ThaiCERT

423/67 Wednesday, November 27, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-28461, with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects Array Networks AG Series and vxAG ArrayOS (version 9.4.0.481 and earlier). The vulnerability allows attackers to exploit the SSL VPN Gateway through unauthenticated […]

422/67 Wednesday, November 27, 2024 The Russian state-sponsored cyber threat group RomCom has been discovered exploiting critical vulnerabilities in Mozilla Firefox and Microsoft Windows to attack victim systems with a backdoor malware of the same name. These attacks leverage vulnerabilities that enable the execution of malicious code without user interaction. The operation involves two major […]

421/67 Tuesday, November 26, 2024 The U.S. Department of Justice (DoJ) has seized the PopeyeTools website, a dark web marketplace for selling stolen credit card data, and charged three administrators: Abdul Ghaffar, Abdul Sami, and Javed Mirza. They face charges of access device fraud and trafficking in data related to cybercrimes such as financial data […]

420/67 Tuesday, November 26, 2024 A Russian-linked cyber threat group has been identified as the perpetrator behind a cyber-espionage campaign targeting Central Asia, East Asia, and Europe. The campaign utilizes custom-tailored malware to steal critical information. According to Insikt Group, part of Recorded Future, the threat actor has been named TAG-110, which has ties to […]

419/67 Monday, November 25, 2024 International Game Technology PLC (IGT), a global gambling technology company, experienced a cyberattack on November 17, 2024, which caused a partial shutdown of its IT systems. IGT responded promptly to the incident and, according to documents filed with the U.S. Securities and Exchange Commission (SEC), identified unauthorized access by external […]

418/67 Monday, November 25, 2024 Security researchers at Trellix have uncovered an attack campaign leveraging the “Bring-Your-Own-Vulnerable-Driver” (BYOVD) technique. The attackers exploit an outdated and vulnerable driver from Avast Anti-Rootkit to bypass detection and disable security systems. According to the researchers, the malware used in this campaign, classified as an AV Killer, is not tied […]

417/67 Friday, November 22, 2024 A cyberattack targeted a hospital in France, revealing the medical records of more than 750,000 patients. The attackers, identifying themselves as “nears,” claimed responsibility for breaching MediBoard software, developed by Softway Medical Group, a leading provider of patient record management systems (EPR) in Europe. The group also alleged access to […]

416/67 Friday, November 22, 2024 Oracle has issued a critical security advisory to users regarding a vulnerability identified in the Agile Product Lifecycle Management (PLM) Framework, designated as CVE-2024-21287, with a CVSS severity score of 7.5. This vulnerability can be exploited remotely without authentication, allowing malicious actors to access sensitive data. The flaw enables unauthenticated […]

415/67 Thursday, November 21, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The details of the vulnerabilities are as follows: To mitigate these risks, agencies under the Federal Civilian Executive Branch (FCEB) are required to address these vulnerabilities within a specified timeframe. CISA […]

414/67 Thursday, November 21, 2024 The Helldown ransomware group is emerging as a new cyber threat, targeting Linux systems and VMware ESXi used across various industries. Recent attacks reveal that the group exploits vulnerabilities in Zyxel firewall devices to gain access to victims’ systems. According to Sekoia, Helldown may have taken advantage of an undisclosed […]