NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 July 2025

    Cyber Security News
    1
    1
    349
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Critical Vulnerabilities Found In Tridium Niagara Framework
        "Tridium’s Niagara Framework® is a leading software framework designed to connect, manage, and control diverse devices in building management, industrial automation, and smart infrastructure environments. It acts as a middleware platform that enables different systems — such as HVAC, lighting, energy management, and security — to interoperate seamlessly, making it a critical backbone for many internet of things (IoT) technologies across industries worldwide."
        https://www.nozominetworks.com/blog/critical-vulnerabilities-found-in-tridium-niagara-framework
        https://www.bankinfosecurity.com/honeywell-smart-building-middleware-vulnerable-a-29041
      • CISO Conversations: How IT And OT Security Worlds Are Converging
        "Dark Reading's Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats."
        https://www.darkreading.com/ics-ot-security/ciso-conversations-convergence-of-it-and-ot-security

      New Tooling

      • Cervantes: Open-Source, Collaborative Platform For Pentesters And Red Teams
        "Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and reports, all in one place. By streamlining data organization and team coordination, it helps reduce the time and complexity involved in planning and executing penetration tests. As an open-source solution under the OWASP umbrella, it understands the specific needs of penetration testers from managing targets to organizing vulnerabilities, proof-of-concepts and remediation recommendations."
        https://www.helpnetsecurity.com/2025/07/23/cervantes-open-source-collaborative-platform-pentesters-red-teams/
        https://github.com/CervantesSec/cervantes

      Vulnerabilities

      • Critical Vulnerabilities Patched In Sophos Firewall
        "Sophos this week announced the rollout of patches for five vulnerabilities in Sophos Firewall that could lead to remote code execution (RCE). The first issue, tracked as CVE-2025-6704 (CVSS score of 9.8), is a critical arbitrary file writing flaw in the Secure PDF eXchange (SPX) feature of the appliance that could allow remote, unauthenticated attackers to execute arbitrary code. According to Sophos’s advisory, the bug impacts only a fraction of firewall deployments, as it can only be triggered if a specific configuration of SPX is enabled and if the firewall is running in High Availability (HA) mode."
        https://www.securityweek.com/critical-vulnerabilities-patched-in-sophos-firewall/
        https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
        https://securityaffairs.com/180283/security/sophos-addressed-five-sophos-firewall-vulnerabilities.html
      • High-Severity Flaws Patched In Chrome, Firefox
        "Google and Mozilla on Tuesday announced a fresh round of updates for Chrome and Firefox, including patches for several high-severity memory safety vulnerabilities. The newly announced Chrome 138 refresh is the third since the browser version was promoted to the stable channel. The previous updates Google rolled out resolved two exploited zero-days, namely CVE-2025-6558 and CVE-2025-6554. On Tuesday, Chrome received patches for three security defects, including two reported by security researcher Shaheen Fazim earlier this month. The two flaws, tracked as CVE-2025-8010 and CVE-2025-8011, are high-severity type confusion issues impacting the browser’s V8 JavaScript engine."
        https://www.securityweek.com/high-severity-flaws-patched-in-chrome-firefox/

      Malware

      • Malicious LNK Disguised As Credit Card Security Email Authentication Pop-Up
        "AhnLab SEcurity intelligence Center (ASEC) has recently identified a case where a malicious LNK file is disguised as the credit card security email authentication pop-up to steal user information. The identified malicious LNK file has the following file name, disguising itself as the credit card company."
        https://asec.ahnlab.com/en/89156/
      • China Warns Citizens To Beware Backdoored Devices, On Land And Under The Sea
        "China’s Ministry of State Security has spent the week warning of backdoored devices on land and at sea. On Monday, the Ministry used its WeChat channel to publish a lengthy warning about backdoors in devices and supply chain attacks on software. The post explains that some developers and manufacturers install backdoors as innocent tools to allow maintenance, but that criminals later use them for nefarious purposes."
        https://www.theregister.com/2025/07/23/china_backdoor_alerts/
      • Signed, Sealed, Altered? Deepdive Into PDF Tempering
        "PDFs are ubiquitous in today’s digital world. We trust them for important documents, contracts, and records. But what if the seemingly official PDF wasn’t what it appeared to be? The reality is, PDF files can be manipulated, and forgery is more common than you might think."
        https://www.group-ib.com/blog/pdf-tempering/
      • Npm ‘is’ Package Hijacked In Expanding Supply Chain Attack
        "In the wake of the npm phishing campaign we reported on last Friday, which began with a typosquatted domain (npnjs[.]com) targeting developers, the situation has continued to escalate. Notably, This Week in React curator Sébastien Lorber pointed out that spoofed emails from npmjs.org slipped through due to missing DMARC and SPF records on the .org domain. Shortly after our initial warning, we alerted developers about popular compromised packages like eslint-config-prettier and eslint-plugin-prettier, which were published using stolen maintainer credentials."
        https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack
        https://www.bleepingcomputer.com/news/security/npm-package-is-with-28m-weekly-downloads-infected-devs-with-malware/
      • Stopping Ransomware: How a Hybrid Mesh Architecture Disrupts The Attack Chain Part Three
        "In parts one and two, we explored the ransomware attack chain, the shortcomings of fragmented defenses, and the advantages of a unified hybrid mesh approach. In part three, Pete Nicoletti joins us to share practical steps CISOs can take right now to start building a hybrid mesh architecture that effectively counters ransomware threats. Finally, we outline Check Point’s vision and strategy for delivering Hybrid Mesh Security."
        https://blog.checkpoint.com/security/stopping-ransomware-how-a-hybrid-mesh-architecture-disrupts-the-attack-chain-part-three/
      • Fake Zoom Call Lures For Zoom Workplace Credentials
        "We’ve all been there — technical mishaps in a Zoom meeting that have you scrambling to rejoin. But what if that connection issue wasn’t real? The Cofense Phishing Defense Center (PDC) recently observed a new phishing campaign in which threat actors are leveraging these exact problems to harvest credentials of users via a Zoom-themed attack. Here’s how it works."
        https://cofense.com/blog/fake-zoom-call-lures-for-zoom-workplace-credentials
      • No Tell Motel: Trustwave Exposes The Secrets Of Dark Web Travel Agencies
        "Dark web travel agencies have emerged as one of the more sophisticated and lucrative operations within the underground economy. As mentioned in the Wall Street Journal's coverage of Trustwave’s research, these shadowy enterprises offer dramatically discounted flights, luxury hotel stays, rental vehicles, and entire vacation packages, all facilitated through stolen credit card information, compromised loyalty program accounts, and forged identification documents. However, what might appear to some to be cheap travel deals, are in fact the final link in a chain of digital crime."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/no-tell-motel-trustwave-exposes-the-secrets-of-dark-web-travel-agencies/
        https://www.darkreading.com/remote-workforce/dark-web-hackers-moonlight-travel-agents
      • Phishing Campaign Imitating U.S. Department Of Education (G5)
        "PreCrime™ Labs, the threat research team at BforeAI, identifies a phishing campaign currently targeting the U.S. Department of Education’s G5 portal, which is used for managing grants and federal education funding. Multiple lookalike domains have been observed spoofing the G5 login page in an attempt to harvest login credentials from legitimate users. These domains attempt to clone or imitate the official G5.gov interface and may be targeting education professionals, grant administrators, or vendors tied to the U.S. Department of Education. This activity is particularly alarming given the recent Trump Administration announcement of 1,400 layoffs at the Department of Education, which may create confusion and an opportunity for social engineering."
        https://bfore.ai/report/phishing-campaign-imitating-united-states-department-of-education-g5/
        https://www.darkreading.com/threat-intelligence/department-of-education-site-phishing-scheme
        https://www.helpnetsecurity.com/2025/07/23/us-education-department-phishing-g5/
      • A Special Mission To Nowhere
        "On June 13, 2025, Israel launched a sweeping pre-emptive operation targeting Iran’s military leadership, conventional military sites, air defenses, and nuclear infrastructure. The campaign was dubbed Operation Rising Lion by the Israeli government and military. Last month, Fortinet published a blog detailing the new realities of cyber warfare highlighted by this recent conflict. What followed was a 12-day exchange of strikes and counterstrikes between the two countries, resulting in significant damage and widespread fear and uncertainty among civilians caught in the middle. Following US involvement through Operation Midnight Hammer, a ceasefire was announced and has so far been maintained."
        https://www.fortinet.com/blog/threat-research/a-special-mission-to-nowhere
      • Illusory Wishes: China-Nexus APT Targets The Tibetan Community
        "In June 2025, Zscaler ThreatLabz collaborated with TibCERT to investigate two cyberattack campaigns targeting the Tibetan community. Our analysis linked these attacks, dubbed Operation GhostChat and Operation PhantomPrayers, to a China-nexus APT group, which capitalized on increased online activity around the Dalai Lama's 90th birthday to distribute malware in multi-stage attacks. In this blog post, we outline how the attackers compromised a legitimate website, redirecting users via a malicious link and ultimately installing either the Ghost RAT or PhantomNet (SManager) backdoor onto victim systems."
        https://www.zscaler.com/blogs/security-research/illusory-wishes-china-nexus-apt-targets-tibetan-community
      • Beyond Mimo’lette: Tracking Mimo's Expansion To Magento CMS And Docker
        "Through investigations into a string of workload compromises involving ecommerce sites, the Datadog Security Research team discovered that the Mimo threat actor (also known as Mimo'lette), previously known for targeting the Craft content management system (CMS), has evolved its tactics to compromise the Magento ecommerce CMS platform through exploitation of an undetermined PFP-FPM vulnerability. In one instance, over a multi-day operation, we observed a threat actor employing sophisticated persistence mechanisms and evasion techniques. Based on these observables, IoCs, and activity described by Sekoia, we were able to attribute this intrusion to Mimo."
        https://securitylabs.datadoghq.com/articles/beyond-mimolette-tracking-mimo-expansion-magento-cms-docker/
        https://thehackernews.com/2025/07/threat-actor-mimo-targets-magento-and.html

      Breaches/Hacks/Leaks

      • US Nuclear Weapons Agency Hacked In Microsoft SharePoint Attacks
        "Unknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. NNSA is a semi-autonomous U.S. government agency part of the Energy Department that maintains the country's nuclear weapons stockpile and is also tasked with responding to nuclear and radiological emergencies within the United States and abroad. A Department of Energy spokesperson confirmed in a statement that hackers gained access to NNSA networks last week."
        https://www.bleepingcomputer.com/news/security/us-nuclear-weapons-agency-hacked-in-microsoft-sharepoint-attacks/
        https://www.darkreading.com/cyberattacks-data-breaches/us-nuclear-agency-hacked-microsoft-sharepoint
        https://www.bankinfosecurity.com/us-nuclear-agency-breach-tied-to-sharepoint-zero-days-a-29037
      • Another Medical Practice Closes Its Doors After Cyberattack
        "Another small medical care provider has shut its doors forever as the result of a recent "devastating" cyberattack and data theft. Georgia-based Ascension Health Services LLC - which did business as Alpha Wellness & Alpha Medical Centre - decided to permanently pull the plug on its operations in April following an attack allegedly carried out by cybercriminal gang RansomHub, which lists the practices as a victim on its darkweb site. Alpha Medical Centre and Wellness on July 8 reported to the U.S. Department of Health and Human Services a HIPAA breach involving a hacking/IT incident on a network server, which affected 1,714 individuals."
        https://www.bankinfosecurity.com/another-medical-practice-closes-its-doors-after-cyberattack-a-29034
      • France: New Data Breach Could Affect 340,000 Jobseekers
        "The French employment agency, France Travail, has suffered a data breach that could affect hundreds of thousands of jobseekers. The agency sent an email to its users on July 22, warning them of a data breach that was detected on July 13 on its “employment” portal, which is used by its partners. The breach could have exposed personal data of 340,000 users, including names, postal and email addresses, phone numbers, France Travail identifiers and jobseeker statuses. The agency assured that users’ passwords and bank details are not affected."
        https://www.infosecurity-magazine.com/news/france-data-breach-jobseekers/

      General News

      • Phishing Simulations: What Works And What Doesn’t
        "Phishing is one of the oldest and most effective scams used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before AI became mainstream, phishing emails often gave themselves away. They were full of grammar mistakes and awkward wording, making them easier to spot. That’s changed. Today’s phishing attacks are much more convincing, often looking just like real messages."
        https://www.helpnetsecurity.com/2025/07/23/phishing-simulations-effectiveness-in-organizations/
      • Ports Are Getting Smarter And More Hackable
        "A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is increasingly under attack by threat actors tied to Russia, Iran, and China. These ports are essential to national economies and serve as key hubs in NATO’s logistics network. Many remain under civilian control with limited integration into military cybersecurity strategies, leaving serious gaps in defence coordination."
        https://www.helpnetsecurity.com/2025/07/23/ccdcoe-maritime-port-cyber-attacks/
      • The Fraud Trends Shaping 2025: Pressure Builds On Online Retailers
        "Fraud is growing faster than revenue in eCommerce. That’s one of the first things PwC and Forter point out in their new report, and it’s a wake-up call for online retailers. Right now, eCommerce leaders are dealing with a mix of challenges: economic ups and downs, political uncertainty, more cyber threats, and new fraud rules kicking in on 1st September. The report focuses on what’s happening outside the business. These are things that fraud teams can’t always control but need to prepare for. The idea is to give retailers a picture of where fraud is coming from and what’s pushing it forward."
        https://www.helpnetsecurity.com/2025/07/23/biggest-fraud-trends-2025/
      • Global Ransomware Attacks Plummet 43% In Q2 2025
        "Ransomware attacks fell by 43% globally in Q2 2025 compared to Q1, with law enforcement actions and internal conflicts having a major impact on the threat landscape, according to new findings from NCC Group. A total of 1180 attacks were recorded from April to June, which compares to 2074 attacks in Q1. The firm also observed that claimed ransomware attacks fell for the fourth consecutive month in June 2025, down by 6% from May to 371. The slowdown in Q2 followed a dramatic rise in attacks in the first three months of the year, which was driven by aggressive campaigns from dominant groups such as Clop, RansomHub and Akira."
        https://www.infosecurity-magazine.com/news/ransomware-attacks-plummet-q2/
      • Ukraine Arrests Suspected Admin Of XSS Russian Hacking Forum
        "The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. XSS.is is a Russian-speaking cybercrime forum that has been active since 2013 and is widely regarded as one of the major online hubs for cybercriminal activity, with over 50,000 registered users. The platform was used to sell malware, access to compromised systems, advertise ransomware-as-a-service (RaaS) platforms, and discuss illegal activities."
        https://www.bleepingcomputer.com/news/security/ukraine-arrests-suspected-admin-of-xss-russian-hacking-forum/
        https://therecord.media/suspected-xss-cybercrime-marketplace-admin-arrested
        https://cyberscoop.com/xss-cybercrime-forum-admin-arrest/
        https://www.infosecurity-magazine.com/news/suspected-xss-forum-admin-arrested/
        https://hackread.com/suspected-xss-is-admin-cybercrime-forum-arrest-ukraine/
        https://hackread.com/xss-is-cybercrime-forum-seized-ukraine-arrested-admin/
        https://www.securityweek.com/france-says-administrator-of-cybercrime-forum-xss-arrested-in-ukraine/
        https://securityaffairs.com/180278/cyber-crime/french-authorities-confirm-xss-is-admin-arrested-in-ukraine.html
        https://www.helpnetsecurity.com/2025/07/23/europol-cybercrime-operation-xss-is-admin-arrest/
      • Cyber First Responders: Once More Unto The Breach
        "When disaster strikes, most people think of fire trucks, ambulances and emergency broadcast alerts. They don't picture a cybersecurity analyst rerouting traffic through a backup server. They don't imagine a SOC team scanning logs in the middle of the night while a hurricane makes landfall. They rarely need to think about how many lives depend on the stability and security of digital infrastructure."
        https://www.bankinfosecurity.com/blogs/cyber-first-responders-once-more-unto-breach-p-3917
      • Chinese Hackers' Evolution From Vandals To Strategists
        "Chinese nation-state hackers share tools. Their techniques overlap. Observers of the Sino hacking scene can trace a web of intersecting contractors and businesses that underpin campaigns such as the hacking of U.S. telecoms by Salt Typhoon. There may be an even more fundamental reason why Beijing-linked cyber operations show recurring patterns: a group of 40 hackers who came up together in the "patriotic hacking" scene in the late 1990s and early 2000s, "whose leadership, technical skills and entrepreneurial ventures had a lasting impact on China's cybersecurity ecosystem," posits a study from Eugenio Benincasa, a senior security researcher at ETH Zurich."
        https://www.bankinfosecurity.com/chinese-hackers-evolution-from-vandals-to-strategists-a-29033
        https://www.research-collection.ethz.ch/handle/20.500.11850/743657
      • Stop AI Bot Traffic: Protecting Your Organization's Website
        "When Internet users are online shopping, paying their bills, or Googling answers to their questions, what they may not realize is there are others perusing the same website they are on. The difference between them is that while some may be human, others often are not. According to Imperva's "2024 Bad Bot Report," for the first time in a decade, automated traffic surpassed human activity online, accounting for 51% of all Web traffic last year. Compared with 2023, in which malicious bots made up for 32% of Internet traffic, this number has risen to 37% in 2025."
        https://www.darkreading.com/threat-intelligence/stop-ai-bot-traffic-protecting-organizations
      • Should We Trust AI? Three Approaches To AI Fallibility
        "The promise of agentic AI is compelling: increased operational speed, increased automation, and lower operational costs. But have we ever paused to seriously ask the question: can we trust this thing? Agentic AI is a class of large language model (LLM) AI that can respond to inputs, set its own goals, and interact with other tools to achieve those goals – without necessarily requiring human intervention. Such tools are generally built on top of major generative AI (gen-AI) models typified by ChatGPT; so, before asking if we can trust agentic AI, we should ask if we can trust gen-AI."
        https://www.securityweek.com/should-we-trust-ai-three-approaches-to-ai-fallibility/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 2ef0fbdd-7e0c-409f-9d99-1d837b885d29-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post