NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 18 August 2025

    Cyber Security News
    1
    1
    485
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Obot MCP Gateway: Open-Source Platform To Securely Manage The Adoption Of MCP Servers
        "Obot MCP Gateway is a free, open-source gateway that enables IT organizations to securely manage and scale adoption of Model Context Protocol (MCP) servers. MCPs are becoming the standard for how AI agents interface with real-world systems. Without a control layer, organizations risk shadow infrastructure, data exposure, and fragmented adoption."
        https://www.helpnetsecurity.com/2025/08/15/obot-mcp-gateway-adoption-mcp-servers/
        https://github.com/obot-platform/obot

      Vulnerabilities

      • Cisco Warns Of Max Severity Flaw In Firewall Management Center
        "Cisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. Cisco FCM is a management platform for the vendor’s Secure Firewall products, which provides a centralized web or SSH-based interface to allow administrators to configure, monitor, and update Cisco firewalls. RADIUS in FMC is an optional external authentication method that permits connecting to a Remote Authentication Dial-In User Service server instead of local accounts."
        https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-flaw-in-firewall-management-center/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79
        https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html
        https://cyberscoop.com/cisco-vulnerability-secure-firewall-management-center/
        https://www.infosecurity-magazine.com/news/cisco-critical-rce-flaw-firewall/
        https://www.securityweek.com/cisco-patches-critical-vulnerability-in-firewall-management-platform/
        https://securityaffairs.com/181182/security/cisco-fixed-maximum-severity-security-flaw-in-secure-firewall-management-center.html
        https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/
        Plex Warns Users To Patch Security Vulnerability Immediately
        "Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. The company has yet to assign a CVE-ID to track the flaw and didn't provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x. Yesterday, four days after releasing security updates that addressed the mysterious security bug, Plex emailed those running affected versions to update their software as soon as possible."
        https://www.bleepingcomputer.com/news/security/plex-warns-users-to-patch-security-vulnerability-immediately/
      • Researcher To Release Exploit For Full Auth Bypass On FortiWeb
        "A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinet released a fix on August 12. Security researcher Aviv Y named the vulnerability FortMajeure and describes it as a "silent failure that wasn’t meant to happen." Technically, it is an out-of-bounds read in FortiWeb’s cookie parsing that lets an attacker set the Era parameter to an unexpected value."
        https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/

      Malware

      • UAT-7237 Targets Taiwanese Web Hosting Infrastructure
        "Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. UAT-7237 conducted a recent intrusion targeting web infrastructure entities within Taiwan and relies heavily on the use of open-sourced tooling, customized to a certain degree, likely to evade detection and conduct malicious activities within the compromised enterprise. UAT-7237 aims to establish long-term persistence in high-value victim environments."
        https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/
        https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html
        https://www.theregister.com/2025/08/15/typhoonadjacent_chinese_crew_taiwan_web_servers/
        https://securityaffairs.com/181195/apt/taiwan-web-infrastructure-targeted-by-apt-uat-7237-with-custom-toolset.html
      • Police Bust Crypto Scammers, Nab Smishing SMS Blaster Operator
        "Thai police arrest SMS Blaster operator in smishing scam and bust crypto laundering gang moving $30M monthly through cross-border networks. Learn how law enforcement arrested on-the-ground scam operators with SMS blasters and dismantled a cross-border money laundering network. A series of successful operations by Thai law enforcement has led to the disruption of two distinct cybercrime rings. In separate cases, police have targeted the low-level operators of physical scam equipment and a high-level, international money laundering network."
        https://hackread.com/police-bust-crypto-scam-smishing-sms-blaster-operator/
      • Supply Chain Risk In Python: Termncolor And Colorinal Explained
        "Zscaler ThreatLabz continually monitors threats in our Python scanning database, uncovering risks that may signal potential supply chain attacks. On July 22, 2025, ThreatLabz encountered a suspicious Python package named termncolor, which at first glance appeared benign but actually introduced malicious behavior through its dependency, colorinal. In this blog post, ThreatLabz dives into termncolor and its role in enabling a multi-stage malware operation. This attack could leverage DLL sideloading to facilitate decryption, establish persistence, and conduct command-and-control (C2) communication, ending in remote code execution (RCE)."
        https://www.zscaler.com/blogs/security-research/supply-chain-risk-python-termncolor-and-colorinal-explained
      • Ghost-Tapping And The Chinese Cybercriminal Retail Fraud Ecosystem
        "Ghost-tapping is a relatively new and popular attack vector used mainly by Chinese-speaking threat actors who use Near Field Communication (NFC) relay tactics to commit retail fraud by using stolen payment card details linked to mobile payment services (such as Apple Pay and Google Pay). This technique allows these threat actors to provide mules with stolen payment card details linked to contactless payment systems in person to obtain physical goods, eventually transporting and reselling stolen goods for profit. Insikt Group analysts identified a key threat actor on Telegram, @webu8, advertising burner phones and ghost-tapping services to Chinese-speaking threat groups (hereafter referred to as syndicates) and engaged with threat actors involved in retail fraud campaigns."
        https://www.recordedfuture.com/research/ghost-tapping-chinese-criminal-ecosystem
        https://therecord.media/scammers-ghost-tapping-retail-fraud-launder-cash
      • LLM Chatbots Trivial To Weaponize For Data Theft, Say Boffins
        "A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users’ personal data, even by attackers with "minimal technical expertise”, thanks to "system prompt" customization tools from OpenAI and others. "AI chatbots are widespread in many different sectors as they can provide natural and engaging interactions," author Xiao Zhan, a postdoc in King's College London's Department of Informatics, explained in a statement issued ahead of her paper's presentation at the 34th USENIX Security Symposium this week."
        https://www.theregister.com/2025/08/15/llm_chatbots_trivial_to_weaponise/
      • When Hackers Call: Social Engineering, Abusing Brave Support, And EncryptHub’s Expanding Arsenal
        "Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group. Social engineering remains one of the most effective tools in a cybercriminal’s arsenal, and the emerging threat group EncryptHub has hopped right on the bandwagon to leverage."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/when-hackers-call-social-engineering-abusing-brave-support-and-encrypthubs-expanding-arsenal/
        https://thehackernews.com/2025/08/russian-group-encrypthub-exploits-msc.html
        https://securityaffairs.com/181203/cyber-crime/encrypthub-abuses-brave-support-in-new-campaign-exploiting-msc-eviltwin-flaw.html
      • Scammers Compromised By Own Malware, Expose $4.67M Operation
        "Cybersecurity intelligence firm CloudSEK has uncovered a sophisticated, family-run multi-million-dollar cybercrime operation based out of Pakistan. CloudSEK’s TRIAD team’s investigation revealed a syndicate that’s been active for at least five years. Reportedly, the group’s primary strategy was to exploit people looking for free, pirated software. They used SEO poisoning and forum spam to post links on legitimate online communities and search engines that led to malicious websites."
        https://hackread.com/scammers-compromised-by-malware-expose-operation/
        https://www.cloudsek.com/whitepapers-reports/the-anatomy-of-an-attack-pakistan-based-infostealer-delivery-network-exposed
      • Hunt.io Exposes And Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak
        "In March 2024, Hunt.io discovered and obtained the complete ERMAC V3.0 source code, giving us a rare opportunity to study a live and actively maintained Malware-as-a-Service platform from the inside. Full source code leaks of active and operational threats are uncommon, and this one offers a unique chance for attribution, infrastructure mapping, and identifying exploitable weaknesses. Its earliest versions were built using the leaked Cerberus source code, and by late 2023, version 2.0 had incorporated large portions of the Hook botnet's codebase. The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target more than 700 banking, shopping, and cryptocurrency applications."
        https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
        https://thehackernews.com/2025/08/ermac-v30-banking-trojan-source-code.html
        https://securityaffairs.com/181217/uncategorized/ermac-3-0-source-code-leak-reveals-expanding-threat.html

      Breaches/Hacks/Leaks

      • Colt Telecom Attack Claimed By WarLock Ransomware, Data Up For Sale
        "UK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online, and Voice API platforms. The British telecommunications and network services provider disclosed that the attack started on August 12 and the disruption continues as its IT staff works around the clock to mitigate its effects. Founded in 1992 as City of London Telecommunications (COLT) and acquired by Fidelity Investments in 2015, Colt is a major telecommunications service provider operating in 30 countries across Europe, Asia, and North America. The company employs 75,000 km of fiber networks linking 900 data centers."
        https://www.bleepingcomputer.com/news/security/colt-telecom-attack-claimed-by-warlock-ransomware-data-up-for-sale/
        https://www.darkreading.com/cyberattacks-data-breaches/colt-telecommunications-cyber-incident
        https://therecord.media/uk-colt-outages-cyber-incident
        https://www.theregister.com/2025/08/15/london_telco_colts_services_disrupted/
        https://www.bankinfosecurity.com/ransomware-allegations-surface-as-colt-outages-continue-a-29239
        https://securityaffairs.com/181247/data-breach/colt-technology-faces-multi-day-outage-after-warlock-ransomware-attack.html
      • Pakistan's Oil And Gas Sector Hit By Blue Locker Ransomware
        "The oil and gas sector in Pakistan is on high alert following a ransomware attack against the state-owned oil and gas company - an instance of ransomware impacting critical infrastructure in a year that has already tallied hundreds of incidents. "Pakistan Petroleum has been impacted severely and some other organizations were also attacked, but our deployed system is detecting and blocking it continuously," Imran Haider, a spokesman for Pakistan's National Cyber Emergency Response Team told Arab News. The company supplies more than a fifth of the nation's national gas supplies."
        https://www.bankinfosecurity.com/pakistans-oil-gas-sector-hit-by-blue-locker-ransomware-a-29232
        https://securityaffairs.com/181173/malware/blue-locker-ransomware-targeting-oil-gas-sector-in-pakistan.html
      • National Public Data Returns After Massive Social Security Number Leak
        "Remember that data broker nobody had ever heard of, but managed to leak a database which contained the data of some 2.9 billion people? It’s back, and this time with a search function. National Public Data suffered an alleged breach in 2024 against a data base that, it turned out, carried 272 million unique social security numbers (SSNs.) Granted, that there are limits to the safety of using a nine-digit ID in 2025, but the news that the folks at National Public Data have decided it’s time for a comeback made me slightly nauseous."
        https://www.malwarebytes.com/blog/news/2025/08/national-public-data-returns-after-massive-social-security-number-leak
      • Threat Actor Claims To Sell 15.8 Million Plain-Text PayPal Credentials
        "A threat actor using the name Chucky_BF on a cybercrime and hacker forum is advertising what they claim to be a massive PayPal data dump. The post describes a trove labeled “Global PayPal Credential Dump 2025,” allegedly containing more than 15.8 million records of email and plaintext password pairs. The size of the dataset is said to be 1.1GB, and according to the seller, the leak covers accounts from many email providers and users in different parts of the world. What makes this claim threatening is not just the number of exposed accounts but also the type of data said to be included. Other than the email and password combinations, the seller mentions that many records come with URLs directly linked to PayPal services."
        https://hackread.com/threat-actor-selling-plain-text-paypal-credentials/

      General News

      • Using Security Expertise To Bridge The Communication Gap
        "When I took on the dual role of leading product management and engineering for our network security group, I quickly realized the challenge wasn't just building great technology. It was making sure our engineering team could focus on what matters most while effectively communicating the value of our work to business leaders. This communication gap between technical specialists and the C-suite can be found in companies everywhere. A whole lot of brilliant security professionals and engineers struggle to translate their complex work into terms that resonate with executives."
        https://www.darkreading.com/cybersecurity-operations/using-security-expertise-bridge-communication-gap
      • Agentic AI Use Cases For Security Soar, But Risks Demand Close Attention
        "Use cases for artificial intelligence (AI) and agentic AI continue to erupt across a variety of industries. But removing the human element still poses alarming security risks, warn experts. While AI enabled organizations to work faster, emerging agentic AI systems have turned up the notch on automation. Agents can provide real time blocking capabilities, address increased cost and budget challenges CISOs face, and help SOC teams manage immense amounts of critical data. Adoption is burgeoning as highlighted in a recent Cloudera report that found 57% of organizations started to implement AI agents within the last two years, and 21% did over the last year. And those numbers will only continue to grow – 96% of surveyed respondents confirmed they plan to expand their use of AI agents in the next 12 months."
        https://www.darkreading.com/cloud-security/agentic-ai-use-cases-soar-but-risks-demand-close-attention
      • NIST Digital Identity Guidelines Evolve With Threat Landscape
        "In a bid to improve overall security of the identity ecosystem, the National Institute of Standards and Technology updated its Digital Identity Guidelines earlier this month. The first revision since 2017, many organizations should be able to implement the updated guidelines without much difficulty as part of their identity strategy. Attackers are always sharpening their skills to bypass organizations' identity and access management (IAM) protocols – the key to gaining critical access - and artificial intelligence (AI) is making phishing attacks even more effective, and deepfakes are tricking even the most security-savvy mind. New authentication measures such as passwordless technologies, exist, but implementation challenges have hindered adoption."
        https://www.darkreading.com/identity-access-management-security/nist-digital-identity-guidelines-evolve-with-threat-landscape
        https://csrc.nist.gov/pubs/sp/800/63/4/final
      • New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework
        "NIST has released a concept paper for new control overlays to secure AI systems, built on the SP 800-53 framework. Learn what the new framework covers and why experts are calling for more detailed descriptions. In a significant step towards managing the security risks of artificial intelligence (AI), the National Institute of Standards and Technology (NIST) has released a new concept paper that proposes a framework of control overlays for securing AI systems."
        https://hackread.com/nist-concept-paper-ai-specific-cybersecurity-framework/
        https://csrc.nist.gov/csrc/media/Projects/cosais/documents/NIST-Overlays-SecuringAI-concept-paper.pdf
      • How Military Leadership Prepares Veterans For Cybersecurity Success
        "In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity. Drawing on habits such as disciplined preparation, blunt honesty, and adaptive decision-making, veterans bring a blend of defensive and offensive planning skills to high-stakes cyber operations. Their leadership experience fosters trust, cohesion, and problem-solving, qualities that can transform cybersecurity teams."
        https://www.helpnetsecurity.com/2025/08/15/warren-odriscoll-ntt-data-veterans-cybersecurity-leadership/
      • Cyber Insurance Market Shows Early Signs Of Maturity
        "The cyber insurance market is entering a new phase of evolution and showing early signs of maturity, according to recent research from Arctic Wolf. Brokers and carriers are taking on different but connected roles to help customers get policies. Brokers advise clients and arrange coverage, while carriers work behind the scenes to evaluate and manage risk. Currently, only 47% of eligible organizations have a cyber insurance policy, indicating a substantial opportunity for market expansion. This adoption rate varies across regions. North America leads the market but has a lower coverage rate of 45% compared to Europe, where 50% of organizations in the U.K. and Ireland and 54% in the DACH region have cyber insurance."
        https://www.helpnetsecurity.com/2025/08/15/cyber-insurance-market-maturity/
      • Employees Race To Build Custom AI Apps Despite Security Risks
        "The latest Netskope findings show a 50% increase in GenAI platform usage among enterprise end-users, driven by growing employee demand for tools to develop custom AI applications and agents. Despite an ongoing shift toward safe enablement of SaaS GenAI apps and AI agents, the growth of shadow AI, unsanctioned AI applications in use by employees, continues to compound potential security risks, with over 50% of all current app adoption estimated to be shadow AI."
        https://www.helpnetsecurity.com/2025/08/15/shadow-ai-genai-apps/
      • Majority Of Organizations Ship Vulnerable Code, Study Finds
        "As AI-generated code becomes more mainstream, a new study by Checkmarx reveals that 81% of organizations knowingly ship vulnerable code. According to a study of 1500 CISOs, AppSec managers and developers, half of respondents already use AI security code assistances and 34% admitted that more than 60% of their code is AI generated. This is despite AI-generated code often containing known vulnerabilities by default. The findings are part of a Checkmarx study titled Future of Application Security in the Era of AI published on 14 August, 2025."
        https://www.infosecurity-magazine.com/news/majority-of-orgs-ship-vulnerable/
        https://checkmarx.com/report-future-of-appsec-2025/
      • The Company Help Desk Is Also a Threat Vector
        "Your help desk is meant to solve problems—not create them. Yet, as attackers have become more skilled in social engineering, they’ve increasingly turned the help desk into a powerful entry point for cyberattacks. Unless you’re talking about malicious insiders or employee mistakes, it is counterintuitive to think of the help desk as a threat vector. After all, it is the tech support team we’re talking about. These employees are IT professionals who are trained in company policies and have at least a basic knowledge of cybersecurity. Not all employees get the proper onboarding, but your IT team would at least know better than to let a threat actor have a password or elevated privileges."
        https://blog.barracuda.com/2025/08/15/the-company-help-desk-is-also-a-threat-vector
      • Man-In-The-Prompt: The Invisible Attack Threatening ChatGPT And Other AI Systems
        "A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The problem? It does not even require a sophisticated attack: all it takes is a browser extension. “LayerX’s research shows that any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks. The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini”, explains researcher Aviad Gispan of LayerX."
        https://securityaffairs.com/181211/cyber-crime/man-in-the-prompt-the-invisible-attack-threatening-chatgpt-and-other-ai-systems.html
      • July 2025 Trends Report On Phishing Emails
        "This report provides the distribution quantity, statistics, trends, and case information on phishing emails and email threats collected and analyzed for one month in July 2025. The following are some statistics and cases included in the original report."
        https://asec.ahnlab.com/en/89615/
      • Justice Department Announces Seizure Of Over $2.8 Million In Cryptocurrency, Cash, And Other Assets
        "The Department of Justice unsealed six warrants yesterday in the U.S. District Courts for the Eastern District of Virginia, the Central District of California, and the Northern District of Texas authorizing the seizure of over $2.8 million in cryptocurrency, $70,000 in cash, and a luxury vehicle. All of the cryptocurrency was seized from a cryptocurrency wallet controlled by Ianis Aleksandrovich Antropenko, who is charged by indictment in the Northern District of Texas for conspiring to commit computer fraud and abuse, computer fraud and abuse, and conspiracy to commit money laundering."
        https://www.justice.gov/opa/pr/justice-department-announces-seizure-over-28-million-cryptocurrency-cash-and-other-assets
        https://www.bleepingcomputer.com/news/security/us-seizes-28-million-in-crypto-from-zeppelin-ransomware-operator/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) bdbb73f3-876b-4a9b-9754-6780a80cb857-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post