โพสต์ถูกสร้างโดย NCSA

NCSA_THAICERT

ทหารจากประเทศแถบตะวันออกกลาง ตกเป็นเป้าห.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Cyber Security Agency of Singapore (CSA) ได้เปิดเผยข้อมูลเกี่ยวกับ VMware ได้ออกการอัปเดตด้านความปลอดภัยการแก้ไขช่องโหว่ที่มีความรุนแรงสูง (CVE-2024-22280) ในผลิตภัณฑ์ Aria Automation

การใช้ประโยชน์จากช่องโหว่ดังกล่าวจากกาใช้ภาษาที่เป็นโครงสร้าง (SQL) นั้นสำเร็จอาจทำให้ผู้ไม่ประสงค์ดีสามารถตรวจสอบ ยืนยันและสามารถส่งแบบสอบถาม ที่สร้างขึ้นโดยเฉพาะและอาจดำเนินการตรวจสอบข้อมูลได้โดยไม่ได้รับอนุญาตในการเข้าถึงฐานข้อมูลได้

ช่องโหว่ที่ส่งผลต่อผลิตภัณฑ์มีเวอร์ชันดังนี้
• VMware Aria Automation เวอร์ชัน 8.x
• VMware Cloud Foundation เวอร์ชัน 4.x
• VMware Cloud Foundation เวอร์ชัน 5.x

ผู้ใช้และผู้ดูแลผลิตภัณฑ์รุ่นที่ได้รับผลกระทบให้ทำการอัปเดตให้เป็นเวอร์ชันล่าสุดเสมอ

อ้างอิง
https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-083

NCSA_THAICERT

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE). The vulnerability tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1 and 8.8p1 shipped with Red Hat Enterprise Linux 9. Security researcher Alexander Peslyak, who goes by the alias Solar Designer, has been credited with discovering and reporting the bug, which was found during a review of CVE-2024-6387 after the latter was disclosed by Qualys earlier this month. "The main difference from CVE-2024-6387 is that the race condition and RCE potential are triggered in the privsep child process, which runs with reduced privileges compared to the parent server process," Peslyak said. "So the immediate impact is lower. However, there may be differences in exploitability of these vulnerabilities in a particular scenario, which could make either one of these a more attractive choice for an attacker, and if only one of these is fixed or mitigated then the other becomes more relevant." However, it's worth noting that the signal handler race condition vulnerability is the same as CVE-2024-6387, wherein if a client does not authenticate within LoginGraceTime seconds (120 by default), then the OpenSSH daemon process' SIGALRM handler is called asynchronously, which then invokes various functions that are not async-signal-safe. "This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server," according to the vulnerability description.”

ที่มาแหล่งข่าว

https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html

NCSA_THAICERT

CISA เพิ่มช่องโหว่ของ Cisco NX-OS ลงในแคตตาล็อก Known Exploit.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Microsoft เตรียมประกาศแผนห้ามพนักงานในจีนใช้อุ.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Industrial Sector

Delta Electronics CNCSoft-G2
"Successful exploitation of these vulnerabilities could cause a buffer overflow condition and allow remote code execution."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-01
Mitsubishi Electric MELIPC Series MI5122-VW
"Successful exploitation of this vulnerability could allow an attacker to tamper with, destroy, disclose, or delete information in the product, or cause a denial-of-service (DoS) condition on the product."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02
Johnson Controls Illustra Pro Gen 4
"Successful exploitation of this vulnerability could impact confidentiality and integrity of the device."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-03
Johnson Controls Software House C●CURE 9000
"Successful exploitations of this vulnerability could allow an attacker to gain administrative access."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-04
Johnson Controls Software House C●CURE 9000
"Successful exploitation of this vulnerability may allow an attacker to access credentials used for access to the application."
https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-05

Vulnerabilities

Microsoft July 2024 Patch Tuesday Fixes 142 Flaws, 4 Zero-Days
"Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. This Patch Tuesday fixed five critical vulnerabilities, with all being remote code execution flaws."
https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days/
https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates
https://www.darkreading.com/application-security/attackers-already-exploiting-flaws-in-microsofts-july-security-update
https://www.tripwire.com/state-of-security/vert-threat-alert-july-2024-patch-tuesday-analysis
https://blog.talosintelligence.com/microsoft-patch-tuesday-july-2024/
https://www.helpnetsecurity.com/2024/07/09/microsoft-fixes-two-zero-days-exploited-by-attackers-cve-2024-38080-cve-2024-38112/
https://www.securityweek.com/microsoft-warns-of-windows-hyper-v-zero-day-being-exploited/
https://hackread.com/microsoft-patch-tuesday-microsoft-patches-vulnerabilities/
https://www.theregister.com/2024/07/10/july_2024_patch_tuesday/
Hackers Target WordPress Calendar Plugin Used By 150,000 Sites
"Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. The plugin is developed by Webnus and is used to organize and manage in-person, virtual, or hybrid events. The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). It was discovered and reported responsibly on May 20 by Friderika Baranyai during Wordfence's Bug Bounty Extravaganza."
https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/
https://www.wordfence.com/threat-intel/vulnerabilities/detail/modern-events-calendar-7110-authenticated-subscriber-arbitrary-file-upload
Citrix Releases Security Updates For Multiple Products
"Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system."
https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products
Adobe Issues Critical Patches For Multiple Products, Warns Of Code Execution Risks
"Software maker Adobe on Tuesday released critical-severity patches for security defects in multiple enterprise-facing products and warned that both Windows and macOS are exposed to code execution attacks. As part of its scheduled batch of Patch Tuesday releases, the company documented at least seven vulnerabilities affecting Adobe Premiere Pro, Adobe InDesign and Adobe Bridge and urged users to immediately install available patches."
https://www.securityweek.com/adobe-issues-critical-patches-for-multiple-products-warns-of-code-execution-risks/
SAP Patches High-Severity Vulnerabilities In PDCE, Commerce
"Enterprise software maker SAP on Tuesday announced the release of 16 new and two updated security notes as part of its July 2024 patch day, including two notes dealing with high-severity vulnerabilities. The most severe of the issues is a missing authorization check in PDCE (Product Design Cost Estimating), a lifecycle costing tool. Tracked as CVE-2024-39592 (CVSS score of 7.7/10), the bug could allow an attacker to read generic table data, according to SAP."
https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-pdce-commerce/
New Blast-RADIUS Attack Bypasses Widely-Used RADIUS Authentication
"Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. Many networked devices (including switches, routers, and other routing infrastructure) on enterprise and telecommunication networks use the authentication and authorization RADIUS (Remote Authentication Dial-In User Service) protocol, sometimes tens of thousands of devices on a single network."
https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/
https://www.blastradius.fail/
https://www.blastradius.fail/attack-details
https://www.blastradius.fail/pdf/radius.pdf
https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability/
https://www.securityweek.com/blastradius-attack-exposes-critical-flaw-in-30-year-old-radius-protocol/
Apple Geolocation API Exposes Wi-Fi Access Points Worldwide
"Apple's Wi-Fi Positioning System (WPS) can be used to map and track Wi-Fi access points (APs) around the globe. But in a presentation at Black Hat 2024, University of Maryland researcher Erik Rye will demonstrate how he mapped hundreds of millions of APs in a matter of days, without even needing an Apple device or any kind of permissions along the way."
https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide
CVE-2024-38021: Moniker RCE Vulnerability Uncovered In Microsoft Outlook
"Morphisec researchers have identified a significant vulnerability, CVE-2024-38021 — a zero-click remote code execution (RCE) vulnerability that impacts most Microsoft Outlook applications. Unlike the previously discovered vulnerability CVE-2024-30103 disclosed in June —which required authentication (at least an NTLM token)— this new vulnerability does not require any authentication."
https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

Malware

Persistent Npm Campaign Shipping Trojanized jQuery
"Since May 26, 2024, Phylum has been monitoring a persistent supply chain attacker involving a trojanized version of jQuery. We initially discovered the malicious variant on npm, where we saw the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on jsDelivr."
https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/
https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html
https://www.darkreading.com/cyberattacks-data-breaches/trojanized-jquery-packages-complex-supply-chain-attack
https://hackread.com/trojanized-jquery-threatens-npm-github-and-cdns/
Criminals Targeting Victims Of Previous Scams Promising Financial Recovery
"The National Anti-Scam Centre is urging Australians who have had money stolen by scammers to be wary of offers to recover their money for an upfront fee. Reports that involve a money recovery element are on the rise. Between December 2023 and May 2024, Scamwatch received 158 reports with total losses of over $2.9 million, including losses from the original scam."
https://www.accc.gov.au/media-release/criminals-targeting-victims-of-previous-scams-promising-financial-recovery
https://www.theregister.com/2024/07/09/australia_rescam_warning/
CPR Warns Threat Actors Are Leveraging Internet Explorer In New Zero-Day Spoofing Attack (CVE-2024-38112)
"Check Point Research (CPR) warns of a new spoofing attack from threat actors using Internet Explorer shortcut files to lure Windows 10/11 users for remote code execution. CPR recommends Microsoft customers patch immediately."
https://blog.checkpoint.com/research/cpr-warns-threat-actors-are-leveraging-internet-explorer-in-new-zero-day-spoofing-attack-cve-2024-38112/
Lookout Discovers Houthi Surveillanceware Targeting Middle Eastern Militaries
"In October 2022, Lookout researchers initially discovered a surveillanceware that is still being used to target military personnel from Middle Eastern countries. The surveillanceware, dubbed GuardZoo by Lookout, is based on a commodity spyware named Dendroid RAT, which Lookout protected against since before 2022. Lookout attributes this activity to a Yemeni Houthi-aligned group based on targeting aligned with Houthi interests."
https://www.lookout.com/threat-intelligence/article/guardzoo-houthi-android-surveillanceware
https://therecord.media/pro-houthi-hackers-yemen-spyware-middle-east-militaries
https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html
https://cyberscoop.com/researchers-catch-yemeni-hackers-spying-on-middle-east-military-phones/
https://www.helpnetsecurity.com/2024/07/09/guardzoo-spyware-target-military-personnel/
https://www.theregister.com/2024/07/09/houthi_rebels_malware/
Distribution Of AsyncRAT Disguised As Ebook
"AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there have been cases recently where the malware was disguised as an ebook."
https://asec.ahnlab.com/en/67861/

Breaches/Hacks/Leaks

Fujitsu Confirms Customer Data Exposed In March Cyberattack
"Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. The Japanese tech giant states that the attack did not involve ransomware but relied on a sophisticated mechanism to evade detection while exfiltrating the details. In March, the company discovered that several of its systems had been infected with malware and noted the possibility of sensitive customer information being compromised."
https://www.bleepingcomputer.com/news/security/fujitsu-confirms-customer-data-exposed-in-march-cyberattack/
City Of Philadelphia Says Over 35,000 Hit In May 2023 Breach
"The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. The investigation found that attackers gained access to multiple email accounts between May 26, 2023, and July 28, 2023."
https://www.bleepingcomputer.com/news/security/city-of-philadelphia-says-over-35-000-hit-in-may-2023-breach/
Evolve Bank Says Data Breach Impacts 7.6 Million Americans
"Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. In June, LockBit published false claims that it breached the U.S. Federal Reserve. It was later determined that the leaked data actually belonged to Evolve Bank & Trust. Evolve confirmed to BleepingComputer that the data belonged to them and launched an investigation to determine the scope and extent of the data breach."
https://www.bleepingcomputer.com/news/security/evolve-bank-says-data-breach-impacts-76-million-americans/
https://www.darkreading.com/cyberattacks-data-breaches/evolve-bank-and-trust-reveals-7m-impacted-in-lockbit-breach
https://www.bankinfosecurity.com/evolve-discloses-that-hackers-stole-data-76m-individuals-a-25732
https://www.infosecurity-magazine.com/news/cyber-attack-evolve-bank-exposed/
https://securityaffairs.com/165504/cyber-crime/evolve-bank-data-breach-7-6m-people.html
https://www.securityweek.com/evolve-bank-data-breach-impacts-7-6-million-people/
https://www.theregister.com/2024/07/09/evolve_lockbit_attack/
Hackvists Release Two Gigabytes Of Heritage Foundation Data
"An established cybercrime group with a track record of attacking political targets posted on Tuesday roughly two gigabytes of data from the Heritage Foundation, a prominent conservative think tank based in Washington, D.C. Self-described “gay furry hackers,” SiegedSec said it released the data in response to Heritage Foundation’s Project 2025, a set of proposals that aim to give Donald Trump a set of ready-made policies to implement if he wins this fall’s election. Its authors describe it as an initiative “to lay the groundwork for a White House more friendly to the right.”"
https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/
Debt Collection Agency Says Data Breach Affected More Than 4 Million People
"A data breach discovered in February potentially exposed information on more than 4 million people, debt collection agency Financial Business and Consumer Solutions (FBCS) said in an updated regulatory filing Monday. The Pennsylvania-based company has steadily revised its assessment of the potential impact of the breach since it first began notifying customers in April. The latest filing with Maine regulators — the fifth since April 26 — said the incident affected 4,050,711 people, more than double what was originally reported."
Priority: 3 - Important
Relevance: General
https://therecord.media/debt-collection-agency-data-breach-fbcs
https://www.bankinfosecurity.com/4-million-people-affected-by-debt-collector-data-theft-hack-a-25730

General News

Microsoft’s Cybersecurity Dilemma: An Open Letter To Satya Nadella
"Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with cloud and email environments being compromised. In some cases, customers were kept in the dark, giving attackers additional time to exploit victims and entrench themselves deeper to the detriment of those affected."
https://www.helpnetsecurity.com/2024/07/09/microsoft-cybersecurity-dilemma/
Exploring The Root Causes Of The Cybersecurity Skills Gap
"In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy advocates training that combines technical expertise with essential power skills to meet evolving industry demands and secure future career opportunities in cybersecurity."
https://www.helpnetsecurity.com/2024/07/09/koma-gandy-skillsoft-cybersecurity-skills-gap/
Justice Department Leads Efforts Among Federal, International, And Private Sector Partners To Disrupt Covert Russian Government-Operated Social Media Bot Farm
"The Justice Department today announced the seizure of two domain names and the search of 968 social media accounts used by Russian actors to create an AI-enhanced social media bot farm that spread disinformation in the United States and abroad. The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives, according to affidavits unsealed today."
https://www.justice.gov/opa/pr/justice-department-leads-efforts-among-federal-international-and-private-sector-partners
https://www.ic3.gov/Media/News/2024/240709.pdf
https://www.bleepingcomputer.com/news/security/us-disrupts-ai-powered-bot-farm-pushing-russian-propaganda-on-x/
https://therecord.media/russia-disinformation-bots-social-media-us-canada-netherlands-alert
https://www.bankinfosecurity.com/us-busts-russian-ai-driven-disinformation-operation-a-25729
https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/
https://www.theregister.com/2024/07/09/russian_ai_bot_farm/
How Do Cryptocurrency Drainer Phishing Scams Work?
"Cryptodrainer scams have emerged as a significant threat in the cryptocurrency ecosystem, targeting unsuspecting individuals with the promise of easy profits while covertly siphoning their digital assets. Initially, cryptodrainer scams primarily manifested as fraudulent investment schemes, promising high returns on investments in dubious projects or fake initial coin offerings (ICOs). These scams exploited the speculative nature of cryptocurrency markets, luring investors with the allure of quick riches and revolutionary technology. However, instead of delivering on their promises, scammers absconded with investors' funds."
https://blog.talosintelligence.com/how-do-cryptocurrency-drainer-phishing-scams-work/
5 Tips To Minimize The Costly Effects Of Data Exfiltration
"No matter the status of your organization, it may be the victim of a cyberbreach. Cases in point: In February, the US Cybersecurity and Infrastructure Security Agency (CISA) was hacked via the exploitation of vulnerabilities in Ivanti products the agency uses. The International Monetary Fund (IMF) was also attacked that month, which resulted in the compromise of at least 11 IMF email accounts. In March, multinational technology giant Fujitsu confirmed it was the victim of a cyberattack, where hackers used malware to exfiltrate personal and customer information."
https://www.darkreading.com/cyber-risk/5-tips-to-minimize-data-exfiltration-before-it-happens
CISA Takedown Of Ivanti Systems Is a Wake-Up Call
"The exploitation of vulnerabilities in Ivanti's software underscores the need for robust cybersecurity measures and proactive response strategies to mitigate risks and protect critical assets."
https://www.darkreading.com/vulnerabilities-threats/cisa-takedown-ivanti-systems-is-wake-up-call
Just a Fifth Of Manufacturers Have Strongest Anti-Phishing Protection
"A majority of global manufacturers are inviting unnecessary extra cyber risk by failing to properly implement the DMARC email security protocol, according to new research from EasyDMARC. The security vendor analyzed over 4700 domains belonging to some of the world’s biggest manufacturers. The good news is that three-fifths (61%) had implemented the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. It’s designed to prevent phishing by automatically flagging and blocking any incoming emails thought to be spoofed."
https://www.infosecurity-magazine.com/news/fifth-manufacturers-strongest/
Developing And Prioritizing a Detection Engineering Backlog Based On MITRE ATT&CK
"Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for ideas on creating detection scenarios."
https://securelist.com/detection-engineering-backlog-prioritization/113099/
A Decade Of Global Cyberattacks, And Where They Left Us
"The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so. I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now feel like an everyday occurrence.”"
https://securityintelligence.com/articles/decade-global-cyberattacks-where-they-left-us/
How To Fix a Dysfunctional Security Culture
"There’s an old business saying that goes: “Culture eats strategy for breakfast,” that’s often attributed to Peter Drucker. While it is debatable whether he said it or not, the sentiment is clear—without a strong culture, organizations will be unable to execute on their strategies."
https://www.securityweek.com/how-to-fix-a-dysfunctional-security-culture/

อ้างอิง
Electronic Transactions Development Agency(ETDA)

NCSA_THAICERT

Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม(ICS) 7 รายการ เมื่อวันที่ 9 กรกฎาคม 2567 คำแนะนำเหล่านี้ให้ข้อมูลที่ทันท่วงทีเกี่ยวกับปัญหาด้านความปลอดภัยช่องโหว่ และช่องโหว่ที่อยู่รอบ ๆ ICS ในปัจจุบัน มีดังต่อไปนี้

ICSA-24-191-01 Delta Electronics CNCSoft-G2
ICSA-24-191-02 Mitsubishi Electric MELIPC Series MI5122-VW
ICSA-24-191-03 Johnson Controls Illustra Pro Gen 4
ICSA-24-191-04 Johnson Controls Software House C●CURE 9000
ICSA-24-191-05 Johnson Controls Software House C●CURE 9000
ICSA-24-177-02 PTC Creo Elements/Direct License Server (Update A)
ICSA-23-269-03 Mitsubishi Electric FA Engineering Software (Update A)

ทั้งนี้ CISA สนับสนุนให้ผู้ใช้และผู้ดูแลระบบตรวจสอบคำแนะนำ ICS ที่เผยแพร่ใหม่สำหรับรายละเอียดทางเทคนิคและการบรรเทาผลกระทบ รายละเอียดเพิ่มเติมที่ https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories

อ้างอิง
https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Chinese state-sponsored actor APT40 is focusing on exploiting newly discovered software vulnerabilities (N-days), often within hours of public release, a joint government advisory has warned. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), alongside agency partners from the US, UK, Canada, New Zealand, Germany, South Korea and Japan, noted that the group prefers to exploit vulnerable, public-facing infrastructure over techniques that require user interaction such as phishing campaigns. APT40 conducts regular reconnaissance against target networks to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. It is capable of exploiting newly public vulnerabilities in widely used software such as Log4j, Atlassian Confluence and Microsoft Exchange within days or even hours of public release. “Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s) (POCs) of new vulnerabilities and immediately utilize them against target networks possessing the infrastructure of the associated vulnerability,” the advisory read. The group continues to find success exploiting vulnerabilities from as early as 2017. Once inside a network, APT40 specializes on evasion and persistence techniques to exfiltrate sensitive data on behalf of the People’s Republic of China (PRC) Ministry of State Security, the agencies assessed. APT40 has repeatedly targeted Australian networks as well as government and private sector networks in the region, and remain a threat to the other authoring agencies’ nations. The group’s activity and techniques overlaps with threat actors tacked as Kryptonite Panda, GINGHAM TYPHOON, Leviathan and Bronze Mohawk in industry reporting. The ASD said that APT40 has embraced a global trend of using compromised devices, including small-office/home-office (SOHO), as operational infrastructure last-hop redirectors for its operations in Australia. Many of these SOHO devices are end-of-life or unpatched, offering a soft target for N-day exploitation. Once compromised, such devices also provide a launching point for attacks to blend in with legitimate traffic, obfuscating malicious activity.”

ที่มาของแหล่งข่าว
https://www.infosecurity-magazine.com/news/chinese-state-exploits/

NCSA_THAICERT

Cyber Security Agency of Singapore (CSA) ได้เผยแพร่โหว่หลายรายการ ที่ CVE-2024-39930, CVE-2024-39931และ CVE-2024-39932 ซึ่งส่งผลกระทบต่อการให้บริการ Git โอเพนซอร์สของ Gogs ช่องโหว่เหล่ามีคะแนน CVSSv3 ที่ 9.9 จาก 10 คะแนน

ช่องโหว่ที่มีผลกระทบดังนี้
• CVE-2024-39930 การใช้ประโยชน์จากช่องโหว่นี้สามารถรวจสอบความถูกต้องและแทรกอาร์กิวเมนต์ในเซิร์ฟเวอร์ Secure Socket Shell (SSH) ซึ่งนำไปสู่การโจมตีจากระยะไกล
• CVE-2024-39931 การใช้ประโยชน์จากช่องโหว่นี้อาจทำให้ผู้โจมตีสามารถตรวจสอบยืนยันและลบไฟล์ภายในได้
• CVE-2024-39932 การใช้ประโยชน์จากช่องโหว่นี้อาจทำให้ผู้โจมตีสามารถตรวจสอบความถูกต้องและแทรกอาร์กิวเมนต์ระหว่างการดูตัวอย่างการเปลี่ยนแปลงได้

ซึ่งช่องโหว่ร้ายแรงมีผลต่อ Gogs เวอร์ชัน 0.13.0 และเวอร์ชันก่อนหน้า

ผู้ใช้งานและผู้ดูแลผลิตภัณฑ์รุ่นที่ได้รับผลกระทบควรอัปเดตให้เป็นเวอร์ชันล่าสุด

อ้างอิง
https://www.csa.gov.sg/alerts-advisories/alerts/2024/al-2024-080

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

New Tooling

Avast Releases Free Decryptor For DoNex Ransomware And Past Variants
"Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. The company says it has been working with law enforcement to privately provide the decryptor to DoNex ransomware victims since March 2024. Cybersecurity vendors commonly distribute decryptors in this manner to prevent the threat actors from learning about the bug and fixing it. The flaw was publicly disclosed at last month's Recon 2024 cybersecurity conference, so Avast has decided to release the decryptor."
https://www.bleepingcomputer.com/news/security/avast-releases-free-decryptor-for-donex-ransomware-and-past-variants/
https://www.helpnetsecurity.com/2024/07/08/decryptor-donex-muse-darkrace-fake-lockbit-3-0
https://www.theregister.com/2024/07/08/avast_secretly_gave_donex_ransomware
Monocle: Open-Source LLM For Binary Analysis Search
"Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile the binary to identify and score areas of the code that meet the criteria."
https://www.helpnetsecurity.com/2024/07/08/monocle-open-source-llm-binary-analysis-search/
https://github.com/user1342/Monocle

Vulnerabilities

Securing Developer Tools: Unpatched Code Vulnerabilities In Gogs (1/2)
"Most companies today value their source code as an important asset and rely on cloud services like GitHub or operate their own source code hosting platform to manage this asset. One option for this is Gogs, an open-source solution for self-hosting source code. With over 44.000 stars on GitHub, Gogs is among the most popular Go projects. Its Docker image has been downloaded over 90 million times, indicating that many developers use it. In light of our blog post series on securing developer tools, we investigated the code base of Gogs for security vulnerabilities."
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-
https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html
Adobe Commerce Unauthorized XXE Vulnerability
"The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation."
https://blog.sonicwall.com/en-us/2024/07/adobe-commerce-unauthorized-xxe-vulnerability

Malware

CloudSorcerer – A New APT Targeting Russian Government Entities
"In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server."
https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/
https://www.bleepingcomputer.com/news/security/cloudsorcerer-hackers-abuse-cloud-services-to-steal-russian-govt-data/
https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html
https://www.darkreading.com/cloud-security/cloudsorceror-public-cloud-cyberespionage-campaign
https://www.infosecurity-magazine.com/news/cloudsorcerer-malware-hits-russian/>
https://www.securityweek.com/kaspersky-flags-cyberespionage-apt-cloudsorcerer-targeting-russian-government/
CISA And Partners Join ASD’S ACSC To Release Advisory On PRC State-Sponsored Group, APT 40
"CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber group’s activity."
https://www.cisa.gov/news-events/alerts/2024/07/08/cisa-and-partners-join-asds-acsc-release-advisory-prc-state-sponsored-group-apt-40
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action
https://www.itnews.com.au/news/asd-hack-forensics-underpin-global-apt40-threat-warning-609570
Emboldened And Evolving: A Snapshot Of Cyber Threats Facing NATO
"As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges—the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable."
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato
https://www.securityweek.com/mandiant-highlights-russian-and-chinese-cyber-threats-to-nato-on-eve-of-75th-anniversary-summit/

Breaches/Hacks/Leaks

‘RockYou2024’: Nearly 10 Billion Passwords Leaked Online
"On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is referred to as RockYou2024 because of its filename, rockyou.txt."
https://www.malwarebytes.com/blog/news/2024/07/rockyou2024-nearly-10-billion-passwords-leaked-online
https://www.darkreading.com/cyberattacks-data-breaches/10b-passwords-pop-up-on-dark-web-rockyou2024-release
https://www.infosecurity-magazine.com/news/10-billion-passwords-leaked/
https://securityaffairs.com/165460/data-breach/rockyou2024-compilation-10b-passwords.html
Roblox Vendor Data Breach Exposes Dev Conference Attendee Info
"Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. Roblox is an online gaming and game creation platform popular among younger audiences that design, create, and share games with a large community of over 200 million active users."
https://www.bleepingcomputer.com/news/security/roblox-vendor-data-breach-exposes-dev-conference-attendee-info/
Neiman Marcus Data Breach: 31 Million Email Addresses Found Exposed
"A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. Hunt's findings come after the company filed a breach notification with the Office of the Maine Attorney General, stating that the breach only impacted 64,472 people."
https://www.bleepingcomputer.com/news/security/neiman-marcus-data-breach-31-million-email-addresses-found-exposed/
Computer Maker Zotac Exposed Customers' RMA Info On Google Search
"Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. Zotac, known for its range of compact and mini PCs, high-performance graphics cards, motherboards, and computer accessories, has misconfigured the web folders that hold RMA data, resulting in them being indexed by search engines."
https://www.bleepingcomputer.com/news/security/computer-maker-zotac-exposed-customers-rma-info-on-google-search/
Hackers Leak 39,000 Print-At-Home Ticketmaster Tickets For 154 Events
"In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. The tickets were leaked by a threat actor known as 'Sp1derHunters,' who is selling data stolen in recent data theft attacks from Snowflake accounts."
https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/
https://hackread.com/ticketmaster-hackers-leak-ticket-barcodes-tutorial/
Serious Hacker Attack’ Forces Frankfurt University To Shut Down IT Systems
"The Frankfurt University of Applied Sciences announced on Monday it was targeted by “a serious hacker attack” that has led to a total shutdown of its IT systems. It is the latest in a string of disruptive cyber incidents to have affected German universities, particularly those specializing in applied sciences. The nature of the attack has not yet been confirmed. The university stated it took place “around 8pm” on Saturday on a post replacing its normal homepage."
https://therecord.media/serious-hacker-attack-shutdown-frankfurt

General News

How Nation-State Cyber Attacks Disrupt Public Services And Undermine Citizen Trust
"In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for trust and infrastructure. Greer also discusses common vulnerabilities in government IT systems and the potential of AI and public-private collaborations to enhance cybersecurity defenses."
https://www.helpnetsecurity.com/2024/07/08/rob-greer-broadcom-nation-state-attacks/
Organizations Change Recruitment Strategies To Find Cyber Talent
"An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap, according to Fortinet. At the same time, Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates additional risks for their organizations."
https://www.helpnetsecurity.com/2024/07/08/cybersecurity-skills-shortage-risks-for-organizations/
Deconstructing Security Assumptions To Ensure Future Resilience
"Achieving security in a future of "unseen until it's too late" threats forces us to look beyond the endless cycles of discover and patch, identify and neutralize, and sense and respond, to build resilience by stress-testing assumptions and preparing for a future in which those assumptions have become unsustainable."
https://www.darkreading.com/cyber-risk/deconstructing-security-assumptions-to-ensure-future-resilience
5 Ways To Run Security As a Meritocracy
"I remember watching the space shuttle Challenger launch as a child. The launch was highly anticipated, and my fellow classmates and I gathered in the school cafeteria to watch the one television that had been placed there and connected to broadcast signals. In 73 seconds, wonder turned to amazement, which turned to confusion, which turned to horror. I will never forget it."
https://www.darkreading.com/cybersecurity-operations/5-ways-to-run-security-as-a-meritocracy
Cloudy With a Chance Of Cyberattack: Understanding LOTC Attacks And How ZTNA Can Prevent Them
"Living Off The Land (LOTL) attacks are nothing new to cybersecurity. For nearly two decades or more, cybercriminals have been using pre-installed or off-the-shelf applications like PowerShell, PsExec, and windows management instrumentation to do all sorts of bad things. Now cybercriminals are applying a similar approach to the cloud."
https://www.securityweek.com/cloudy-with-a-chance-of-cyberattack-understanding-lotc-attacks-and-how-ztna-can-prevent-them/
Navigating Europe’s Digital Identity Crossroads
"Opening a bank account, making or receiving a payment, instructing an accountant or booking a doctor's appointment. These everyday tasks depend on identity, either proving who you are or verifying who you're dealing with. The trouble is that while we think of the world as a digital one, digital identity is a problem yet to be solved. Some EU member states have come close within their own national borders, as we'll discuss in this article. But for the most part, the caption to the 1993 cartoon still holds true: on the internet, nobody knows you're a dog."
https://www.theregister.com/2024/07/08/navigating_europes_digital_identity_crossroads/
An In-Depth Look At Crypto-Crime In 2023 Part 1
"Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses."

https://www.trendmicro.com/en_us/research/24/g/crypto-crime-2024-report-part-i.html

อ้างอิง

Electronic Transactions Development Agency(ETDA)

NCSA_THAICERT

Apache HTTP Server แก้ไขช่องโหว่ CVE-2024-39884.png
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

มีการรั่วไหลของข้อมูลรหัสผ่าน 10,000 ล้านรายก.png

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

แฮกเกอร์ขโมยความลับจาก OpenAI ในเหตุการณ์ละเม.png
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

มัลแวร์ GootLoader ยังคงถูกใช้งานอย่างต่อเนื่อง .png
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

NCSA_THAICERT

Vulnerabilities

CVE-2024-29510 – Exploiting Ghostscript Using Format Strings
"This is a write-up for CVE-2024-29510, a format string vulnerability in Ghostscript ≤ 10.03.0. We show how this can be exploited to bypass the -dSAFER sandbox and gain code execution. This vulnerability has significant impact on web-applications and other services offering document conversion and preview functionalities as these often use Ghostscript under the hood. We recommend verifying whether your solution (indirectly) makes use of Ghostscript and if so, update it to the latest version."
https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation
https://www.theregister.com/2024/07/05/ghostscript_vulnerability_severity
Apache Fixed a Source Code Disclosure Flaw In Apache HTTP Server
"The Apache Software Foundation has addressed multiple vulnerabilities in its popular Apache HTTP Server. The vulnerabilities include denial-of-service (DoS), remote code execution, and unauthorized access issues. One of these vulnerabilities is a critical source code disclosure vulnerability tracked as CVE-2024-39884."
https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html

Malware

Cloudflare Blames Recent Outage On BGP Hijacking Incident
"Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. The incident occurred last week and affected 300 networks in 70 countries. Despite these numbers, the company says that the impact was "quite low" and in some countries users did not even notice it."
https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident
Eldorado Ransomware: The New Golden Empire Of Cybercrime?
"Partner programs for cybercriminals, also known as Ransomware-as-a-Service (RaaS), have evolved into sophisticated operations resembling large-scale enterprises. These partner programs recruit affiliates to execute specific roles in cybercriminal networks, particularly focusing on the delivery and execution of ransomware attacks on companies. Over the years, the selection process for affiliates has shifted from a focus on individual experience and network access to a more systematic approach."
https://www.group-ib.com/blog/eldorado-ransomware
https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms
New Threat: A Deep Dive Into The Zergeca Botnet
"On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was uploaded from Russia to VirusTotal, where it was not detected as malicious by any antivirus engine."
https://blog.xlab.qianxin.com/a-deep-dive-into-the-zergeca-botnet
https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html
https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html
Turning Jenkins Into a Cryptomining Machine From An Attacker's Perspective****
"Jenkins is an open-source solution that enables continuous integration and continuous delivery (CI/CD), allowing for the automation of the various stages of software development such as the test, build, and deployment phases. While it offers many benefits to users, it can also be used as an attack vector by malicious actors that can exploit misconfigured servers and unpatched Jenkins versions to deploy cryptocurrency miners and backdoors, as well as to gather sensitive information. In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly."
<https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html
Mallox Ransomware Variant Targets Linux: Decryptor Discovered
"Mallox ransomware, which is also known as Fargo, TargetCompany, Mawahelper, and so on, has been active since mid-2021. Their operation was also observed in transitioning into the Ransomware-as-a-Service distribution model from mid-2022. Mallox group focuses on multi-extortion, encrypting their victims’ data and threatening to post it on their public TOR-based sites."
https://www.uptycs.com/blog/mallox-ransomware-linux-variant-decryptor-discovered
https://hackread.com/mallox-ransomware-variant-targets-linux-systems

Breaches/Hacks/Leaks

New Zealand Fitness Retailer Hit By DragonForce Ransomware
"A ransomware group that uses locker malware based on the leaked LockBit 3.0 ransomware builder compromised New Zealand's leading fitness equipment retailer. The DragonForce ransomware group, first observed in November 2023, on Tuesday said on its leak site that it stole 5.31 gigabytes of data Elite Fitness."
https://www.bankinfosecurity.com/new-zealand-fitness-retailer-hit-by-dragonforce-ransomware-a-25718
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too
"Early last year, a hacker gained access to the internal messaging systems of OpenAI, the maker of ChatGPT, and stole details about the design of the company’s A.I. technologies. The hacker lifted details from discussions in an online forum where employees talked about OpenAI’s latest technologies, according to two people familiar with the incident, but did not get into the systems where the company houses and builds its artificial intelligence."
https://www.nytimes.com/2024/07/04/technology/openai-hack.html
https://hackread.com/openai-kept-mum-of-sensitive-ai-research-hack
https://www.securityweek.com/hackers-stole-secrets-from-openai
https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html
https://www.itnews.com.au/news/openais-internal-ai-details-stolen-in-2023-breach-609524
Alabama Department Of Education Stops Ransomware Attack But Confirms Data Stolen
"The Alabama State Department of Education said it stopped a ransomware attack last month but hackers were still able to access some data and disrupt services. On June 17, hackers attempted to target servers and lock down the agency’s computer systems, but were prevented from doing so. “However, the hackers were able to breach some data and disrupt our services before our staff interrupted and stopped the attack,” the department said in a statement on Wednesday."
https://therecord.media/alabama-education-department-data-breach
https://www.securityweek.com/some-data-is-breached-during-a-hacking-attack-on-the-alabama-education-department
https://securityaffairs.com/165389/uncategorized/alabama-state-department-of-education-data-breach.html
RansomHub Says It Published Florida Health Department Data
"The hacking group RansomHub this week claimed it exfiltrated and published 100 gigabytes of sensitive data from the Florida Department of Health because the department refused to meet its ransom demands. According to a July 1 post on X by HackManac, a company that tracks cyberattacks, RansomHub threatened to release the stolen health department data in a post on the dark web unless the state paid an undisclosed amount of money by Friday."
Priority: 3 - Important
Relevance: General
https://statescoop.com/florida-health-department-data-ransomhub-data
Shopify Denies It Was Hacked, Links Stolen Data To Third-Party App
"E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. "Shopify systems have not experienced a security incident," Shopify told BleepingComputer. "The data loss reported was caused by a third-party app. The app developer intends to notify affected customers." This statement comes after a threat actor known as '888' began selling data earlier this week that they claim was stolen from Shopify in 2024."
https://www.bleepingcomputer.com/news/security/shopify-denies-it-was-hacked-links-stolen-data-to-third-party-app

General News

Why Cyber Teams Should Invest In Strong Communicators
"Cybersecurity is a discipline filled with hard problems. Cybersecurity professionals are charged with protecting a rapidly evolving technology landscape from adversaries that are not constrained by profitability, productivity or employee privacy — and they need only a single security control to fail for them to be successful."
https://www.darkreading.com/cybersecurity-operations/why-cyber-teams-should-invest-in-strong-communicators
Are SOC 2 Reports Sufficient For Vendor Risk Management?
"Businesses rely heavily on third-party vendors for a wide range of services. This dependence introduces vulnerabilities, as a security breach at a vendor can have cascading effects on your organization. Cybercriminals are constantly innovating, making robust vendor risk management a critical component of any cybersecurity strategy. Third-party cyberattacks in 2023 included a diverse range of organizations."
https://www.darkreading.com/cybersecurity-operations/are-soc-2-reports-sufficient-for-vendor-risk-management
Euro 2024 Becomes Latest Sporting Event To Attract Cyberattacks
"With the Euro 2024 football tournament — soccer, to our US readers — reaching the final eight teams in the quarterfinals, cybercriminal activity has ramped up around the tournament and is posing risks for fans and their employers."
https://www.darkreading.com/cloud-security/euro-2024-becomes-latest-sporting-event-to-attract-cyberattacks
A CISO's Guide To Avoiding Jail After a Breach
"Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?"
https://www.darkreading.com/cybersecurity-operations/a-cisos-guide-to-avoiding-jail-after-a-breach
99% Of IoT Exploitation Attempts Rely On Previously Known CVEs
"The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million IoT devices that generated 9.1 billion security events over the course of 12 months."
https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges
47% Of Corporate Data Stored In The Cloud Is Sensitive
"As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the leading categories of attack, according to Thales."
https://www.helpnetsecurity.com/2024/07/05/cloud-environments-security-priority
Organizations Weigh The Risks And Rewards Of Using AI
"78% of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves, according to AuditBoard."
https://www.helpnetsecurity.com/2024/07/05/digital-risk-management-approach
How Intelligence Sharing Can Help Keep Major Worldwide Sporting Events On Track
"Major worldwide sporting events like the Olympics or the FIFA World Cup attract global interest as people follow their national teams and hope for success. To put this into context, the Olympic Games are one of the most widely covered sporting events in the world, with an audience of more than 4 billion viewers. Probably owing to the sheer scale of such events, not to mention their high profile, they also attract bad actors looking to disrupt them for ideological reasons or illegal profit."
https://www.securityweek.com/how-intelligence-sharing-can-help-keep-major-worldwide-sporting-events-on-track
Russian-Linked Cybercampaigns Put a Bull’s-Eye On France. Their Focus? The Olympics And Elections
"Photos of blood-red hands on a Holocaust memorial. Caskets at the Eiffel Tower. A fake French military recruitment drive calling for soldiers in Ukraine, and major French news sites improbably registered in an obscure Pacific territory, population 15,000. All are part of disinformation campaigns orchestrated out of Russia and targeting France, according to French officials and cybersecurity experts in Europe and the United States. France’s legislative elections and the Paris Olympics sent them into overdrive."
https://www.securityweek.com/russian-linked-cybercampaigns-put-a-bulls-eye-on-france-their-focus-the-olympics-and-elections
Crypto Hacking Thefts Double To US$1.4 Billion
"The amount of cryptocurrency stolen in hacks globally more than doubled in the first six months of 2024 from a year earlier, driven by a small number of large attacks and rising crypto prices, blockchain researchers TRM Labs said."
https://www.itnews.com.au/news/crypto-hacking-thefts-double-to-us14-billion-609523