NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 August 2024

    Cyber Security News
    2
    1
    731
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Healthcare Sector

      • American Hospital Association And Health-ISAC Joint Threat Bulletin - TLP White
        "The recent ransomware attacks on OneBlood, Synnovis, and Octapharma by Russian cybercrime ransomware gangs resulted in a massive disruption to patient care. The outcomes of these attacks highlight the need to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected healthcare ecosystem."
        https://www.aha.org/advisory/2024-08-01-american-hospital-association-and-health-isac-joint-threat-bulletin-tlp-white
        https://www.darkreading.com/endpoint-security/healthcare-providers-must-plan-for-ransomware-attacks-on-third-party-suppliers

      Telecom Sector

      • Keeping Your Android Device Safe From Text Message Fraud
        "Cell-site simulators, also known as False Base Stations (FBS) or Stingrays, are radio devices that mimic real cell sites in order to lure mobile devices to connect to them. These devices are commonly used for security and privacy attacks, such as surveillance and interception of communications. In recent years, carriers have started reporting new types of abuse perpetrated with FBSs for the purposes of financial fraud."
        https://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html

      Government/Law/Policy

      • UN Cybercrime Treaty Passes In Unanimous Vote
        "The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia. The passage of the treaty is significant and establishes for the first time a global-level cybercrime and data access-enabling legal framework. The treaty was adopted late Thursday by the body’s Ad Hoc Committee on Cybercrime and will next go to the General Assembly for a vote in the fall. It is expected to sail through the General Assembly since the same states will be voting on it there."
        https://therecord.media/un-cybercrime-treaty-passes-unanimous

      Vulnerabilities

      • Microsoft Discloses Unpatched Office Flaw That Exposes NTLM Hashes
        "Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps for Enterprise."
        https://www.bleepingcomputer.com/news/security/microsoft-discloses-unpatched-office-flaw-that-exposes-ntlm-hashes/
        https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
        https://thehackernews.com/2024/08/microsoft-warns-of-unpatched-office.html
      • Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
        "During February 2024, we discovered critical vulnerabilities in six AWS services. The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service."
        https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/
        https://thehackernews.com/2024/08/experts-uncover-severe-aws-flaws.html
      • Chained For Attack: OpenVPN Vulnerabilities Discovered Leading To RCE And LPE
        "Microsoft researchers recently identified multiple medium severity vulnerabilities in OpenVPN, an open-source project with binaries integrated into routers, firmware, PCs, mobile devices, and many other smart devices worldwide, numbering in the millions. Attackers could chain and remotely exploit some of the discovered vulnerabilities to achieve an attack chain consisting of remote code execution (RCE) and local privilege escalation (LPE). This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information."
        https://www.microsoft.com/en-us/security/blog/2024/08/08/chained-for-attack-openvpn-vulnerabilities-discovered-leading-to-rce-and-lpe/
        https://thehackernews.com/2024/08/microsoft-reveals-four-openvpn-flaws.html
      • New AMD SinkClose Flaw Helps Install Nearly Undetectable Malware
        "AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel."
        https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/
        https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/
      • Vulnerability Allowed Eavesdropping Via Sonos Smart Speakers
        "NCC Group researchers have disclosed vulnerabilities found in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users. One of the vulnerabilities, tracked as CVE-2023-50809, can be exploited by an attacker who is in Wi-Fi range of the targeted Sonos smart speaker for remote code execution. The researchers demonstrated how an attacker targeting a Sonos One speaker could have used this vulnerability to take control of the device, covertly record audio, and then exfiltrate it to the attacker’s server."
        https://www.securityweek.com/vulnerability-allowed-eavesdropping-via-sonos-smart-speakers/
        https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html
        https://securityaffairs.com/166823/hacking/sonos-smart-speakers-flaw.html
      • QuickShell: Sharing Is Caring About An RCE Attack Chain On Quick Share
        "Google’s Quick Share is a peer–to-peer data-transfer utility for Android, Windows, and Chrome operating systems. It uses a variety of communication protocols—including Bluetooth, Wi-Fi, Wi-Fi Direct, Web real-time communication (WebRTC), and near-field communication (NFC)—to send files between compatible devices that are in close proximity to each other."
        https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
        https://thehackernews.com/2024/08/researchers-uncover-10-flaws-in-googles.html
      • GPS Spoofers 'hack Time' On Commercial Airlines, Researchers Say
        "A recent surge in GPS “spoofing”, a form of digital attack which can send commercial airliners off course, has entered an intriguing new dimension, according to cyber security researchers: The ability to hack time."
        https://www.itnews.com.au/news/gps-spoofers-hack-time-on-commercial-airlines-researchers-say-610563

      Malware

      • A Dive Into Earth Baku’s Latest Campaign
        "Earth Baku, an advanced persistent threat (APT) actor that we previously wrote about in 2021, has expanded its activities to Europe, the Middle East, and Africa (MEA) beginning late 2022. The group has updated its tools, tactics, and procedures (TTPs) in more recent campaigns, making use of public-facing applications such as IIS servers as entry points for attacks, after which they deploy sophisticated malware toolsets on the victim’s environment, including the loaders StealthVector and StealthReacher, and the modular backdoor SneakCross."
        https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html
      • BianLian: The Face-Changing Ransomware Menace
        "There’s no shortage of weird brand names in the world of cybercrime. Threat actors like to intimidate people and project the image of a strong and stealthy threat. Something called "Bob's ransomware" just isn't as disturbing as REvil or Hive, which both have a disturbing 'Resident Evil' feel to them. And then there's Rhysida, which is an appropriate name for ransomware, but only to those who know what a Rhysida is. I had to look it up. And RansomHub just sounds like a creepy dating app."
        https://blog.barracuda.com/2024/08/09/bianlian--the-face-changing-ransomware-menace
      • New Widespread Extension Trojan Malware Campaign
        "Web browser extensions have grown from being just a niche piece of software into a full-on sub-economy of the Internet industry. Extensions are supported on most browsers, including Microsoft Edge and Google Chrome - both offer hundreds of thousands of extensions in the Chrome Web Store and Microsoft Edge Add-ons. With the rise in the popularity of extensions has come a rise in malicious extensions built by bad actors who have pinpointed this relatively new malware attack vector. This research article intends to highlight a specific ongoing threat and the larger issue: malicious web extensions."
        https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign
        https://www.bleepingcomputer.com/news/security/malware-force-installs-chrome-extensions-on-300-000-browsers-patches-dlls/
        https://thehackernews.com/2024/08/new-malware-hits-300000-users-with.html
      • Iran Steps Into US Election 2024 With Cyber-Enabled Influence Operations
        "Foreign malign influence concerning the 2024 US election started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity. This third election report from the Microsoft Threat Analysis Center (MTAC) provides an update on what we’ve observed from Russia, Iran, and China since our second report in April 2024, “Nation-states engage in US-focused influence operations ahead of US presidential election.”"
        https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/iran-steps-into-us-election-2024-with-cyber-enabled-influence-operations
        https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf
        https://therecord.media/iranian-hackers-election-interference-microsoft
        https://www.securityweek.com/iran-is-accelerating-cyber-activity-that-appears-meant-to-influence-the-us-election-microsoft-says/
        https://www.theregister.com/2024/08/09/iran_state_groups_lay_groundwork/
      • Ideal Typosquat 'solana-Py' Steals Your Crypto Wallet Keys
        "The legitimate Solana Python API project is known as "solana-py" on GitHub, but simply "solana" on the Python software registry, PyPI. This slight naming discrepancy has been leveraged by a threat actor who published a "solana-py" project on PyPI which, in addition to borrowing real code from the legitimate project, quietly steals your secrets, making it an ideal typosquat."
        https://www.sonatype.com/blog/an-ideal-pypi-typosquat-solana-py-is-here-to-steal-your-crypto-keys
        https://thehackernews.com/2024/08/rogue-pypi-library-solana-users-steals.html
      • Chinese Hacking Groups Target Russian Government, IT Firms
        "A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. Kaspersky, who discovered the activity, dubbed the campaign "EastWind," reporting that it employs an updated version of the CloudSorcerer backdoor spotted in a similar cyberespionage campaign from May 2024, also targeting Russian government entities."
        https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-target-russian-government-it-firms/
      • Fake X Content Warnings On Ukraine War, Earthquakes Used As Clickbait
        "X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. For months, X has been flooded with posts that contain what appears at first glance to be a pornographic video but, when clicked on, brings you to fake adult sites."
        https://www.bleepingcomputer.com/news/security/fake-x-content-warnings-on-ukraine-war-earthquakes-used-as-clickbait/

      Breaches/Hacks/Leaks

      • CSC ServiceWorks Discloses Data Breach After 2023 Cyberattack
        "CSC ServiceWorks, a leading provider of commercial laundry services and air vending solutions, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. The company discovered the incident on February 4, 2024, after detecting unusual activity on its network. Subsequently, external cybersecurity experts hired to investigate the incident found that unknown attackers had accessed some computer systems."
        https://www.bleepingcomputer.com/news/security/csc-serviceworks-discloses-data-breach-after-2023-cyberattack/
      • Crooks Took Control Of a Cow Milking Robot Causing The Death Of a Cow
        "Crooks took control of a cow milking robot and demanded a ransom from a farmer who refused to pay it, resulting in the death of a cow."
        https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html
      • Donald Trump’s Campaign Says Its Emails Were Hacked
        "Former President Donald Trump’s presidential campaign said Saturday that it has been hacked and suggested Iranian actors were involved in stealing and distributing sensitive internal documents. The campaign provided no specific evidence of Iran’s involvement, but the claim comes a day after Microsoft issued a report detailing foreign agents’ attempts to interfere in the U.S. campaign in 2024."
        https://www.securityweek.com/donald-trumps-campaign-says-its-emails-were-hacked/
        https://cyberscoop.com/trump-campaign-says-emails-were-hacked-jumpstarting-a-wild-ride-to-election-day/
        https://securityaffairs.com/166895/cyber-warfare-2/donald-trumps-campaign-hacked.html

      General News

      • Department Disrupts North Korean Remote IT Worker Fraud Schemes Through Charges And Arrest Of Nashville Facilitator
        "Matthew Isaac Knoot, 38, of Nashville, Tennessee, was charged today for his efforts to generate revenue for the Democratic People’s Republic of Korea’s (DPRK or North Korea) illicit weapons program, which includes weapons of mass destruction (WMD)."
        https://www.justice.gov/usao-mdtn/pr/department-disrupts-north-korean-remote-it-worker-fraud-schemes-through-charges-and
        https://www.bleepingcomputer.com/news/security/us-dismantles-laptop-farm-used-by-undercover-north-korean-it-workers/
        https://therecord.media/tennessee-man-charged-over-north-korea-it-worker-scheme
        https://thehackernews.com/2024/08/doj-charges-nashville-man-for-helping.html
      • NIS2: A Catalyst For Cybersecurity Innovation Or Just Another Box-Ticking Exercise?
        "The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish the standards necessary to comply with NIS2, which brings increased requirements to strengthen security conditions and report more regularly, with shorter deadlines, on cyber-attacks."
        https://www.helpnetsecurity.com/2024/08/09/nis2-cybersecurity-innovation-catalyst/
      • Shorter TLS Certificate Lifespans Expected To Complicate Management Efforts
        "76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages are inevitable."
        https://www.helpnetsecurity.com/2024/08/09/certificate-lifespans/
      • Where Internal Audit Teams Are Spending Most Of Their Time
        "Over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work, according to AuditBoard."
        https://www.helpnetsecurity.com/2024/08/09/internal-audit-teams-expectations/
      • Tackling Vulnerabilities & Errors Head-On For Proactive Security
        "In its latest "Data Breach Investigations Report," Verizon made the lighthearted, Taylor Swift-inspired quip that it's "entering its vulnerability era." Why? Verizon's new data found that hackers exploited vulnerabilities to initiate breaches at nearly triple the rate since its last report. While this tactic is still less popular than credential-based or phishing attacks, the exploitation of vulnerabilities in software, supply chains, and basic human nature is on the rise and should be a top concern for cybersecurity leaders."
        https://www.darkreading.com/vulnerabilities-threats/tackling-vulnerabilities-and-errors-head-on-for-proactive-security
      • Media & Victims Find Common Ground Against Hackers
        "When threat actors breach an organization and steal data, perhaps the worst thing imaginable to victims is the extortion attempts they face from the criminals behind the breach. These days, there is an added threat that hackers like to hang over their victims' heads: going to the press."
        https://www.darkreading.com/cyberattacks-data-breaches/media-and-victims-find-common-ground-against-hackers
      • Memory Safety Is Key To Preventing Hardware Hacks
        "The Spectre and Meltdown vulnerabilities in 2018 exposed computer memory as an easy target for hackers to inject malicious code and steal data. The aftermath spurred the adoption of memory-safe chips and programming tools to secure a computer's cache and RAM, where data is temporarily stored as programs are being executed."l
        https://www.darkreading.com/endpoint-security/memory-safety-is-key-to-preventing-hardware-hacks
      • #BHUSA: CoSAI, Combating AI Risks Through Industry Collaboration
        "In early July 2024, some of the world’s leading AI companies joined forces to create the Coalition for Secure AI (CoSAI). During a conversation with Infosecurity at Black Hat USA 2024, Jason Clinton, CISO at Anthropic, one of CoSAI’s founding members, explained some of the key goals of the new coalition and the cybersecurity focus of the organization."
        https://www.infosecurity-magazine.com/news/cosai-ai-risks-industry/
      • Threat Actors Favor Rclone, WinSCP And cURL As Data Exfiltration Tools
        "Data exfiltration is critical in double extortion cyber-attacks, which have become the new gold standard of ransomware attacks. In a new report, ReliaQuest found that Rclone, WinSCP and Client URL (cURL) were the top three data exfiltration tools utilized by threat actors between September 2023 and July 2024. Data exfiltration, the unauthorized transfer or retrieval of data from enterprise or personal devices, may include threat actor–owned infrastructure or third-party cloud services."
        https://www.infosecurity-magazine.com/news/rclone-winscp-curl-top-data/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) d4fe2bdc-25eb-4b4e-a2a5-e57bca70d2f4-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post