NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 01 October 2025

    Cyber Security News
    1
    1
    328
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • Festo Controller CECC-S,-LK,-D Family Firmware
        "Successful exploitation of these vulnerabilities could allow an attacker to crash services, escalate privileges, bypass authentication, or gain unauthorized access to sensitive systems and data."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-04
      • MegaSys Enterprises Telenium Online Web Application
        "Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-01
      • LG Innotek Camera Multiple Models
        "Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-07
      • Festo SBRD-Q/SBOC-Q/SBOI-Q
        "Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-02
      • Festo CPX-CEC-C1 And CPX-CMXX
        "Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-03
      • OpenPLC_V3
        "Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-05
      • National Instruments Circuit Design Suite
        "Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-273-06

      Vulnerabilities

      • Critical WD My Cloud Bug Allows Remote Command Injection
        "Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. Tracked as CVE-2025-30247, the flaw is an OS command injection in the user interface of My Cloud and can be leveraged through specially crafted HTTP POST requests sent to vulnerable endpoints."
        https://www.bleepingcomputer.com/news/security/critical-wd-my-cloud-bug-allows-remote-command-injection/
        https://www.westerndigital.com/support/product-security/wdc-25006-western-digital-my-cloud-os-5-firmware-5-31-108
        https://www.helpnetsecurity.com/2025/09/30/western-digital-my-cloud-nas-cve-2025-30247/
      • Broadcom Fixes High-Severity VMware NSX Bugs Reported By NSA
        "Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). VMware NSX is a networking virtualization solution within VMware Cloud Foundation that enables administrators to deploy traditional and modern applications in private/hybrid clouds. The first security flaw reported by the NSA, tracked as CVE-2025-41251, is due to a weakness in the password recovery mechanism that can let unauthenticated attackers enumerate valid usernames, which could later be used in brute-force attacks."
        https://www.bleepingcomputer.com/news/security/broadcom-fixes-high-severity-vmware-nsx-bugs-reported-by-nsa/
        https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150
        https://www.securityweek.com/high-severity-vulnerabilities-patched-in-vmware-aria-operations-nsx-vcenter/
        https://securityaffairs.com/182816/uncategorized/broadcom-patches-vmware-zero-day-actively-exploited-by-unc5174.html
      • Nearly 50,000 Cisco Firewalls Vulnerable To Actively Exploited Flaws
        "Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. The flaws, tracked as CVE-2025-20333 and CVE-2025-20362, enable arbitrary code execution and access to restricted URL endpoints associated with VPN access. Both security issues can be exploited remotely without authentication. On September 25, Cisco warned that the issues were actively exploited in attacks that started before patches were available to customers."
        https://www.bleepingcomputer.com/news/security/nearly-50-000-cisco-firewalls-vulnerable-to-actively-exploited-flaws/
        https://www.theregister.com/2025/09/30/cisco_firewall_vulns/
      • The Trifecta: How Three New Gemini Vulnerabilities In Cloud Assist, Search Model, And Browsing Allowed Private Data Exfiltration
        "Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe privacy risks. They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud Assist; and exfiltration of the user’s saved information and location data via the Gemini Browsing Tool."
        https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing
        https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html
        https://www.darkreading.com/vulnerabilities-threats/trifecta-google-gemini-flaws-ai-attack-vehicle
        https://www.infosecurity-magazine.com/news/gemini-trifecta-dangers-indirect/
        https://www.securityweek.com/google-patches-gemini-ai-hacks-involving-poisoned-logs-search-results/
      • Apple Updates iOS And MacOS To Prevent Malicious Font Attacks
        "Apple on Monday released a fresh round of security updates that address a single medium-severity vulnerability affecting both iOS and macOS. Tracked as CVE-2025-43400, the security defect is described as an out-of-bounds write issue in the operating system’s FontParser component that could lead to a denial-of-service (DoS) condition or memory corruption. “Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory,” Apple explains."
        https://www.securityweek.com/apple-updates-ios-and-macos-to-prevent-malicious-font-attacks/
        https://www.malwarebytes.com/blog/news/2025/09/apple-fixes-critical-font-processing-bug-update-now
      • $50 Battering RAM Attack Breaks Intel And AMD Cloud Security Protections
        "A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck said on a website publicizing the findings. "Later, with just a flip of a switch, our interposer turns malicious and silently redirects protected addresses to attacker-controlled locations, allowing corruption or replay of encrypted memory.""
        https://thehackernews.com/2025/10/50-battering-ram-attack-breaks-intel.html
        https://batteringram.eu/

      Malware

      • Trinity Of Chaos: The LAPSUS$, ShinyHunters, And Scattered Spider Alliance Embarks On Global Cybercrime Spree
        "LAPSUS$, Scattered Spider, and ShinyHunters are three of the most notorious English-speaking cybercrime groups operating today. While each group has its own distinct origins and operational history, recent developments (especially since 2023 to 2025) reveal significant connections, tactical overlaps, and even direct collaboration. These connections are evident in their shared proclivity for social engineering, overlapping membership, joint public channels, and coordinated attacks on high-profile targets. The lines between these groups have become increasingly blurred, with cybersecurity researchers and law enforcement now viewing them as part of a loosely connected and highly adaptive cybercrime ecosystem."
        https://www.resecurity.com/blog/article/trinity-of-chaos-the-lapsus-shinyhunters-and-scattered-spider-alliance-embarks-on-global-cybercrime-spree
        https://securityaffairs.com/182799/cyber-crime/scattered-spider-shinyhunters-restructure-new-attacks-underway.html
      • XiebroC2 Identified In MS-SQL Server Attack Cases
        "AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike."
        https://asec.ahnlab.com/en/90369/
      • MatrixPDF Puts Gmail Users At Risk With Malicious PDF Attachments
        "MatrixPDF turns ordinary PDF files into phishing and malware delivery tools. It uses overlays, clickable prompts, and embedded JavaScript to bypass email filters and fetch malicious payloads. Cybercriminals don't need to look for new exploits when they can weaponize what people already trust. PDF files are a prime example; they slip past email filters, render inline in Gmail, and most recipients open them without hesitation. MatrixPDF, found on cybercrime networks, exploits that trust."
        https://www.varonis.com/blog/matrixpdf
        https://www.bleepingcomputer.com/news/security/new-matrixpdf-toolkit-turns-pdfs-into-phishing-and-malware-lures/
      • You Name It, VMware Elevates It (CVE-2025-41244)
        "On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service discovery features. NVISO has identified zero-day exploitation in the wild beginning mid-October 2024. The vulnerability impacts both the VMware Tools and VMware Aria Operations. When successful, exploitation of the local privilege escalation results in unprivileged users achieving code execution in privileged contexts (e.g., root)."
        https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
        https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024/
        https://www.darkreading.com/remote-workforce/china-exploited-new-vmware-bug-nearly
        https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html
      • Phantom Taurus: A New Chinese Nexus APT And The Discovery Of The NET-STAR Malware Suite
        "Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. Our observations show that Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events and military operations. The group’s primary objective is espionage. Its attacks demonstrate stealth, persistence and an ability to quickly adapt their tactics, techniques and procedures (TTPs)."
        https://unit42.paloaltonetworks.com/phantom-taurus/
        https://thehackernews.com/2025/09/phantom-taurus-new-china-linked-hacker.html
        https://www.darkreading.com/cyberattacks-data-breaches/new-china-apt-strikes-precision-persistence
        https://www.bankinfosecurity.com/chinas-phantom-taurus-hacks-middle-east-a-29602
        https://cyberscoop.com/phantom-taurus-china-espionage-group/
        https://hackread.com/chinese-apt-phantom-taurus-ms-exchange-servers/
      • Klopatra: Exposing a New Android Banking Trojan Operation With Roots In Turkey
        "In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently used in active campaigns against financial institutions and their customers. The analysis identified two major botnets targeting users primarily in Spain and Italy, with the number of compromised devices already exceeding 3,000. Klopatra operates as a powerful banking trojan and Remote Access Trojan (RAT), allowing its operators to gain complete control over infected devices, steal sensitive credentials, and execute fraudulent transactions. What elevates Klopatra above the typical mobile threat is its advanced architecture, built for stealth and resilience. The malware authors have integrated Virbox, a commercial-grade code protection tool rarely seen in the Android threat landscape."
        https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey
        https://www.darkreading.com/threat-intelligence/klopatra-trojan-bank-transfers-sleep
        https://www.infosecurity-magazine.com/news/android-rat-klopatra-targets/
      • Silent Smishing : The Hidden Abuse Of Cellular Router APIs
        "The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using our honeypots, we monitor traffic targeting various edge devices and internet-facing applications. On 22 July 2025, suspicious network traces were observed via our honeypots. Our analysis revealed that a cellular router’s API was exploited to send malicious SMS messages containing phishing URLs — an attack that leverages SMS as a delivery vector for phishing, often categorized under smishing tactics."
        https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/
        https://www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/
      • Datzbro: RAT Hiding Behind Senior Travel Scams
        "In August 2025, multiple scam alerts were issued in Australia. Users reported scammers managing Facebook groups promoting “active senior trips.” ThreatFabric researchers analyzed the campaign and identified several groups, managed by fraudsters, targeting various regions and using multiple disguises. Moreover, a new Device-Takeover Android Trojan, which we named “Datzbro”, was discovered as part of the campaign. This report uncovers the capabilities of this Trojan. While most of its features are typically seen in spyware, our research shows how Datzbro is actively used in financial fraud, leveraging its remote access capabilities."
        https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams
        https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html
      • North Korea’s IT Workers Expand Beyond US Big Tech
        "Okta Threat Intelligence has conducted a large-scale analysis revealing that the Democratic People’s Republic of Korea (DPRK) IT worker scheme threatens nearly every industry that hires remote talent. While public reporting has primarily focused on DPRK nationals targeting software development roles at major US technology companies, our analysis shows that this threat is not limited to the tech sector, nor the US. North Korean IT Workers (ITW) now pose a real threat to a wide range of industries. Impacted industries include finance, healthcare, public administration, and professional services across a growing number of countries. This widespread scheme aims to gain illicit employment and — in some cases — steal sensitive data."
        https://www.okta.com/newsroom/articles/north-korea-s-it-workers-expand-beyond-us-big-tech/
        https://therecord.media/north-korea-it-worker-scheme-expands-outisde-us-tech
        https://www.theregister.com/2025/09/30/north_korean_it_workers_okta/

      Breaches/Hacks/Leaks

      • WestJet Confirms Recent Breach Exposed Customers' Passports
        "Canadian airline WestJet is informing customers that the cyberattack disclosed in June compromised their sensitive information, including passports and ID documents. WestJet is a major airline in North America that operates a fleet of 153 aircrafts and services 104 destinations, carrying over 25 million travelers annually. On June 13, the company disclosed a cybersecurity incident that disrupted certain internal systems and made the WestJet app unavailable to customers. Around that time, the Scattered Spider threat group focused their attacks on organizations in the aviation industry. However, there is no official attribution for the hackers behind the WestJet breach."
        https://www.bleepingcomputer.com/news/security/westjet-confirms-recent-breach-exposed-customers-passports/
      • Hour-Long Email Phishing Breach Affects PHI Of 150,000
        "A Florida-based technology firm that provides medication therapy management and other services to health plans is notifying nearly 150,000 people that their information was potentially compromised in a phishing attack affecting just one employee's email account for only about an hour. OutcomesOne, which reported the breach to several state regulators last week, discovered the incident on July 1 when an employee noticed "unusual activity" in his work email account and quickly reported it to the company's security team, the tech firm said."
        https://www.bankinfosecurity.com/hour-long-email-phishing-breach-affects-phi-150000-a-29603

      General News

      • AI-Powered Voice Cloning Raises Vishing Risks
        "As vishing becomes more frequently used amongst threat actors, researchers have discovered that AI-generated voice clones from as little as five minutes of recorded audio are well on the rise. NCC Group's research team has explored how voice impersonation using AI allows for classic social engineering attacks to become even more refined, blurring the lines of what is real and what is simulated. This could put enterprises, their employees, and everyday individuals at increased risk of voice phishing or vishing attacks from bad actors trying to gain access to their personal information, financial accounts, sensitive corporate data, and more."
        https://www.darkreading.com/cyberattacks-data-breaches/ai-voice-cloning-vishing-risks
      • The Hidden Risks Inside Open-Source Code
        "Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where trouble can start. James Cusick, a researcher at Ritsumeikan University, recently set out to answer a question: how secure is the code we depend on? His study looked at both open-source and proprietary software, scanning millions of lines of code to see where vulnerabilities hide and how serious they are. What he found shows why static code scanning should be a key part of every security strategy."
        https://www.helpnetsecurity.com/2025/09/30/hidden-risks-open-source-code-scanning/
      • Cyber Risk Quantification Helps CISOs Secure Executive Support
        "In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez also explains how to align cybersecurity efforts with business goals to gain executive support."
        https://www.helpnetsecurity.com/2025/09/30/vivien-bilquez-zurich-resilience-solutions-cyber-resilience-priorities/
      • Your Budget Android Phone Might Be Spying On You
        "Researchers have found that many low-cost Android devices come with pre-installed apps that have high-level access to the system. Unlike apps from the Google Play Store, many of these are not subject to thorough checks and can serve as vectors for malware or privacy-invasive features. Researchers studying the African mobile device market focused on three brands selling Android devices under $100, all running Android Go Edition. To investigate, the team developed PiPLAnD, an automated framework for extracting and analyzing Android package kit (APK) files from physical devices."
        https://www.helpnetsecurity.com/2025/09/30/low-cost-android-devices-security-risks/
      • Keeping The Internet Afloat: How To Protect The Global Cable Network
        "The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry can work together to strengthen this critical infrastructure. The report comes at a time when physical disruptions to cables are drawing more attention. While most breaks are caused by fishing or anchoring accidents, recent incidents in the Baltic Sea and the Taiwan Strait have raised concerns about potential sabotage."
        https://www.helpnetsecurity.com/2025/09/30/protect-undersea-cable-security/
      • Greg Kroah-Hartman Explains The Cyber Resilience Act For Open Source Developers
        "There has been considerable worry about the impact of the European Union's Cyber Resilience Act on open source programmers. Linux stable kernel maintainer Greg Kroah-Hartman says, however, that there won't be much of an impact at all. When the news of the EU's Cyber Resilience Act (CRA) first emerged, open source software developers and companies were worried sick. As the Python Software Foundation (PSF) executive director Deb Nicholson said at the time, "Under the current language, the PSF could potentially be financially liable for any product that includes Python code, while never having received any monetary gain from any of these products." Ouch!"
        https://www.theregister.com/2025/09/30/cyber_reiliance_act_opinion_column/
      • The Rising Cyber Threat To Manufacturing: A Call To Action For Executives
        "Manufacturing continues to be one of the most attractive targets for cyber attackers, with attacks only increasing. Once overlooked in favor of data-rich industries, today’s factories are caught in the crossfire of ransomware economics, geopolitical conflict, and global supply chain disruption. For executives, this means that cyber security is no longer just an IT issue. It’s a core business risk that directly impacts revenue, resilience, and reputation. Download the full Manufacturing Security Report to explore the data, trends, and case studies shaping the future of industrial cyber resilience."
        https://blog.checkpoint.com/research/the-rising-cyber-threat-to-manufacturing-a-call-to-action-for-executives/
      • **https://engage.checkpoint.com/2025-cpr-manufacturing-report
      • CIISec Members Say Budgets Are Falling Behind Threats**
        "Cybersecurity budgets in the UK are stagnating, even as job prospects and industry growth improves, a new poll of industry professionals has revealed. The Chartered Institute of Information Security (CIISec) published the latest findings from its upcoming State of the Security Profession report, which is based on interviews with its members. Just 5% agreed that budgets are in line with or ahead of threats, while 84% claimed the opposite. However, over three-quarters (78%) claimed their job prospects are good or excellent, and a similar share (73%) expect the security market to grow over the next three years."
        https://www.infosecurity-magazine.com/news/ciisec-members-budget-falling/
      • Tile Tracking Tags Can Be Exploited By Tech-Savvy Stalkers, Researchers Say
        "Tile trackers, used to locate everything from lost keys to stolen pets, are used by more than 88 million people worldwide, according to Tile’s parent company, Life360. But researchers who examined the tracking technology have found design flaws that would let stalkers—or potentially the manufacturer itself—track the location of Tile users and their devices, contrary to claims the company has made about the security and privacy of its devices. The researchers—Akshaya Kumar, Anna Raymaker, and Michael Specter of Georgia Institute of Technology—found that each tag broadcasts an unencrypted MAC address and unique ID that can be picked up by other Bluetooth devices or radio-frequency antennas in a tag’s vicinity to track the movements of the tag and its owner."
        https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/
        https://www.malwarebytes.com/blog/news/2025/09/tile-trackers-plagued-by-weak-security-researchers-warn
        https://www.theregister.com/2025/09/30/tile_trackers_unencrypted_info/
      • CISO Conversations: John ‘Four’ Flynn, VP Of Security At Google DeepMind
        "DeepMind, an AI research laboratory founded in London in 2010, was acquired by Google in 2014. In April 2023, it merged with the Google Brain division to become Google DeepMind. John Flynn, usually known as ‘Four’, has been DeepMind’s VP of security since May 2024. Before then he had been a CISO with Amazon, CISO at Uber, director of information security at Facebook, and (between 2005 and 2011) manager of the security operations team at Google."
        https://www.securityweek.com/ciso-conversations-john-four-flynn-vp-of-security-at-google-deepmind/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 399696e3-8d66-462d-85b8-0d2931875c81-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post