NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 June 2025

    Cyber Security News
    1
    1
    29
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Multiple Brother Devices: Multiple Vulnerabilities (FIXED)
        "Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, 2 printer models from Toshiba Tec Corporation, and 6 models from Konica Minolta, Inc. are affected by some or all of these vulnerabilities. In total, 748 models across 5 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities."
        https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/
        https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
        https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/
      • Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities
        "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
      • Citrix Releases Emergency Patches For Actively Exploited CVE-2025-6543 In NetScaler ADC
        "Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the appliance to be configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server."
        https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html
        https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
        https://therecord.media/citrix-warns-netscaler-exploitation-bug
        https://cyberscoop.com/citrix-zero-day-netscaler/
        https://www.theregister.com/2025/06/25/citrix_netscaler_critical_bug_exploited/
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
        CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability
        CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/06/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • CitrixBleed 2: Electric Boogaloo — CVE-2025–5777
        "Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966. It’s back like Kanye West returning to Twitter about two years later, this time as CVE-2025–5777. You may have missed it, as the original CVE on 17th June 2025 referred to the “Netscaler Management Interface”, which you shouldn’t expose to the internet."
        https://doublepulsar.com/citrixbleed-2-electric-boogaloo-cve-2025-5777-c7f5e349d206
        https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/
        https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/
      • Threat Research: Hundreds Of MCP Servers Vulnerable To Abuse
        "Model Context Protocol (MCP) servers are critical infrastructure for AI agents - enabling access to tools, documents, and local environments. We’ve already blogged about top risks MCPs present in IDEs, and about the three types of MCP risks and how to assess them. Now let’s understand some of the research findings behind the curtain. The Backslash team conducted research across thousands of publicly available locally-executed MCPs and analyzed their code for a wide range of security risks - including prompt injection, data manipulation, and malicious payload execution."
        https://www.backslash.security/blog/hundreds-of-mcp-servers-vulnerable-to-abuse
        https://www.darkreading.com/cloud-security/hundreds-mcp-servers-ai-models-abuse-rce
      • Responsible Disclosure: Vulnerabilities In SAP GUI Client (CVE-2025-0056 & CVE-2025-0055)
        "As an SAP Security Analyst and Lead Researcher at Pathlock, I believe that responsible security research is the foundation for maintaining secure IT environments. Today, I am excited to disclose research on two vulnerabilities in the SAP Graphical User Interface (SAP GUI) input history feature, which we identified together with Julian Petersohn of Fortinet. This disclosure follows coordinated reporting with SAP’s security response team, who have since issued relevant patches and mitigation steps in January 2025. The SAP team has been working closely with us throughout the entire process, for which we express our gratitude."
        https://pathlock.com/blog/security-alerts/cve-2025-0055-and-2025-0056/
        https://thehackernews.com/2025/06/citrix-bleed-2-flaw-enables-token-theft.html
        https://www.darkreading.com/cloud-security/xor-flaw-sap-gui
        https://www.infosecurity-magazine.com/news/sap-gui-vulnerable-weak-encryption/
      • Flaw In Notepad++ Installer Could Grant Attackers SYSTEM Access (CVE-2025-49144)
        "A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details and a proof-of-concept (PoC) have been published – and redacted shortly after for security reasons."
        https://www.helpnetsecurity.com/2025/06/25/flaw-in-notepad-installer-could-grant-attackers-system-access-cve-2025-49144/
        https://www.cve.org/CVERecord?id=CVE-2025-49144
      • nOAuth Abuse Alert: Full Account Takeover Of Entra Cross-Tenant SaaS Applications
        "The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data that the target has access to within that application. We promptly reported our findings to the application vendors and the Microsoft Security Response Center (MSRC) in December 2024; MSRC acknowledged receipt of the report and opened case 93209. In March 2025, we notified MSRC of our intent to disclose. MSRC closed the case in April 2025. Through May and June of 2025, we continued to contact application vendors that were vulnerable and shared the details with MSRC. In June 2025, we received feedback from MSRC reiterating that vendors should follow recommendations, and vendors who do not are subject to removal from the Entra App Gallery."
        https://www.semperis.com/blog/noauth-abuse-alert-full-account-takeover/
        https://thehackernews.com/2025/06/noauth-vulnerability-still-affects-9-of.html
        https://www.securityweek.com/thousands-of-saas-apps-could-still-be-susceptible-to-noauth/
        https://www.infosecurity-magazine.com/news/microsoft-noauth-flaw-2025/
      • Code Execution Vulnerability Patched In GitHub Enterprise Server
        "Code-hosting platform GitHub has rolled out patches for a remote code execution (RCE) vulnerability in multiple Enterprise Server versions. Tracked as CVE-2025-3509 (CVSS score of 7.1), the flaw could have allowed attackers to exploit the pre-receive hook functionality to bind to ports that are dynamically allocated and become available. Exploitation of the flaw, GitHub says, is only possible under specific operational conditions, which suggests that the attack window is reduced."
        https://www.securityweek.com/code-execution-vulnerability-patched-in-github-enterprise-server/
      • Chrome 138, Firefox 140 Patch Multiple Vulnerabilities
        "Fresh stable iterations of Chrome and Firefox were released on Wednesday with patches for two dozen vulnerabilities across the popular web browsers, including high-severity memory safety flaws. Chrome 138 has arrived with 11 security fixes, including three for medium- and low-severity bugs reported by security researchers. These include a use-after-free defect in Animation for which Google handed out a $4,000 bug bounty reward, and an insufficient policy enforcement issue in Loader and an insufficient data validation flaw in DevTools that earned the reporting researchers $1,000 rewards each."
        https://www.securityweek.com/chrome-138-firefox-140-patch-multiple-vulnerabilities/
      • Trix Shots: Remote Code Execution On Aviatrix Controller
        "This blog post highlights a Mandiant Red Team case study simulating an “Initial Access Brokerage” approach that discovered two vulnerabilities on Aviatrix Controller, a Software-Defined Networking (SDN) utility that allows for the creation of links between different cloud vendors and regions:
        CVE-2025-2171: an administrator authentication bypass
        CVE-2025-2172: an authenticated command injection"
        https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller

      Malware

      • OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil And Gas Infrastructure
        "The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil, and gas sector through phishing attacks and the exploitation of Microsoft ClickOnce. The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious. Its methods reflect a broader shift toward “living off the land” tactics, blending malicious operations within cloud and enterprise tooling to evade traditional detection mechanisms."
        https://www.trellix.com/blogs/research/oneclik-a-clickonce-based-apt-campaign-targeting-energy-oil-and-gas-infrastructure/
        https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/
      • Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious Npm Packages
        "The Socket Threat Research Team has uncovered an extended and ongoing North Korean supply chain attack that hides behind typosquatted npm packages. Threat actors linked to the Contagious Interview operation published 35 malicious packages across 24 npm accounts. Six remain live on the registry (react-plaid-sdk, sumsub-node-websdk, vite-plugin-next-refresh, vite-loader-svg, node-orm-mongoose, and router-parse), and together have been downloaded over 4,000 times. We have petitioned the npm security team to remove the remaining live packages and suspend the associated accounts."
        https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages
        https://www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/
        https://thehackernews.com/2025/06/north-korea-linked-supply-chain-attack.html
      • AI Evasion: The Next Frontier Of Malware Techniques
        "Malware authors have long evolved their tactics to avoid detection. They leverage obfuscation, packing, sandbox evasions, and other tricks to stay out of sight. As defenders increasingly rely on AI to accelerate and improve threat detection, a subtle but alarming new contest has emerged between attackers and defenders. Check Point Research’s latest findings uncover what appears to be the first documented instance of malware intentionally crafted to bypass AI-driven detection, not by altering its code, but by manipulating the AI itself. Through prompt injection, the malware attempts to “speak” to the AI, manipulating it to say the file is harmless."
        https://blog.checkpoint.com/artificial-intelligence/ai-evasion-the-next-frontier-of-malware-techniques/
        https://research.checkpoint.com/2025/ai-evasion-prompt-injection/
        https://www.darkreading.com/cloud-security/malware-tells-ai-to-ignore-it
      • Educated Manticore Reemerges: Iranian Spear-Phishing Campaign Targeting High-Profile Figures
        "Amid growing warnings from agencies like the FBI and DHS about Iranian cyber activity, Check Point Research is sharing fresh, real-world examples from the past few days to shed light on how these threats are playing out in practice. We’ve identified the reemergence of an active, global spear-phishing campaign attributed to the Iranian threat actor Educated Manticore, also tracked as APT42, Charming Kitten, and Mint Sandstorm. Associated with the IRGC Intelligence Organization, this group is known to target public figures around the world. Currently, the campaign is executing sophisticated credential theft operations against high-profile individuals in Israel, while the real scope of the campaign is likely much wider, both geographically and by industry."
        https://blog.checkpoint.com/security/educated-manticore-reemerges-iranian-spear-phishing-campaign-targeting-high-profile-figures/
        https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/
      • Cybercriminal Abuse Of Large Language Models
        "Generative AI and LLMs have taken the world by storm. With the ability to generate convincing text, solve problems, write computer code and more, LLMs are being integrated into almost every facet of society. According to Hugging Face (a platform that hosts models), there are currently over 1.8 million different models to choose from. LLMs are usually built with key safety features, including alignment and guardrails. Alignment is a training process that LLMs undergo to minimize bias and ensure that the LLM generates outputs that are consistent with human values and ethics. Guardrails are additional real-time safety mechanisms that try to restrain the LLM from engaging in harmful or undesirable actions in response to user input."
        https://blog.talosintelligence.com/cybercriminal-abuse-of-large-language-models/
      • Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors
        "Dire Wolf is a newly emerged ransomware group first observed in May 2025 and Trustwave SpiderLabs recently uncovered a Dire Wolf ransomware sample that revealed for the first time key details about how the ransomware operates. Since its discovery, Dire Wolf ransomware group has launched a series of targeted attacks across multiple sectors and regions with an emphasis on manufacturing and technology sectors."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dire-wolf-strikes-new-ransomware-group-targeting-global-sectors/
        https://www.darkreading.com/threat-intelligence/dire-wolf-ransomware-manufacturing-technology

      Breaches/Hacks/Leaks

      • Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People
        "Mainline Health Systems and Select Medical Holdings have each disclosed data breaches affecting more than 100,000 individuals. In the case of Mainline Health, an Arkansas-based healthcare provider with over 30 locations, a network breach was detected in April 2024. However, the company only recently determined that files containing sensitive personal information were stolen at the time. Mainline Health informed the Maine Attorney General’s Office this week that the data breach has impacted just over 101,000 people."
        https://www.securityweek.com/mainline-health-select-medical-each-disclose-data-breaches-impacting-100000-people/
        https://securityaffairs.com/179322/data-breach/mainline-health-systems-disclosed-a-data-breach.html
      • Columbia University Investigating Cyber Incident After Tech Outages
        "Columbia University officials are investigating a potential cybersecurity incident after students reported widespread technology outages and strange images appearing on screens across campus. The school’s website and other systems have been intermittently offline since Tuesday morning, and Columbia officials said the New York Police Department is now involved in the response. “Yesterday morning, Columbia University IT systems experienced an outage affecting systems on our Morningside campus,” a spokesperson told Recorded Future News."
        https://therecord.media/columbia-university-technology-outages
      • Glasgow City Council Impacted By ‘cyber Incident’
        "Glasgow City Council announced on Wednesday being impacted by a cyber incident which it said was “disrupting a number of online services and which may have involved the theft of customer data.” The nature of the incident hasn’t been confirmed. It was uncovered by the council’s IT supplier CGI last week, “on servers managed by a third-party supplier,” according to the council’s statement. Day-to-day digital and online services have been disrupted by the council taking the affected servers offline. Its statement included an apology “for the anxiety and inconvenience this incident and the necessary response to it will undoubtedly cause.”"
        https://therecord.media/glasgow-city-council-cyber-incident
      • UK Govt Dept Website That Campaigns Against Encryption Hijacked To Advertise ... Payday Loans
        "A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme. The pwn on the government's No Place to Hide campaign, which cost over half a million pounds to produce, was first spotted by tech policy expert Heather Burns. The website originally featured a daring stunt involving a parent and child locked in a box, and was greeted with negative reception when it was unveiled three years ago."
        https://www.theregister.com/2025/06/25/home_office_antiencryption_campaign_website/

      General News

      • New Guidance Released For Reducing Memory-Related Vulnerabilities
        "Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design."
        https://www.cisa.gov/news-events/alerts/2025/06/24/new-guidance-released-reducing-memory-related-vulnerabilities
        https://www.cisa.gov/resources-tools/resources/memory-safe-languages-reducing-vulnerabilities-modern-software-development
        https://www.infosecurity-magazine.com/news/nsa-cisa-urge-memory-safe-languages/
      • BreachForums Hacking Forum Operators Reportedly Arrested In France
        "The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. News of the arrests come from Le Parisien, which claims the law enforcement operation was carried out by the cybercrime unit (BL2C) of the Paris police department on Monday. According to reporters, the police carried out simultaneous raids in the regions of Hauts-de-Seine (Paris), Seine-Maritime (Normandy), and Réunion (overseas)."
        https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-operators-reportedly-arrested-in-france/
        https://therecord.media/france-breachforums-suspects-arrests
        https://www.bankinfosecurity.com/french-police-reportedly-bust-five-breachforums-administrators-a-28814
        https://www.theregister.com/2025/06/25/paris_police_claim_arrests_of/
      • British Hacker 'IntelBroker' Charged With $25M In Cybercrime Damages
        "A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from victims worldwide, causing an estimated $25 million in damages. The indictment, revealed today by the U.S. Attorney's Office for the Southern District of New York, accuses Kai West, a 25-year-old British man, of using the handle "IntelBroker" in a years-long campaign to steal and sell data from government agencies and networks, companies, and critical infrastructure. As seen by BleepingComputer, this data was most often put up for sale on the BreachForums hacking forum. The stolen information included sensitive health records, internal files from telecommunication and cybersecurity firms, and user data from online platforms."
        https://www.bleepingcomputer.com/news/security/british-hacker-intelbroker-charged-with-25m-in-cybercrime-damages/
      • Generative AI Exacerbates Software Supply Chain Risks
        "Generative artificial intelligence (GenAI) might be good at drafting business emails, but it is dangerously bad at writing software code. Malicious actors are exploiting AI-fabricated software components, which presents a major challenge for securing software supply chains. New transparency requirements are urgently needed to address this issue."
        https://www.darkreading.com/vulnerabilities-threats/generative-ai-exacerbates-software-supply-chain-risks
      • New INTERPOL Report Warns Of Sharp Rise In Cybercrime In Africa
        "A growing share of reported crimes in Africa is cyber-related, according to INTERPOL’s 2025 Africa Cyberthreat Assessment Report. Two-thirds of the Organization’s African member countries surveyed said that cyber-related crimes accounted for a medium-to-high share of all crimes, rising to 30 per cent in Western and Eastern Africa. Online scams, particularly through phishing, were the most frequently reported cybercrimes in Africa, while ransomware, business email compromise (BEC) and digital sextortion also remain widespread."
        https://www.interpol.int/en/News-and-Events/News/2025/New-INTERPOL-report-warns-of-sharp-rise-in-cybercrime-in-Africa
        https://www.interpol.int/en/content/download/23094/file/Cybercrime_Africa Cyberthreat Assessment Report_Design_FINAL.pdf
        https://www.darkreading.com/cyber-risk/africa-surge-cybercrime-law-enforcement-struggles
      • Welcome To The New Cyber Battleground
        "The Israel–Iran war has moved at a rapid pace in terms of kinetic warfare. What is also a new development is the speed at which this conflict rapidly expanded beyond traditional warfare, evolving into a complex cyber conflict. Both nations—and their proxy or hacktivist groups—are targeting critical infrastructure, finance, healthcare, telecoms, and public trust. While Israel and Iran have been long-time cyber adversaries, the FortiRecon Dark Web Intelligence team had picked up an increase in chatter before the start of the physical conflict. Within hours of the start of the conflict, there was a major change in activity, which is a clear indicator that preparations for a Cyber battle were already underway."
        https://www.fortinet.com/blog/ciso-collective/welcome-to-the-new-cyber-battleground
      • Why The SOC Needs Its “Moneyball” Moment
        "In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data and pattern recognition. While the rest of the league fixated on batting averages, they focused on what really mattered: getting on base. Security operations centers (SOCs) are at the same crossroads, and only those who rethink their approach will stay in the game."
        https://www.helpnetsecurity.com/2025/06/25/soc-ai-powered-graphs/
      • From Posture To Prioritization: The Shift Toward Unified Runtime Platforms
        "In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction, especially when facing legacy constraints. Looking ahead, she sees security leaders playing a bigger role in shaping infrastructure and innovation, with teams working more closely across functions as tools converge."
        https://www.helpnetsecurity.com/2025/06/25/rinki-sethi-upwind-security-unified-runtime-platforms/
      • Why Should Companies Or Organizations Convert To FIDO Security Keys?
        "In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into their scalability, compliance advantages, and real-world deployment considerations."
        https://www.helpnetsecurity.com/2025/06/25/alexander-summerer-swissbit-fido-security-keys/
      • The State Of Ransomware 2025
        "The sixth annual Sophos State of Ransomware report provides fresh insights into the factors that led organizations to fall victim to ransomware and the human and business impacts of an attack. Based on insights from a vendor-agnostic survey of 3,400 IT and cybersecurity leaders across 17 countries whose organizations were hit by ransomware in the last year, the report combines year-on-year insights with brand new areas of study, including why ransom payments rarely match the initial demand, and the downstream impact of ransomware incidents on in-house teams."
        https://news.sophos.com/en-us/2025/06/24/the-state-of-ransomware-2025/
        https://assets.sophos.com/X24WTUEQ/at/9brgj5n44hqvgsp5f5bqcps/sophos-state-of-ransomware-2025.pdf
        https://www.helpnetsecurity.com/2025/06/25/ransom-demand-payment/
        https://www.infosecurity-magazine.com/news/uk-ransom-payments-double-victims/
      • Users Lack Control As Major AI Platforms Share Personal Info With Third Parties
        "Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control over how their information is stored, used, or shared, according to Incogni."
        https://www.helpnetsecurity.com/2025/06/25/ai-platforms-data-sharing/
      • Ransomware Attacks Dip In May Despite Persistent Retail Targeting
        "Ransomware attacks fell globally for the third consecutive month in May 2025 despite the continued heavy targeting of retailers, according to new figures from NCC Group. The cybersecurity company recorded 393 attacks in May, a 6% fall from 416 in April. This follows a significant 31% decline in ransomware attacks in April compared to March. The fall in April is partly thought to be due to infrastructure outages experienced by the RansomHub gang. The fall in May comes despite a deluge of ransomware incidents affecting high-profile retailers from late April."
        https://www.infosecurity-magazine.com/news/ransomware-dip-may-retail-targeting/
      • Customer Identity Trends Report 2025: Securing Customer Trust In The Age Of AI
        "In an increasingly digital world, security isn't just a feature. It's the foundation of trust. Gaining this trust, however, is becoming more difficult. While organizations are eager to use AI to enhance customer experiences, our Auth0 Customer Identity Trends Report 2025 reveals a critical disconnect: Consumers don’t trust AI agents with their personal data, yet. Organizations that close the gap between AI innovation and user confidence are better poised for success in the age of AI; those that don't face a rapidly widening chasm."
        https://www.okta.com/newsroom/articles/customer-identity-trends-report-2025--securing-customer-trust-in/
        https://www.infosecurity-magazine.com/news/half-customer-signups-now/
      • AI And Collaboration Tools: How Cyberattackers Are Targeting SMBs In 2025
        "Cyberattackers often view small and medium-sized businesses (SMBs) as easier targets, assuming their security measures are less robust than those of larger enterprises. In fact, attacks through contractors, also known as trusted relationship attacks, remain one of the top three methods used to breach corporate networks. With SMBs generally being less protected than large enterprises, this makes them especially attractive to both opportunistic cybercriminals and sophisticated threat actors. At the same time, AI-driven attacks are becoming increasingly common, making phishing and malware campaigns easier to prepare and quickly adapt, thus increasing their scale. Meanwhile, cybersecurity regulations are tightening, adding more compliance pressure on SMBs."
        https://securelist.com/smb-threat-report-2025/116830/
      • Why Sincerity Is a Strategic Asset In Cybersecurity
        "Recently, while speaking at a customer event, I encountered some technical difficulties. First the projector began flickering on and off. Then the power went out. Then the clicker went on the fritz. I guess it just wasn’t my day. Anyone who speaks regularly has no doubt encountered situations like this. Of course, the trick is to keep the audience engaged and with you while you work through the technical difficulties. This can involve storytelling, humor, a bit of improvisation, and a number of other techniques. In the end, regardless of your message, those listening will remember different amounts of what you told them. What they usually remember quite well, however, is how you made them feel."
        https://www.securityweek.com/why-sincerity-is-a-strategic-asset-in-cybersecurity/
      • Supply Chain Attacks Surge With Orgs 'flying Blind' About Dependencies
        "The vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat. New research from SecurityScorecard shows organizations and their security leaders are gravely concerned about supply chain risks. 88 percent of the 550 CISOs and other security higher-ups surveyed expressed worry over supply chain security, but far fewer than half actually monitor security fully across their external suppliers."
        https://www.theregister.com/2025/06/25/supply_chain_attacks_hammer_organizations/
      • Threat Brief: Escalation Of Cyber Risk Related To Iran
        "The recent conflict involving Iran, particularly its military engagements with Israel and the U.S., significantly heightens the risk of cyber spillover. This extends traditional battlegrounds into the digital realm. While we have not yet seen a dramatic uptick in Iranian-directed cyberattacks, further escalations could manifest as a surge in cyber operations by both state-sponsored groups and independent hacktivists. Their aim would be to disrupt, collect intelligence on or influence perceived adversaries. Iranian threat groups have a history of targeting critical infrastructure and sensitive industries across public and private enterprises globally and these attacks can have far-reaching consequences."
        https://unit42.paloaltonetworks.com/iranian-cyberattacks-2025/
      • The New NIST LEV Metric: What You Need To Know
        "Rising vulnerability reports and an increasing backlog of critical vulnerabilities and exposures (CVE) conspire to put companies at risk. The new NIST Likely Exploited Vulnerabilities (LEV) metric can help. Here's how."
        https://blog.barracuda.com/2025/06/25/new-nist-lev-metric

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 90bb37df-d152-4c5e-97a1-3bdff66e3474-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post