NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 14 August 2024

    Cyber Security News
    2
    1
    1.1k
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Financial Sector

      • Cost Of a Data Breach 2024: Financial Industry
        "According to the IBM Cost of a Data Breach 2024 report, the average global breach cost has reached $4.88 million — a significant increase over last year’s $4.45 million and the biggest jump since the pandemic. For financial industry enterprises, costs are even higher. Companies now spend $6.08 million dealing with data breaches, which is 22% higher than the global average. Here’s what financial organizations need to know about this year’s Cost of a Data Breach report."
        https://securityintelligence.com/articles/cost-of-a-data-breach-2024-financial-industry/

      Industrial Sector

      • CISA Releases Ten Industrial Control Systems Advisories
        "CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS."
        https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-releases-ten-industrial-control-systems-advisories

      Vulnerabilities

      • Critical SAP Flaw Allows Remote Attackers To Bypass Authentication
        "SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a "missing authentication check" bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and 440 and is exploitable under certain conditions."
        https://www.bleepingcomputer.com/news/security/critical-sap-flaw-allows-remote-attackers-to-bypass-authentication/
        https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-businessobjects-build-apps/
      • Microsoft August 2024 Patch Tuesday Fixes 9 Zero-Days, 6 Exploited
        "Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-august-2024/
        https://www.darkreading.com/vulnerabilities-threats/microsoft-discloses-10-zero-day-bugs-in-pacth-tuesday-update
        https://www.tripwire.com/state-of-security/vert-threat-alert-august-2024-patch-tuesday-analysis
        https://www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/
        https://www.helpnetsecurity.com/2024/08/13/microsoft-zero-days-under-attack/
        https://go.theregister.com/feed/www.theregister.com/2024/08/14/august_patch_tuesday/
      • Ivanti Warns Of Critical vTM Auth Bypass With Public Exploit
        "Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. Ivanti vTM is a software-based application delivery controller (ADC) that provides app-centric traffic management and load balancing for hosting business-critical services. Tracked as CVE-2024-7593, this auth bypass vulnerability is due to an incorrect implementation of an authentication algorithm that allows remote unauthenticated attackers to bypass authentication on Internet-exposed vTM admin panels."
        https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/
        https://www.cisa.gov/news-events/alerts/2024/08/13/ivanti-releases-security-updates-avalanche-neurons-itsm-and-virtual-traffic-manager
        https://www.darkreading.com/remote-workforce/critical-ivanti-vtm-bug-unauthorized-admin-access
        https://securityaffairs.com/166991/hacking/ivanti-virtual-traffic-manager-flaw.html
      • Adobe Calls Attention To Massive Batch Of Code Execution Flaws
        "Adobe on Tuesday released fixes for at least 72 security vulnerabilities across multiple products and warned that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks. The Patch Tuesday rollout addresses critical security defects in Adobe Acrobat and Reader, Illustrator, Photoshop, InDesign, Adobe Commerce, and Dimension and the company is warning that the most severe of these vulnerabilities could allow attackers to take complete control of a target machine."
        https://www.securityweek.com/adobe-calls-attention-to-massive-batch-of-code-execution-flaws/
      • New Windows SmartScreen Bypass Exploited As Zero-Day Since March
        "Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of the Web (MotW) label. While the vulnerability (tracked as CVE-2024-38213) can be exploited remotely by unauthenticated threat actors in low-complexity attacks, it requires user interaction, making successful exploitation harder to achieve."
        https://www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/
      • Compromising Microsoft's AI Healthcare Chatbot Service
        "Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources. The Azure Health Bot Service is a cloud platform that allows healthcare professionals to deploy AI-powered virtual health assistants. Tenable Research discovered critical vulnerabilities that allowed access to cross-tenant resources within this service. Based on the level of access granted, it’s likely that lateral movement to other resources would have been possible. According to Microsoft, mitigations for these issues have been applied to all affected services and regions. No customer action is required."
        https://www.tenable.com/blog/compromising-microsofts-ai-healthcare-chatbot-service
        https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html
        https://www.darkreading.com/application-security/microsoft-azure-ai-health-bot-infected-with-critical-vulnerabilities
      • CVE-2024-38173: Outlook Form Injection RCE Vulnerability Patched
        "As part of our ongoing efforts to identify newer vulnerabilities in Microsoft Office applications, Morphisec researchers have discovered two additional critical vulnerabilities in the Microsoft Outlook application which were reported to Microsoft following the standard responsible disclosure policies. Microsoft has addressed these issues in the current patch cycle for August 2024."
        https://blog.morphisec.com/cve-2024-38173-form-injection
      • GhostWrite: New T-Head CPU Bugs Expose Devices To Unrestricted Attacks
        "A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head's XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices. The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as opposed to a side-channel or transient execution attack."
        https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html
        https://ghostwriteattack.com/

      Malware

      • Hacktivism’s Role In Political Conflict: The Renewed Campaign Of #OpVenezuela
        "Venezuela is currently facing significant political unrest following the July 28th, 2024, presidential election. Nicolás Maduro was declared the winner, securing a third term in office. However, the opposition claims that substantial evidence indicates the election was fraudulent, with claims that Maduro lost to the opposition candidate, Edmundo González. Maduro’s government has been widely accused of manipulating the electoral system and tampering with vote counts​."
        https://blog.checkpoint.com/research/hacktivisms-role-in-political-conflict-the-renewed-campaign-of-opvenezuela/
      • Scammers Dupe Chemical Company Into Wiring $60 Million
        "Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.”"
        https://www.helpnetsecurity.com/2024/08/13/orion-fraudulent-wire-transfers-60-million/
        https://www.theregister.com/2024/08/13/orion_sa_says_scammers_conned/
      • APT Trends Report Q2 2024
        "For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in more detail in our private APT reports. They’re designed to highlight the key events and findings that we think people should know about."
        https://securelist.com/apt-trends-report-q2-2024/113275/
      • ArtiPACKED: Hacking Giants Through a Race Condition In GitHub Actions Artifacts
        "This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume."
        https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/

      Breaches/Hacks/Leaks

      • 3AM Ransomware Stole Data Of 464,000 Kootenai Health Patients
        "Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopedics."
        https://www.bleepingcomputer.com/news/security/3am-ransomware-stole-data-of-464-000-kootenai-health-patients/
      • Hackers Leak 1.4 Billion Tencent User Accounts Online
        "A threat actor named “Fenice” has leaked 1.4 billion user accounts which they claim belong to Tencent (Tencent.com), a Chinese internet giant and technology company. Tencent is widely recognized for its diverse range of services, including social networks, music streaming, web portals, e-commerce, mobile games, internet services, payment systems, smartphones, and multiplayer online games."
        https://hackread.com/hackers-leak-1-4-billion-tencent-user-accounts-online/
      • Suspected 'hostile State' Behind Hack Of Poland’s Anti-Doping Agency And Leak Of Athletes' Data
        "Hackers “supported by the services of [a] hostile state” are believed to be behind the leak of over 50,000 confidential files from Poland’s anti-doping agency POLADA, an agency spokesperson told Recorded Future News. Beregini, the group claiming responsibility for the attack, describes itself on Telegram as a “Ukrainian hacker group” and claimed the attack was in response to the Olympic Games having “been turned into a political oppression instrument.”"
        https://therecord.media/polish-anti-doping-agency-polada-hack-leak

      General News

      • Browser Backdoors: Securing The New Frontline Of Shadow IT
        "Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces. Research shows that the average enterprise counts almost 1500 browser extensions across its ecosystem – even one bad add-on can cause reputational, financial, and privacy problems."
        https://www.helpnetsecurity.com/2024/08/13/browser-extensions-shadow-it/
      • Key Metrics For Monitoring And Improving ZTNA Implementations
        "In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders, adapting to emerging challenges, continuous improvement, and using metrics to assess ZTNA success and manage risks."
        https://www.helpnetsecurity.com/2024/08/13/dean-hamilton-wilson-perumal-company-ztna-implementation/
      • How CIOs, CTOs, And CISOs View Cyber Risks Differently
        "C-suite executives face a unique challenge: aligning their priorities between driving technological innovation and ensuring business resilience while managing ever-evolving cyber threats from criminals adept at exploiting the latest technologies, according to LevelBlue. This balancing act highlights the complexity of their roles and underscores the need for strategic approaches to cybersecurity."
        https://www.helpnetsecurity.com/2024/08/13/c-suite-priorities/
      • 35% Of Exposed API Keys Still Active, Posing Major Security Risks
        "Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year."
        https://www.helpnetsecurity.com/2024/08/13/api-keys-secrets/
      • Ransom Cartel, Reveton Ransomware Owner Arrested, Charged In US
        "Belarusian-Ukrainian national Maksim Silnikau was arrested in Spain and is now extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and running a malvertising operation from 2013 to 2022. The threat actor operated under the aliases "J.P. Morgan," "xxx," and "lansky" on Russian-speaking hacking forums, where he allegedly promoted the cybercrime operations. The authorities unsealed two separate indictments: one for the District of New Jersey regarding the malvertising operation and one for the Eastern District of Virginia regarding the Ransom Cartel operation."
        https://www.bleepingcomputer.com/news/security/ransom-cartel-reveton-ransomware-owner-arrested-charged-in-us/
        https://www.nationalcrimeagency.gov.uk/news/suspected-head-of-prolific-cybercrime-groups-arrested-and-extradited
        https://therecord.media/prolific-scammer-arrested-extradited-us
        https://www.helpnetsecurity.com/2024/08/13/reveton-ransom-cartel-arrest/
        https://www.infosecurity-magazine.com/news/belarus-cybercriminal-arrested/
        https://www.securityweek.com/us-unseals-charges-against-3-eastern-europeans-over-ransomware-malvertising/
        https://www.theregister.com/2024/08/13/j_p_morgan_suspect_indicted_charged/
      • Check Point Research Warns Every Day Is a School Day For Cyber Criminals With The Education Sector As The Top Target In 2024
        "Schools and universities, with their treasure troves of sensitive data and often insufficient cyber security measures, have become prime targets for cybercriminals. The is evident in the latest report from Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading AI-powered, cloud-delivered cyber security platform provider, which found that the Education sector has been the most targeted industry for cyberattacks so far in 2024. The data also shows a disparity when comparing sectors and regional differences"
        https://blog.checkpoint.com/research/check-point-research-warns-every-day-is-a-school-day-for-cybercriminals-with-the-education-sector-as-the-top-target-in-2024/
      • The Changing Expectations For Developers In An AI-Coding Future
        "The relentless rise of generative AI (GenAI) in software creation has foisted a new reality on software engineers. They are facing a future in which writing code — the traditional territory of software developers for as long as software has existed — will be diminished, if not expunged altogether. Though the future may feel somewhat uncertain for developers, especially those looking to enter the field, they do have an intrinsic place going forward. It's just one that likely will involve less code writing and more security, mentorship, and collaboration."
        https://www.darkreading.com/application-security/the-changing-expectations-for-developers-in-an-ai-coding-future
      • NIST Releases First 3 Finalized Post-Quantum Encryption Standards
        "The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. Researchers around the world are racing to build quantum computers that would operate in radically different ways from ordinary computers and could break the current encryption that provides security and privacy for just about everything we do online. The algorithms announced today are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project, and are ready for immediate use."
        https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
        https://therecord.media/post-quantum-encryption-nist-releases-algorithms
        https://www.darkreading.com/endpoint-security/nist-finalizes-post-quantum-encryption-standards
        https://www.infosecurity-magazine.com/news/nist-quantum-cryptography-standards/
        https://www.securityweek.com/post-quantum-cryptography-standards-officially-announced-by-nist-a-history-and-explanation/
        https://www.theregister.com/2024/08/14/nist_postquantum_standards/
      • Preparation Is Not Optional: 10 Incident Response Readiness Considerations For Any Organization
        "Let’s face it: Cyberthreats aren’t going anywhere. As technology continues to evolve and grow, so will the tactics and techniques used by threat actors. A recent report from Statista estimates the global cost of cybercrime to reach $15.63 trillion by 2029. To combat this, one of the most important things organizations can do is be prepared. According to the National Institute of Standards and Technology (NIST), the incident response life cycle can be broken down into four key stages, with the first, and arguably most important, being preparation."
        https://www.fortinet.com/blog/threat-research/preparation-is-not-optional-10-incident-response-readiness-considerations
      • WWH-Club Credit Card Market Admins Arrested After Cash Spending Spree
        "U.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida. The suspects are Russian national Pavel Kublitskii and Kazakhstan native Alexandr Khodyrev, who were arrested for their roles as administrators and moderators of the cybercrime platform WWH-Club. The two men have also had associations with other illicit platforms, including Skynetzone, Opencard, and Center-Club."
        https://www.bleepingcomputer.com/news/legal/wwh-club-credit-card-market-admins-arrested-after-cash-spending-spree/
        https://www.darkreading.com/cybersecurity-operations/cybercriminal-duo-attract-fbi-by-spending-big-and-living-large
        <https://www.malwarebytes.com/blog/news/2024/08/data-theft-forum-admins-busted-after-flashing-their-cash-in-a-* **life-of-luxury>
      • Why Hardsec Matters: From Protecting Critical Services To Enhancing Resilience**
        "Traditionally, the focus has been on defending against digital threats such as malware, ransomware, and phishing attacks by detecting them and responding. However, as cyber threats become more sophisticated. There is a growing recognition of the importance of measures that stop new attacks before they are recognized. With high-value assets, it's not good enough to have the protection, it's essential to have some assurance that the protection is effective. With software, that assurance is hard work, and this has led to a complimentary approach, called hardsec."
        https://thehackernews.com/2024/08/why-hardsec-matters-from-protecting.html
      • Ransomware Review: First Half Of 2024
        "Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke."
        https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/#
        https://www.theregister.com/2024/08/13/lockbit_ransomware_stats/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) a68032c6-0b80-44dd-9511-106f0d73a4c7-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post