NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 August 2024

    Cyber Security News
    2
    1
    317
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Bypassing Rockwell Automation Logix Controllers’ Local Chassis Security Protection
        "ControlLogix 1756 is a series of programmable automation controllers from Rockwell Automation. It is part of the ControlLogix family, which is designed for high-performance, scalable industrial automation applications. Specifically, in most cases, the 1756 is referred to as a chassis component which serves as a modular enclosure that houses various I/O modules, controllers, and communication processors. It provides the physical and electrical connections necessary for these components to operate together."
        https://claroty.com/team82/research/bypassing-rockwell-automation-logix-controllers-local-chassis-security-protection
        https://thehackernews.com/2024/08/critical-flaw-in-rockwell-automation.html
        https://securityaffairs.com/166581/ics-scada/rockwell-automation-controllogix-1756-flaw.html
      • AI Expected To Improve IT/OT Network Management
        "Once a peripheral concern, OT security has become a mandatory focus for organizations worldwide, according to Cisco’s report. The report provides a comprehensive look at the challenges and opportunities as organizations strive to build a secure and efficient industrial networking foundation. It reflects the global need for robust security solutions specifically designed for the unique needs of industrial environments, and the opportunities for those who can overcome its inherent challenges."
        https://www.helpnetsecurity.com/2024/08/05/ot-security-posture/

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog
      • SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability**
        "The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. This time, a flaw in the override view functionality exposes critical endpoints to unauthenticated threat actors using a crafted request, paving the way for remote code execution. It affects Apache OFBiz versions up to 18.12.14, and users are strongly encouraged to upgrade their instances to version 18.12.15 or newer."
        https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/
        https://www.infosecurity-magazine.com/news/fla-apache-ofbiz-requires-patching/
        https://www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
        https://securityaffairs.com/166612/hacking/critical-apache-ofbiz-flaw.html
        https://www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
      • Dismantling Smart App Control
        "Reputation-based protections like Elastic’s reputation service can significantly improve detection capabilities while maintaining low false positive rates. However, like any protection capability, weaknesses exist and bypasses are possible. Understanding these weaknesses allows defenders to focus their detection engineering on key coverage gaps. This article will explore Windows Smart App Control and SmartScreen as a case study for researching bypasses to reputation-based systems, then demonstrate detections to cover those weaknesses."
        https://www.elastic.co/security-labs/dismantling-smart-app-control
        https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html
        https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/

      Malware

      • Surge In Magniber Ransomware Attacks Impact Home Users Worldwide
        "A massive Magniber ransomware campaign is underway, encrypting home users' devices worldwide and demanding thousand-dollar ransoms to receive a decryptor. Magniber launched in 2017 as a successor to the Cerber ransomware operation when it was spotted being distributed by the Magnitude exploit kit."
        https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/
      • LianSpy: New Android Spyware Targeting Russian Users
        "In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications."
        https://securelist.com/lianspy-android-spyware/113253/
        https://www.bleepingcomputer.com/news/security/new-lianspy-malware-hides-by-blocking-android-security-feature/
        https://therecord.media/android-spyware-kaspersky-russian-targets
        https://www.darkreading.com/mobile-security/sophisticated-android-spyware-targets-users-in-russia
      • #BHUSA: Nation-State Attacks Target Hardware Supply Chains
        "A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state threat actors will target physical PC, laptop or printer supply chains to insert malware or malicious components into hardware and/or firmware."
        https://www.infosecurity-magazine.com/news/nationstate-attacks-target/
      • Beware Of Fake WinRar Websites: Malware Hosted On GitHub
        "A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application. The initial malware then leads to a slew of malicious components hosted on GitHub, which include ransomware, cryptominer and infostealer."
        https://blog.sonicwall.com/en-us/2024/08/beware-of-fake-winrar-websites-malware-hosted-on-github/
      • Bloody Wolf Strikes Organizations In Kazakhstan With STRRAT Commercial Malware
        "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data"
        https://bi.zone/eng/expertise/blog/bloody-wolf-primenyaet-kommercheskoe-vpo-strrat-protiv-organizatsiy-v-kazakhstane/
        https://thehackernews.com/2024/08/kazakh-organizations-targeted-by-bloody.html
      • Sneaky SnakeKeylogger Slithers Into Windows Inboxes To Steal Sensitive Secrets
        "Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots. In an alert this month, Fortinet's FortiGuard Labs warned of an uptick in SnakeKeylogger infections. Once running on someone's PC, this malware records the victim's keystrokes as they log into things, fishes usernames and passwords out of their files, and takes screenshots to snoop on people, and then sends all that sensitive info to fraudsters."
        https://www.theregister.com/2024/08/05/snakekeylogger_malware_windows/
      • Ransomware Gang Targets IT Workers With New SharpRhino Malware
        "The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. The malware helps Hunters International achieve initial infection, elevate their privileges on compromised systems, execute PowerShell commands, and eventually deploy the ransomware payload. Quorum Cyber researchers who discovered the new malware report that it is disseminated by a typosquatting site impersonating the website for Angry IP Scanner, a legitimate networking tool used by IT professionals."
        https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/
      • North Korean Hackers Exploit VPN Update Flaw To Install Malware
        "South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. The advisory connects this activity with a nationwide industrial factories modernization project Kim Jong-un, the North Korean president, announced in January 2023, believing the hackers are looking to steal trade secrets from South Korea. The two threat groups implicated in this activity are Kimsuky (APT43) and Andariel (APT45), state-sponsored actors previously linked to the notorious Lazarus Group."
        https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update-flaw-to-install-malware/

      Breaches/Hacks/Leaks

      • 332 Million Email Addresses Scraped From SOCRadar.io Published Online
        "A hacker known as USDoD claims to have scraped 332 million email addresses from SOCRadar.io, which were later dumped online by another threat actor, Dominatrix. This dump raises a significant security concern as SOCRadar.io is a prominent threat intelligence platform."
        https://hackread.com/332-million-email-addresses-scraped-from-socradar-io/
      • Cyberattack Cost More Than $17 Million, Key Tronic Tells Regulators
        "A cyberattack discovered in May by the manufacturer Key Tronic has cost the company more than $17 million, according to a Friday regulatory filing. On May 6, the printed circuit board assembly fabricator first detected unusual activity on its servers, leading it to shut down operations in Mexico and the U.S. for two weeks “during remediation efforts.” The Black Basta ransomware group claimed the attack on its website and leaked what it claimed was sensitive Key Tronic data."
        https://therecord.media/key-tronic-cyberattack-cost-17-million-sec
        https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-17-million-after-ransomware-attack/

      General News

      • The Role Of AI In Cybersecurity Operations
        "Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which are false positives – while swiftly identifying and mitigating genuine threats."
        https://www.helpnetsecurity.com/2024/08/05/ai-soc-analysts/
      • Protect Data Differently For a Different World
        "Cybercriminals, terrorists, and nation-states are now striking at commercial entities in ways that can kill and injure people or cause physical destruction. A recent attack on Ascension Healthcare Network forced hospitals to divert patients, reschedule appointments, and resort to manual systems, which could have resulted in serious harm to patients. In 2023, two suspects were arrested for conspiring to attack Baltimore's power grid. The potential harm of such an attack has the US government scrambling to improve security."
        https://www.darkreading.com/vulnerabilities-threats/protect-data-differently-for-a-different-world
      • How Regional Regulations Shape Global Cybersecurity Culture
        "Cybersecurity regulations differ across regions, as does the level of security culture. As a result, cybercriminals are better able to take advantage of weak spots arising from the lack of a global governing cyber alliance. We remain scattered when it comes to overarching procedures and cybersecurity response. From North and South America to Asia, Africa, Europe, and Oceania, cybercrime is prospering within the regulatory gaps."
        https://www.darkreading.com/cyber-risk/how-regional-regulations-shape-global-cybersecurity-culture
      • 86% Of Firms Identify Unknown Cyber-Risks As Top Concern
        "Eighty-six percent of respondents have identified unknown organizational cyber-risks as a top concern, according to the Critical Start 2024 Cyber Risk Landscape Peer Report, published today. The report, conducted in partnership with Censuswide, also suggests that 66% of businesses have limited insight into their cyber-risk profiles and that 65% of executives worry about the misalignment between cybersecurity investments and organizational risk reduction priorities."
        https://www.infosecurity-magazine.com/news/86-firms-unknown-cyber-risks-top/
        https://www.criticalstart.com/resources/critical-start-cyber-risk-landscape-peer-report-2024/

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) f2f7d533-1e63-404b-b5f1-9b199b23c3fc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post