NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 August 2024

    Cyber Security News
    2
    1
    357
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector

      • Cost Of a Data Breach: The Healthcare Industry
        "Cyberattacks grow every year in sophistication and frequency, and the cost of data breaches continues to rise with them. A new report by IBM and the Ponemon Institute, the 2024 Cost of Data Breach Study, details the financial impacts of attacks across multiple industries."
        https://securityintelligence.com/articles/cost-of-a-data-breach-healthcare-industry/

      Government/Law/Policy

      • Intelligence Bill Would Elevate Ransomware To a Terrorist Threat
        "When the Senate Intelligence Committee earlier this summer advanced its annual measure to authorize the work of the U.S. intelligence community, it also advanced a controversial proposal to deal with ransomware: treating it like terrorism."
        https://cyberscoop.com/ransomware-terrorism-ndaa-2025/

      Vulnerabilities

      • Google Fixes Android Kernel Zero-Day Exploited In Targeted Attacks
        "Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. The zero-day, tracked as CVE-2024-36971, is a use after free (UAF) weakness in the Linux kernel's network route management. It requires System execution privileges for successful exploitation and allows altering the behavior of certain network connections."
        https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/
        https://thehackernews.com/2024/08/google-patches-new-android-kernel.html
        https://www.securityweek.com/google-patches-android-zero-day-exploited-in-targeted-attacks/
        https://securityaffairs.com/166656/breaking-news/google-actively-exploited-android-kernel-flaw.html
        https://www.malwarebytes.com/blog/news/2024/08/android-vulnerability-used-in-targeted-attacks-patched-by-google
        https://therecord.media/android-zero-day-google-fix-august-patch
        https://www.theregister.com/2024/08/06/google_fixes_linux_kernal_rce/
      • Protect Your Network: Mitigating The Latest Vulnerability (CVE-2024-5008) In Progress WhatsUp Gold
        "The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations."
        https://blog.sonicwall.com/en-us/2024/08/protect-your-network-mitigating-the-latest-vulnerability-cve-2024-5008-in-progress-whatsup-gold/

      Malware

      • Stressed Pungsan: DPRK-Aligned Threat Actor Leverages Npm For Initial Access
        "The Datadog Security Research team continuously tracks how threat actors abuse the software supply chain ecosystem to distribute malware and gain footholds into developer and cloud environments. Once access is established, these threat actors perform several actions on objective, including stealing personal information, API and cloud access keys, and perform lateral movement into other environments."
        https://securitylabs.datadoghq.com/articles/stressed-pungsan-dprk-aligned-threat-actor-leverages-npm-for-initial-access/
        https://thehackernews.com/2024/08/north-korean-hackers-moonstone-sleet.html

      Breaches/Hacks/Leaks

      • Mobile Guardian Attacked, Leading To Remote Wiping Of 13,000 Devices
        "UK-based mobile device management vendor Mobile Guardian has admitted that on August 4 it suffered a security incident that involved unauthorized access to iOS and ChromeOS devices managed by its tools. In Singapore, the incident resulted in 13,000 devices being remotely wiped and saw the nation's Education Ministry cut ties with the vendor. Mobile Guardian focuses on the education sector – offering device management, web filtering, and classroom management tools."
        https://www.theregister.com/2024/08/06/mobile_guardian_mdm_attack/
        https://www.mobileguardian.com/security-incident-august-2024/
        https://www.infosecurity-magazine.com/news/mobile-guardian-devices-wiped/
        https://therecord.media/hackers-wipe-student-devices-after-breaching-software
        https://www.bleepingcomputer.com/news/security/hacker-wipes-13-000-devices-after-breaching-classroom-management-platform/
        https://hackread.com/cyberattack-wipes-school-devices-mobile-guardian-breach/
        https://www.securityweek.com/thousands-of-devices-wiped-remotely-following-mobile-guardian-hack/
      • French Museums Hit By Ransomware Attack
        "IT systems used by about 40 French museums, including the Grand Palais, have been targeted by a ransomware attack. The French newspaper Le Parisien revealed on August 5 that the attack was detected by the Grand Palais’ IT director, who observed unusual activity on the night of August 3-4. On investigation, he found that this activity was due to a ransomware attack targeting systems used to “centralize financial data” for approximately 40 museums in France, including the Grand Palais."
        https://www.infosecurity-magazine.com/news/french-museums-ransomware/
        https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberattack-during-olympic-games/
        https://therecord.media/french-museums-reportedly-affected-by-cyberattack
        https://cyberscoop.com/french-olympic-venue-and-cultural-site-targeted-in-cyberattack/
        https://www.securityweek.com/french-museum-network-hit-by-ransomware-attack-but-no-disruptions-are-reported-at-olympic-events/
        https://www.darkreading.com/cyber-risk/cyberattack-strikes-grand-palais-rmn-impact-appears-limited
        https://securityaffairs.com/166696/cyber-crime/ransomware-attack-french-museum-network.html
      • Sonic Automotive Says Ransomware-Linked CDK Software Outage Cost It $30M
        "One of the US's largest car dealerships says the IT outage caused by CDK Global's June ransomware attack cost it approximately $30 million. Sonic Automotive filed a Form 8-K with the Securities and Exchange Commission (SEC) on Monday alongside the release of its quarterly financials, confirming that like its rivals, it too was materially affected by the incident at CDK."
        https://www.theregister.com/2024/08/06/sonic_automotive_says_cdk_disruption/
      • Data Breach: 3 Billion National Public Data Records With SSNs Dumped Online
        "National Public Data, a service by Jerico Pictures Inc., suffered a massive breach. Hacker “Fenice” leaked 2.9 billion records with personal details, including full names, addresses, and SSNs in plain text. The breach poses significant risks for identity theft and financial fraud. Jerico Pictures Inc. faces potential lawsuits and legal challenges due to the incident."
        https://hackread.com/data-breach-national-public-data-records-ssns-dumped/

      General News

      • Email Attacks Skyrocket 293%
        "Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024."
        https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/
      • MSPs Must Prioritize Mobile Device Security
        "Last week, we had an overview of the increasing concerns and security challenges surrounding mobile devices. This week, we continue the conversation about mobile devices with Eric O’Neill. Eric is a former FBI counterterrorism and counterintelligence operative, cybersecurity keynote speaker, and founder of The Georgetown Group and Nexasure AI."
        https://blog.barracuda.com/2024/08/05/MSPs-must-prioritize-mobile-device-security
      • #BHUSA: 99% Of Global 2000 Firms Have Recently Breached Vendors
        "Virtually all (99%) of the world’s most profitable public companies have IT vendors that suffered a recent security breach, according to new data from SecurityScorecard. The security vendor drew on its automatic vendor detection capability and in-house intelligence to compile the report, Global 2000: Industry Titans Battle the Beast of Supply Chain Cyber Risk. It covers breaches between Q4 2022 and Q1 2024."
        https://www.infosecurity-magazine.com/news/99-global-2000-breached-vendors/
      • Police Recover Over USD 40 Million From International Email Scam
        "A global stop-payment mechanism developed by INTERPOL has helped Singapore authorities make their largest ever recovery of funds defrauded in a business email compromise scam. On 23 July 2024, a commodity firm based in Singapore filed a police report stating that they had fallen victim to a business email compromise scam, in which a scammer obtains access to or impersonates a business email account to deceive employees into transferring money to their bank account."
        https://www.interpol.int/News-and-Events/News/2024/Police-recover-over-USD-40-million-from-international-email-scam
        https://www.infosecurity-magazine.com/news/police-recover-40m-bec-scammers/
        https://thehackernews.com/2024/08/interpol-recovers-41-million-in-largest.html
        https://www.bleepingcomputer.com/news/security/interpol-recovers-over-40-million-stolen-in-a-bec-attack/
      • Should Organizations Pay Ransom Demands?
        "Ransomware attacks are the most significant risk for modern organizations, why organizations should avoid paying ransoms."
        https://securityaffairs.com/166650/uncategorized/ransomware-organizations-should-avoid-paying-ransoms.html
      • The Evolution Of Phishing: How AI Is Revolutionizing Cybersecurity Threats
        "Phishing attacks have been a prevalent cybersecurity threat for years, but with the advancement of artificial intelligence (AI), threat actors are now able to create more sophisticated and convincing phishing campaigns. This evolution has made it even more challenging to detect and prevent these attacks and threats are bypassing secure email gateways (SEGs) at an alarming rate."
        https://cofense.com/blog/the-evolution-of-phishing-how-ai-is-revolutionizing-cybersecurity-threats/>
      • Preparing For The Future Of Post-Quantum Cryptography
        "Quantum computing has been projected to enable market-defining and life-changing capabilities since its inception more than three decades ago. From financial portfolio optimization and improved electric vehicle (EV) battery production to enhanced drug discovery and advanced semiconductor manufacturing, quantum computers can perform complex calculations at faster speeds than both traditional and super computers."
        https://www.darkreading.com/vulnerabilities-threats/future-of-post-quantum-cryptography
      • #BHUSA: 17.8m Phishing Emails Detected In First Half Of 2024
        "Darktrace researchers have reported that 17.8 million phishing emails were detected between December 2023 and July 2024. The new report, published today at Black Hat USA, analyzes cyber-threats faced by businesses in the first half of the year and highlights the ongoing dominance of cybercrime-as-a-service."
        https://www.infosecurity-magazine.com/news/178m-phishing-emails-detected-h1/
      • #BHUSA: Ransom Payments Surge, Organizations Pay Average Of $2.5m
        "Most organizations pay ransoms when they find themselves victim of a ransomware attack, a new survey by Extrahop has highlighted. In a report released at Black Hat USA, Extrahop found that the average number of ransomware incidents per organization in 2023 was eight and 22% of organizations deem ransomware to be the biggest risk they face."
        https://www.infosecurity-magazine.com/news/ransom-payments-surge-pay-25m/
      • CVEs Surge 30% In 2024, Only 0.91% Weaponized
        "In the first half of 2024, the number of reported Common Vulnerabilities and Exposures (CVEs) has increased by 30% compared to last year, totaling 22,254. However, just 0.91% of reported CVEs were weaponized, according to Qualys. This figure, highlighted in Qualys’ 2024 Midyear Threat Landscape Review, underscores the increasing complexity of the cybersecurity landscape and the growing need for enhanced protection measures."
        https://www.infosecurity-magazine.com/news/cves-surge-30-2024/
      • Fighting Back Against Multi-Staged Ransomware Attacks Crippling Businesses
        "Traditional ransomware attacks were fairly straightforward. Attackers lured indiscriminate victims using social engineering and phishing tactics. Once victims were tricked into visiting a malicious website or opening a malicious link or attachment, they would execute malware that would spread rapidly and encrypt valuable files and folders. Hackers would then demand a ransom in return for decryption keys."
        https://www.securityweek.com/fighting-back-against-multi-staged-ransomware-attacks-crippling-businesses/
      • CrowdStrike Releases Root Cause Analysis Of Falcon Sensor BSOD Crash
        "Embattled cybersecurity vendor CrowdStrike on Tuesday released a root cause analysis detailing the technical mishap behind a software update crash that crippled Windows systems globally and blamed the incident on a confluence of security vulnerabilities and process gaps. The new CrowdStrike root cause analysis documents a combination of factors the Falcon EDR sensor crash — a mismatch between inputs validated by a Content Validator and those provided to a Content Interpreter, an out-of-bounds read issue in the Content Interpreter, and the absence of a specific test — and a vow to work with Microsoft on secure and reliable access to the Windows kernel."
        https://www.securityweek.com/crowdstrike-releases-root-cause-analysis-of-falcon-sensor-bsod-crash/
        https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 4390c4fa-a721-4c24-95c3-b4558173e5c5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post