NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 04 July 2025

    Cyber Security News
    1
    1
    596
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Healthcare CISOs Must Secure More Than What’s Regulated
        "In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also shares tips on working with engineering teams and how automation helps in DevSecOps."
        https://www.helpnetsecurity.com/2025/07/03/henry-jiang-ensora-health-healthcare-devsecops-strategy/

      Industrial Sector

      • Industrial Security Is On Shaky Ground And Leaders Need To Pay Attention
        "44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, according to Forescout. Digitalization has increased connectivity across devices, transforming industrial environments, which in turn increases cyber risk. Rising geopolitical tensions further compound these challenges, demanding more nuanced, strategic and integrated security approaches to protect critical assets while maintaining operations."
        https://www.helpnetsecurity.com/2025/07/03/ot-iot-threat-detection-confidence/
      • Hitachi Energy Relion 670/650 And SAM600-IO Series
        "An authenticated user with file access privilege via FTP access can cause the Relion 670/650 and SAM600-IO series device to reboot due to improper disk space management."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-01
      • Hitachi Energy MicroSCADA X SYS600
        "Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-02
      • Mitsubishi Electric MELSOFT Update Manager
        "Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, disclose information, alter information, or cause a denial-of-service (DoS) condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-03
      • Mitsubishi Electric MELSEC iQ-F Series
        "Successful exploitation of this vulnerability could result in a denial-of-service condition for legitimate users for a certain period by repeatedly attempting to log in with incorrect passwords. When the product repeatedly receives unauthorized logins from an attacker, legitimate users will be unable to be authenticated until a certain period has passed after the lockout or until the product is reset."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-184-04
      • OT Security In Ports: Lessons From The Coast Guard's Latest Warning
        "The cranes that move goods in and out of America's busiest ports (some of the most essential components of our national logistics chain) are under growing scrutiny. In a newly issued MARSEC Directive 105-5, the U.S. Coast Guard has raised red flags about the cybersecurity risks that come with ship-to-shore (STS) cranes manufactured in China. These cranes, mostly produced by state-owned enterprises like Shanghai Zhenhua Heavy Industries (ZPMC), make up nearly 80% of the STS equipment at U.S. ports."
        https://www.tripwire.com/state-of-security/ot-security-ports-lessons-coast-guards-latest-warning

      New Tooling

      • GitPhish: Open-Source GitHub Device Code Flow Security Assessment Tool
        "GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line interface or a web dashboard, offering comprehensive features such as logging, analytics, and token management."
        https://www.helpnetsecurity.com/2025/07/03/gitphish-open-source-github-device-code-flow-security-assessment-tool/
        https://github.com/praetorian-inc/GitPhish

      Vulnerabilities

      • Grafana Releases Critical Security Update For Image Renderer Plugin
        "Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. Although the issues impact Chromium and were fixed by the open-source project two weeks ago, Grafana received a bug bounty submission from security researcher Alex Chapman proving their exploitability in the Grafana components. Grafana describes the update as a "critical severity security release" and advises users to apply the fixes for the vulnerabilities below as soon as possible:"
        https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/
      • Apache Under The Lens: Tomcat’s Partial PUT And Camel’s Header Hijack
        "In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. The same month, Apache revealed two additional vulnerabilities in Apache Camel, a message routing middleware framework. These vulnerabilities are CVE-2025-27636 and CVE-2025-29891, two flaws that allow remote code execution, affecting Apache Camel versions 4.10.0 to 4.10.1, 4.8.0 to 4.8.4 and 3.10.0 to 3.22.3."
        https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/
      • Azure Machine Learning Escalation: When Pipelines Go Off The Rails
        "Orca has discovered a new privilege escalation vulnerability in the Azure Machine Learning service. We found that invoker scripts that are automatically created for each AML pipeline component and stored in a linked Storage Account can be abused to execute code with elevated privileges. While the severity varies based on the identity assigned to the compute instance, this enables multiple escalation paths when the instance runs under a highly privileged managed identity."
        https://orca.security/resources/blog/azure-machine-learning-privilege-escalation/
        https://www.infosecurity-magazine.com/news/privilege-escalation-flaw-azure-ml/

      Malware

      • Hunters International Ransomware Shuts Down, Releases Free Decryptors
        "The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. "After careful consideration and in light of recent developments, we have decided to close the Hunters International project. This decision was not made lightly, and we recognize the impact it has on the organizations we have interacted with," the cybercrime gang says in a statement published on its dark web leak earlier today. "As a gesture of goodwill and to assist those affected by our previous activities, we are offering free decryption software to all companies that have been impacted by our ransomware. Our goal is to ensure that you can recover your encrypted data without the burden of paying ransoms.""
        https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-shuts-down-after-world-leaks-rebrand/
        https://therecord.media/hunters-international-ransomware-extortion-group-claims-shutdown
        https://www.bankinfosecurity.com/ransomware-group-hunters-international-announces-exit-a-28894
        https://www.theregister.com/2025/07/03/hunters_international_shutdown/
      • The SOC Case Files: XDR Contains Two Nearly Identical Attacks Leveraging ScreenConnect
        "Barracuda’s Managed XDR team recently helped two companies mitigate incidents where attackers had managed to compromise computers and install rogue ScreenConnect remote management software. The incidents were neutralized before the attackers were able to move laterally through the network."
        https://blog.barracuda.com/2025/07/02/soc-case-files-xdr-contains-two-attacks-screenconnect
      • RondoDox Unveiled: Breaking Down a New Botnet Threat
        "Over the past month, FortiGuard Labs has observed a significant increase in scanning activity, including a new botnet campaign that exploits two high-risk vulnerabilities: CVE-2024-3721 and CVE-2024-12856. Both have been publicly disclosed and are actively being targeted, posing serious risks to device security and overall network integrity."
        https://www.fortinet.com/blog/threat-research/rondobox-unveiled-breaking-down-a-botnet-threat
      • Satori Threat Intelligence Alert: IconAds Conceals Source Of Ad Fraud From Users
        "HUMAN’s Satori Threat Intelligence and Research Team has uncovered and disrupted an operation dubbed IconAds. This scheme centered on a collection of 352 apps which load out-of-context ads on a user’s screen and hide the app icons, making it difficult for a user to identify the culprit app and remove it. At its peak, IconAds accounted for 1.2 billion bid requests a day."
        https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-iconads/
        https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html
      • Two New Pro-Russian Hacktivist Groups Target Ukraine, Recruit Insiders
        "Two new pro-Russian hacktivist groups have emerged in recent months to mount cyberattacks on Ukraine and its allies. The groups, calling themselves IT Army of Russia and TwoNet, use the Telegram messaging app to coordinate operations, recruit insiders and collect information about targets in Ukraine, according to a new report by cybersecurity firm Intel 471. Researchers said both groups appeared earlier this year and may be rebrands of previously known threat actors, though their exact links to past campaigns remain unclear."
        https://therecord.media/twonet-it-army-of-russia-new-hacktivist-groups-target-ukraine

      Breaches/Hacks/Leaks

      • IdeaLab Confirms Data Stolen In Ransomware Attack Last Year
        "IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. Although the organization does not describe the type of attack, the Hunters International ransomware group has claimed the breach and leaked the stolen data on the dark web. IdeaLab is a California-based technology startup incubator that since 1996 has launched over 150 companies, including GoTo.com, CitySeach, eToys, Authy, Pet.net, Heliogen, and Energy Vault."
        https://www.bleepingcomputer.com/news/security/idealab-confirms-data-stolen-in-ransomware-attack-last-year/
      • Taking Over 60k Spyware User Accounts With SQL Injection
        "Recently I was looking through a database of known stalkerware services and found one I wasn’t familiar with: Catwatchful. It seemed to be a full-featured Android spy app, to actually be its own service as opposed to a millionth FlexiSpy reseller, and to offer a 3-day free trial. Aside from a boilerplate disclaimer to only use it with consent, it also pretty brazenly advertised itself as stalkerware in the FAQ:"
        https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
        https://www.securityweek.com/undetectable-android-spyware-backfires-leaks-62000-user-logins/
        https://www.malwarebytes.com/blog/news/2025/07/catwatchful-child-monitoring-app-exposes-victims-data
      • Cybercriminals Target Brazil: 248,725 Exposed In CIEE One Data Breach
        "Yesterday, July 1, 2025 — the actor under the alias "888" published over 248,725 records containing sensitive PII stolen from CIEE (Centro de Integração Empresa-Escola). ONE CIEE is a personalized recruitment and selection service offered by CIEE Centro de Integração Empresa-Escola (Business-School Integration Center) for companies seeking candidates for internships and apprenticeship programs. It connects specialists and businesses, ranging from major international corporations to local entities in Brazil."
        https://www.resecurity.com/blog/article/cybercriminals-target-brazil-248725-exposed-in-ciee-one-data-breach
        https://securityaffairs.com/179609/data-breach/cybercriminals-target-brazil-248725-exposed-in-ciee-one-data-breach.html
      • Virginia County Says April Ransomware Attack Exposed Employee SSNs
        "Government employees working for the county of Gloucester in Virginia had Social Security numbers and other sensitive data stolen during a ransomware attack in April. The county sent 3,527 current and former employees notices this week warning that their personal information was accessed by hackers who breached county systems on April 22. In addition to Social Security numbers, names, driver’s license numbers, bank account information, health insurance numbers and medical information was also stolen during the incident."
        https://therecord.media/virginia-county-says-ransomware-attack-exposed-ssns
      • Young Consulting Finds Even More Folks Affected In Breach Mess – Now Over 1 Million
        "Young Consulting's cybersecurity woes continue after the number of affected individuals from last year's suspected ransomware raid passed the 1 million mark. The software vendor to stop-loss insurance carriers, now trading as Connexure, said the attack took place sometime between April 10 and 13, 2024, in a data breach notice that remains on its website homepage today. Young Consulting did not mention that ransomware was involved, although the BlackSuit group took credit for the attack, which was also widely reported as a ransomware incident."
        https://www.theregister.com/2025/07/03/young_consulting_breach_million/

      General News

      • Cyberattacks Are Draining Millions From The Hospitality Industry
        "Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and private. The industry itself is booming. The hotel segment alone is expected to reach a new peak of $511.91 billion in 2029. It’s no surprise that cybercriminals are taking notice."
        https://www.helpnetsecurity.com/2025/07/03/hospitality-industry-cybersecurity-challenges/
      • AI Tools Are Everywhere, And Most Are Off Your Radar
        "80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re a CISO, if you want to avoid blind spots and data risks, you need to know where AI is showing up and what it’s doing across the entire organization."
        https://www.helpnetsecurity.com/2025/07/03/shadow-ai-tools-workplace/
      • 90% Aren’t Ready For AI Attacks, Are You?
        "As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy and necessary technical capabilities. The report reveals AI adoption has accelerated the speed, scale and sophistication of cyber threats, far outpacing current enterprise cyber defenses. For example, 77% of organizations lack the essential data and AI security practices needed to protect critical business models, data pipelines and cloud infrastructure."
        https://www.helpnetsecurity.com/2025/07/03/ai-cyber-defenses/
      • Police Dismantles Investment Fraud Ring Stealing €10 Million
        "The Spanish police have dismantled a large-scale investment fraud operation that caused cumulative damages exceeding $11.8 million (€10 million). During simultaneous raids in Barcelona, Madrid, Mallorca, and Alicante, coordinated by the Mossos d’Esquadra, Civil Guard, and the National Police, 21 individuals were arrested. Along with the arrests, the police agents also confiscated seven luxury vehicles and more than $1.5 million €1.3 million in cash and cryptocurrency."
        https://www.bleepingcomputer.com/news/legal/police-dismantles-investment-fraud-ring-stealing-10-million/
      • Amazon Prime Day 2025: Deals Await, But So Do The Cyber Criminals
        "Ahead of this year’s Amazon Prime Day 2025 on July 8th, shoppers worldwide are preparing their wish lists. So are cyber criminals. Phishing attacks are already targeting innocent shoppers. In June alone, over 1,000 new domains with names resembling Amazon appeared online. Alarmingly, 87% of these have already been flagged as malicious or suspicious. Many of the domains include the term “Amazon Prime”, with one in every 81 of the risky domains containing this phrase."
        https://blog.checkpoint.com/research/amazon-prime-day-2025-deals-await-but-so-do-the-cyber-criminals-2/
      • New Cyber Blueprint Aims To Guide Organizations On AI Journey
        "Executive leadership is pushing for rapid artificial intelligence (AI) adoption inside their organizations to offset cyber-workforce shortages or to enhance threat detection and incident response capabilities, but lack of preparation can introduce problems. To address the issue, Deloitte HAS published a new Cyber AI blueprint to provide organizations with a template how to design, build, and deploy AI tools. The blueprint consists of an AI operating model, a governance model, and a reference architecture to help organizations design and operate an AI-powered environment, including agentic AI applications. The blueprint also includes elements to help organizations update the workforce's skills to handle the changes posed by the new AI-enhanced environment."
        https://www.darkreading.com/cyber-risk/cyber-blueprint-guide-ai-journey
      • Criminals Sending QR Codes In Phishing, Malware Campaigns
        "That email advertising a great deal on an inflatable pool to cool off with during this sweltering July may come with a nifty QR code to simplify the buying process. Or you find a QR code touting a special sale on fireworks for the holiday weekend. These QR codes look harmless, but attackers are increasingly using them for malicious purposes. In an analysis of phishing and other malicious activities associated with identity theft between October 2024 and March 2025, the Anti-Phishing Working Group (APWG) found that criminals are sending millions of emails each day containing QR codes that lead victims to phishing sites, brand impersonation pages, and other fraudulent scam sites. Over this six-month period, email security company and APWG member Mimecast detected 1.7 million malicious QR codes and an average of 2.7 million emails with QR codes attached daily, according to APWG's "Phishing Activity Trends Report.""
        https://www.darkreading.com/endpoint-security/criminals-send-qr-codes-phishing
      • Dark Web Vendors Shift To Third Parties, Supply Chains
        "Cyberattackers continue to attack a variety of technology supply chains — from open source software components to managed service providers — and increasingly, they are advertising their windfalls on Dark Web forums. In March, for example, a threat actor posted details of an alleged compromise of Oracle Cloud to the BreachForums Dark Web site. The compromise — initially denied by Oracle — led to Oracle later notifying customers of a breach of two servers containing usernames and passwords. The hacker who originally posted information of the attack, "rose87169," had published some information in the hope of attracting collaborators to decrypt some of the data."
        https://www.darkreading.com/threat-intelligence/dark-web-vendors-third-parties-supply-chains
      • AI Tackles Binary Code Challenges To Fortify Supply Chain Security
        "Artificial intelligence (AI) can help improve binary code analysis and, in turn, make the software supply chain more secure. Effective binary code analysis is paramount as supply chain risks rise. Vendor and government-backed initiatives introduced over the past two years, such as the Cybersecurity and Infrastructure Security Agency's Secure by Design pledge, accentuate how pervasive software supply chain security threats have grown. It's a result of how digitally interconnected organizations have become. However, it's difficult to account for every link in the chain — some prioritize security, while others exhibit dangerous shortcomings."
        https://www.darkreading.com/application-security/ai-tackles-binary-code-challenges-fortify-supply-chain-security
      • Browser Extensions Pose Heightened, But Manageable, Security Risks
        "While browser extensions add useful functionality to Web browsers, such as blocking ads, managing passwords, and taking notes, they also increase the organization's security and privacy risks. Browser extensions require certain levels of permissions that are attractive to attackers. Some extensions need access to the user's location, browsing history, or the user's clipboard to see what data the user has copied. Some extensions go further, requesting access to nearly all of the data stored on the user's computer as well as the data accessed while visiting different websites. Attackers can exploit extensions with these heightened permissions to access potentially sensitive information, such as Web traffic, saved credentials, and session cookies."
        https://www.darkreading.com/cyber-risk/browser-extensions-heightened-manageable-security-risks
      • CVE Program Launches Two New Forums To Enhance CVE Utilization
        "The Board of the Common Vulnerabilities and Exposures (CVE) Program has launched two new forums to encourage more contributions and shape the future of the initiative. The CVE Program, run by the nonprofit MITRE and sponsored by the US Cybersecurity and Infrastructure Security Agency (CISA), faced uncertainty about its future in April after its contract expired. The contract was subsequently extended for 11 months, according to reports. While the longer-term future of the program remains uncertain beyond this period, the CVE Board appears to be willing to allow more stakeholders to have a voice and shape the program’s strategy."
      • **https://www.infosecurity-magazine.com/news/cve-program-new-user-researcher/
      • INTERPOL Releases New Information On Globalization Of Scam Centres**
        "Human trafficking-fueled scam centres have expanded their global footprint, according to a new crime trend update released by INTERPOL. As of March 2025, victims from 66 countries were trafficked into online scam centres, with no continent left untouched. Seventy-four percent of human trafficking victims were brought to centres in the original ‘hub’ region of Southeast Asia, according to analysis of the crime trend using data from relevant INTERPOL Notices issued in the past five years."
        https://www.interpol.int/en/News-and-Events/News/2025/INTERPOL-releases-new-information-on-globalization-of-scam-centres
        https://therecord.media/interpol-west-africa-cybercrime-compounds
      • Russia Jails Man For 16 Years Over Pro-Ukraine Cyberattacks On Critical Infrastructure
        "A Russian court has sentenced a man to 16 years in a high-security penal colony for launching cyberattacks that disrupted critical infrastructure, authorities said on Wednesday. Andrei Smirnov, a resident of the Siberian city of Belovo, was detained in October 2023 and charged with treason. Prosecutors said he held pro-Ukrainian views and joined a hacker group allegedly acting in the interests of Ukrainian intelligence. According to their investigation, Smirnov used malware to attack Russian information systems in 2022, blocking access to websites of several local companies and damaging critical infrastructure. Russian authorities did not specify which infrastructure or companies were affected."
        https://therecord.media/russia-jails-man-over-pro-ukraine-cyberattacks
      • Ransomware And Cyber Extortion In Q2 2025
        "The decline of legacy ransomware groups has created a vacuum that’s quickly been filled by emerging groups like “Qilin.” Nonetheless, this quarter still saw a 31% decrease in named victims compared to the previous quarter. Leading ransomware-as-a-service (RaaS) groups like Qilin and “Akira” rely on the mass exploitation of vulnerabilities to compromise organizations with speed and precision. Future ransomware leaders are likely to succeed by combining automated discovery tools with public proof-of-concept (POC) exploits, accelerating compromises and propelling them to the forefront of the ransomware race. To counter these threats, organizations must prioritize asset discovery and implement a strict patch management framework to ensure exposed and critical devices cannot be exploited by ransomware actors."
        https://reliaquest.com/blog/ransomware-cyber-extortion-threat-intel-q2-2025/
        https://www.infosecurity-magazine.com/news/automation-vulnerability/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) d56bbf83-43e3-4ef4-9dd4-b1feb78d94ec-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post