เมื่อวันที่ 6 มิถุนายน 2568 Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับ Cisco ได้ออกอัปเดตความปลอดภัยเพื่อแก้ไขช่องโหว่ร้ายแรง (CVE-2025-20286) ในระบบ Identity Services Engine (ISE)
ซึ่งช่องโหว่นี้ถูกจัดให้อยู่ในระดับร้ายแรง โดยมีคะแนน CVSSv3.1 9.9 และมีรายงานว่ามีโค้ดสำหรับการโจมตีช่องโหว่นี้ (proof-of-concept exploit) เผยแพร่ออกมาแล้ว

ผลกระทบ
หากช่องโหว่นี้ถูกโจมตีโดยสำเร็จ ผู้ไม่หวังดีที่ไม่ผ่านการยืนยันตัวตนและอยู่ระยะไกล อาจสามารถ:

• เข้าถึงข้อมูลสำคัญ
• ดำเนินการระดับผู้ดูแลระบบบางส่วน
• แก้ไขการตั้งค่าระบบ
• หรือก่อกวนบริการภายในระบบที่ได้รับผลกระทบ

ผลิตภัณฑ์ที่ได้รับผลกระทบ
ช่องโหว่นี้มีผลกับ Cisco ISE ที่กำหนดค่าด้วยค่ามาตรฐาน (default configuration) บนแพลตฟอร์มคลาวด์ต่อไปนี้:

• AWS: Cisco ISE เวอร์ชัน 3.1, 3.2, 3.3 และ 3.4
• Azure: Cisco ISE เวอร์ชัน 3.2, 3.3 และ 3.4
• OCI (Oracle Cloud Infrastructure): Cisco ISE เวอร์ชัน 3.2, 3.3 และ 3.4

แนวทางการแก้ไข
แนะนำให้ผู้ใช้งานและผู้ดูแลระบบที่ได้รับผลกระทบ ดำเนินการอัปเดตเป็นเวอร์ชันล่าสุดโดยทันที

หากไม่สามารถอัปเดตได้ในทันที ควรดำเนินมาตรการบรรเทาดังนี้:

จำกัดการเข้าถึงอินสแตนซ์ Cisco ISE ด้วยการกำหนดกลุ่มความปลอดภัย (security groups) บนแพลตฟอร์มคลาวด์ ให้อนุญาตเฉพาะ IP ต้นทางของผู้ดูแลระบบที่ได้รับอนุญาตเท่านั้น อนุญาตเฉพาะ IP ต้นทางของผู้ดูแลระบบที่ระบุไว้ล่วงหน้าสำหรับการเข้าถึง Cisco ISE การดำเนินมาตรการนี้จะช่วยป้องกันการเชื่อมต่อจากแหล่งที่อาจเป็นอันตรายได้อย่างมีประสิทธิภาพ.

อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-057/

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

เมื่อวันที่ 6 มิถุนายน 2568 Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับมูลนิธิซอฟต์แวร์ Apache ได้ออกอัปเดตความปลอดภัยเพื่อแก้ไขช่องโหว่ความรุนแรงสูง (CVE-2025-46701) ใน Servlet ของ Common Gateway Interface (CGI) ของ Apache Tomcat ซึ่งมูลนิธิซอฟต์แวร์ Apache ได้ออกอัปเดตความปลอดภัยเพื่อจัดการกับช่องโหว่ความรุนแรงสูง (CVE-2025-46701) ที่มีอยู่ใน CGI Servlet ของ Apache Tomcat

ผลกระทบ
หากถูกโจมตีโดยสำเร็จ ผู้ไม่หวังดีอาจสามารถหลีกเลี่ยงข้อจำกัดด้านความปลอดภัยที่มีการตั้งค่าไว้ และเข้าถึงทรัพยากร CGI ที่ถูกจำกัดได้โดยไม่ได้รับอนุญาต โดยการใช้ URL ที่มีการดัดแปลงอย่างเจาะจง

ช่องโหว่นี้มีผลกระทบกับผลิตภัณฑ์ต่อไปนี้

• Apache Tomcat 11.0.0-M1 ถึง 11.0.6
• Apache Tomcat 10.1.0-M1 ถึง 10.1.40
• Apache Tomcat 9.0.0.M1 ถึง 9.0.104

แนวทางการแก้ไข
แนะนำให้ผู้ใช้งานและผู้ดูแลระบบที่ใช้ผลิตภัณฑ์ดังกล่าว อัปเดตเป็นเวอร์ชันล่าสุดทันที เพื่อความปลอดภัยของระบบ.

อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-056/

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Energy Sector

• The Future Of Cybersecurity Standards For Global Federal Energy Systems
  "According to a report, 71% of energy industry professionals consider their organizations more vulnerable to OT cyber events than ever. These are private organizations, but the stakes are much higher for government-owned systems. Government-owned energy systems such as national grids, nuclear facilities, pipelines, and strategic reserves are foundational to national sovereignty and public welfare."
  https://www.tripwire.com/state-of-security/future-cybersecurity-standards-global-federal-energy-systems

Industrial Sector

• Ramnit Malware Infections Spike In OT As Evidence Suggests ICS Shift
  "Industrial giant Honeywell on Wednesday published its 2025 Cybersecurity Threat Report, which shows that ransomware and other malware attacks have surged in the industrial sector. Honeywell’s report shows — based on OSINT and industry sources — that there has been a significant increase in ransomware attacks on industrial organizations. While these attacks did not necessarily impact operational technology (OT) systems, more than half of the 55 cybersecurity incidents reported to the SEC in 2024 did affect OT."
  https://www.securityweek.com/ramnit-malware-infections-spike-in-ot-as-evidence-suggests-ics-shift/
  https://www.honeywell.com/content/dam/honeywellbt/en/documents/gated/hon-corp-honeywell-2025-cyber-threat-report.pdf

Vulnerabilities

• Cisco Warns Of ISE And CCP Flaws With Public Exploit Code
  "Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity's Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device administration in enterprise environments. The vulnerability is due to improperly generated credentials when deploying Cisco ISE on cloud platforms, resulting in shared credentials across different deployments."
  https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/
  https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7
• CISA Adds Three Known Exploited Vulnerabilities To Catalog
  "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
  CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
  CVE-2025-21480 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
  CVE-2025-27038 Qualcomm Multiple Chipsets Use-After-Free Vulnerability"
  https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-adds-three-known-exploited-vulnerabilities-catalog
  https://securityaffairs.com/178610/hacking/u-s-cisa-adds-multiple-qualcomm-chipsets-flaws-to-its-known-exploited-vulnerabilities-catalog.html

Malware

• Updated Guidance On Play Ransomware
  "CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection."
  https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware
  https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/
  https://www.theregister.com/2025/06/04/play_ransomware_infects_900_victims/
• ViperSoftX Stealing Cryptocurrencies
  "AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attacker is continuously distributing malware to users in Korea. ViperSoftX is a type of malware that resides in infected systems and is responsible for executing threat actors’ commands and stealing cryptocurrencies. ASEC previously published an analysis of a ViperSoftX attack case in May 2024, which covered a distribution case of TesseractStealer, a malware that utilizes Quasar RAT, a remote access Trojan, and Tesseract, an open-source OCR engine that uses deep learning."
  https://asec.ahnlab.com/en/88336/
• FBI Warns Of NFT Airdrop Scams Targeting Hedera Hashgraph Wallets
  "The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. Airdrops are a method of distributing cryptocurrency tokens for free to wallet addresses, usually as part of a marketing, community growth, or reward campaign, but they are also used as bait for scams. "The Hedera Hashgraph is the distributed ledger used by Hedera. The airdrop feature was originally created by the Hedera Hashgraph network for marketing purposes; however, cyber criminals can exploit this tactic to collect victim data to steal cryptocurrency," explains the FBI advisory."
  https://www.bleepingcomputer.com/news/security/fbi-warns-of-nft-airdrop-scams-targeting-hedera-hashgraph-wallets/
  https://www.ic3.gov/PSA/2025/PSA250603
• The Cost Of a Call: From Voice Phishing To Data Extortion
  "Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizations' Salesforce instances for large-scale data theft and subsequent extortion. Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements."
  https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
  https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/
  https://www.darkreading.com/application-security/vishing-crew-salesforce-data
  https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html
  https://therecord.media/google-warns-cybercriminals-targeting-salesforce-apps
  https://www.securityweek.com/google-warns-of-vishing-extortion-campaign-targeting-salesforce-customers/
  https://cyberscoop.com/google-unc6040-salesforce-attacks/
  https://www.helpnetsecurity.com/2025/06/04/salesforce-vishing-attacks/
  https://www.theregister.com/2025/06/04/fake_it_support_calls_hit/
• ClickFix Campaign Spoofs Booking.com For Malware Delivery
  "Over the past few months, Cofense Intelligence has been tracking a series of travel assistance-themed, Booking.com-spoofing emails targeting hotel chains within the accommodation and food services sector. These campaigns are notable for delivering a wide variety of remote access trojans (RATs) or information stealers via an embedded link to a fake CAPTCHA site that delivers a malicious script instead of a verification code. The website will prompt the user to run the malicious script using Windows keyboard shortcuts."
  https://cofense.com/blog/clickfix-campaign-spoofs-booking-com-for-malware-delivery
  https://www.infosecurity-magazine.com/news/phishing-fake-bookingcom-emails/
• The Bitter End: Unraveling Eight Years Of Espionage Antics—Part One
  "TA397 (Bitter) is an espionage group with a long history of targeting South Asian entities. While the group is frequently attributed to India (non-publicly), the reasoning behind this is not clearly documented. In this blog we share evidence showing TA397 to be an India-aligned threat actor and release previously undisclosed evidence of the group’s targeting outside of Asia. In part one of this blog series, we explore TA397’s campaigns, targeting, and payload delivery and conduct an in-depth analysis of TA397’s infrastructure. Part two of this blog series expands on this research with a deep dive into TA397’s entire observed malware arsenal, highlighting how the group’s capabilities support its espionage operations."
  https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one
  https://www.threatray.com/blog/the-bitter-end-unraveling-eight-years-of-espionage-antics-part-two
• From Open-Source To Open Threat: Tracking Chaos RAT’s Evolution
  "Chaos RAT is an open-source RAT written in Golang, offering cross-platform support for both Windows and Linux systems. Inspired by popular frameworks such as Cobalt Strike and Sliver, Chaos RAT provides an administrative panel where users can build payloads, establish sessions and control compromised machines. While Golang-based malware tends to be slower and of larger size when compared to those written in C++ or other common languages, it benefits from Golang's cross-compilation capabilities, resulting in reduced development time and greater flexibility."
  https://www.acronis.com/en-us/cyber-protection-center/posts/from-open-source-to-open-threat-tracking-chaos-rats-evolution/
  https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html
• The Strange Tale Of Ischhfd83: When Cybercriminals Eat Their Own
  "At Sophos X-Ops, we often get queries from our customers asking if they’re protected against certain malware variants. At first glance, a recent question seemed no different. A customer wanted to know if we had protections for ‘Sakura RAT,’ an open-source malware project hosted on GitHub, because of media claims that it had “sophisticated anti-detection capabilities.” When we looked into Sakura RAT, we quickly realized two things. First, the RAT itself was likely of little threat to our customer. Second, while the repository did indeed contain malicious code, that code was intended to target people who compiled the RAT, with infostealers and other RATs. In other words, Sakura RAT was backdoored."
  https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own/
  https://www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
  https://www.infosecurity-magazine.com/news/campaign-targets-cybercriminals/
• Malware Masquerades As Legitimate, Hidden WordPress Plugin With Remote Code Execution Capabilities
  "The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous examples we have seen, this piece of malware contains code that ensures it remains hidden in the administrator dashboard. It has a password extraction feature, which requires configuration through its own admin interface, an AJAX-based remote code execution mechanism and unfinished code suggesting it is still in development."
  https://www.wordfence.com/blog/2025/06/malware-masquerades-as-legitimate-hidden-wordpress-plugin-with-remote-code-execution-capabilities/

Breaches/Hacks/Leaks

• ‘Deliberate Attack’ Deletes Shopping App’s AWS And GitHub Resources
  "The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator. KiranaPro lets users shop at “Kiranas,” the Indian equivalent of convenience stores, which mostly stock basic foodstuffs. Users of the app place an order, which KiranaPro sends to nearby Kiranas who bid to win the sale. The winner arranges delivery of the goods. The elapsed time from ordering to delivery seldom tops 20 minutes."
  https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/
• Media Giant Lee Enterprises Says Data Breach Affects 39,000 People
  "Publishing giant Lee Enterprises is notifying nearly 40,000 people whose personal information was stolen in a February 2025 ransomware attack. As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. The local news provider's newspapers have a daily circulation of over 1.2 million, and a digital audience reaching tens of millions each month. In a filing with the Office of Maine's Attorney General this week, the company revealed that attackers behind a ransomware attack in February stole documents containing personally identifiable information of 39,779 individuals."
  https://www.bleepingcomputer.com/news/security/media-giant-lee-enterprises-says-data-breach-affects-39-000-people/
  https://therecord.media/newspaper-lee-enterprises-cyberattack-ssn
  https://www.theregister.com/2025/06/04/cyberattack_lee_enterprises/
• Ukraine Claims It Hacked Tupolev, Russia’s Strategic Warplane Maker
  "The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. According to Ukrainian news outlets, a source within GUR said the military intelligence hackers breached Tupolev's systems and stole 4.4 gigabytes of classified information. This stolen data includes personal data of Tupolev personnel, internal communications (including messages exchanged by the company's management), procurement documents, resumes of engineers and designers, and minutes of closed meetings."
  https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-tupolev-russias-strategic-warplane-maker/
  https://therecord.media/ukraine-military-russia-strategic-bomber
  https://securityaffairs.com/178641/hacking/ukraines-military-intelligence-agency-stole-4-4gb-of-highly-classified-internal-data-from-tupolev.html
  https://www.theregister.com/2025/06/04/ukraine_hack_attack_russia/
• Exclusive: Hackers Leak 86 Million AT&T Records With Decrypted SSNs
  "Hackers have leaked what they claim is AT&T’s database which was reportedly stolen by the ShinyHunters group in April 2024 after they exploited major security flaws in the Snowflake cloud data platform. But is this really the Snowflake-linked data? We took a closer look. As seen by the Hackread.com research team, the data was first posted on a well-known Russian cybercrime forum on May 15, 2025. It was re-uploaded on the same forum on June 3, 2025, after which it began circulating among other hackers and forums."
  https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/
• Ransomware Scum Leak Patient Data After Disrupting Chemo Treatments At Kettering
  "Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online. Earlier today, ransomware gang Interlock dumped 941 GB of data purportedly belonging to the healthcare provider. The stolen information appears to include ID cards, payment data, purchasing and financial reports, among a ton of other patient and staff details, and encompasses 732,490 files across 20,418 folders, according to the leak site."
  https://www.theregister.com/2025/06/04/ransomware_scum_leak_kettering_patient_data/

General News

• The Hidden Risks Of LLM Autonomy
  "Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact with external systems to independently execute complex tasks and make business decisions. This transformation is primarily supported by emerging interoperability standards, such as the Model Context Protocol (MCP) and Agent-to-Agent (A2A) communication."
  https://www.helpnetsecurity.com/2025/06/04/llm-agency/
• Agentic AI And The Risks Of Unpredictable Autonomy
  "In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems. He explains why conventional threat modeling needs to adapt to address autonomous decision-making and emergent behaviors. Squeo also outlines strategies for maintaining control and accountability when AI agents operate with increasing autonomy."
  https://www.helpnetsecurity.com/2025/06/04/thomas-squeo-thoughtworks-ai-systems-threat-modeling/
• Rethinking Governance In a Decentralized Identity World
  "Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system when no single entity holds the reins?"
  https://www.helpnetsecurity.com/2025/06/04/governance-decentralized-identity/
• Exposure Management:From Subjective ToObjective Cybersecurity
  "Exposure management gives business and cybersecurity leaders the methodology and tools to make informed cybersecurity risk management decisions. Significant barriers stand in the way of adoption."
  https://www.ivanti.com/resources/research-reports/proactive-security
  https://www.helpnetsecurity.com/2025/06/04/ciso-exposure-management/
• #Infosec2025: Majority Of Compromises Caused By Stolen Credentials, No MFA
  "More than half (56%) of all compromises in Q1 2025 resulted from the theft of valid account credentials with no multi-factor authentication (MFA) in place, according to new research by Rapid7, published during Infosecurity Europe 2025. The researchers expect stolen credentials to continue to be the dominant initial access technique while organizations fail to protect all accounts with MFA. In the previous two quarters, a similar proportion of initial access vectors were related to credential theft and a lack of MFA."
  https://www.infosecurity-magazine.com/news/majority-compromises-stolen/
• The Security Risks Of Internet-Exposed Solar Power Systems
  "On May 14, Reuters reported rogue communication devices were found in Chinese-manufactured solar power inverters. That news prompted governments throughout the world to evaluate the potential impact of these inverters being remotely disabled. Also, last month, the Iberian peninsula experienced a massive power grid failure where societies in Madrid, Lisbon and all over the region were deeply affected by a blackout. Life came to a sudden halt. Airports shutdown. Trains stopped in the middle of nowhere. Traffic lights were out. Digital payment systems to buy food and water were useless. It was a chaotic and stressful time."
  https://www.forescout.com/blog/the-security-risks-of-internet-exposed-solar-power-systems/
  https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/
  https://www.darkreading.com/vulnerabilities-threats/35k-solar-devices-internet-exposure-hijacking
• Hacker Arrested For Breaching 5,000 Hosting Accounts To Mine Crypto
  "The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. "The suspect illegally gained access to over 5,000 accounts belonging to clients of an international hosting company that provides server rental services for the operation of various websites and online platforms," reads the police's announcement. "After gaining access to these accounts, the perpetrator began unauthorized deployment of virtual machines (software that emulates a computer's operation) using the company's server resources.""
  https://www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/
• U.S. Government Seizes Approximately 145 Criminal Marketplace Domains
  "The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximately 145 darknet and traditional internet domains, and cryptocurrency funds associated with the BidenCash marketplace. The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information. BidenCash commenced operations in March 2022. BidenCash administrators charged a fee for every transaction conducted on the website. The BidenCash marketplace had grown to support over 117,000 customers, facilitated the trafficking of over 15 million payment card numbers and personally identifiable information, and generated over $17 million in revenue during its operations."
  https://www.justice.gov/usao-edva/pr/us-government-seizes-approximately-145-criminal-marketplace-domains
  https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/
  https://therecord.media/bidencash-cybercrime-darknet-market-takedown-us-netherlands
  https://www.bankinfosecurity.com/police-seize-carder-site-bidencash-a-28586
  https://cyberscoop.com/bidencash-marketplace-domains-seized/
  https://hackread.com/feds-seize-bidencash-carding-market-crypto-profits/
• How Neuroscience Can Help Us Battle 'Alert Fatigue'
  "I often say that cybersecurity professionals today are not drowning, they're suffocating. Research I recently undertook with colleagues at OX Security revealed that an average organization has more than half a million alerts at any given moment. More staggering is the fact that somewhere between 95% and 98% of those alerts are not critical, and many times not even issues that need to be dealt with at all. This deluge has created the alert fatigue crisis, which threatens the foundations of our digital defense and is actually deeply rooted in neuroscience."
  https://www.darkreading.com/vulnerabilities-threats/how-neuroscience-battle-alert-fatigue
• Researchers Bypass Deepfake Detection With Replay Attacks
  "As synthetic audio continues to improve, it's also getting harder for anti-spoofing models to accurately detect. That's according to recent research published on June 1 by a team of researchers at German, Polish, and Romanian universities as well as Resemble AI, a vendor that provides AI voice generation tools as well as deepfake detectors. The research team presented how "replay attacks" are able to bypass audio deepfake detections. "By playing and re-recording deepfake audio through various speakers and microphones, we make spoofed samples appear authentic to the detection model," they wrote."
  https://www.darkreading.com/cybersecurity-analytics/researchers-bypass-deepfake-detection-replay-attacks
  https://arxiv.org/pdf/2505.14862
• Beware Of Device Code Phishing
  "Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is not practical to require the user to enter text to authenticate. Such use cases include Internet of Things (IoT) devices, streaming apps like Netflix and Apple TV, and cloud applications. Device code authentication specifically binds authentication to a particular device."
  https://www.darkreading.com/vulnerabilities-threats/beware-device-code-phishing
• How To Approach Security In The Era Of AI Agents
  "Artificial intelligence (AI) agents represent an exciting technological evolution, capable of autonomously completing tasks, analyzing outcomes, and adapting their actions based on human-set goals. This next phase of hyperautomation has the potential to unlock unprecedented levels of efficiency and productivity for workers and enterprises — providing that the security team is engaged early and the proper controls are put in place from the start."
  https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agents
• The State Of DDoS Attacks In APAC In Q1 2025
  "Our analysts continue to monitor the DDoS situation across Asia and share key trends in our regular reports. This is our Q1 2025 overview, where we highlight the most targeted industries, emerging techniques used by cybercriminals, and top insights based on data from our global scrubbing centers."
  https://stormwall.network/resources/blog/ddos-report-apac-q1-2025
  https://hackread.com/stormwall-india-china-us-most-ddos-attacks-q1-2025/
• #Infosec2025: Cybersecurity Support Networks Too Fragmented For SMBs, Say Experts
  "Sources of cybersecurity advice and support are too diffuse and difficult to find, adding complexity to SMB efforts to build cyber-resilience, a panel of experts has argued. Speaking on the second day of Infosecurity Europe, experts from across industry, academia and government agreed that awareness isn’t necessarily the problem among smaller businesses. In fact, cybersecurity is now the second biggest concern for British SMBs, just after inflation, according to the recently released VikingCloud 2025 SMB Threat Landscape Report."
  https://www.infosecurity-magazine.com/news/infosec2025-cybersecurity-support/
• #Infosec2025: Device Theft Causes More Data Loss Than Ransomware
  "Phishing-related data breaches are the leading causes of data loss, followed by misconfigurations and stolen devices, according to a new survey from data erasure solution provider Blancco. The firm commissioned research agency Coleman Parkes to survey 2000 cybersecurity, IT and sustainability leaders from large enterprises across several countries and industries about their data security and data resilience practices. The results, published on June 4 in Blancco’s 2025 State of Data Sanitization Report, showed that 86% of organizations have experienced a data breach over the past three years."
  https://www.infosecurity-magazine.com/news/device-theft-data-loss-ransomware/
• Going Into The Deep End: Social Engineering And The AI Flood
  "It should come as no surprise that the vast majority of data breaches involve the “human element.” The 2025 Verizon Data Breach Investigations Report cites that human compromise held relatively steady year over year at nearly 70% of breaches. Human emotions and tendencies – and the massive variation in what influences each individual – are a massively dynamic vulnerability. Most equate Social Engineering with vague promises of riches to be had, or urgent or even threatening missives that require immediate action to avoid consequences. On the plus side, increased awareness has brought about a healthy skepticism in individuals and organizations toward something unexpected from a not completely familiar source."
  https://www.securityweek.com/going-into-the-deep-end-social-engineering-and-the-ai-flood/
• More Than 1,800 People Arrested In Transnational Anti-Scam Operation Involving SPF; 106 Nabbed In Singapore
  "Over 1,800 people were arrested during a month-long anti-scam operation by law enforcement authorities from seven Asian jurisdictions. Victims of the scam cases reportedly lost over S$289 million (US$225 million), the Singapore Police Force (SPF) said in a news release on Wednesday (Jun 4). Law enforcement agencies from Singapore, Hong Kong, South Korea, Malaysia, Maldives, Thailand and Macau conducted the operation between Apr 28 and May 28."
  https://www.channelnewsasia.com/singapore/scams-1800-arrested-investigated-police-rental-impersonation-bank-transfer-5165696

อ้างอิง
Electronic Transactions Development Agency(ETDA)

Healthcare Sector

• Healthcare Organizations Are At a Turning Point With AI
  "32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks, according to LevelBlue. As AI promises healthcare organizations efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. 32% feel their organization is prepared for deepfake attacks, even though 49% are expecting them."
  https://www.helpnetsecurity.com/2025/06/05/healthcare-ai-powered-threats/

Industrial Sector

• Hitachi Energy Relion 670, 650 Series And SAM600-IO Product
  "Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products."
  https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-02
• CyberData 011209 SIP Emergency Intercom
  "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution."
  https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01
• Turning Off The (Information) Flow: Working With The EPA To Secure Hundreds Of Exposed Water HMIs
  "Many like to discuss internet-connected Industrial Control Systems (ICS) as the pinnacle of high-value targets, given that it is often the infrastructure we all rely on to live. In internet terms, “ICS” is typically used interchangeably with “Critical Infrastructure” because we tend to categorize these types of services and hosts based on the underlying protocols they run. The reality is much more nuanced than this; sure, around fifty thousand hosts may be running a well-known ICS protocol like Modbus, but that doesn’t make all of the hosts running Modbus “critical infrastructure”. For all we know, those services may just be some person’s Lego Mindstorm project connected to an Arduino via a serial adapter. To classify a host with an ICS service as critical infrastructure, one needs context regarding that service."
  https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
  https://www.securityweek.com/misconfigured-hmis-expose-us-water-systems-to-anyone-with-a-browser/

New Tooling

• Meta Open-Sources AI Tool To Automatically Classify Sensitive Documents
  "Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules and works with files that contain readable text. Once labeled, the documents can be protected from unauthorized access or excluded from AI systems that use retrieval-augmented generation (RAG)."
  https://www.helpnetsecurity.com/2025/06/05/meta-open-source-automated-sensitive-document-classification-tool/
  https://github.com/meta-llama/PurpleLlama/tree/main/SensitiveDocClassification

Vulnerabilities

• AI Kept 15-Year-Old Zombie Vuln Alive, But Its Time Is Drawing Near
  "A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life. Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet. From there, it took up residence in large language models (LLMs) trained on the flawed examples."
  https://www.theregister.com/2025/06/05/llm_kept_persistent_path_traversal_bug_alive/
  https://arxiv.org/abs/2505.20186
• CISA Adds One Known Exploited Vulnerability To Catalog
  "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
  CVE-2025-5419 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability"
  https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog
  https://securityaffairs.com/178678/security/u-s-cisa-google-chromium-v8-flaw-known-exploited-vulnerabilities-catalog.html
• Questions Swirl Around ConnectWise Flaw Used In Attacks
  "A week after ConnectWise disclosed that a threat actor had gained access to its environment and targeted customers, questions remain about the vulnerability used by the attacker, and confusion remains as to the timeline of the attacks. Last week, ConnectWise revealed that its environment had been breached by a suspected nation-state actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers," the company said in a May 28 advisory."
  https://www.darkreading.com/remote-workforce/questions-swirl-connectwise-flaw-attacks

Malware

• Hacker Selling Critical Roundcube Webmail Exploit As Tech Info Disclosed
  "Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st. It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum."
  https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/
• FBI: BADBOX 2.0 Android Malware Infects Millions Of Consumer Devices
  "The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI."
  https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices/
  https://www.ic3.gov/PSA/2025/PSA250605
• BladedFeline: Whispering In The Dark
  "In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor that has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government (KRG). This group develops malware for maintaining and expanding access within organizations in Iraq and the KRG. While this is our first blogpost covering BladedFeline, we discovered the group in 2023, after it targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports Q4 2023-Q1 2024 and Q2 2024-Q3 2024."
  https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/
  https://www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
  https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
  https://therecord.media/iran-linked-hackers-target-kurdish-iraq-cyber-espionage
  https://www.bankinfosecurity.com/iranian-espionage-group-caught-spying-on-kurdish-officials-a-28602
• Newly Identified Wiper Malware “PathWiper” Targets Critical Infrastructure In Ukraine
  "Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper”. The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across connected endpoints. Talos attributes this disruptive attack and the associated wiper to a Russia-nexus advanced persistent threat (APT) actor. Our assessment is made with high confidence based on tactics, techniques and procedures (TTPs) and wiper capabilities overlapping with destructive malware previously seen targeting Ukrainian entities."
  https://blog.talosintelligence.com/pathwiper-targets-ukraine/
  https://www.darkreading.com/cyberattacks-data-breaches/pathwiper-attack-critical-infrastructure-ukraine
• How a Malicious Excel File (CVE-2017-0199) Delivers The FormBook Payload
  "FortiGuard Labs recently observed a high-severity phishing campaign targeting old version Office Application users through malicious email attachments. The emails deliver an Excel file designed to exploit the CVE-2017-0199 vulnerability, a known flaw in old version Microsoft Office's OLE (Object Linking and Embedding) functionality. The malware being spread in this campaign is FormBook, an information-stealing malware known for its ability to capture sensitive data, including login credentials, keystrokes, and clipboard information. Upon opening the malicious Excel file, the malware performs a series of operations, ultimately running the FormBook payload."
  https://www.fortinet.com/blog/threat-research/how-a-malicious-excel-file-cve-2017-0199-delivers-the-formbook-payload
• TTPs Of Cyber Partisans Activity Aimed At Espionage And Disruption
  "Cyber Partisans is a hacktivist group that has become known back in 2020. The group is very active in the media, claiming multiple attacks on government agencies and industrial enterprises, the purpose of which is to steal confidential information and destabilize the IT infrastructure of the targeted organization. Kaspersky ICS CERT experts managed to identify the attack vector, as well as find and analyze the malware and utilities most probably used by the actors in the recent series of attacks on industrial enterprises and government agencies in Russia and Belarus."
  https://ics-cert.kaspersky.com/publications/reports/2025/06/05/ttps-of-cyber-partisans-activity-aimed-at-espionage-and-disruption/
• Decoding ‘ClickFix’: Lessons From The Latest Browser-Based Phish
  "ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check. Disguised as something familiar, like a Cloudflare CAPTCHA, it convinces users to copy and paste dangerous code without realizing the risk. We’ll break down how ClickFix works, examine a real-world example, and explore why this surprisingly simple tactic remains effective."
  https://slashnext.com/blog/decoding-clickfix-lessons-from-the-latest-browser-based-phish/
  https://www.securityweek.com/clickfix-attack-exploits-fake-cloudflare-turnstile-to-deliver-malware/
• Unmasking Insecure HTTP Data Leaks In Popular Chrome Extensions
  "Many users assume that popular Chrome extensions adhere to strong security practices, especially when the extensions themselves promise functionality related to privacy, ranking analytics, or convenient new tab features. However, recent findings show that several widely used extensions—SEMRush Rank, PI Rank, MSN New Tab/Homepage, DualSafe Password Manager, and Browsec VPN—unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext. Because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping."
  https://www.security.com/threat-intelligence/chrome-extension-leaks
  https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html
• IBM X-Force Threat Analysis: DCRat Presence Growing In Latin America
  "In early May 2025, IBM X-Force observed Hive0131 conducting email campaigns targeting users in Colombia with electronic notifications of criminal proceedings, purporting to be from The Judiciary of Colombia. Hive0131 is a financially motivated group likely originating from South America that routinely conducts campaigns largely in Latin America (LATAM) to deliver a wide array of commodity payloads. The current campaigns imitate official correspondence and contain either an embedded link or a PDF lure with an embedded link. Clicking on the embedded link will initiate the infection chain to execute the banking trojan "DCRat" in memory."
  https://www.ibm.com/think/x-force/dcrat-presence-growing-in-latin-america

Breaches/Hacks/Leaks

• Over 3 Million Records, Including PII Exposed In App-Building Platform Data Breach
  "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about an unencrypted and non-password-protected database that contained 3,637,107 records that presumably belong to a no-coding app-building platform."
  https://www.vpnmentor.com/news/report-passionapps-breach/
  https://hackread.com/unsecured-database-exposes-passion-io-creators-data/

General News

• The Cloud Security Crisis No One’s Talking About
  "Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136 alerts per day – related to potential cloud-based attacks, with 61% handling between 1,001 and 5,000 alerts monthy. Yet despite this deluge, the average number of true security incidents per year is just 7, meaning it takes an average of 6,994 alerts to uncover one bona fide incident."
  https://www.helpnetsecurity.com/2025/06/05/cloud-threats-detection/
• Google Survey Shows Americans Are Changing How They Fight Scams
  "If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they handle things online because of it. But different age groups are responding in different ways, and the tools people trust to stay safe vary more than you might expect."
  https://www.helpnetsecurity.com/2025/06/05/google-survey-fight-scams/
• China Accuses Taiwan Of Running Five Feeble APT Gangs, With US Help
  "Beijing complains it’s under relentless attack by the equivalent of an ant trying to shake a tree China’s National Computer Virus Emergency Response Center on Thursday published a report in which it claims Taiwan targeted it with a years-long but feeble cyber offensive, backed by the USA. In a report [PDF] titled “Operation Futile: Investigation report on Cyberattacks launched by ICEFCOM of Taiwan and its affiliated [advanced persistent threat] APT actors”"
  https://www.theregister.com/2025/06/05/china_taiwan_us_apt_report/
  https://www.cverc.org.cn/head/zhaiyao/Investigation_report_on_Cyberattacks_launched_by_Taiwan_ICEFCOM_EN.pdf
  https://www.securityweek.com/china-issues-warrants-for-alleged-taiwanese-hackers-and-bans-a-business-for-pro-independence-links/
• US Offers $10M For Tips On State Hackers Tied To RedLine Malware
  "The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. The same bounty covers leads on state hackers' use of this malware in cyber operations targeting critical infrastructure organizations in the United States."
  https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/
  https://rewardsforjustice.net/rewards/maxim-alexandrovich-rudometov-redline/
  https://www.theregister.com/2025/06/05/rewards_for_justice_maxim_rudometov/
• ViLE Gang Members Sentenced For DEA Portal Breach, Extortion
  "Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. According to court documents, ViLE specializes in obtaining personal information about targets to harass, threaten, or extort them, a practice known as "doxing." To collect sensitive information on their victims, they use methods such as tricking customer service employees, submitting fraudulent legal requests to social media companies, bribing corporate insiders, and searching public and private online databases."
  https://www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/
  https://www.securityweek.com/men-who-hacked-law-enforcement-database-for-doxing-sentenced-to-prison/
• SecOps Need To Tackle AI Hallucinations To Improve Accuracy
  "While Artificial Intelligence (AI) benefits security operations (SecOps) by speeding up threat detection and response processes, hallucinations can generate false alerts and lead teams on a wild goose chase. AI hallucinations, which largely affect large language models (LLMs), produce incorrect, misleading, or biased information. However, unsuspecting users may accept those responses as legitimate and confidently make decisions based on them. Many examples of AI hallucinations exist, such as made-up law cases in legal filings, fictional book titles, and non-existent research studies. AI experts have repeatedly warned about the effect hallucinations can have, whether they are average users running casual ChatGPT queries or skilled developers using AI to write code."
  https://www.darkreading.com/vulnerabilities-threats/secops-tackle-ai-hallucinations-improve-accuracy
• Sticky Fingers In The Cookie Jar: Research Reveals The Risks Of Web Cookies
  "Most of us barely pause before clicking away the cookie consent banner. It’s a routine, a forgettable part of using the internet, meant to make our online lives easier. After all, the internet is built on convenience. But that convenience has a cost, and that cost is often paid in the form of your data. In our latest study, researchers from NordStellar, a threat exposure management platform, analyzed a set of 93.7 billion cookies circulating on the dark web to uncover how they were stolen and what risks they pose. Read on and learn what that means for your privacy and security and what you can do to protect yourself."
  https://nordvpn.com/blog/cookies-research/
  https://hackread.com/nearly-94-billion-stolen-cookies-on-dark-web/
• #Infosec2025: Cybersecurity Lessons From Maersk’s Former CISO
  "The 2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam Banks. The attack is estimated to have cost Maersk $700m, excluding any revenue losses. Following the attack, it was three months before the business was fully back online, Banks told an audience at Infosecurity Europe 2025. But, he said, it could well have been worse. The $700m figure was, Banks said, the cost of the attack and the recovery. A stroke of luck, in the form of a power cut in Lagos, cut the firm’s recovery time by as much as four weeks."
  https://www.infosecurity-magazine.com/news/infosec2025-lessons-maersk-ciso/
• #Infosec2025: Ransomware Victims Urged To Engage To Take Back Control
  "Opening lines of communication with ransomware actors is the best way to deliver a positive outcome from an event that will be “the worst day of the IT team’s lives,” a leading negotiator has claimed. Dan Saunders, director of incident response EMEA at Kivu Consulting, revealed that just 30% of the firm’s negotiations with threat actors over the past year have actually led to the victim paying. “There’s a common misconception around engaging threat actors and that is if ‘we’re going to engage them, we’re going to reach a financial settlement.’ But that is not the case,” he said."
  https://www.infosecurity-magazine.com/news/infosec2025-ransomware-victims/
• #Infosec2025: Know Your Audience To Make An Impact, CISOs Tell Their Peers
  "Security leaders must focus and adapt their message to their audience if they are to successfully use risk management to tame a chaotic cyber landscape, a panel of CISOs has argued. On the final day of Infosecurity Europe, security bosses from across LexisNexis and RX Global discussed how CISOs play a vital role as business enablers, and “translators” of risk for senior leadership. This role has added importance given a landscape in which AI-driven threats, insider risk, growing business demands and fast-evolving technology proliferate."
  https://www.infosecurity-magazine.com/news/infosec2025-know-your-audience/
• #Infosec2025: Threat Actors Weaponizing Hardware Devices To Exploit Fortified Environments
  "Threat actors are weaponizing legitimate hardware devices to compromise even the most fortified targets, warned Bentsi Benatar, CMO and Co-Founder of Sepio during a talk at Infosecurity Europe 2025. Despite a lack of reporting of such incidents, this approach is being utilized by sophisticated nation-state and financially motivated attackers to target sensitive targets such as banks and energy carriers."
  https://www.infosecurity-magazine.com/news/threat-actors-weaponizing-hardware/
• #Infosec2025: Defenders And Attackers Are Locked In An AI Arms Race
  "Malicious actors are using AI tools to fine-tune cyber-attacks, even as governments race to encourage AI investment. National programs to bolster AI expertise and R&D should be seen in the context of the growing use of AI tools by criminal hackers, advised Brett Taylor, UK sales engineering director at SentinelOne, in his talk at Infosecurity Europe 2025. Just as enterprises and public-sector bodies are looking to AI to improve productivity and drive economic growth, so criminal groups are using AI-based tools to develop malware and find vulnerabilities. Additionally, hackers are actively looking for any weak spots in AI deployments."
  https://www.infosecurity-magazine.com/news/infosec2025-arms-race-ai/
• #Infosec2025: Seven Steps To Building a Mature Vulnerability Management Program
  "For the past two years, cybersecurity teams have been facing an explosion of publicly reported vulnerabilities in software and hardware products, making it increasingly challenging to prioritize patch management. Speaking at Infosecurity Europe 2025, Jon Ridyard, Senior Sales Engineer at Axonius, proposed seven best practices for building mature vulnerability management processes and avoiding burnout."
  https://www.infosecurity-magazine.com/news/infosec2025-seven-steps/
• #Infosec2025: Securing Endpoints Is Still Vital Amid Changing Threats
  "Endpoint devices, including PCs, mobile phones and connected IoT equipment continue to pose security risks, even as malicious actors ramp up their attacks on other areas of enterprise technology. Endpoint security might be less of a focus for CISOs struggling with a growing attack surface and increasingly sophisticated malicious actors harnessing AI tools and weaknesses in supply chain security. However, endpoints and networks remain critical layers of IT infrastructure that organizations still need to protect."
  https://www.infosecurity-magazine.com/news/infosec2025-securing-endpoints/
• IT Threat Evolution In Q1 2025
  "According to Kaspersky Security Network, in the first quarter of 2025: A total of 12 million attacks on mobile devices involving malware, adware, or unwanted apps were blocked. Trojans, the most common mobile threat, accounted for 39.56% of total detected threats. More than 180,000 malicious and potentially unwanted installation packages were detected, which included: 49,273 packages related to mobile bankers and 1520 mobile ransomware Trojans."
  https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
  https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/

อ้างอิง
Electronic Transactions Development Agency(ETDA)

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

เมื่อวันที่ 27 พฤษภาคม 2568 ที่ผ่านมา เว็บไซต์ BleepingComputer ได้เผยข้อมูลเกี่ยวกับ ไมโครซอฟท์ได้ออกอัปเดตฉุกเฉินเพื่อแก้ไขปัญหาที่ทำให้เครื่องเสมือน (VM) บน Hyper-V ที่ใช้ Windows 10, Windows 11 และ Windows Server บางเครื่องเกิดอาการค้างหรือรีสตาร์ทโดยไม่คาดคิด โดยเฉพาะอย่างยิ่งใน Azure Confidential VMs ซึ่งออกแบบมาเพื่อปกป้องข้อมูลในระหว่างการประมวลผล

สาเหตุของปัญหา
ปัญหานี้เกิดจากข้อผิดพลาดในเส้นทางการส่งข้อมูลโดยตรงสำหรับ guest physical address (GPA) ซึ่งอาจทำให้ VM หยุดตอบสนองหรือรีสตาร์ทโดยไม่คาดคิด ส่งผลกระทบต่อความพร้อมใช้งานของบริการและต้องการการแทรกแซงด้วยตนเองเพื่อกู้คืนระบบ

เวอร์ชันที่ได้รับผลกระทบและการแก้ไข
ไมโครซอฟท์ได้ออกอัปเดตนอกกำหนดการ (Out-of-Band) เพื่อแก้ไขปัญหานี้ โดยอัปเดตดังกล่าวจะไม่ติดตั้งโดยอัตโนมัติผ่าน Windows Update ผู้ดูแลระบบจำเป็นต้องดาวน์โหลดและติดตั้งด้วยตนเองจาก Microsoft Update Catalog

• สำหรับ Windows Server 2022 อัปเดตที่เกี่ยวข้องคือ KB5061906 ซึ่งออกแบบมาเพื่อแก้ไขปัญหานี้โดยเฉพาะ

คำแนะนำสำหรับผู้ดูแลระบบ
หากระบบของคุณใช้ Azure Confidential VMs หรือพบปัญหา VM ค้างหรือรีสตาร์ทโดยไม่คาดคิด ควรติดตั้งอัปเดตที่เกี่ยวข้องทันที

หากระบบของคุณไม่ได้รับผลกระทบจากปัญหานี้ สามารถข้ามการติดตั้งอัปเดตนี้ได้ สำหรับข้อมูลเพิ่มเติมและการดาวน์โหลดอัปเดต สามารถเยี่ยมชม Microsoft Update Catalog หรือดูรายละเอียดเพิ่มเติมได้ที่ BleepingComputer

อ้างอิง
BleepingComputer

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับบริษัท Hewlett Packard Enterprise (HPE) ได้ออกอัปเดตด้านความปลอดภัยเพื่อแก้ไขช่องโหว่ร้ายแรง (CVE-2025-37093) ซึ่งมีผลกระทบต่อ StoreOnce ซอฟต์แวร์สำหรับการสำรองข้อมูลและลดข้อมูลซ้ำที่ใช้ดิสก์เป็นพื้นฐาน

HPE ได้เผยแพร่การอัปเดตความปลอดภัยเพื่อแก้ไขช่องโหว่ร้ายแรงหมายเลข CVE-2025-37093 ในซอฟต์แวร์ StoreOnce โดยช่องโหว่นี้ได้รับคะแนนระดับความรุนแรงจากระบบ CVSSv3.1 อยู่ที่ 9.8 เต็ม 10 ซึ่งถือว่ามีความร้ายแรงสูงสุด

ผลกระทบ
ผู้ไม่หวังดีสามารถใช้ช่องโหว่นี้เพื่อรันโค้ดอันตรายบนระบบของเหยื่อที่ใช้ HPE StoreOnce ได้ หากสามารถโจมตีได้สำเร็จ

ผลิตภัณฑ์ที่ได้รับผลกระทบ
ช่องโหว่นี้มีผลกระทบต่อซอฟต์แวร์ HPE StoreOnce ทุกรุ่นก่อนเวอร์ชัน 4.3.11

วิธีการแก้ไข
แนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบ ดำเนินการอัปเดตซอฟต์แวร์เป็นเวอร์ชันล่าสุดทันที

อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-054/

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand