NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 27 June 2025

    Cyber Security News
    1
    1
    193
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Mitsubishi Electric Air Conditioning Systems
        "Successful exploitation of this vulnerability could allow an attacker to control the air conditioning system."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-01
      • A Brief Overview Of The Main Incidents In Industrial Cybersecurity. Q1 2025
        "In Q1 2025, 118 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail. This quarter, organizations from multiple industrial sectors around the world reported serious incidents caused by cyberattacks. These attacks resulted in the loss of confidential data and the interruption of IT services and key operational processes, including the production and supply of products. The most high-profile story of the quarter was undoubtedly the attack on Kuala Lumpur airport, which knocked out many of its information systems, including departure and arrival boards, check-in terminals and baggage handling systems, for 10 hours."
        https://ics-cert.kaspersky.com/publications/reports/2025/06/26/a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity-q1-2025/
      • TrendMakers Sight Bulb Pro
        "Successful exploitation of these vulnerabilities could allow an attacker to capture sensitive information and execute arbitrary shell commands on the target device as root if connected to the local network segment."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-177-02

      New Tooling

      • Kanister: Open-Source Data Protection Workflow Management Tool
        "Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to manage different applications at scale."
        https://www.helpnetsecurity.com/2025/06/26/kanister-open-source-data-protection-workflow-management-tool/
        https://github.com/kanisterio/kanister

      Vulnerabilities

      • Decrement By One To Rule Them All: AsIO3.sys Driver Exploitation
        "Armory Crate and AI Suite are applications used to manage and monitor ASUS motherboards and related components such as the processor, RAM or the increasingly popular RGB lighting. These types of applications often install drivers in the system, which are necessary for direct communication with hardware to configure settings or retrieve critical parameters such as CPU temperature, fan speeds and firmware updates. Therefore, it is critical to ensure that drivers are well-written with security in mind and designed such that access to the driver interfaces are limited only to certain services and administrators."
        https://blog.talosintelligence.com/decrement-by-one-to-rule-them-all/
      • Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions At Risk
        "We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000 developers. This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control over millions of developer machines. By exploiting a CI issue a malicious actor could publish malicious updates to every extension on Open VSX. One bug. Full marketplace takeover. Millions of developers and their organizations — compromised. If you control the extensions, you control the machine, the code, and the business."
        https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44
        https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html

      Malware

      • Ongoing Campaign Abuses Microsoft 365’s Direct Send To Deliver Phishing Emails
        "Varonis’ Managed Data Detection and Response (MDDR) Forensics team has uncovered a novel phishing campaign targeting more than 70 organizations. In this post, we dive into the specifics to help you better understand what happened, how to detect the attack and how to prevent it moving forward. This campaign exploits a lesser-known feature in Microsoft 365: Direct Send. Designed to allow internal devices like printers to send emails without authentication, Varonis warns that threat actors are abusing the feature to spoof internal users and deliver phishing emails without ever needing to compromise an account. Identified victims spanned multiple verticals and locations but were predominantly US-based organizations."
        https://www.varonis.com/blog/direct-send-exploit
        https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/
      • Surge In MOVEit Transfer Scanning Could Signal Emerging Threat Activity
        "GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day. But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28. Since that initial jump, daily scanner IP volume has remained intermittently elevated between 200 to 300 IPs per day — a significant deviation from baseline and an indicator that MOVEit Transfer is once again in the crosshairs."
        https://www.greynoise.io/blog/surge-moveit-transfer-scanning-activity
        https://www.bankinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832
      • CapCut Con: Apple Phishing & Card-Stealing Refund Ruse
        "As CapCut continues to dominate the short-form video editing scene, cybercriminals are seizing the opportunity to exploit its popularity. In a recent phishing campaign observed by the Cofense PDC team, threat actors have crafted convincing fake CapCut invoice lures (Figure 1) designed to harvest Apple ID credentials along with credit card information. By leveraging the app's widespread appeal and mimicking its official branding, these attackers aim to deceive users into divulging sensitive information. This blog post delves into the mechanics of this phishing scheme, highlights the tactics used, and provides insights on how to recognize and avoid such threats."
        https://cofense.com/blog/capcut-con-apple-phishing-card-stealing-refund-ruse

      Breaches/Hacks/Leaks

      • Central Kentucky Radiology Data Breach Impacts 167,000
        "Radiology services provider Central Kentucky Radiology (CKR) is notifying roughly 167,000 people that their personal information was compromised in an October 2024 data breach. The incident, the organization says, was discovered after certain systems within its network were disrupted by a cyberattack. CKR determined that a threat actor had access to its network between October 16 and October 18, 2024, and copied files from its systems."
        https://www.securityweek.com/central-kentucky-radiology-data-breach-impacts-167000/

      General News

      • Building Cyber Resilience In Always-On Industrial Environments
        "In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also shares practical strategies for working with third-party partners and preparing for the next wave of automation."
      • **https://www.helpnetsecurity.com/2025/06/26/tim-sattler-jungheinrich-industrial-environments-cybersecurity/
      • Introducing CC Signals: A New Social Contract For The Age Of AI**
        "Creative Commons (CC) today announces the public kickoff of the CC signals project, a new preference signals framework designed to increase reciprocity and sustain a creative commons in the age of AI. The development of CC signals represents a major step forward in building a more equitable, sustainable AI ecosystem rooted in shared benefits. This step is the culmination of years of consultation and analysis. As we enter this new phase of work, we are actively seeking input from the public."
        https://creativecommons.org/2025/06/25/introducing-cc-signals-a-new-social-contract-for-the-age-of-ai/
        https://www.helpnetsecurity.com/2025/06/26/cc-signals-ai-boundaries/
      • When Synthetic Identity Fraud Looks Just Like a Good Customer
        "People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. Criminals create fake identities by combining stolen pieces of personal information such as Social Security numbers, names, and birthdates. This type of fraud is often called Frankenstein fraud because it stitches together real and fake components to form a new, convincing identity."
        https://www.helpnetsecurity.com/2025/06/26/synthetic-identity-fraud-consequences/
      • Most AI And SaaS Apps Are Outside IT’s Control
        "60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A survey of 1,000 enterprise CIOs and CISOs shows a shift: most security breaches now start inside the organization. The main problems are too many user permissions, unused accounts, and poor identity management. Manual onboarding, rare access checks, and disconnected offboarding make things worse."
        https://www.helpnetsecurity.com/2025/06/26/ai-identity-governance/
      • Ex-Student Charged Over Hacking University For Cheap Parking, Data Breaches
        "New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University's systems on multiple occasions, starting with a scheme to obtain cheaper parking. Specifically, the woman, identified by local media reports as Birdie Kingston, is accused of unauthorized access, data theft, and compromising university infrastructure since 2021, affecting hundreds of staff and students. "Since 2021, Western Sydney University experienced a series of cyber hacks involving unauthorized access, data exfiltration, system compromise, and misuse of university infrastructure – including threatening the sale of student information on the dark web," reads the NSW Police press release."
        https://www.bleepingcomputer.com/news/security/ex-student-charged-over-hacking-university-for-cheap-parking-data-breaches/
      • Man Pleads Guilty To Hacking Networks To Pitch Security Services
        "A Kansas City man has pleaded guilty to hacking multiple organizations to advertise his cybersecurity services, the U.S. Department of Justice announced on Wednesday. 32-year-old Nicholas Michael Kloster was indicted last year for hacking into the networks of three organizations in 2024, including a health club and a Missouri nonprofit corporation. According to court documents, Kloster accessed the systems of a health club that operates multiple gyms in Missouri after breaching a restricted area. Next, he sent an email to one of the gym chain's owners, claiming he had hacked their network and offering his services in the same message, seemingly seeking to secure a cybersecurity consulting contract with the company."
        https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/
        https://www.securityweek.com/man-who-hacked-organizations-to-advertise-security-services-pleads-guilty/
      • The AI Arms Race: When Attackers Leverage Cutting-Edge Tech
        "For too long, the narrative around AI in cyber security has focused on its defensive capabilities. While AI is revolutionizing how organizations protect themselves – bringing unprecedented speed, accuracy, and automation – it’s crucial to acknowledge the other side of the coin. Cyber criminals are quickly embracing AI, using large language models (LLMs) and advanced agentic AI to craft more potent and elusive attacks."
        https://blog.checkpoint.com/infinity-global-services/the-ai-arms-race-when-attackers-leverage-cutting-edge-tech/
      • How Geopolitical Tensions Are Shaping Cyber Warfare
        "As global conflicts intensify, cyberspace is becoming just as contentious as the physical world. Digital frontlines are expanding rapidly, with nation-state-backed actors launching attacks against governments, infrastructure, finance, and private enterprise. What's changing isn't just the scale; it's also the focus. Today's adversaries adapt faster and act smarter, blending old tactics with new delivery methods and exploiting the same weaknesses that have gone unpatched for years. Cybersecurity professionals don't just need more data; they need to know what's happening in their neighborhood."
        https://www.darkreading.com/vulnerabilities-threats/geopolitical-tensions-shape-cyber-warfare
      • Cloud Repatriation Driven By AI, Cost, And Security
        "The acceleration of artificial intelligence (AI) has changed the way many enterprises are run, with the technology automating business processes and executing business queries. So it's not a huge surprise that AI is also transforming how companies use their cloud infrastructures. The focus on cloud migration over the past few years is plateauing as many organizations begin to embrace cloud repatriation — moving data, assets, and workloads out of the cloud and back to the data center. The difference is that organizations may not be going back to on-premises but rather to a private cloud or a hybrid cloud. Continued concerns about security in the cloud and a soaring price tag are also driving the cloud repatriation trend."
        https://www.darkreading.com/cloud-security/cloud-repatriation-ai-cost-security
      • Taming Agentic AI Risks Requires Securing Non-Human Identities
        "From service accounts and Web application programming interfaces (APIs) to serverless applications and now artificial intelligence (AI) agents, the landscape of non-human identities is quickly becoming more complex. Companies are struggling to monitor and manage machine identities with security controls. In the past, machine identities focused on devices, services, and workloads. Developers connected their applications to online application programming interfaces (API) with a secret key or token. More complex applications integrate data from numerous applications through APIs."
        https://www.darkreading.com/cybersecurity-operations/taming-agentic-ai-risks-securing-nhi
      • ESET Threat Report H1 2025
        "From novel social engineering techniques to sophisticated mobile threats and major infostealer disruptions, the threat landscape in the first half of 2025 was anything but boring. One of the most striking developments this period was the emergence of ClickFix, a new, deceptive attack vector that skyrocketed by over 500% compared to H2 2024 in ESET telemetry. Now the second most common attack vector after phishing, ClickFix manipulates internet users into executing malicious commands under the guise of fixing a fake error. The payloads at the end of ClickFix attacks vary widely – from infostealers to ransomware and even to nation-state malware – making this a versatile and formidable threat across Windows, Linux, and macOS."
        https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/
        https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h12025.pdf
        https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html
        https://www.infosecurity-magazine.com/news/clickfix-attacks-surge-2025/
        https://www.helpnetsecurity.com/2025/06/26/clickfix-attacks-fakecaptcha-eset-report/
      • Qilin Ransomware Attack On NHS Supplier Contributed To Patient Fatality
        "The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient. King's College Hospital NHS Trust, one of the many trusts affected by Qilin's attack, confirmed the news on Wednesday. An NHS spokesperson told The Register: "One patient sadly died unexpectedly during the cyberattack. As is standard practice when this happens, we undertook a detailed review of their care."
        https://www.theregister.com/2025/06/26/qilin_ransomware_nhs_death/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 82ba04df-ffab-437d-b378-382a6b940797-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post