NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 July 2025

    Cyber Security News
    1
    1
    52
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • CISA Releases Thirteen Industrial Control Systems Advisories
        "CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
        ICSA-25-191-01 Siemens SINEC NMS
        ICSA-25-191-02 Siemens Solid Edge
        ICSA-25-191-03 Siemens TIA Administrator
        ICSA-25-191-04 Siemens SIMATIC CN 4100
        ICSA-25-191-05 Siemens TIA Project-Server and TIA Portal
        ICSA-25-191-06 Siemens SIPROTEC 5
        ICSA-25-191-07 Delta Electronics DTM Soft
        ICSA-25-191-08 Advantech iView
        ICSA-25-191-09 KUNBUS RevPi Webstatus
        ICSA-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol"
        https://www.cisa.gov/news-events/alerts/2025/07/10/cisa-releases-thirteen-industrial-control-systems-advisories

      Vulnerabilities

      • How Tenable Research Discovered a Critical Remote Code Execution Vulnerability On Anthropic MCP Inspector
        "Tenable Research recently discovered a critical vulnerability impacting Anthropic's MCP Inspector tool, a core element of the MCP ecosystem. In this blog, we provide details on how we discovered the vulnerability in this widely used open-source tool — and what users can do about it. Tenable Research discovered a critical vulnerability (CVE-2025-49596) in Anthropic's MCP Inspector. This open-source tool, widely used for testing and troubleshooting Model Context Protocol (MCP) servers, is highly popular with over 38,000 weekly downloads on npmjs and more than 4,000 stars on GitHub. Further details are available in the advisory."
        https://www.tenable.com/blog/how-tenable-research-discovered-a-critical-remote-code-execution-vulnerability-on-anthropic
        https://www.darkreading.com/application-security/agentic-ai-risky-mcp-backbone-attack-vectors
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/07/10/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.theregister.com/2025/07/10/cisa_citrixbleed_kev/
      • PerfektBlue Bluetooth Flaws Impact Mercedes, Volkswagen, Skoda Cars
        "Four vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Skoda. OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024 but many automakers have yet to push the corrective firmware updates. At least one major OEM learned only recently about the security risks. The security issues can be chained together into an exploit that researchers call a PerfektBlue attack and can be delivered over-the-air by an attacker, requiring "at most 1-click from a user.""
        https://www.bleepingcomputer.com/news/security/perfektblue-bluetooth-flaws-impact-mercedes-volkswagen-skoda-cars/
        https://pcacybersecurity.com/resources/advisory/perfekt-blue
        https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/
        https://securityaffairs.com/179789/hacking/perfektblue-bluetooth-attack-allows-hacking-infotainment-systems-of-mercedes-volkswagen-and-skoda.html
      • Asus And Adobe Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website."
        https://blog.talosintelligence.com/asus-and-adobe-vulnerabilities/
      • eSIM Bug In Millions Of Phones Enables Spying, Takeover
        "Systemic vulnerabilities in embedded Subscriber Identity Module (eSIM) cards have exposed billions of devices to spying, SIM swaps, and other threats. Billions of phone users around the world have moved on from traditional SIM cards to eSIMs. They allow multiple phone carrier subscriptions to exist on a single device. Unlike traditional SIM cards, you can't physically remove and replace them, and they tout superior security."
        https://www.darkreading.com/endpoint-security/esim-bug-millions-phones-spying-takeover
        https://www.securityweek.com/esim-hack-allows-for-cloning-spying/
      • Fix The Click: Preventing The ClickFix Attack Vector
        "In this article, we share hunting tips and mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns we have seen so far in 2025:
      • Attackers distributing NetSupport remote access Trojan (RAT) are ramping up activities with a new loader
      • Attackers distributing Latrodectus malware are luring victims with a new ClickFix campaign
      • Prolific Lumma Stealer campaign targeting multiple industries with new techniques"
        https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/

      Malware

      • Code Highlighting With Cursor AI For $500,000
        "Attacks that leverage malicious open-source packages are becoming a major and growing threat. This type of attacks currently seems commonplace, with reports of infected packages in repositories like PyPI or npm appearing almost daily. It would seem that increased scrutiny from researchers on these repositories should have long ago minimized the profits for cybercriminals trying to make a fortune from malicious packages. However, our investigation into a recent cyberincident once again confirmed that open-source packages remain an attractive way for attackers to make easy money."
        https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
      • Crypto Wallets Continue To Be Drained In Elaborate Social Media Scam
        "Continued research by Darktrace has revealed that cryptocurrency users are being targeted by threat actors in an elaborate social engineering scheme that continues to evolve. In December 2024, Cado Security Labs detailed a campaign targeting Web 3 employees in the Meeten campaign. The campaign included threat actors setting up meeting software companies to trick users into joining meetings and installing the information stealer Realst disguised as video meeting software."
        https://www.darktrace.com/blog/crypto-wallets-continue-to-be-drained-in-elaborate-social-media-scam
        https://thehackernews.com/2025/07/fake-gaming-and-ai-firms-push-malware.html
      • MacOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App
        "First noted by a Chinese blogger in July 2021, macOS.ZuRu is a backdoor that was initially delivered through poisoned web results on Baidu. Users searching for the popular Terminal emulator iTerm2 were redirected to a malicious site hosting a trojanized version of the app. Subsequent ZuRu variants used the same model, poisoning Baidu for other popular macOS utilities including SecureCRT, Navicat and Microsoft’s Remote Desktop for Mac. The selection of trojanized apps suggested the malware authors were targeting users of backend tools for SSH and other remote connections utilities."
        https://www.sentinelone.com/blog/macos-zuru-resurfaces-modified-khepri-c2-hides-inside-doctored-termius-app/
        https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html
      • Threat Actor Activity Related To The Iran Conflict
        "In light of the most recent Iranian conflict, Nozomi Networks Labs has observed a 133% increase in cyberattacks coming from well-known Iranian threat actor groups during May and June. From what Nozomi Networks Labs researchers have observed so far, US companies appear to be the primary target as warned in a June 30th Fact Sheet published by CISA and last week’s National Terrorism Advisory System Bulletin from the U.S. Department of Homeland Security."
        https://www.nozominetworks.com/blog/threat-actor-activity-related-to-the-iran-conflict
        https://therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025

      Breaches/Hacks/Leaks

      • McDonald’s AI Hiring Tool McHire Leaked Data Of 64 Million Job Seekers
        "A vulnerability in McHire, the AI-powered recruitment platform used by a vast majority of McDonald’s franchisees, exposed the personal information of over 64 million job applicants. The vulnerability, discovered by security researchers Ian Carroll and Sam Curry, allowed unauthorised access to sensitive data, including names, email addresses, phone numbers, and home addresses. The investigation began after reports surfaced on Reddit about the McHire chatbot, named Olivia and developed by Paradox.ai, giving strange responses. Researchers quickly found two critical weaknesses. First, the administration login for restaurant owners on McHire accepted easily guessable default credentials: “123456” for both username and password. This simple entry granted them administrator access to a test restaurant account within the system."
        https://hackread.com/mcdonalds-ai-hiring-tool-mchire-leaked-job-seekers-data/
        https://www.malwarebytes.com/blog/news/2025/07/mcdonalds-ai-bot-spills-data-on-job-applicants

      General News

      • What EU’s PQC Roadmap Means On The Ground
        "In this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and addresses both the technical and regulatory challenges of migrating to PQC. Warburton also outlines practical steps organizations must take to ensure cryptographic agility and long-term data protection."
        https://www.helpnetsecurity.com/2025/07/10/david-warburton-f5-labs-eu-pqc-roadmap/
      • Fake Online Stores Look Real, Rank High, And Trap Unsuspecting Buyers
        "Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device. E-shop scams rose by 790% in the first quarter of 2025 compared to the same period in 2024, according to Avast. Cybercriminals might be exploiting economic uncertainty as rising tariffs push consumers to seek cheaper deals online. This makes it easier to trick people with fake stores."
        https://www.helpnetsecurity.com/2025/07/10/tips-online-shopping-scams/
      • Global Software Supply Chain Visibility Remains Critically Low
        "Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. This Accelerator is an in-depth analysis into data from the 2025 LevelBlue Futures Report, comparing risk appetites, investment gaps, and overall preparedness to help organizations secure their end-to-end software supplier ecosystem. It shows software supply chain security as a growing business concern in 2025. This is partly due to regional regulatory framework demands, and because the attack surface is expanding in response to AI adoption and the integration of complex third-party ecosystems."
        https://www.helpnetsecurity.com/2025/07/10/low-global-software-supply-chain-visibility/
      • Russian Pro Basketball Player Arrested For Alleged Role In Ransomware Attacks
        "Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. Daniil Kasatkin is a Russian basketball player who briefly played NCAA basketball at Penn State before returning to Russia in 2019. In four seasons with MBA-MAI, he appeared in 172 games before he left the team. According to French media, Kasatkin was arrested at Paris's Charles de Gaulle airport on June 21st after landing in France with his fiancée."
        https://www.bleepingcomputer.com/news/security/russian-pro-basketball-player-arrested-for-alleged-role-in-ransomware-attacks/
        https://cyberscoop.com/russian-basketball-player-daniil-kasatkin-arrested-france-ransomware-charges-penn-state/
        https://therecord.media/russian-basketball-player-arrested-in-france-ransomware
      • Retail Cyber Attacks: NCA Arrest Four For Attacks On M&S, Co-Op And Harrods
        "Four people have been arrested in the UK as part of a National Crime Agency investigation into cyber attacks targeting M&S, Co-op and Harrods. Two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands and London this morning (10 July) on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group. All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis."
        https://www.nationalcrimeagency.gov.uk/news/retail-cyber-attacks-nca-arrest-four-for-attacks-on-m-s-co-op-and-harrods
        https://www.theregister.com/2025/07/10/nca_arrests_four_in_connection/
        https://www.bleepingcomputer.com/news/security/four-arrested-in-uk-over-mands-co-op-harrod-cyberattacks/
        https://therecord.media/uk-arrests-four-ransomware-ms-harrods-co-op
        https://thehackernews.com/2025/07/four-arrested-in-440m-cyber-attack-on.html
        https://www.darkreading.com/cyberattacks-data-breaches/4-arrested-uk-marks-spencer-co-op-harrods-hacks
        https://www.bankinfosecurity.com/british-police-bust-four-scattered-spider-suspects-in-england-a-28934
        https://www.infosecurity-magazine.com/news/four-arrested-uk-retail-attacks/
        https://cyberscoop.com/scattered-spider-arrests-uk-nca-marks-and-spencer/
        https://hackread.com/uk-arrests-woman-men-cyberattacks-ms-co-op-harrods/
        https://www.helpnetsecurity.com/2025/07/10/ms-ransomware-attackers-arrested/
        https://www.securityweek.com/four-arrested-in-uk-over-ms-co-op-cyberattacks/
        https://securityaffairs.com/179806/cyber-crime/uk-nca-arrested-four-people-over-ms-co-op-cyberattacks.html
      • Latin America 2025 Mid-Year Cyber Snapshot Reveals 39% Surge In Attacks As AI Threats Escalate Regional Risk
        "Latin America is grappling with an elevated rate of cyber attacks in the first half of 2025. Organizations in the region are being targeted by an average of 2,716 attacks per week, which is 39% higher than the global weekly average of 1,955. New insights from Check Point Research reveal an escalating wave of threats, marked by advanced malware, government-linked operations, and vulnerabilities tied to cloud platforms."
        https://blog.checkpoint.com/research/latin-america-2025-mid-year-cyber-snapshot-reveals-39-surge-in-attacks-as-ai-threats-escalate-regional-risk/
      • Browser Exploits Wane As Users Become The Attack Surface
        "Browser exploits continue to haunt enterprise security. In May, Microsoft patched a browser vulnerability that could allow attackers to force Edge users into Internet Explorer compatibility mode, reducing security protections. A year ago, Google patched three vulnerabilities in its Chrome browser — two that could lead to a sandbox escape and one that could allow code execution."
      • **https://www.darkreading.com/vulnerabilities-threats/browser-exploits-wane-users-become-attack-surface
      • Catching Smarter Mice With Even Smarter Cats**
        "From the beginning, the antivirus world has been a cat-and-mouse game, where malware authors and antivirus engineers constantly adapt their code to bypass or catch each other. Artificial Intelligence is bringing the game to the next level, with malware authors using AI to improve their malware[1] and anti-virus engineers using AI to assist them with reverse engineering[2]."
        https://www.fortinet.com/blog/threat-research/catching-smarter-mice-with-even-smarter-cats
      • LLMs Fall Short In Vulnerability Discovery And Exploitation
        "Large language models (LLMs) are still falling short in performing vulnerability discovery and exploitation tasks. Many threat actors therefore remain skeptical about using AI tools for such roles. This is according to new research by Forescout Research – Vedere Labs, which tested 50 current AI models from commercial, open source and underground sources to evaluate their ability to perform vulnerability research (VR) and exploit development (ED). VR tasks aimed to identify a specific vulnerability in a short code snippet. ED tasks sought to generate a working exploit for a vulnerable binary."
        https://www.infosecurity-magazine.com/news/llms-fall-vulnerability-discovery/
      • What Can Businesses Do About Ethical Dilemmas Posed By AI?
        "Almost every business, whether small or large, now possesses several AI systems that claim to deliver better efficiency, time savings, and quicker decision-making. Through their ability to handle large volumes of data, AI tools minimize trial errors to an absolute minimum, enabling quicker go-to-market. But these transformative benefits are lately being offset by concerns that these intricate, impenetrable machines might be causing more harm to society than benefit to business. Privacy and surveillance, discrimination, and bias top the concern list. Let’s explore the top ethical dilemmas surrounding AI."
        https://www.securityweek.com/what-can-businesses-do-about-ethical-dilemmas-posed-by-ai/
      • SOC Threat Radar — July 2025
        "Over the last month, Barracuda Managed XDR’s security solutions, threat intelligence and SOC analysts identified developments that organizations should be aware of, including:
      • A 35% rise in infostealer detections
      • A 56% rise in threats targeting Linux servers
      • A 13% rise in suspicious logins for AWS consoles"
        https://blog.barracuda.com/2025/07/10/soc-threat-radar-july-2025
      • At Last, a Use Case For AI Agents With Sky-High ROI: Stealing Crypto
        "Using AI models to generate exploits for cryptocurrency contract flaws appears to be a promising business model, though not necessarily a legal one. Researchers with University College London (UCL) and the University of Sydney (USYD) in Australia have devised an AI agent that can autonomously discover and exploit vulnerabilities in so-called smart contracts. Smart contracts, which have never lived up to their name, are self-executing programs on various blockchains that carry out decentralized finance (DeFi) transactions when certain conditions are met."
        https://www.theregister.com/2025/07/10/ai_agents_automatically_steal_cryptocurrency/
        https://arxiv.org/abs/2507.05558

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5ceb878a-6263-4f6c-8467-f80d72c3d354-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post