ThaiCERT

457/67 Wednesday, December 25, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Acclaim Systems’ USAHERDS, identified as CVE-2021-44207 with a CVSS severity score of 8.1, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves the use of hardcoded credentials, allowing attackers to execute malicious code on the system. […]

456/67 Wednesday, December 25, 2024 WhatsApp, a messaging application owned by Meta Platforms, has won a significant legal case against NSO Group, an Israeli commercial spyware developer. The victory came after a district judge in California ruled in favor of WhatsApp, citing NSO Group’s violation of security protocols by exploiting vulnerabilities in the system to […]

455/67 Tuesday, December 24, 2024 Rostislav Panev, a 51-year-old man holding both Russian and Israeli citizenships, has been charged as a programmer for the LockBit ransomware group following his arrest in Israel in August 2024. Panev is accused of developing the LockBit ransomware from 2019 until February 2024. The group targeted over 2,500 victims worldwide, […]

454/67 Tuesday, December 24, 2024 A new report from Chainalysis reveals that North Korean hackers stole over $1.34 billion worth of cryptocurrency in 2024 through 47 cyberattacks, setting a new record for cyber theft. According to the report, this amount accounted for 61% of the total value stolen this year, marking a 21% increase compared […]

453/67 Monday, December 23, 2024 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a command injection vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) software, identified as CVE-2024-12356, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, with a CVSS severity score of 9.8, allows unauthenticated attackers to execute malicious […]

452/67 Monday, December 23, 2024 Cyberattacks in today’s world not only reflect political and geopolitical tensions but have also increasingly targeted organizational sectors in unprecedented ways. State-sponsored threat actors have shifted their strategies and targets from critical infrastructure, such as energy and transportation systems, to breaching data in businesses and major organizations across various industries. […]

451/67 Friday, December 20, 2024 Researchers have issued a warning about a critical vulnerability in Apache Struts, identified as CVE-2024-53677, which has a CVSS score of 9.5. This vulnerability allows attackers to modify file upload parameters to execute a Path Traversal attack, potentially leading to the upload of malicious files for Remote Code Execution (RCE). […]

450/67 Friday, December 20, 2024 Researchers from Unit 42 of Palo Alto Networks have revealed a cyberattack targeting users in the automotive, chemical, and industrial sectors across Europe, with as many as 20,000 victims. The attackers employed sophisticated phishing techniques to steal account credentials and compromise the Microsoft Azure cloud infrastructure. The campaign began with […]

449/67 Thursday, December 19, 2024 The Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities, Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767), to its Known Exploited Vulnerabilities (KEV) catalog. Details of the vulnerabilities are as follows: To mitigate these vulnerabilities, agencies under the Federal Civilian Executive […]

448/67 Thursday, December 19, 2024 Over the past year, a new form of scam called “Task Scams” or “Gamified Job Scams” has alarmingly increased by 400%, putting job seekers at risk of wasting time and losing money. Task Scams or Gamified Job Scams involve online fraudsters targeting individuals looking for remote jobs. They offer seemingly […]