NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 08 August 2024

    Cyber Security News
    2
    1
    526
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Energy Sector

      • 60 Hurts Per Second – How We Got Access To Enough Solar Power To Run The United States
        "The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even notice it, like a fish can’t see the ocean.Until the grid goes down, that is. Then, like the fish dangling from the angler’s hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointments, ruined dinners, lost workdays, stopped elevators and dark, cold evenings, and worse."l
        https://www.bitdefender.com/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states/
        https://hackread.com/solar-power-grid-vulnerabilities-risk-global-blackouts/

      Healthcare Sector

      • #BHUSA: DARPA's AI Cyber Challenge Heats Up As Healthcare Sector Watches
        "With software vulnerabilities being exploited at an alarming rate, the Defense Advanced Research Projects Agency's (DARPA) AI Cyber Challenge (AIxCC) enters its semi-finals stage, and the healthcare sector is taking a keen interest in the outcomes of the competition. AIxCC brings together experts in AI and cybersecurity to create novel AI systems that can safeguard the open-source software critical to modern life."
        https://www.infosecurity-magazine.com/news/darpas-ai-cyber-challenge-heats-up/

      Industrial Sector

      • OpenWrt Dominates, But Vulnerabilities Persist In OT/IoT Router Firmware
        "Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components associated with known (“n-day”) vulnerabilities. The research showed that widely used OT/IoT router firmware images have, on average, 20 exploitable n-day vulnerabilities affecting the kernel, leading to
        Relevance: General, Trends and statistics
        https://www.helpnetsecurity.com/2024/08/07/ot-iot-router-firmware-vulnerabilities/
      • Over 40,000 Internet-Exposed ICS Devices Found In US: Censys
        "LAS VEGAS — BLACK HAT USA 2024 — An analysis conducted by internet intelligence platform Censys shows that there are more than 40,000 internet-exposed industrial control systems (ICS) in the United States, and notifying their owners about the exposure is in many cases impossible. Censys pointed out that more than half of these systems are likely associated with building control and automation, and roughly 18,000 are actually used to control industrial systems."
        https://www.securityweek.com/over-40000-internet-exposed-ics-devices-found-in-us-censys/

      New Tooling

      • RustScan: Open-Source Port Scanner
        "RustScan is an open-source port scanner designed for speed and versatility. It combines a sleek interface with the power to adapt and improve over time. With RustScan’s Adaptive Learning, the tool continually optimizes its performance, making it the most efficient port scanner available. Discover open ports in seconds, and leverage the flexible scripting engine, supporting Python, Lua, and Shell, to enhance your scanning capabilities."
        https://www.helpnetsecurity.com/2024/08/07/rustscan-open-source-port-scanner/
        https://github.com/RustScan/RustScan

      Vulnerabilities

      • Chrome, Firefox Updates Patch Serious Vulnerabilities
        "Mozilla and Google both updated their web browsers on Tuesday and the latest versions patch several potentially serious vulnerabilities. Google updated Chrome to version 127.0.6533.99, which fixes six vulnerabilities, including a critical out-of-bounds memory access issue in the Angle component. A reward has yet to be determined for this flaw, which is tracked as CVE-2024-7532."
        https://www.securityweek.com/chrome-firefox-updates-patch-serious-vulnerabilities/
      • Critical Progress WhatsUp RCE Flaw Now Under Active Exploitation
        "Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are publicly available that target exposed WhatsUp Gold '/NmAPI/RecurringReport' endpoints."
        https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
      • Government Emails At Risk: Critical Cross-Site Scripting Vulnerability In Roundcube Webmail
        "Roundcube is a popular open-source webmail software that enables users to check their emails right in their browser without needing dedicated client software. It is included by default in the server hosting panel cPanel leading to millions of installations around the globe, according to Shodan. It is also used by universities as well as government agencies."
        https://www.sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
        https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html
        https://www.helpnetsecurity.com/2024/08/07/cve-2024-42009-cve-2024-42008/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-36971 Android Kernel Remote Code Execution Vulnerability
        CVE-2024-32113 Apache OFBiz Path Traversal Vulnerability"
        https://www.cisa.gov/news-events/alerts/2024/08/07/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • GhostWrite Vulnerability Facilitates Attacks On Devices With RISC-V CPU
        "LAS VEGAS — BLACK HAT USA 2024 — A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new vulnerability affecting a popular CPU that is based on the RISC-V architecture. RISC-V is an open source instruction set architecture (ISA) designed for developing custom processors for various types of applications, including embedded systems, microcontrollers, data centers, and high-performance computers."
        https://www.securityweek.com/ghostwrite-vulnerability-facilitates-attacks-on-devices-with-risc-v-cpu/
        https://www.theregister.com/2024/08/07/riscv_business_thead_c910_vulnerable/

      Malware

      • Hijacked: How Cybercriminals Are Turning Anti-Virus Software Against You
        "LevelBlue Labs has identified a new evolution in the toolset of threat actors. Threat actors are hijacking legitimate anti-virus software to carry out malicious activities undetected. A new tool, named SbaProxy, has been found masquerading as legitimate anti-virus components to establish proxy connections through a command and control (C&C) server. This tool, distributed in various formats such as DLLs, EXEs, and PowerShell scripts, is challenging to detect due to its sophisticated design and legitimate appearance."
        https://cybersecurity.att.com/blogs/labs-research/hijacked-how-cybercriminals-are-turning-anti-virus-software-against-you
      • Cloud Cover: How Malicious Actors Are Leveraging Cloud Services
        "The number of threat actors leveraging legitimate cloud services in their attacks has grown this year as attackers have begun to realize their potential to provide low-key and low-cost infrastructure. Traffic to and from well known, trusted services such as Microsoft OneDrive or Google Drive may be less likely to raise red flags than communications with attacker-controlled infrastructure."
        https://symantec-enterprise-blogs.security.com/threat-intelligence/cloud-espionage-attacks
        https://thehackernews.com/2024/08/new-go-based-backdoor-gogra-targets.html
      • Chameleon Is Now Targeting Employees: Masquerading As a CRM App
        "In July 2024 Mobile Threat Intelligence analysts observed new campaigns from Chameleon, a Device-Takeover Trojan discovered back in December 2022. These campaigns introduced an unusual masquerading technique used in the campaign targeting Canada: masquerading as a Customer Relationship Management (CRM) app. Key outtakes from the discovered campaigns are:"
        https://www.threatfabric.com/blogs/chameleon-is-now-targeting-employees-masquerading-as-crm-app
        https://thehackernews.com/2024/08/chameleon-android-banking-trojan.html
        https://www.darkreading.com/endpoint-security/chameleon-banking-trojan-makes-a-comeback-cloaked-as-crm-app
        https://therecord.media/chameleon-malware-crm-software-canadian-restaurant-chain
      • Exploring Anti-Phishing Measures In Microsoft 365
        "In this post we will explore some of the anti-phishing measures employed by Microsoft 365 (formally Office 365) as well as their weaknesses. Certitude was able to identify an issue in that allows malicious actors to bypass anti-phishing measures."
        https://certitude.consulting/blog/en/o365-anti-phishing-measures/
        https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/
        https://hackread.com/phishing-bypass-microsoft-365-email-safety-warnings/
        https://www.theregister.com/2024/08/07/small_css_tweaks_can_help/
        https://www.infosecurity-magazine.com/news/microsoft-365-phishing-alert/
      • Royal Ransomware Actors Rebrand As “BlackSuit,” FBI And CISA Release Update To Advisory
        "Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these TTPs and IOCs as recently as July 2024."
        https://www.cisa.gov/news-events/alerts/2024/08/07/royal-ransomware-actors-rebrand-blacksuit-fbi-and-cisa-release-update-advisory
      • Windows Update Downgrade Attack "unpatches" Fully-Updated Systems
        "SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities. Microsoft issued advisories on the two unpatched zero-days (tracked as CVE-2024-38202 and CVE-2024-21302) in coordination with the Black Hat talk, providing mitigation advice until a fix is released."
        https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-updated-systems/
        https://www.securityweek.com/safebreach-sounds-alarm-on-windows-update-flaws-allowing-undetectable-downgrade-attacks/

      Breaches/Hacks/Leaks

      • McLaren Hospitals Disruption Linked To INC Ransomware Attack
        "On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. McLaren is a non-profit healthcare system with annual revenues of over $6.5 billion, which operates a network of 13 hospitals across Michigan supported by a team of 640 physicians. It also has over 28,000 employees and works with 113,000 network providers throughout Michigan, Indiana, and Ohio."
        https://www.bleepingcomputer.com/news/security/mclaren-hospitals-disruption-linked-to-inc-ransomware-attack/

      General News

      • Sports Venues Must Vet Their Vendors To Maintain Security
        "Sporting events generate a lot of consumer activity, from hotels and restaurants to retail. Large sporting events are held together by webs of connectivity that include vendors, sponsors, employees, and consumers. These networks connect ticketing, merchandising, venue access, live events information, and everything in between."
        https://www.helpnetsecurity.com/2024/08/07/sporting-events-security/
      • Number Of Incidents Affecting GitHub, Bitbucket, GitLab, And Jira Continues To Rise
        "Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io."
        https://www.helpnetsecurity.com/2024/08/07/github-bitbucket-gitlab-jira-incidents/
      • CISA Releases Secure By Demand Guidance
        "Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start."
        https://www.cisa.gov/news-events/alerts/2024/08/06/cisa-releases-secure-demand-guidance
        https://www.cisa.gov/resources-tools/resources/secure-demand-guide
        https://www.infosecurity-magazine.com/news/cisa-guide-enhance-software/
      • UK Managers Improve Cyber Knowledge But Staff Lack Training
        "Managers in UK organizations are getting better at understanding online safety best practice, but their skills are not necessarily matched by other employees, a new study has found. The Chartered Management Institute (CMI) surveyed 1000 managers in March for its latest Managers Voice Pulse Point Poll."
        https://www.infosecurity-magazine.com/news/uk-managers-improve-cyber/
      • Executive Insights From The Unit 42 Incident Response Report
        "An attack vector is the method an attacker uses to get access to a target environment. Understanding which vectors result in the most successful attacks can help you reduce the likelihood an attacker succeeds at compromising your
        Relevance: Executives, General, Trends and statistics
        https://www.paloaltonetworks.com/blog/2024/08/attack-vectors-at-a-glance/
      • Ransomware In 2024: More Attacks, More Leaks, And Increased Sophistication
        "More groups, fewer families, more attacks – no great change over 2023 except, if anything, the ransomware threat is even more severe in 2024. And the growth in leaks and leak sites suggests ransomware is even more successful. Rapid7’s Ransomware Radar Report 2024 (PDF) gleans its intelligence from an analysis of visible leak sites, the analysis of ransomware code, and an analysis of underground forum chatter. The result is an intriguing insight into the current state of global ransomware – and it is not a comforting result."
        https://www.securityweek.com/ransomware-in-2024-more-attacks-more-leaks-and-increased-sophistication/
        https://www.rapid7.com/globalassets/_pdfs/2024-rapid7-ransomware-radar-report-final.pdf
        https://www.infosecurity-magazine.com/news/new-ransomware-groups-emerge-1/
      • The API Security Crisis: Why Your Company Could Be Next
        "Most companies are sitting ducks regarding API security. During my two decades in infosec, I've never seen a threat landscape evolve as rapidly and dangerously as the one surrounding APIs. And here's the kicker: Most organizations are blissfully unaware of the ticking time bomb in their digital infrastructure."
        https://www.darkreading.com/vulnerabilities-threats/api-security-crisis-why-your-company-could-be-next
      • New And Emerging Cybersecurity Threats And Attacker Tactics
        "As cyberthreats continue to evolve nearly four decades after the first computer virus for PCs emerged in 1986, the cybersecurity landscape faces increasingly sophisticated challenges. While many are familiar with common threats like phishing and ransomware, newer, more targeted attacks are emerging, threatening the very foundations of our
        Relevance: General, Trends and statistics
        https://www.fortinet.com/blog/ciso-collective/emerging-cybersecurity-threats-and-attack-tactics
      • #BHUSA: CrowdStrike Outage Serves As Dress Rehearsal For China-Led Cyber-Attacks
        "The recent CrowdStrike IT outage served as a dress rehearsal for a potential cyber-attack on critical infrastructure that could potentially be orchestrated by a nation-state like China. The CrowdStrike IT outage was a useful exercise in what may happen if China were to act in a disruptive manner against critical systems."
        https://www.infosecurity-magazine.com/news/crowdstrike-outage-china/
      • #BHUSA: The Board Needs To Understand AI Deployment Risks
        "The idiosyncratic use of AI within organizations is a problem when it comes to risk. Instead, AI deployment must be part of the entire strategic enterprise operation. Speaking at the AI Summit during Black Hat USA, Larry Clinton, president of the Internet Security Alliance, argued that company boards need to be educated about the use of artificial intelligence within their organizations in order to deploy it securely."
        https://www.infosecurity-magazine.com/news/board-ai-deployment-risks/

      อ้างอิง

      Electronic Transactions Development Agency(ETDA) 996d1dc5-267b-428e-b680-519e6ad819e2-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post