NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 15 April 2025

    Cyber Security News
    1
    1
    265
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • PentestGPT – AI-Powered Penetration Testing Assistant
        "PentestGPT is a new AI-driven tool that acts as a virtual penetration testing assistant. Released in 2024 by a security researcher (GreyDGL)​, it leverages OpenAI’s GPT-4 model to interactively guide penetration testers through hacking tasks. In simple terms, PentestGPT lets you have a “ChatGPT-like” conversation where it suggests recon steps, exploitation commands, and even helps analyze results during a pentest."
        https://www.darknet.org.uk/2025/04/pentestgpt-ai-powered-penetration-testing-assistant/
        https://github.com/GreyDGL/PentestGPT
      • Tirreno: Open-Source Fraud Prevention Platform
        "Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, mobile apps, intranets, and e-commerce websites. “Our aim is to liberate online fraud protection technologies, making them widely available for organizations of any size. Tirreno is designed to be as easy to set up as typical website analytics tools. Unlike most cyberfraud prevention services, Tirreno is not solely focused on transactions or e-commerce. Instead, it can provide protection for any user-facing web application,” Olga Degros, the project’s founder, told Help Net Security."
        https://www.helpnetsecurity.com/2025/04/14/tirreno-open-source-fraud-prevention-platform/
        https://github.com/TirrenoTechnologies/tirreno

      Malware

      • CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild
        "On Friday, 11 April 2025, the Huntress SOC received an alert from one of our own internal detectors known to catch 0-day exploitation. While this is a simple detection to see suspicious outbound connections from an irregular child process, it indicates there may be more to uncover against the software served by the web service worker. In this case, the suspect software was Gladinet CentreStack, which was just recently added to CISA’s Known Exploited Vulnerabilities database with CVE-2025-30406. At the time of writing, Huntress has seen seven different organizations compromised via this attack vector."
        https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild
        https://www.securityweek.com/huntress-documents-in-the-wild-exploitation-of-critical-gladinet-vulnerabilities/
      • Goodbye HTA, Hello MSI: New TTPs And Clusters Of An APT Driven By Multi-Platform Attacks
        "Seqrite Labs APT team has uncovered new tactics of Pakistan-linked SideCopy APT deployed since the last week of December 2024. The group has expanded its scope of targeting beyond Indian government, defence, maritime sectors, and university students to now include entities under railway, oil & gas, and external affairs ministries. One notable shift in recent campaigns is the transition from using HTML Application (HTA) files to adopting Microsoft Installer (MSI) packages as a primary staging mechanism."
        https://www.seqrite.com/blog/goodbye-hta-hello-msi-new-ttps-and-clusters-of-an-apt-driven-by-multi-platform-attacks/
        https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html
      • New Malware Variant Identified: ResolverRAT Enters The Maze
        "ResolverRAT is a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. Morphisec researchers have coined it ‘Resolver’ due to its heavy reliance on runtime resolution mechanisms and dynamic resource handling, which make static and behavioral analysis significantly more difficult."
        https://www.morphisec.com/blog/new-malware-variant-identified-resolverrat-enters-the-maze/
        https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/
        https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html
        https://www.darkreading.com/cloud-security/it-rat-stealthy-resolver-malware
        https://www.infosecurity-magazine.com/news/malware-resolverrat-targets/
        https://www.securityweek.com/new-resolverrat-targeting-healthcare-pharmaceutical-organizations/
        https://securityaffairs.com/176537/malware/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms.html
      • Possible Russian Hackers Targeted UK Ministry Of Defense
        "A phishing campaign wielding malware previously associated with Russian-speaking hackers targeted the U.K. Ministry of Defense in late 2024, the British government said Friday. Hackers spear-phished civil servants with emails purporting to originate from a news organization, later also deploying financially themed bait that directed users to a commercial file sharing site. The ministry and the National Cyber Security Centre disclosed the campaign on Friday. Anyone who clicked on the links in the phishing emails ultimately ended up with a malicious downloader known as Damascened Peacock on their computer, they said."
        https://www.bankinfosecurity.com/possible-russian-hackers-targeted-uk-ministry-defense-a-27993
        https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/damascened-peacock/ncsc-mar-damascened-peacock.pdf
      • DOGE “Big Balls” Ransomware And The False Connection To Edward Coristine
        "A recent ransomware operation has revealed a blend of technical sophistication and psychological manipulation, setting it apart from conventional attacks. Disguised under a finance-themed ZIP file, the campaign employs deceptive shortcut files and multi-stage PowerShell scripts to deliver custom payloads, including a kernel-mode exploit tool and reconnaissance modules. This layered approach allows attackers to gather in-depth system data while evading conventional defenses."
        https://cyble.com/blog/doge-big-balls-ransomware-edward-coristine/
      • Nice Chatting With You: What Connects Cheap Android Smartphones, WhatsApp And Cryptocurrency Theft?
        "Every year, cryptocurrencies become more and more common as a payment method. According to the data for 2023, in developed countries about 20% of the population has at some time used such a means of payment, and in developing countries, where the banking sector does not meet the needs of the population, the number of cryptocurrency users is even higher. In cryptocurrency adoption rankings, Russia is among the top ten countries in terms of number of users. Anonymity, fast transactions, global accessibility and low transfer fees are the main advantages that attract ordinary users."
        https://news.drweb.com/show/?i=15002&lng=en
        https://hackread.com/pre-installed-malware-cheap-android-phones-crypto-fake-whatsapp/
      • BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets
        "The stealthy rootkit-like malware known as BPFDoor (detected as Backdoor.Linux.BPFDOOR) is a backdoor with strong stealth capabilities, most of them related to its use of Berkeley Packet Filtering (BPF). In a previous article, we covered how BPFDoor and BPF-enabled malware work. BPF is a technology for executing code in the operating system’s kernel virtual machine. It has been around for more than 20 years and received a lot of attention after 2014 when the eBPF (short for extended BPF at the time) was released."
        https://www.trendmicro.com/en_us/research/25/d/bpfdoor-hidden-controller.html
      • Slow Pisces Targets Developers With Coding Challenges And Introduces New Customized Python Malware
        "Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) is a North Korean state-sponsored threat group primarily focused on generating revenue for the DPRK regime, typically by targeting large organizations in the cryptocurrency sector. This article analyzes their campaign that we believe is connected to recent cryptocurrency heists. In this campaign, Slow Pisces engaged with cryptocurrency developers on LinkedIn, posing as potential employers and sending malware disguised as coding challenges. These challenges require developers to run a compromised project, infecting their systems using malware we have named RN Loader and RN Stealer."
        https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/

      Breaches/Hacks/Leaks

      • Govtech Giant Conduent Confirms Client Data Stolen In January Cyberattack
        "American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. Conduent is a business services company that provides digital platforms and solutions for government and commercial clients in transportation, healthcare, customer experience, and human resources. The company has over 33,000 employees and provides services to half of Fortune 100 companies and over 600 government and transportation agencies."
        https://www.bleepingcomputer.com/news/security/govtech-giant-conduent-confirms-client-data-stolen-in-january-cyberattack/
      • Kidney Dialysis Firm DaVita Hit By Weekend Ransomware Attack
        "Kidney dialysis firm DaVita disclosed Monday it suffered a weekend ransomware attack that encrypted parts of its network and impacted some of its operations. DaVita is a major provider of kidney care services in the United States, operating over 2,600 outpatient treatment centers that provide dialysis to those suffering from kidney disease. It is a Fortune 500 organization with 76,000 employees in 12 countries and an annual revenue that surpasses $12.8 billion."
        https://www.bleepingcomputer.com/news/security/kidney-dialysis-firm-davita-hit-by-weekend-ransomware-attack/
        https://therecord.media/davita-kidney-dialysis-company-ransomware-attack
        https://www.bankinfosecurity.com/ransomware-attack-disrupts-global-dialysis-provider-divita-a-27995
      • Insurance Firm Lemonade Says Breach Exposed Driver’s License Numbers
        "A recent data breach at the insurance firm Lemonade exposed the driver’s license numbers of thousands of people over the course of 17 months. The New York-based company began sending breach notification letters in multiple states last week following the discovery of an incident in 2023 and 2024 involving its online application process. Users typically enter their name and address into the Lemonade insurance policy application and a third-party vendor automatically populates a person’s driver’s license number."
        https://therecord.media/lemonade-insrance-breach-numbers-license
      • Hertz Confirms Customer Info, Drivers' Licenses Stolen In Data Breach
        "Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. "On February 10, 2025, we confirmed that Hertz data was acquired by an unauthorized third party that we understand exploited zero-day vulnerabilities within Cleo's platform in October 2024 and December 2024," reads the Hertz data breach notification."
        https://www.bleepingcomputer.com/news/security/hertz-confirms-customer-info-drivers-licenses-stolen-in-data-breach/

      General News

      • Sector By Sector: How Data Breaches Are Wrecking Bottom Lines
        "Data breaches are rising across industries, hitting healthcare, finance, and retail especially hard. The damage goes beyond lost data, as it’s financial, operational, and reputational. A recent report conducted by the Ponemon Institute found that third-party data breaches have severe consequences across critical sectors, with data theft and loss posing the greatest risk. Each industry faces different costs and risks. Understanding these differences helps organizations prepare. Hospitals may face regulatory fines and a loss of patient trust. Banks risk customer attrition and increased scrutiny from regulators."
        https://www.helpnetsecurity.com/2025/04/14/data-breaches-costs/
      • Organizations Can’t Afford To Be Non-Compliant
        "Non-compliance can cost organizations 2.71 times more than maintaining compliance programs, according to Secureframe. That’s because non-compliance can result in business disruption, productivity losses, fines, penalties, and settlement costs, among other factors that come with a hefty price tag. Even data breaches are more expensive if an organization is non-compliant."
        https://www.helpnetsecurity.com/2025/04/14/regulatory-non-compliance-penalties/
      • The Quiet Data Breach Hiding In AI Workflows
        "As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To reduce risk, security leaders should focus on policy, visibility, and culture. Set clear rules about what data can and cannot be entered into AI systems. Monitor usage to identify shadow AI before it becomes a problem. Make sure employees understand that convenience should not override confidentiality."
        https://www.helpnetsecurity.com/2025/04/14/quiet-data-breach-ai-workflows/
      • SSL/TLS Certificate Lifespans Reduced To 47 Days By 2029
        "The CA/Browser Forum has voted to significantly reduce the lifespan of SSL/TLS certificates over the next 4 years, with a final lifespan of just 47 days starting in 2029. The CA/Browser Forum is a group of certificate authorities (CAs) and software vendors, including browser developers, working together to establish and maintain security standards for digital certificates used in Internet communications. Its members include major CAs like DigiCert and GlobalSign, as well as browser vendors such as Google, Apple, Mozilla, and Microsoft."
        https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
        https://www.infosecurity-magazine.com/news/digital-certificate-lifespans-fall/
        https://www.theregister.com/2025/04/14/ssl_tls_certificates/
      • Cybersecurity Firm Buying Hacker Forum Accounts To Spy On Cybercriminals
        "Swiss cybersecurity firm Prodaft has launched a new initiative called 'Sell your Source' where the company purchases verified and aged accounts on hacking forums to to spy on cybercriminals. The goal is to use these accounts to infiltrate cybercrime spaces and communities, collecting valuable intelligence that could lead to the exposure of malicious operations and platforms. "As a threat intelligence company, we specialize in obtaining visibility into the infrastructures of cybercriminals, searching for patterns, tactics, techniques, and procedures that help us understand adversarial networks and detect and mitigate potential cyberattacks," explains Prodaft."
        https://www.bleepingcomputer.com/news/security/cybersecurity-firm-buying-hacker-forum-accounts-to-spy-on-cybercriminals/
        https://sys.prodaft.com/
        https://www.darkreading.com/threat-intelligence/threat-intel-firm-crypto-dark-web-accounts
        https://www.infosecurity-magazine.com/news/prodaft-buy-dark-web-cybercrime/
      • Google Cloud: China Achieves “Cyber Superpower” Status
        "China has reached a “cyber superpower” status, which makes it extremely challenging to stop, according to Sandra Joyce, Vice President of Google Threat Intelligence Group. Speaking to the press during the Google Cloud Next 2025 event, Joyce said that we are looking at a major increase in China’s cyber capability. This includes an ongoing growth in zero-day vulnerability exploitations in the wild by Chinese state hackers, which has risen exponentially since 2021."
        https://www.infosecurity-magazine.com/news/google-cloud-china-cyber/
        https://www.darkreading.com/threat-intelligence/chinese-apt-exploit-edr-visibility-gap-cyber-espionage

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 19daac0d-977c-46d1-8e11-f8520f779775-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post