NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 30 September 2025

    Cyber Security News
    1
    1
    326
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • CISA And UK NCSC Release Joint Guidance For Securing OT Systems
        "CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture. Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like software bill of materials to establish and maintain an accurate, up-to-date view of their OT systems."
        https://www.cisa.gov/news-events/alerts/2025/09/29/cisa-and-uk-ncsc-release-joint-guidance-securing-ot-systems
        https://www.cisa.gov/resources-tools/resources/creating-and-maintaining-definitive-view-your-operational-technology-ot-architecture
        https://www.ncsc.gov.uk/files/ncsc-creating-and-maintaining-a-definitive-view-of-your-operational-technology-architecture.pdf
        https://www.bankinfosecurity.com/ot-operators-urged-to-map-networks-or-risk-major-blind-spots-a-29596
        https://www.infosecurity-magazine.com/news/national-cyber-authorities-ot/

      New Tooling

      • Firezone: Open-Source Platform To Securely Manage Remote Access
        "Firezone is an open-source platform that helps organizations of any size manage secure remote access. Unlike most VPNs, it uses a least-privileged model, giving users only the access they need. Firezone was built to scale from the start, so you can add more gateways as traffic grows. It uses WireGuard, a fast and secure VPN protocol, and adds extra protections like short-lived encryption keys and firewall hole-punching to reduce the attack surface. It is also simple to manage, with a Policy Engine that removes the need for complex firewall rules or ACLs and makes it easier to control and review access."
        https://www.helpnetsecurity.com/2025/09/29/firezone-open-source-secure-remote-access-management/
        https://github.com/firezone/firezone

      Vulnerabilities

      • CISA Adds Five Known Exploited Vulnerabilities To Catalog
        "CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2021-21311 Adminer Server-Side Request Forgery Vulnerability
        CVE-2025-20352 Cisco IOS and IOS XE Stack-based Buffer Overflow Vulnerability
        CVE-2025-10035 Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability
        CVE-2025-59689 Libraesva Email Security Gateway Command Injection Vulnerability
        CVE-2025-32463 Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/09/29/cisa-adds-five-known-exploited-vulnerabilities-catalog

      Malware

      • Eye Of The Storm: Analyzing DarkCloud's Latest Capabilities
        "Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes. We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team."
        https://www.esentire.com/blog/eye-of-the-storm-analyzing-darkclouds-latest-capabilities
        https://hackread.com/darkcloud-infostealer-grab-credentials-crypto-contacts/

      Breaches/Hacks/Leaks

      • Japan's Largest Brewer Suspends Operations Due To Cyberattack
        "Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations. According to the company, the incident has affected its ordering and shipping activity, which have been completely suspended. Call center operations and customer service desk are currently unavailable to the public due to the cyberattack. Asahi is one of Japan’s largest breweries, holding roughly one-third of the domestic market share. It employs 30,000 people, produces 100 million hectoliters of beverages, and in 2024 the company reported an annual revenue of nearly $20 billion USD."
        https://www.bleepingcomputer.com/news/security/japans-largest-brewer-suspends-operations-due-to-cyberattack/
        https://www.theregister.com/2025/09/29/asahi_hacking_outage/
      • Company That Sells Spyware For Monitoring Sex Offenders Hacked
        "A company that sells spyware that monitors individuals on parole and probation had its data leaked to a cybercrime forum this week. The leak, according to an analysis by Straight Arrow News, exposed highly sensitive information regarding employees of the corrections system and those under court-ordered supervision. The affected company, RemoteCOM, describes itself as “the premier computer, smartphone and tablet monitoring service for the management of pretrial, probation and parole clients.” The data indicates that RemoteCOM’s services are used by parole and probation officers in 49 states."
        https://san.com/cc/company-that-sells-spyware-for-monitoring-sex-offenders-hacked/
        https://www.malwarebytes.com/blog/news/2025/09/sex-offenders-terrorists-drug-dealers-exposed-in-spyware-breach

      General News

      • How Attackers Poison AI Tools And Defenses
        "Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and the University of Chicago studied malicious email traffic collected over three years. Barracuda Research has also tracked attackers exploiting weaknesses in AI assistants and tampering with AI-driven security tools."
        https://www.helpnetsecurity.com/2025/09/29/poisoned-ai-prompt/
        https://www.ee.columbia.edu/news/ai-now-powers-over-half-spam-emails-columbia-engineering-research-finds
      • Cybersecurity Leaders Underreport Cyber Incidents To Executives
        "Cyberattacks are becoming more frequent and severe, with 71% of surveyed security leaders saying attacks have grown more common in the past year and 61% reporting greater impact when incidents occur, according to a new report from VikingCloud. Nearly 80% of surveyed security leaders said they are concerned about being targeted by a nation-state attack within the next year. The study shows how geopolitical tensions are fueling activity that no longer hits only government or critical infrastructure. Software supply chain compromises are spilling into industries like retail, healthcare, and hospitality."
        https://www.helpnetsecurity.com/2025/09/29/cyberattacks-frequency-impact-growth/
      • When AI Is Trained For Treachery, It Becomes The Perfect Agent
        "Last year, The Register reported on AI sleeper agents. A major academic study explored how to train an LLM to hide destructive behavior from its users, and how to find it before it triggered. The answers were unambiguously asymmetric — the first is easy, the second very difficult. Not what anyone wanted to hear."
        https://www.theregister.com/2025/09/29/when_ai_is_trained_for/
      • 'You'll Never Need To Work Again': Criminals Offer Reporter Money To Hack BBC
        "Like many things in the shadowy world of cyber-crime, an insider threat is something very few people have experience of. Even fewer people want to talk about it. But I was given a unique and worrying experience of how hackers can leverage insiders when I myself was recently propositioned by a criminal gang. "If you are interested, we can offer you 15% of any ransom payment if you give us access to your PC." That was the message I received out of the blue from someone called Syndicate who pinged me in July on the encrypted chat app Signal."

      https://www.bbc.com/news/articles/c3w5n903447o
      https://www.bleepingcomputer.com/news/security/ransomware-gang-sought-bbc-reporters-help-in-hacking-media-giant/
      "The fastest-growing user group inside the enterprise typically doesn't show up in HR systems. It logs in through service accounts, API keys bots and automated workflows. It's a machine identity - which already outnumber human users in many organizations. Who owns them, who rotates their keys, audits their actions and takes the fall when something goes wrong often depends on who's responding, and the answers rarely align."
      https://www.bankinfosecurity.com/whos-minding-machines-identity-crisis-nobody-owns-a-29594

      • IoT Security Flounders Amid Churning Risk
        "The use of Internet of Things (IoT) devices is exploding, but cybersecurity considerations on the part of the device-makers continue to lag, leaving enterprises vulnerable to distributed denial-of-service (DDoS) and other attacks that can lead to data theft. New initiatives are underway to curb the issues, but progress remains slow. In this edition of what will become a regular "Reporters' Notebook" video series, two intrepid cybersecurity journalists, Dark Reading's Arielle Waldman, and Cybersecurity Dive's Eric Geller, break down their recent findings around IoT security woes, and emerging government-backed safety efforts for connected devices."
        https://www.darkreading.com/iot/iot-security-flounders-amid-churning-risk
      • Two-Thirds Of Organizations Have Unfilled Cybersecurity Positions
        "Organizations continue to experience significant cybersecurity skills shortages, with 65% of firms reporting unfilled cyber positions, a new ISACA survey has found. Over a third (38%) of cybersecurity professionals surveyed revealed it takes three to six months to hire for entry-level roles and 39% said the same for non-entry-level positions. Additionally, half of organizations admitted that they struggle to retain cyber talent. In total, 55% of respondents believe their security teams are understaffed. This represents a small drop from 2024, when 61% said their team is understaffed."
        https://www.infosecurity-magazine.com/news/two-thirds-unfilled-cybersecurity/
        https://www.isaca.org/resources/infographics/state-of-cybersecurity-2025-infographic
        https://www.isaca.org/resources/reports/state-of-cybersecurity-2025
      • The State Of AI In The SOC 2025 - Insights From Recent Study
        "Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can download the full report here. The research, conducted primarily among US-based organizations, shows that AI adoption in security operations has shifted from experimental to essential as teams struggle to keep pace with an ever-growing stream of security alerts. The findings paint a picture of an industry at a tipping point, where traditional SOC models are buckling under operational pressure and AI-powered solutions are emerging as the primary path forward."
        https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html
        https://resources.prophetsecurity.ai/state-of-ai-in-security-operations
      • Chinese Scammer Pleads Guilty After UK Seizes Nearly $7 Billion In Bitcoin
        "A Chinese national accused of running a fraudulent investment scheme pleaded guilty in a London court on Monday after U.K. police seized nearly $7 billion worth of Bitcoin during a raid of her home in north London. Zhimin Qian, 47, ran a large fraud scheme in China through her company Tianjin Lantian Gerui Electronic Technology — offering people investment products and promising outlandish returns of nearly 300 percent. The Metropolitan Police say Qian ran the fraud between 2014 and 2017, stealing billions of dollars from more than 128,000 victims. She stored the stolen money in Bitcoin and fled China for the U.K. using a fake passport from St. Kitts and Nevis."
        https://therecord.media/chinese-scammer-guilty-seizure-uk
        https://www.bleepingcomputer.com/news/security/uk-convicts-bitcoin-queen-in-worlds-largest-cryptocurrency-seizure/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post