NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 29 August 2025

    Cyber Security News
    1
    1
    207
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Mitsubishi Electric MELSEC iQ-F Series CPU Module
        "Successful exploitation of this vulnerability could allow an attacker the ability to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product by using the obtained credential information. In addition, the attacker may be able to stop the operations of programs."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-02
      • Delta Electronics CNCSoft-G2
        "Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on affected installations of the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-04
      • Delta Electronics COMMGR
        "Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-05
      • Mitsubishi Electric MELSEC iQ-F Series CPU Module
        "Successful exploitation of this vulnerability could allow an attacker to read or write the device values of the product. In addition, the attacker may be able to stop the operation of the programs."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-01
      • Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
        "Successful exploitation of this vulnerability could allow an authenticated attacker to escalate privileges, potentially leading to arbitrary code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-03
      • GE Vernova CIMPLICITY
        "Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-240-06

      Telecom Sector

      • Netherlands Confirms China's Salt Typhoon Targeted Small Dutch Telcos
        "Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoon targeted organizations in the Netherlands. In a joint statement published August 28 on the Dutch Ministry of Defence’s website, the Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) said they have now “independently confirmed parts of the US findings with their own intelligence.” They referred to investigations conducted in late 2024 by several US agencies, including the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA), which concluded that Salt Typhoon, a Chinese-sponsored hacking group, had targeted US telecom firms in “a broad and significant cyber espionage campaign.”"
        https://www.infosecurity-magazine.com/news/china-salt-typhoon-dutch-telcos/
        https://www.defensie.nl/actueel/nieuws/2025/08/28/nederlandse-providers-doelwit-van-salt-typhoon
        https://therecord.media/dutch-intelligence-cyber-spies-salt

      Vulnerabilities

      • Zip Slip, Path Traversal Vulnerability During File Decompression
        "Path traversal or directory traversal vulnerabilities are security vulnerabilities that occur mainly due to improper validation of user inputs. Attackers can read, modify, or even create new files that are originally inaccessible or located in unintended paths using relative or absolute paths. Although these vulnerabilities have been known for a long time, they are still being discovered in various environments and applications, not just web environments. This article examines Zip Slip, a path traversal vulnerability that occurs during the file decompression process of compression programs, and aims to introduce its main vulnerabilities."
        https://asec.ahnlab.com/en/89890/
      • Passwordstate Dev Urges Users To Patch Auth Bypass Vulnerability
        "Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. Passwordstate works as a secure password vault that enables organizations to store, organize, and control access to passwords, API keys, certificates, and various other types of credentials via a centralized web interface. Click Studios says its Passwordstate password manager is used by over 370,000 IT professionals working at 29,000 companies worldwide, including government agencies, financial institutions, global enterprises, and Fortune 500 companies across various industry sectors."
        https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/

      Malware

      • ScamAgent Shows How AI Could Power The Next Wave Of Scam Calls
        "Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could be run entirely by AI. Researchers at Rutgers University have shown how LLM agents can be used to carry out convincing scam conversations that bypass current AI guardrails. The project, called ScamAgent and led by Sanket Badhe, demonstrates how multi-turn AI systems can run a scam from start to finish while adapting to the responses of a target."
        https://www.helpnetsecurity.com/2025/08/28/scamagent-ai-threats-scam-calls/
      • SikkahBot Malware Campaign Lures And Defrauds Students In Bangladesh
        "Cyble Research and Intelligence Labs (CRIL) has uncovered an ongoing Android malware tracker named “SikkahBot,” active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, the malware lures victims with promises of scholarships, coerces them into sharing sensitive information, and grants high-risk permissions. Once installed, SikkahBot harvests personal and financial data, intercepts SMS messages, abuses the Accessibility Service, and executes automated banking transactions, including USSD-based operations."
        https://cyble.com/blog/sikkahbot-malware-defrauds-students-in-bangladesh/
      • Fake IT Support Attacks Hit Microsoft Teams
        "A new wave of phishing attacks abusing Microsoft Teams to deliver malware has been uncovered by security researchers. The campaigns, observed by Permiso, use fake IT support accounts to trick employees into installing remote access software, giving attackers direct control over corporate systems."
        https://www.infosecurity-magazine.com/news/fake-support-attacks-hit-microsoft/
      • Loophole Allows Threat Actors To Claim VS Code Extension Names
        "After discovering a malicious VS Code extension in June, ReversingLabs researchers noticed something odd: the name of the VS Code extension was identical to that of a malicious VS Code extension discovered in March. That shouldn’t be possible, according to VS Code Marketplace’s official documentation. Further investigation led to the discovery of a loophole on the VS Code platform that allowed for the reuse of legitimate, but discontinued VS Code extension names by malicious actors."
        https://www.reversinglabs.com/blog/malware-vs-code-extension-names
        https://thehackernews.com/2025/08/researchers-find-vs-code-flaw-allowing.html
        https://www.infosecurity-magazine.com/news/vs-code-extensions-exploit-name/
      • TAOTH Campaign Exploits End-Of-Support Software To Target Traditional Chinese Users And Dissidents
        "In June, we identified and investigated an unusual security incident involving the installation of two malware families, C6DOOR and GTELAM, on a victim’s host. Our investigation determined that the malware was delivered through a legitimate input method editor (IME) software, Sogou Zhuyin. As brief explanation, an IME is a tool that interprets sequences of keystrokes into complex characters for languages not suited to a standard QWERTY keyboard (like many East Asian languages). The software had stopped receiving updates in 2019; in October 2024 attackers took over the lapsed domain name and used it to distribute malicious payloads. Telemetry data indicates that at least several hundred victims were affected, with infections leading to additional post-exploitation activities."
        https://www.trendmicro.com/en_us/research/25/h/taoth-campaign.html

      Breaches/Hacks/Leaks

      • TransUnion Suffers Data Breach Impacting Over 4.4 Million People
        "Consumer credit reporting giant TransUnion warns it suffered a data breach exposing the personal information of over 4.4 million people in the United States, with BleepingComputer learning the data was stolen from it's Salesforce account. TransUnion is one of the three major credit bureaus in the United States, alongside Equifax and Experian. It operates in 30 countries, employs 13,000 staff, and has an annual revenue of $3 billion. It collects and maintains credit information on over 1 billion consumers worldwide, with approximately 200 million of those based in the U.S. This information is shared with 65,000 businesses, including lenders, insurers, and employers."
        https://www.bleepingcomputer.com/news/security/transunion-suffers-data-breach-impacting-over-44-million-people/
        https://www.darkreading.com/cyberattacks-data-breaches/hackers-transunion-customer-data
        https://therecord.media/transunion-data-breach-4-million
        https://securityaffairs.com/181662/data-breach/transunion-discloses-a-data-breach-impacting-over-4-4-million-customers.html
        https://www.theregister.com/2025/08/28/transunion_support_app_breach/
      • MATLAB Dev Says Ransomware Gang Stole Data Of 10,000 People
        "MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April. The company disclosed the attack on May 27, when it linked ongoing service outages to a ransomware incident that disrupted access to some internal systems and online applications for its staff and customers. Impacted services included multi-factor authentication (MFA), account SSO (Single Sign-On), the MathWorks cloud center, file exchange, license center, and the online store."
        https://www.bleepingcomputer.com/news/security/matlab-dev-says-ransomware-gang-stole-data-of-over-10-000-people/

      General News

      • AI Agents In Browsers Light On Cybersecurity, Bypasses Controls
        "AI firms are integrating AI functionality into the browser and allowing software agents to automate workflows, but enterprise security teams need to balance automation's benefits with the risks posed by the fact that the AI lacks security awareness. Security has largely been put on the back burner, says Nati Tal, head of research at Guardio Labs."
        https://www.darkreading.com/application-security/ai-agentic-browsers-light-cybersecurity-bypass-controls
      • Where Security, DevOps, And Data Science Finally Meet On AI Strategy
        "AI infrastructure is expensive, complex, and often caught between competing priorities. On one side, security teams want strong isolation and boundaries. On the other, engineers push for performance, density, and cost savings. With GPUs in short supply and budgets under pressure, the balance isn’t easy. In this Help Net Security interview, Andrew Hillier, CTO at Densify, explores how organizations can approach Kubernetes optimization with security, observability, and strategic maturity in mind, and why thinking in terms of “yield” may be the key to sustainable AI operations."
        https://www.helpnetsecurity.com/2025/08/28/andrew-hillier-densify-kubernetes-ai-optimization/
      • Maritime Cybersecurity Is The Iceberg No One Sees Coming
        "Maritime transport, the backbone of global trade, is adapting to shifting economic, political, and technological conditions. Advances in technology have improved efficiency, bringing innovations such as remote cargo monitoring, advanced energy management systems, and automation of various onboard operations. But modernization also comes with new security challenges. Ships equipped with new technologies have become attractive targets for criminals. Any attack on these systems can compromise safety and put human lives at risk."
        https://www.helpnetsecurity.com/2025/08/28/maritime-industry-cybersecurity-threats/
      • Can AI Make Threat Intelligence Easier? One Platform Thinks So
        "When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate useful signals from irrelevant chatter. After adopting Feedly Threat Intelligence, the team reduced that time by more than 70 percent, dropping from 10 hours to just 2-3 hours a week."
        https://www.helpnetsecurity.com/2025/08/28/feedly-threat-intelligence/
      • How CISOs Are Balancing Risk, Pressure And Board Expectations
        "AI has moved to the top of the CISO agenda. Three in five CISOs see generative AI as a security risk, with many worried about sensitive data leaking through public tools. At the same time, most organizations are not blocking AI outright. Instead, they are trying to put guardrails in place so employees can use these tools without exposing data, according to the Proofpoint 2025 Voice of the CISO report. CISOs are also weighing AI’s value as a defensive tool. Many are exploring AI-driven capabilities to help prevent human error and respond to fast-moving threats. Yet the belief that AI will be a silver bullet has cooled. Fewer CISOs now view it as a transformational solution. Instead, the focus is shifting to balancing innovation with governance and control."
        https://www.helpnetsecurity.com/2025/08/28/proofpoint-2025-voice-of-the-ciso-report/
      • Crypto Companies Freeze $47m In Romance Baiting Funds
        "Several cryptocurrency companies have come together to prevent nearly $50m stolen via “romance baiting” (pig butchering) scammers reaching its intended destination. Blockchain analytics firm Chainalysis said it teamed up with crypto-exchanges Binance and OKX and stablecoin Tether to seize the funds. Chainalysis used its investigations tooling to identify several addresses associated with a romance baiting operation based in Southeast Asia."
        https://www.infosecurity-magazine.com/news/crypto-freeze-47m-romance-baiting/
      • Don’t Let “back To School” Become “back To (cyber)bullying”
        "For better or worse, the digital world in many ways resembles its physical counterpart. Unfortunately, that means it sometimes enables, and even exacerbates, the same bad behaviors that we often see offline. According to a 2023 Microsoft study covering 17 countries, “cyberbullying harassment and abuse” is the top concern for parents across the globe, preoccupying on average 39% of respondents. If left to fester, it can have a significant impact on the mental health and even physical wellbeing of your kids. In some isolated cases, it has led to even more tragic outcomes for victims. We all need to make sure, therefore, that the beginning of the new term doesn’t kickstart a new surge in unacceptable online behavior."
        https://www.welivesecurity.com/en/kids-online/dont-let-back-to-school-become-back-to-bullying/
      • Police Seize VerifTools Fake ID Marketplace Servers, Domains
        "The FBI and the Dutch Police have shut down the VerifTools marketplace for fraudulent identity documents after seizing servers in Amsterdam that hosted the online operation. VerifTools was a prominent platform that produced and intermediated the purchase of fake documents (e.g. driver's licenses, passports) that were used to bypass various identity verification systems or to assume an identity, either stolen or fabricated. The police note that such sites are used in bank fraud, phishing, helpdesk scams, fraudulent acquisition of state benefits, evading prosecution, and retaining anonymity on platforms that adhere to ‘Know Your Customer’ (KYC) regulations."
        https://www.bleepingcomputer.com/news/security/police-seize-veriftools-fake-id-marketplace-servers-domains/
        https://www.justice.gov/usao-nm/pr/us-government-seizes-online-marketplaces-selling-fraudulent-identity-documents-used
        https://www.theregister.com/2025/08/28/fbi_dutch_cops_seize_veriftools/
      • Cyber Attacks Surge Against Education Sector Ahead Of Back-To-School Season
        "As millions of students return to classrooms and campuses, schools are facing another challenge: a sharp rise in cyber attacks. According to Check Point Research, from January through July 2025, the education sector continued its streak as the most targeted industry worldwide, averaging 4,356 attacks per organization each week — a 41% year-over-year increase."
        https://blog.checkpoint.com/research/cyber-attacks-surge-against-education-sector-ahead-of-back-to-school-season/
      • Dark Reading Confidential: A Guided Tour Of Today's Dark Web
        "Dark Reading Confidential Episode 9: Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss."
        https://www.darkreading.com/cyber-risk/dark-reading-confidential-guided-tour-dark-web

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 5554a07b-4235-4c89-9c92-96a3f2b34538-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post