NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 June 2025

    Cyber Security News
    1
    1
    327
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Critical Vulnerability Exposes Many Mitel MiCollab Instances To Remote Hacking
        "Mitel this week informed customers about the availability of patches for a critical MiCollab vulnerability that can be exploited remotely and without authentication. The flaw, which currently does not appear to have a CVE identifier, has been described as a path traversal issue affecting MiCollab’s NuPoint Unified Messaging (NPM) component. MiCollab 9.8 SP2 (9.8.2.12) and earlier are impacted, and a patch is included in versions 9.8 SP3 (9.8.3.1) and later. MiCollab 10.0.0.26 and later versions are not affected."
        https://www.securityweek.com/critical-vulnerability-exposes-many-mitel-micollab-instances-to-remote-hacking/
        https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007
      • Confirmed Critical | “The Grafana Ghost” Exposes 36% Of Public-Facing Instances To Malicious Account Takeover
        "More than 95% of Application Security alerts are just noise – as demonstrated by OX Security research. But CVE-2025-4123 – “The Grafana Ghost”, as we will refer to, is not one of them. This newly discovered vulnerability is a rare case that demands attention, time, and resources from security teams. OX Security’s research reveals that 36% of public-facing Grafana instances (individual deployments or installations of Grafana) are vulnerable to account takeover attacks through this flaw. Even Grafana servers not directly connected to the internet are at risk, due to the potential for blind attacks that exploit the same weakness."
        https://www.ox.security/confirmed-critical-the-grafana-ghost-exposes-36-of-public-facing-instances-to-malicious-account-takeover/
      • Microsoft Confirms Auth Issues Affecting Microsoft 365 Users
        "Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. As the company revealed earlier today in an incident alert published in the admin center, users may experience errors during self-service password resets and when viewing or registering authentication methods in MySignIns, while admins may be unable to add multi-factor authentication (MFA) sign-in methods to some users. Microsoft acknowledged the issues following a wave of customer reports starting on at least April 18th regarding MFA errors when trying to sign up for Microsoft 365 services."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-auth-issues-affecting-microsoft-365-users/

      Malware

      • Serverless Tokens In The Cloud: Exploitation And Detections
        "This article outlines the mechanics and security implications of serverless authentication across major cloud platforms. Attackers target serverless functions in the hope of exploiting vulnerabilities that arise as a result of application developers deploying insecure code and misconfiguring cloud functions. Successful exploits of these weaknesses enable attackers to obtain credentials that can then be abused. Serverless computing functions are often associated with cloud identities that use authentication tokens to gain temporary, scoped access to cloud services and resources. Exfiltrating these tokens can expose cloud environments to security risks."
        https://unit42.paloaltonetworks.com/serverless-authentication-cloud/
      • Anubis: A Closer Look At An Emerging Ransomware With Built-In Wiper
        "A new ransomware-as-a-service (RaaS) group has emerged and has been making a name for itself in 2025. Anubis is a recently identified group that sets itself apart by partnering encryption with more destructive capabilities—wiping directories which severely impact chances of file recovery. Given its brief history and use of a multi-layered extortion model, Anubis has all the markings of an evolving and flexible RaaS operation. Trend™ Research has observed specific command line operations for these destructive actions, including attempts to change system settings and wipe directories. This entry takes a closer look into these capabilities."
        https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html
        https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/

      Breaches/Hacks/Leaks

      • 2 Software Firms Report Major Health Data Theft Hacks
        "Ocuco, an Ireland-based provider of eye care practice and optical laboratory software, and Episource, a California-based medical coding services firm, have reported separate hacking incidents to U.S. and state regulators that have likely affected dozens of their clients and hundreds of thousands of people. Dublin, Ireland-based Ocuco, which says it provides software and services to 6,750 client sites in 88 countries, reported to the U.S. Department of Health and Human Services on May 30 that its hacking incident involving a network server affected nearly 241,000 individuals."
        https://www.bankinfosecurity.com/2-software-firms-report-major-health-data-theft-hacks-a-28699
      • Ransomware Group Threatens To Dump Paraguayan Citizens' Data
        "A data-leak extortion group is shaking down the government of Paraguay for a ransom payment worth $7.4 million, or $1 for every one of the country's citizens. The group, calling itself Brigada Cyber PMC, claimed in a Sunday post to its dark web leak site that it stole personally identifiable information on citizens from three different Paraguay government systems, including data on 7.2 million citizens from the government system that stores civil information, including registered voters."
        https://www.bankinfosecurity.com/ransomware-group-threatens-to-dump-paraguayan-citizens-data-a-28686
        https://securityaffairs.com/178970/data-breach/paraguay-suffered-data-breach-7-4-million-citizen-records-leaked-on-dark-web.html
      • Government Offices In North Carolina, Georgia Disrupted By Cyberattacks
        "A city in North Carolina and a district attorney’s office covering four counties in Georgia are both dealing with operational issues related to recent cyberattacks. Thomasville, North Carolina, home to about 30,000 residents, said essential services will still be available but many city systems will be offline due to a cyberattack. The city explained Thursday in a statement that an attack targeted its municipal systems. It is currently “unclear whether any sensitive information has been accessed or compromised,” officials said."
        https://therecord.media/thomasville-nc-government-ogeechee-ga-district-cyberattacks
      • WestJet Investigates Cyberattack Disrupting Internal Systems
        "WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. "WestJet is aware of a cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users," reads a security advisory on WestJet's site. "We have activated specialized internal teams in cooperation with law enforcement and Transport Canada to investigate the matter and limit impacts.""
        https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/
        https://securityaffairs.com/179027/uncategorized/canadas-airline-westjet-is-containing-a-cyberattack.html
      • 10K Records Allegedly From Mac Cloud Provider’s Customers Exposed Online
        "In a recent discovery, SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor publicized a database that allegedly belongs to VirtualMacOSX.com. The data purportedly belongs to 10,000 of its customers."
        https://www.safetydetectives.com/news/vmosx-leak-report/
        https://hackread.com/hackers-leak-virtualmacosx-customers-data-breach/

      General News

      • Huione's 'Shutdown' Fails To Halt Its Laundering Network
        "Huione's website and Telegram channels going dark earlier this year appeared to mark the end of one of the most prominent Chinese-language laundering marketplaces, but new data suggests the shutdown was more cosmetic than operational. Transaction volumes associated with Huione have increased - not declined - since its announced closure, said blockchain analytics firm Chainalysis. The analysis points to Huione's ongoing function as "an embedded network of laundering pipelines, only partially dependent on visible infrastructure.""
        https://www.bankinfosecurity.com/huiones-shutdown-fails-to-halt-its-laundering-network-a-28696
      • Why CISOs Must Align Business Objectives & Cybersecurity
        "Although cybersecurity is the core of their role, chief information security officers (CISOs) must also be business leaders. They support business objectives and goals by providing the most secure environment for their company, making security a part of every process and not just an afterthought. As more and more prospective and existing customers are asking for documentation related to internal security practices, CISOs' efforts are either contributing to or hurting business goals."
        https://www.darkreading.com/cybersecurity-operations/why-cisos-align-business-objectives-cybersecurity
      • Cyberattacks On Humanitarian Orgs Jump Worldwide
        "Humanitarian, social-welfare, environmental, and journalism organizations are under greater risk of cyberattack, as state actors, hacktivists, and cybercriminals target the nonprofit groups with increasingly severe offensive techniques. In fact, cyberattacks targeting at-risk humanitarian, activist, and journalism groups saw 241% more attacks in the last 12 months, with distributed denial-of-service (DDoS) attacks dominating the threat landscape, according to data published June 12 by Internet-services firm Cloudflare. While nonprofit organizations often escaped the notice of cybercriminals, opportunistic attacks are becoming more common, according to the CyberPeace Institute, which collects data on cyber conflicts but also provides cybersecurity advisory services to civil-society groups."
        https://www.darkreading.com/cyberattacks-data-breaches/attacks-humanitarian-orgs-jump-worldwide
      • Mitigating Prompt Injection Attacks With a Layered Defense Strategy
        "With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security measures."
        https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
      • Unpacking The Security Complexity Of No-Code Development Platforms
        "In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far beyond simple misconfigurations or insecure defaults."
        https://www.helpnetsecurity.com/2025/06/13/amichai-shulman-nokod-security-no-code-environments-security/
      • What CISOs Need To Know About Agentic AI
        "GenAI has been the star of the show lately. Tools like ChatGPT impressed everyone with how well they can summarize, write, and respond. But something new is gaining ground: agentic AI. These systems don’t just answer questions. They make decisions, take action, and in some cases, even work together to get things done. Naturally, CISOs are starting to ask the big question: can we trust it to be secure?"
        https://www.helpnetsecurity.com/2025/06/13/ciso-agentic-ai/
      • Security Flaws In Government Apps Go Unpatched For Years
        "78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. The research reveals that public sector entities require an average of 315 days to fix half their software vulnerabilities, significantly higher than the overall average of 252 days. This 63-day delay creates substantial windows of opportunity for potential application-layer attacks and data breaches."
        https://www.helpnetsecurity.com/2025/06/13/public-sector-software-vulnerabilities/
      • Call Them What They Are: Time To Fix Cyber Threat Actor Naming
        "When Russian intelligence officers hacked the Democratic National Committee in 2016, they weren’t identified in headlines as Russian intelligence officers. They were called Fancy Bear. When hackers from the People’s Liberation Army were discovered burrowed deep inside U.S. critical infrastructure to launch disruptive attacks in the event of a crisis in Taiwan, they weren’t called Chinese military. They were called Volt Typhoon. These names aren’t just confusing—they’re misleading. They obscure attribution, mystify the public, and often glamorize dangerous adversaries. That’s why we welcome the news that cybersecurity leaders Microsoft and CrowdStrike are teaming up to better align how they name and categorize cyber threat actors. Cooperation among vendors is an important and positive step. But to be clear: while this collaboration is a helpful start, it will ultimately fall short if it stops at cross-referencing proprietary names rather than fundamentally reforming the way we label and identify adversaries in cyberspace."
        https://www.justsecurity.org/114442/cyber-threat-actor-naming/
        https://www.infosecurity-magazine.com/news/former-cisa-ncsc-threat-actor-names/
      • Coker: We Can’t Have Economic Prosperity Or National Security Without Cybersecurity
        "As the second-ever National Cyber Director, Harry Coker, Jr. continued the rollout of the new National Cyber Strategy and focused on cyber rule harmonization efforts while working in the Biden White House. Coker previously served in the U.S. Navy before retiring in 2000 as a commander and held a number of senior roles at the CIA, including within its science and technology branch. He joined the NSA in 2017 as its executive director, the electronic spy agency’s third-highest position, and went on to work on the national security staff of Biden’s transition team in 2020. After leaving ONCD following President Donald Trump’s inauguration, Coker was appointed as Maryland’s Secretary of Commerce."
        https://therecord.media/coker-interview-no-economic-security-without-cybersecurity
      • Wanted: Junior Cybersecurity Staff With 10 Years' Experience And a PhD
        "Cybersecurity hiring managers need a reality check when it comes to hiring junior staff, with job adverts littered with unfair expectations that are hampering recruitment efforts, says industry training and cert issuer ISC2. According to the organization's latest hiring trends study, entry-level and junior job descriptions contain requirements that "are often difficult or impossible for these professionals to meet." "This can create a catch-22 – where employers struggle to find qualified candidates and early-career talent is locked out of opportunities that could help them build that very experience," it added."
        https://www.theregister.com/2025/06/13/infosec_employers_demanding_too_much/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 874fd533-74ae-4fb1-9f64-1323d5807947-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post