NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 June 2025

    Cyber Security News
    1
    1
    125
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • DDoS Attacks On Financial Sector Surge In Scale And Sophistication
        "The financial industry has been particularly affected by large-scale distributed denial-of-service (DDoS) attacks for years, but the recent escalating sophistication of these attacks marks a shift, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC). In a report published on June 10, in collaboration with Akamai, the financial sector’s threat intelligence sharing body revealed that the industry has experienced an almost exponential rise in DDoS attacks between 2014 and 2024. From a residual amount of monthly volumetric DDoS attacks in 2014, the sector faced a peak of almost 350 events in October 2024 – with each event including hundreds, millions or billions of individual malicious requests."
        https://www.infosecurity-magazine.com/news/ddos-financial-sector-surge/

      Healthcare Sector

      • MicroDicom DICOM Viewer
        "Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-160-01

      Industrial Sector

      • SinoTrack GPS Receiver
        "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01
      • Threat Landscape For Industrial Automation Systems. Regions, Q1 2025
        "In the first quarter of 2025, the global percentage of ICS computers on which malicious objects were blocked remained unchanged at 21.9%. Regionally, the percentage varied from 10.7% in Northern Europe to 29.6% in Africa."
        https://ics-cert.kaspersky.com/publications/reports/2025/06/10/threat-landscape-for-industrial-automation-systems-regions-q1-2025/
      • Hitachi Energy Relion 670, 650, SAM600-IO Series
        "Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-02

      Vulnerabilities

      • SAP Security Notes: June 2025 Patch Day
        "SAP has published nineteen new and updated SAP Security Notes in its June Patch Day, including two HotNews Notes and seven High Priority Notes. Two of the fourteen new Security Notes were published in contribution with the Onapsis Research Labs."
        https://onapsis.com/blog/sap-security-notes-june-2025-patch-day/
        https://www.securityweek.com/critical-vulnerability-patched-in-sap-netweaver/
        https://securityaffairs.com/178851/security/sap-june-2025-security-patch-day-fixed-critical-netweaver-bug.html
      • Microsoft June 2025 Patch Tuesday Fixes Exploited Zero-Day, 66 Flaws
        "Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. This Patch Tuesday also fixes ten "Critical" vulnerabilities, eight being remote code execution vulnerabilities and two being elevation of privileges bugs."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-june-2025/
        https://cyberscoop.com/microsoft-patch-tuesday-june-2025/
        https://www.securityweek.com/microsoft-patch-tuesday-covers-webdav-flaw-marked-as-already-exploited/
        https://hackread.com/june-2025-patch-tuesday-microsoft-bugs-active-0-day/
      • Five Zero-Days, 15 Misconfigurations Found In Salesforce Industry Cloud
        "Security researchers have discovered five zero-day vulnerabilities and a further 15 easy misconfigurations in Salesforce Industry Cloud, potentially affecting tens of thousands of organizations. Salesforce Industry Cloud (aka Salesforce Industries) comprises a collection of industry-specific tools able to easily build custom CRM extension solutions for different industry sectors – such as healthcare, financial services, manufacturing, communications, and government public sector organizations. The process is built on the technology Salesforce acquired with its purchase of Vlocity in June 2020 and the use of OmniStudio low-code tools."
        https://www.securityweek.com/five-zero-days-15-misconfigurations-found-in-salesforce-industry-cloud/
        https://go.appomni.com/hubfs/Research/Salesforce-Industry-Clouds-Low-Code-High-Stakes.pdf
        https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html
      • Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
        "Software maker Adobe on Tuesday flagged critical-severity flaws in multiple product lines, including code execution bugs in Adobe Acrobat Reader and Adobe Commerce. The bumper Patch Tuesday rollout is headlined by an Acrobat Reader bulletin that documents at least 10 vulnerabilities affecting both Windows and macOS platforms. According to Adobe, four of the 10 bugs are rated critical with a CVSS severity score of 7.8/10."
        https://www.securityweek.com/code-execution-flaws-haunt-adobe-acrobat-reader-adobe-commerce/
        https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-24016 Wazuh Server Deserialization of Untrusted Data Vulnerability
        CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Another Crack In The Chain Of Trust: Uncovering (Yet Another) Secure Boot Bypass
        "In this blog post, the Binarly Research team documents a Secure Boot bypass that likely impacts most devices supporting UEFI. At the center of this discovery is CVE-2025-3052 (BRLY-2025-001), a memory corruption vulnerability in a module signed with Microsoft’s third-party UEFI certificate. Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust. Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses."
        https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
        https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/
      • Ivanti Workspace Control Hardcoded Key Flaws Expose SQL Credentials
        "Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration. It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on policies and user roles."
        https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/
      • Android Enterprise Rolls Out Security And Productivity Updates
        "Android Enterprise has announced a range of new features aimed at improving mobile security, streamlining device management and enhancing user productivity. The updates come as more businesses rely on mobile platforms for daily operations, raising the stakes for both usability and cybersecurity."
        https://www.infosecurity-magazine.com/news/android-enterprise-security-updates/

      Malware

      • The Evolution Of Linux Binaries In Targeted Cloud Operations
        "Unit 42 researchers have identified a growing threat to cloud security: Linux Executable and Linkage Format (ELF) files that threat actors are developing to target cloud infrastructure. We predict that threat actors targeting cloud environments will start using more complex tools in their exploits. This will include reworking, improving and tailoring existing tools that historically only targeted Linux operating systems (OS). The ELF malware samples threat actors use will include backdoors, droppers, remote access Trojans (RATs), data wipers and vulnerability-exploiting binaries."
        https://unit42.paloaltonetworks.com/elf-based-malware-targets-cloud/

      • Eggs In a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery
        "Skeleton Spider, also known as FIN6, is a long-running financially motivated cybercrime group that has continually evolved its tactics to maximize impact and profit. While the group initially gained notoriety for point-of-sale (POS) breaches and large-scale payment card theft, it has since shifted to broader enterprise threats, including ransomware operations. In recent years, FIN6 has sharpened its focus on social engineering campaigns that exploit professional trust. By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware. One of their preferred payloads is more_eggs, a stealthy JavaScript-based backdoor that facilitates credential theft, system access, and follow-on attacks, including ransomware deployment."
        https://dti.domaintools.com/Skeleton-Spider-Trusted-Cloud-Malware-Delivery/
        https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
        https://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html

      • Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day
        "The operation deployed a sophisticated custom loader and implant designed to evade detection, hinder analysis, and selectively activate only on valuable targets. In March 2025, Check Point Research uncovered an attempted cyber attack against a major defense organization in Turkey. The attackers used a previously unknown remote code execution vulnerability in Windows to execute files from a remote WebDAV server they controlled, exploiting a legitimate built-in Windows tool to run malicious code silently. Following responsible disclosure, Microsoft assigned the vulnerability CVE-2025-33053 and released a patch on June 10, 2025, as part of their monthly Patch Tuesday updates."
        https://blog.checkpoint.com/research/inside-stealth-falcons-espionage-campaign-using-a-microsoft-zero-day/
        https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
        https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast

      • Demystifying Myth Stealer: A Rust Based InfoStealer
        "During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Upon further investigation, we discovered that it was Myth Stealer which was being marketed on Telegram since late December 2024. Initially, it was offered for free for trial, and later evolved to a subscription-based model. Our investigation revealed that this infostealer is distributed through various fraudulent gaming websites. Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background."
        https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/
        https://thehackernews.com/2025/06/rust-based-myth-stealer-malware-spread.html

      • Breaches/Hacks/Leaks
        Peep Show: 40K IoT Cameras Worldwide Stream Secrets To Anyone With a Browser
        "Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible. Supporting the bulletin issued by the Department of Homeland Security (DHS) earlier this year, which warned of exposed cameras potentially being used in Chinese espionage campaigns, the team at Bitsight was able to tap into feeds of sensitive locations. The US was the most affected region, with around 14,000 of the total feeds streaming from the country, allowing access to the inside of datacenters, healthcare facilities, factories, and more."
        https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/

      • Mastery Schools Notifies 37,031 Of Major Data Breach
        "A ransomware attack that compromised the personal data of 37,031 people has been confirmed by Mastery Schools, the largest charter school network in Philadelphia. The breach, which occurred in September 2024, exposed a wide range of sensitive information, including Social Security numbers, medical details and student records."
        https://www.infosecurity-magazine.com/news/mastery-schools-data-breach/

      General News

      • The Legal Questions To Ask When Your Systems Go Dark
        "At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate quickly, and ask the right questions to support IT. Mišković explained that a legal strategy, built on understanding tech workflows, helps lawyers build trust with CISOs and respond to cyber threats."
        https://www.helpnetsecurity.com/2025/06/10/iva-miskovic-law-firm-cyber-legal-stategy/
      • AI Threats Leave SecOps Teams Burned Out And Exposed
        "Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the past year. The main reason? They’re trying to keep up with a surge in AI-powered attacks. But even as AI tools help with tasks like threat detection and data analysis, the pressure on security teams is getting worse. Nearly 70% of respondents say AI and other emerging technologies are actually contributing to burnout. The findings come from the 2025 edition of the Voice of SecOps report, based on responses from organizations in finance, technology, manufacturing, healthcare, government, and critical infrastructure."
        https://www.helpnetsecurity.com/2025/06/10/ai-powered-attacks-secops-teams/
      • Cloud And AI Drive Efficiency, But Open Doors For Attackers
        "AI adoption is increasing, with 84% of organizations now using AI in the cloud, according to Orca Security. But this innovation comes with new risks: 62% of organizations have at least one vulnerable AI package, and some of the most prevalent AI-related CVEs enable remote code execution. “While multi-cloud architectures offer outstanding flexibility and growth, it also makes it harder to maintain consistent visibility and coverage across environments. Add AI adoption to the mix, with organizations rushing to run vulnerable packages in the cloud, and you have a uniquely difficult environment for security professionals,” said Gil Geron, CEO, Orca Security."
        https://www.helpnetsecurity.com/2025/06/10/ai-adoption-cloud-risks/
      • Five Plead Guilty To Laundering $36 Million Stolen In Investment Scams
        "Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia. Accomplices living abroad reached out to targets in the United States via unsolicited social media, phone calls, text messages, and online dating services to gain their trust, promoting fraudulent digital asset investments and falsely claiming that the victims' funds' value increased after they tricked them into investing, when, in fact, their money was stolen."
        https://www.bleepingcomputer.com/news/security/five-plead-guilty-to-laundering-36-million-stolen-in-investment-scams/
        https://therecord.media/guilty-pleas-cambodia-cyber-scams
      • 44% Of People Encounter a Mobile Scam Every Single Day, Malwarebytes Finds
        "It’s become so troublesome owning a phone. Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands, and unknown calls hide extortion attempts, virtual kidnapping schemes, or AI threats. Confusingly, even legitimate businesses now lean on outreach tactics that have long been favored by online scammers—asking people to scan QR codes, download mobile apps, and trade direct messages with, essentially, strangers."
        https://www.malwarebytes.com/blog/scams/2025/06/44-of-people-encounter-a-mobile-scam-every-single-day-malwarebytes-finds
      • Email Threat Radar – June 2025
        "During May, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world and designed to evade detection and boost the chances of success, including:"
        https://blog.barracuda.com/2025/06/10/email-threat-radar-june-2025
      • The Hidden Threat In Your Stack: Why Non-Human Identity Management Is The Next Cybersecurity Frontier
        "Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an ever-expanding array of apps and services that must work together and identify one another on the fly. In some enterprises, NHIs now outnumber human identities by as much as 50-to-1."
        https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html
      • Cyber Risks Take Flight, Navigating The Evolving Threat Landscape In The Travel Industry
        "The global travel industry is flying high once again, but alongside its recovery comes a surge in digital turbulence. As travel demand surges and operations digitize at an unprecedented rate, cyber criminals are seizing new opportunities to exploit vulnerabilities in this data-rich, highly interconnected sector. A new report from Check Point shows that from 2023 to 2025, cyber attacks targeting travel and tour operators surged dramatically."
        https://blog.checkpoint.com/research/cyber-risks-take-flight-navigating-the-evolving-threat-landscape-in-the-travel-industry/
      • ConnectWise Rotating Code Signing Certificates Over Security Concerns
        "ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. Digital certificates are used to sign executables so those downloading the files know they come from a trusted source. This ensures that code has not been tampered with before it reaches the end user. According to ConnectWise, the decision was taken after a third-party security researcher raised concerns about how certain configuration data can be abused by threat actors."
        https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/
      • AI Is a Data-Breach Time Bomb, Reveals New Report
        "AI is everywhere. Copilots help employees boost productivity, and agents provide front-line customer support. LLMs enable businesses to extract deep insights from their data. Once unleashed, however, AI acts like a hungry Pac-Man, scanning and analyzing all the data it can grab. If AI surfaces critical data where it doesn’t belong, it’s game over. Data can’t be unbreached. And AI isn’t alone — sprawling cloud complexities, unsanctioned apps, missing MFA, and more risks are creating a ticking time bomb for enterprise data. Organizations that lack proper data security measures risk a catastrophic breach of their sensitive information."
        https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
        https://info.varonis.com/en/state-of-data-security-report-2025
      • SSH Keys: The Most Powerful Credential You're Probably Ignoring
        "Secure Shell (SSH) keys are the backbone of secure remote access. They are everywhere, powering DevOps pipelines, enabling server management, and automating everything from deployments to patching. But despite their ubiquity, SSH keys often remain a blind spot in enterprise security. Why? Because unlike passwords, they don't expire. They are easy to create, hard to track, and alarmingly simple to forget."
        https://www.darkreading.com/vulnerabilities-threats/ssh-keys-powerful-credential-ignoring
      • Software Supply Chain Attacks Surged In April And May
        "IT and software supply chain incidents have been trending higher in recent months, as threat actors have become more adept at exploiting the interconnected hardware, software, and services that comprise modern IT environments. An analysis of Cyble data reveals that software supply chain attacks have increased from an average of just under 13 a month during the eight months of February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25% in the most recent eight-month period. The last two months have averaged nearly 25 cyberattacks with supply chain impact, representing a near-doubling of supply chain attacks if the recent trend continues (chart below)."
        https://cyble.com/blog/supply-chain-attacks-surge-in-april-may-2025/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) cfbaa22e-b949-4aa1-8baf-79edfe316fc4-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post