NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 August 2024

    Cyber Security News
    2
    1
    328
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Vulnerabilities

      • Increased Activity Against Apache OFBiz CVE-2024-32113
        "As part of its extensive project portfolio, the Apache Foundation supports OFBiz, a Java-based framework for creating ERP (Enterprise Resource Planning) applications [1]. OFBiz appears to be far less prevalent than commercial alternatives [2]. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical."
        https://isc.sans.edu/diary/Increased Activity Against Apache OFBiz CVE-2024-32113/31132
        https://thehackernews.com/2024/08/mirai-botnet-targeting-ofbiz-servers.html
      • Linux Kernel Impacted By New SLUBStick Cross-Cache Attack
        "A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. The discovery comes from a team of researchers from the Graz University of Technology who demonstrated the attack on Linux kernel versions 5.9 and 6.2 (latest) using nine existing CVEs in both 32-bit and 64-bit systems, indicating high versatility."
        https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/
        https://www.stefangast.eu/papers/slubstick.pdf

      Malware

      • StormBamboo Compromises ISP To Abuse Insecure Software Update Mechanisms
        "In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). In those incidents, multiple malware families were found being deployed to macOS and Windows systems across the victim organizations’ networks."
        https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
        https://therecord.media/china-based-hackers-evasive-isps-malware
        https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/
      • BlankBot - a New Android Banking Trojan With Screen Recording, Keylogging And Remote Control Capabilities
        "On July 24, 2024, Intel 471 Malware Intelligence researchers discovered malicious Android samples that impersonated utility applications which could not be attributed to any known existing malware family (see: Figure 1). We named it BlankBot since there was no reference via open sources at the time of this report. The first BlankBot samples were from the end of June 2024 and almost all were undetected by most antivirus software."
        https://intel471.com/blog/blankbot-a-new-android-banking-trojan-with-screen-recording-keylogging-and-remote-control-capabilities
        https://www.securityweek.com/new-blankbot-android-trojan-can-steal-user-data/
      • Fighting Ursa Luring Targets With Car For Sale
        "A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an advanced persistent threat (APT) [PDF]."
        https://unit42.paloaltonetworks.com/fighting-ursa-car-for-sale-phishing-lure/
        https://thehackernews.com/2024/08/apt28-targets-diplomats-with-headlace.html
        https://securityaffairs.com/166496/apt/russia-apt-headlace-malware.html
      • BITS And Bytes: Analyzing BITSLOTH, a Newly Identified Backdoor
        "BITSLOTH is a newly discovered Windows backdoor that leverages the Background Intelligent Transfer Service (BITS) as its command-and-control mechanism. BITSLOTH was uncovered during an intrusion within the LATAM region earlier this summer. This malware hasn't been publicly documented to our knowledge and while it’s not clear who’s behind the malware, it has been in development for several years based on tracking distinct versions uploaded to VirusTotal."
        https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth
        https://thehackernews.com/2024/08/new-windows-backdoor-bitsloth-exploits.html
      • Hackers Directly Email Customers Of Immigration Firm After Damaging Cyberattack
        "A prominent U.K.-based company offering immigration services and legal resources for those with international businesses warned officials in multiple countries that a recent cyberattack may have exposed sensitive customer information. Sable International, which has offices in the U.K., Australia and South Africa, released several statements this week about a “sophisticated” cyberattack that caused a range of issues."
        https://therecord.media/hackers-email-victims-customers-data-breach
      • Israeli Hacktivist Group Brags It Took Down Iran's Internet
        "Israel-based hacktivists are taking credit for an ongoing internet outage in Iran. Operating under the name WeRedEvils, the group has been around since at least October 2023, likely as a direct consequence of Hamas's attack on Israel, which led to the current Gaza war. "In the coming minutes we will attack systems and internet providers in Iran," WeRedEvils said on Telegram yesterday. "A hard blow is on the way.""
        https://www.theregister.com/2024/08/02/israeli_hacktivists/
      • Panamorfi: A New Discord DDoS Campaign
        "Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package – mineping – the threat actor launches a DDoS. Thus far we’ve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat actor and how to protect your environments."
        https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/
        https://thehackernews.com/2024/08/hackers-exploit-misconfigured-jupyter.html
        https://hackread.com/panamorfi-ddos-attack-misconfigured-jupyter-notebooks/

      Breaches/Hacks/Leaks

      • 4.6 Million Voter And Election Documents Exposed Online By Technology Contractor
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to VpnMentor about the discovery of 13 non-password-protected databases that contained 4.6 million documents, including voter records, ballots, multiple lists, and election-related records."
        https://www.vpnmentor.com/news/report-election-records-breach/
        https://hackread.com/millions-us-voter-data-exposed-misconfigured-databases/
      • Hackers Attempt To Sell The Personal Data Of 3 Billion People Resulting From An April Data Breach
        "Jerico Pictures Inc., operating as National Public Data, exposed the personal information of nearly 3 billion individuals in an April data breach."
        https://securityaffairs.com/166539/data-breach/personal-data-3-billion-people-data-breach.html

      General News

      • Cryptonator Seized For Laundering Ransom Payments, Stolen Crypto
        "U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. The alleged Cryptonator's operator, Roman Boss, has been charged with money laundering and running an unlicensed money service business operation. Cryptonator is an online cryptocurrency wallet launched in 2014 that allows users to store crypto and exchange between other cryptocurrencies within their personal wallet."
        https://www.bleepingcomputer.com/news/cryptocurrency/cryptonator-seized-for-laundering-ransom-payments-stolen-crypto/
        https://therecord.media/cryptonator-cryptocurrency-exchange-founder-indictment
      • Is The US Federal Government Increasing Cyber-Risk Through Monoculture?
        "Could the US federal government inadvertently be fueling perfect storm conditions for another unprecedented cyber incident that would have widespread implications for federal, state, and critical infrastructure services, similar to the recent CrowdStrike outage?"
        https://www.darkreading.com/cyber-risk/is-us-federal-government-increasing-cyber-risk-through-monoculture
      • Implementing Identity Continuity With The NIST Cybersecurity Framework
        "In the modern enterprise, where IT infrastructure, applications, and data are spread across multiple clouds, hybrid clouds, and on-premises data centers, identity ensures that the right individuals have access to the right resources at the right times. In many ways, identity is now on par with electricity when it comes to business continuity. Without it, business operations grind to a standstill."
        https://www.darkreading.com/cybersecurity-operations/implementing-identity-continuity-with-nist-cybersecurity-framework
      • Gaming Industry Faces 94% Surge In DDoS Attacks
        "The gaming industry has faced a 94% increase in layer 7 distributed denial-of-service (DDoS) attacks over the past year. According to Akamai, the figures highlight the growing cybersecurity challenges in a sector with 2.58 billion players and a market valuation of $184.4b."
        https://www.infosecurity-magazine.com/news/gaming-industry-faces-94-surge/
      • NCSC Unveils Advanced Cyber Defence 2.0 To Combat Evolving Threats
        "The UK’s National Cyber Security Centre (NCSC) has set out plans to launch a new version of its Active Cyber Defence (ACD) initiative to help businesses address evolving cyber-threats. ACD 2.0 will develop a “next generation” suite of cybersecurity tools and services that aim to plug gaps in the commercial market. The NCSC will also review the ACD’s current tools and services and will look to divest the management of its services to the private sector “where and when appropriate.”"
        https://www.infosecurity-magazine.com/news/ncsc-acd-evolving-threats/
        https://www.theregister.com/2024/08/02/uk_ncscs_plans_to_revamp/'
      • Five Chinese Nationals Indicted For Scamming Seniors Out Of More Than $27 Million
        "An indictment was unsealed today alleging that five individuals participated in a massive, complex fraud and money laundering scheme that resulted in losses of more than $27 million to over 2,000 seniors. During a coordinated law enforcement operation this morning in Los Angeles, California and Las Vegas, Nevada, about 60 federal, state and local law enforcement officials arrested four of the defendants—Zhao Wang of Henderson, Nevada; Jiandong Chen of Pomona, California; Jun Li of West Covina, California; and Xin Wang of San Gabriel, California—and searched their homes. The fifth defendant, Youfei Gong, was arrested on April 9, 2024, at his home in San Gabriel, California and was in custody on state charges."
        https://www.justice.gov/usao-sdca/pr/five-chinese-nationals-indicted-scamming-seniors-out-more-27-million
        https://therecord.media/elder-fraud-arrests-doj-five-chinese-nationals
      • Judge Says Maker Of Pegasus Spyware Does Not Need To Provide Sought-After Israeli Witnesses In WhatsApp Case
        "The federal judge presiding over a long-running court battle between the Israel-based spyware manufacturer NSO Group and the Meta-owned WhatsApp messaging platform on Thursday denied a WhatsApp appeal to allow it to depose additional witnesses in Israel and subject them to turn over documents in discovery."
        https://therecord.media/maker-of-pegasus-spyware-deposition-whatsapp-lawsuit

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)9a5b3bca-0b01-4b39-b6b0-11bb34b5dbfc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post