NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 02 August 2024

    Cyber Security News
    2
    1
    257
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • CISA Releases Nine Industrial Control Systems Advisories
        "CISA released nine Industrial Control Systems (ICS) advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS."
        https://www.cisa.gov/news-events/alerts/2024/08/01/cisa-releases-nine-industrial-control-systems-advisories

      Vulnerabilities

      • Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances
        "Roughly 20,000 VMware ESXi servers that are apparently unpatched against an exploited vulnerability are accessible from the internet, data from The Shadowserver Foundation shows. The flaw, tracked as CVE-2024-37085 (CVSS score of 6.8) is a medium-severity authentication bypass that allows threat actors to gain full access to a vulnerable ESXi instance."
        https://www.securityweek.com/exploited-vulnerability-could-impact-20k-internet-exposed-vmware-esxi-instances/
        https://securityaffairs.com/166432/hacking/vmware-esxi-cve-2024-37085-vulnerable-instances.html
      • Over 20,000 Ubiquiti Cameras And Routers Are Vulnerable To Amplification Attacks And Privacy Risks
        "Check Point Research (CPR) assessed the popular Ubiquiti G4 Instant Camera, a compact, wide-angle, WiFi-connected camera with two-way audio, along with the accompanying Cloud Key+ device that supports the application."
        https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
      • There Is No Real Fix To The Security Issues Recently Found In GitHub And Other Similar Software
        "A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic “it’s a feature, not a bug” category. Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door open for a malicious actor to steal a project key and then view deleted forks and versions of any project on GitHub."
        https://blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/
      • Homebrew 2023 Security Audit
        "Homebrew had a security audit performed in 2023. This audit was funded by the Open Technology Fund and conducted by Trail of Bits. Trail of Bits’ report contained 25 items, of which 16 were fixed, 3 are in progress, and 6 are acknowledged by Homebrew’s maintainers. Below is the scope of testing, findings by severity, and mitigation and acknowledgements. You can read Trail of Bits’ blog post on the audit here and find the full public report here."
        https://brew.sh/2024/07/30/homebrew-security-audit/
        https://www.securityweek.com/homebrew-security-audit-finds-25-vulnerabilities/

      Malware

      • Threat Actor Abuses Cloudflare Tunnels To Deliver RATs
        "Proofpoint is tracking a cluster of cybercriminal threat activity leveraging Cloudflare Tunnels to deliver malware. Specifically, the activity abuses the TryCloudflare feature that allows an attacker to create a one-time tunnel without creating an account. Tunnels are a way to remotely access data and resources that are not on the local network, like using a virtual private network (VPN) or secure shell (SSH) protocol. First observed in February 2024, the cluster increased activity in May through July, with most campaigns leading to Xworm, a remote access trojan (RAT), in recent months."
        https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats
        https://www.bleepingcomputer.com/news/security/hackers-abuse-free-trycloudflare-to-deliver-remote-access-malware/
      • StackExchange Abused To Spread Malicious Python Package That Drains Victims’ Crypto Wallets
        "A malicious campaign involving several python packages, most notably the “spl-types” Python package began on June 25th with the upload of an innocuous package to PyPI. This initial version, devoid of malicious content, was intended to establish credibility and avoid immediate detection. It was a wolf in sheep’s clothing, waiting for the right moment to reveal its true nature. The attacker’s patience paid off on July 3rd when they unleashed multiple malicious versions of the package."
        https://checkmarx.com/blog/stackexchange-abused-to-spread-malicious-python-package-that-drains-victims-crypto-wallets/
        https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/
        https://thehackernews.com/2024/08/hackers-distributing-malicious-python.html
      • FBI Warns Of Scammers Impersonating Cryptocurrency Exchanges
        "The FBI warns of scammers impersonating cryptocurrency exchange employees to steal funds."
        https://www.ic3.gov/Media/Y2024/PSA240801
        https://www.bleepingcomputer.com/news/security/fbi-warns-of-scammers-posing-as-crypto-exchange-employees/
      • APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute With ShadowPad And Cobalt Strike
        "In August 2023, Cisco Talos detected abnormal PowerShell commands connecting to an IP address to download and execute PowerShell scripts in the environment of a Taiwanese government-affiliated research institute. The victim in this attack was a research institute in Taiwan, affiliated with the government, that specializes in computing and associated technologies. The nature of research and development work carried out by the entity makes it a valuable target for threat actors dedicated to obtaining proprietary and sensitive technologies of interest to them."
        https://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/
        https://therecord.media/taiwan-government-backed-research-institution-apt41-hack
      • Detecting Evolving Threats: NetSupport RAT Campaign
        "In November 2023, security vendors identified a new NetSupport RAT campaign that used fake browser updates from compromised and malicious websites to trick users into downloading a stager that downloads and invokes PowerShell commands to install the NetSupport manager agent onto the victim’s machine and establish persistence."
        https://blog.talosintelligence.com/detecting-evolving-threats-netsupport-rat/
      • Black Basta Develops Custom Malware In Wake Of Qakbot Takedown
        "The enormously successful Black Basta ransomware group has pivoted to using new custom tools and initial access techniques as part of a shift in strategy in the wake of last year's takedown of the Qakbot botnet."
        https://www.darkreading.com/threat-intelligence/black-basta-develops-custom-malware-in-wake-of-qakbot-takedown
      • Social Media Malvertising Campaign Promotes Fake AI Editor Website For Credential Theft
        "We discovered a malvertising campaign involving a threat actor that steals social media pages (typically related to photography), changing their names to make them seem connected to popular AI photo editors. The threat actor then creates malicious posts with links to fake websites made to resemble the actual website of the legitimate photo editor. To increase traffic, the perpetrator then boosts the malicious posts via paid ads."
        https://www.trendmicro.com/en_us/research/24/h/malvertising-campaign-fake-ai-editor-website-credential-theft.html
        https://www.darkreading.com/cyberattacks-data-breaches/attackers-hijack-facebook-pages-promote-malicious-ai-photo-editor
      • RansomEXX Group Targets Indian Banking With New Tactics
        "A significant ransomware attack has recently compromised India's banking sector, affecting banks and payment providers. The attack has primarily targeted Brontoo Technology Solutions, a major partner of C-Edge Technologies Ltd, a collaboration between Tata Consultancy Services and State Bank of India."
        https://www.infosecurity-magazine.com/news/ransomexx-targets-indian-banking/
      • How “professional” Ransomware Variants Boost Cybercrime Groups
        "Cybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published. With a set of standard tools and a freshly built (and sometimes slightly altered) ransomware sample, victims can be sought, and the malicious activity can spread."
        https://securelist.com/sexi-key-group-mallox-ransomware/113183/
      • Grandoreiro Malware: Spear Phishing, Outlook Exploits, And More
        "Grandoreiro, a banking trojan that once preyed on Latin American financial institutions, has reemerged. Previously thought to have been shut down in a joint operation spearheaded by the Federal Police of Brazil, Flashpoint analysts have observed new reports of the malware targeting victims in North America, Europe, Asia, and Africa. Now that this once-regional threat has gone global, it is essential that organizations understand how the trojan works and learn how to protect against it."
        https://flashpoint.io/blog/grandoreiro-malware-exploits/

      General News

      • NCA Shuts Down Major Fraud Platform Responsible For 1.8 Million Scam Calls
        "Today, the National Crime Agency can reveal that they have shut down a platform used by hundreds of criminals to defraud victims across the world. Russian Coms, established in 2021, is thought to be behind financial losses in the tens of millions. An estimated 170,000 people across the UK are believed to be victims. The platform allowed criminals to hide their identity by appearing to call from pre-selected numbers, most commonly of financial institutions, telecommunications companies and law enforcement agencies. This enabled them to gain the trust of victims before stealing their money and personal details."
        https://www.nationalcrimeagency.gov.uk/news/nca-shuts-down-major-fraud-platform-responsible-for-1-8-million-scam-calls
        https://www.bleepingcomputer.com/news/security/uk-takes-down-russian-comms-caller-id-spoofing-platform-used-to-scam-170-000-people/
        https://www.infosecurity-magazine.com/news/scam-platform-shut-dow-by-uk/
        https://therecord.media/russian-coms-caller-id-spoofing-service-arrests-takedown-uk-nca
      • Leader Of Tech Support Fraud Scheme Sentenced To Seven Years In Priso
        "Damian Williams, the United States Attorney for the Southern District of New York, announced that VINOTH PONMARAN was sentenced to seven years in prison for participating in a fraud conspiracy that exploited elderly victims by remotely accessing their computers and convincing victims to pay for computer support services that they did not need and which were never actually provided. In total, the conspiracy generated more than $6 million in criminal proceeds from at least approximately 6,500 victims."
        https://www.justice.gov/usao-sdny/pr/leader-tech-support-fraud-scheme-sentenced-seven-years-prison
        https://www.bleepingcomputer.com/news/legal/tech-support-scam-ring-leader-gets-7-years-in-prison-6m-fine/
      • Capability Vs. Usability
        "Many people have the experience of buying a product for personal use, that has all the capability and more that you could wish for. When you actually start using it you discover that you don’t have the expertise or perhaps time, to really get the best out of it, or that the way the product is designed makes it an over complex set of tasks to get to the result you are needing - TV/video recorders are classic examples."
        https://www.cybereason.com/blog/capability-vs-usability
      • Attacks On Bytecode Interpreters Conceal Malicious Injection Activity
        "Attackers can hide their attempts to execute malicious code by inserting commands into the machine code stored in memory by the software interpreters used by many programming languages, such as VBScript and Python, a group of Japanese researchers will demonstrate at next week's Black Hat USA conference."
        https://www.darkreading.com/vulnerabilities-threats/attacks-on-bytecode-interpreters-conceal-malicious-injection-activity
      • Law Firms Hit With Average Ransom Demand Of $2.5 Million
        "Since 2018, 138 legal firms across the globe have publicly confirmed ransomware attacks on their systems, impacting at least 2.9 million records. 2023 saw the highest number of attacks (45) and records affected (1.6 million) so far. A growing number of ransomware gangs use double-extortion tactics by stealing data and encrypting systems. The legal sector is an increasingly attractive target for cybercriminals. With troves of sensitive data, hackers can shore up their chances of securing payment by threatening to put solicitors’ clients’ data on the dark web if their ransom demands aren’t met."
        https://www.comparitech.com/blog/information-security/ransomware-attacks-law-firms/
        https://www.darkreading.com/threat-intelligence/more-legal-records-stolen-2023-than-prior-5-years-combined
      • Threat Intelligence: A Blessing And a Curse?
        "Access to timely and accurate threat intelligence is now core to security operations for many organizations. Today, it seems that security teams are blessed with an abundance of data and intelligence feeds to choose from. However, selecting the right information from a myriad of sources and transforming it into action is, for many, a formidable challenge, and for some probably a curse."
        https://www.helpnetsecurity.com/2024/08/01/threat-intelligence-platform-tips/
      • Why CISOs Face Greater Personal Liability
        "In this Help Net Security interview, Christos Tulumba, CISO at Veritas Technologies, discusses the key factors contributing to increased personal liability risks for CISOs. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches."
        https://www.helpnetsecurity.com/2024/08/01/christos-tulumba-veritas-technologies-cisos-personal-liability/
      • Airlines Are Flying Blind On Third-Party Risks
        "The aviation industry has traditionally focused on physical security threats, but recent revelations about risks on Boeing‘s supply chain have spotlighted the critical need to measure and mitigate supply chain risk, according to SecurityScorecard."
        https://www.helpnetsecurity.com/2024/08/01/airlines-third-party-risks/
      • BEC Attacks Surge 20% Annually Thanks To AI Tooling
        "Business email compromise (BEC) attacks have risen sharply over the past year thanks to the use of AI tools to generate scam messages, according to a new study from Vipre Security Group. The threat intelligence provider’s Email Threat Trends Report: Q2 2024 is based on proprietary intelligence from the firm. The vendor processed 1.8 billion emails globally, detecting 226 million spam messages and nearly 17 million malicious URLs during the period."
        https://www.infosecurity-magazine.com/news/bec-attacks-surge-20-annually-ai/
      • Organizations Fail To Log 44% Of Cyber Attacks, Major Exposure Gaps Remain
        "40% of tested environments allowed attack paths that lead to domain admin access, according to Picus Security. Achieving domain admin access is particularly concerning because it is the highest level of access within an organization’s IT infrastructure, and is like giving attackers a master key. The report was based on a worldwide comprehensive analysis of more than 136 million cyber attacks simulated by the Picus Security Validation Platform."
        https://www.helpnetsecurity.com/2024/08/02/threat-exposure-management/
      • The Cyberthreat That Drives Businesses Towards Cyber Risk Insurance
        "If we were to stop people on the street and ask for words to describe the people involved in the world of cyber, there would, undoubtedly, be many words used. I am confident they would include: innovators, entrepreneurs, millionaires, geeks – and criminals. The latter, of course, refers not to those in the legitimate cyber world, but to the scammers and fraudsters that we often describe as cybercriminals."
        https://www.welivesecurity.com/en/business-security/cyberthreat-drives-businesses-cyber-risk-insurance/
      • Firefox's Mozilla Follows Google In Losing Trust In Entrust's TLS Certificates
        "Mozilla is following in Google Chrome's footsteps in officially distrusting Entrust as a root certificate authority (CA) following what it says was a protracted period of compliance failures. A little over a month ago, Google was the first to make the bold step of dropping Entrust as a CA, saying it noted a "pattern of concerning behaviors" from the company."
        https://www.theregister.com/2024/08/01/mozilla_entrust/
        https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/jCvkhBjg9Yw?pli=1

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) eb4aab2c-e621-44a3-b57f-69ceabd0e700-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post