabilities inherent in our increasingly digital world."
        https://www.darkreading.com/vulnerabilities-threats/crowdstrike-meltdown-wake-up-call-for-cybersecurity
      • NVD CVE Analysis Rate Report
        "The following estimates are calculated using data from the NVD Dashboard. At the time of this reports generation, NVD's 2024 daily average for analyzing new CVEs is 30.1. There is a current backlog of 17118 CVEs awaiting analysis. With an average influx of 111.9 new CVEs per day, a daily average of 223.06 analyses is required to clear this backlog and process new CVEs. Currently, NVD is falling short of this goal by 192.96 CVEs a day. Given this data, if the current daily rate of CVE analysis persists, the projected number of CVEs awaiting analysis by the end of 2024 will be 29715.2."
        https://www.fortressinfosec.com/nvd-analysis-report
        https://www.darkreading.com/vulnerabilities-threats/nvd-backlog-continues-to-grow
      • Just One In 10 Attacks Flagged By Security Tools
        "Only 12% of simulated cyber-attacks triggered an alert and just half (56%) were logged by detection tools, according to a new study from Picus Security. The security validation company analyzed 136 million simulated attacks to compile its latest research, The Blue Report 2024: State of Exposure Management. It claimed that, although organizations prevent 70% of attacks on average, gaps in threat exposure management can enable attackers using automation to move laterally through enterprise networks and compromise key assets."
        https://www.infosecurity-magazine.com/news/one-10-attacks-detected-security/
      • Google Cloud CISO Phil Venables: ‘I’m Short-Term Pessimistic, Long-Term Optimistic’
        "Venables, who leads the risk, security, compliance and privacy teams at Google Cloud, offers some frank thoughts on CISA’s secure-by-design secure-by-default initiative, buyers holding software vendors accountable, the murky world of cybersecurity regulations, and how security leaders should view transformational change."
        https://www.securityweek.com/google-cloud-ciso-phil-venables-im-short-term-pessimistic-long-term-optimistic/
      • The State Of Endpoint Security In The Modern Threat Landscape
        "As the threat landscape has continued to rapidly evolve, so have the resource needs for all organizations. The combination of new technology and the surge in cyberattacks is creating risks for businesses on multiple digital fronts. These trends suggest that endpoint security, in particular, remains a critical battleground for protecting organizations from costly breaches. Historically, most attackers have infiltrated organizations through their networks — the sheer number and variety of endpoints today has made them a prime target for cyber criminals."
        https://blog.sonicwall.com/en-us/2024/07/the-state-of-endpoint-security-in-the-modern-threat-landscape/
      • Cyber Threat Intelligence: Illuminating The Deep, Dark Cybercriminal Underground
        "The deep and dark web, otherwise known as the cybercriminal underground, is where malicious actors gather to exchange plans, sell goods or services, and recruit others to help in their illicit activities. Grasping how it functions and the intelligence it offers is crucial for proactively safeguarding your environment against attacks, as it is in these spaces that threat actors frequently reveal their intentions prior to launching an attack."
        https://thehackernews.com/2024/07/cyber-threat-intelligence-illuminating.html
        https://cybersixgill.com/resources/state-of-the-underground-2024
      • AI-Powered Deepfake Tools Becoming More Accessible Than Ever
        "Imagine receiving a video call from your boss, only to realize later that it was a convincing deepfake orchestrated by cyber criminals. This scenario is no longer science fiction but a real threat in today's rapidly evolving digital landscape. Cybersecurity is one of the most pressing challenges for businesses in the digital age. Trend Micro's latest research reveals a significant increase in the availability of deep fake technology and the sophistication of AI tools in the cybercrime underground. This evolution creates more opportunities for mass exploitation, even by non-technically minded cyber criminals."
        https://www.trendmicro.com/en_us/research/24/g/ai-deepfake-cybercrime.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 2e3a8838-ec2e-4e88-a91e-278b30a7c181-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post