ThaiCERT

453/67 Monday, December 23, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software, identified as CVE-2024-12356, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS severity score of 9.8, allows unauthenticated attackers to execute malicious […]

452/67 Monday, December 23, 2024 Cyberattacks in today’s world not only reflect political and geopolitical tensions but have also increasingly targeted organizational sectors in unprecedented ways. State-sponsored threat actors have shifted their strategies and targets from critical infrastructure, such as energy and transportation systems, to breaching data in businesses and major organizations across various industries. […]

451/67 Friday, December 20, 2024 Researchers have issued a warning about a critical vulnerability in Apache Struts, identified as CVE-2024-53677, which has a CVSS score of 9.5. This vulnerability allows attackers to modify file upload parameters to execute a Path Traversal attack, potentially leading to the upload of malicious files for Remote Code Execution (RCE). […]

450/67 Friday, December 20, 2024 Researchers from Unit 42 of Palo Alto Networks have revealed a cyberattack targeting users in the automotive, chemical, and industrial sectors across Europe, with as many as 20,000 victims. The attackers employed sophisticated phishing techniques to steal account credentials and compromise the Microsoft Azure cloud infrastructure. The campaign began with […]

449/67 Thursday, December 19, 2024 The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767), to its Known Exploited Vulnerabilities (KEV) catalog. Details of the vulnerabilities are as follows: To mitigate these vulnerabilities, agencies under the Federal Civilian Executive […]

448/67 Thursday, December 19, 2024 Over the past year, a new form of scam called “Task Scams” or “Gamified Job Scams” has alarmingly increased by 400%, putting job seekers at risk of wasting time and losing money. Task Scams or Gamified Job Scams involve online fraudsters targeting individuals looking for remote jobs. They offer seemingly […]

447/67 Wednesday, December 18, 2024 ConnectOnCall, a telemedicine and after-hours emergency call service platform, has disclosed a data breach affecting the personal and medical information of over 900,000 users. The company discovered the security breach on May 12, 2024, and immediately began an investigation. It was found that an external party had gained access to […]

446/67 Wednesday, December 18, 2024 Cybersecurity researchers from QiAnXin, a company in China, have revealed an advanced PHP backdoor called Glutton, a new tool associated with the Winnti group, which is linked to China. This backdoor targets multiple countries, including China, the United States, Cambodia, Pakistan, and South Africa. Glutton is designed in a modular […]

445/67 Tuesday, December 17, 2024 Germany’s Federal Office for Information Security (BSI) announced its success in halting the BADBOX malware operation, which was found to have infected over 30,000 internet-connected devices sold within the country. The agency disrupted communication between the infected devices and their command-and-control (C2) servers using a sinkholing technique. Affected devices include […]

444/67 Tuesday, December 17, 2024 Thai government officials have become targets of a new cyberattack employing a technique known as DLL Side-Loading to deploy a backdoor malware called “Yokai.” This malware is designed to take control of systems and execute commands from attackers via a command-and-control (C2) server. The campaign begins with a RAR file […]