NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 October 2025

    Cyber Security News
    1
    1
    228
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Inside Healthcare’s Quiet Cybersecurity Breakdown
        "Hospitals, clinics, and care networks continue to treat cybersecurity as a back-office issue, according to the 2025 Healthcare IT Landscape Report from Omega Systems. Healthcare IT leaders are juggling competing demands. Rising costs, new privacy regulations, and expanding digital health services all fight for attention and budgets. As a result, cybersecurity often slips behind other operational concerns."
        https://www.helpnetsecurity.com/2025/10/17/healthcare-organizations-cyber-attacks-reality-report/

      Vulnerabilities

      • ConnectWise Fixes Automate Bug Allowing AiTM Update Attacks
        "ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. ConnectWise Automate is a remote monitoring and management (RMM) platform used by managed service providers (MSPs), IT service companies, and internal IT departments in large enterprises. In typical deployments, it acts as a central management hub with high priviliges to control thousands of client machines."
        https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/
      • Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
        "Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1."
        https://thehackernews.com/2025/10/researchers-uncover-watchguard-vpn-bug.html
        https://securityaffairs.com/183548/security/a-critical-watchguard-fireware-flaw-could-allow-unauthenticated-code-execution.html
      • Over 266,000 F5 BIG-IP Instances Exposed To Remote Attacks
        "Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. The company revealed on Wednesday that nation-state hackers breached its network and stole source code and information on undisclosed BIG-IP security flaws, but found no evidence that the attackers had leaked or exploited the undisclosed vulnerabilities in attacks. The same day, F5 also issued patches to address 44 vulnerabilities (including the ones stolen in the cyberattack) and urged customers to update their devices as soon as possible."
        https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/

      Malware

      • Odyssey Stealer And AMOS Campaign Targets MacOS Developers Through Fake Tools
        "In recent months, our threat hunting team has observed a surge in macOS-targeted campaigns employing new social engineering tactics and persistent infrastructure. This operation stands out for its focus on the developer community, leveraging trust in common tools and open-source platforms to lure victims into executing malicious code. Rather than relying on brute force or zero-day exploits, the operators use finely crafted deception: fake download portals, clipboard manipulation, and command obfuscation."
        https://hunt.io/blog/macos-odyssey-amos-malware-campaign
        https://www.bleepingcomputer.com/news/security/google-ads-for-fake-homebrew-logmein-sites-push-infostealers/
      • Tracking Malware And Attack Expansion: A Hacker Group’s Journey Across Asia
        "In January 2025, FortiGuard Labs observed Winos 4.0 attacks targeting users in Taiwan. In February, it became clear the actor had changed malware families and expanded operations. What first appeared isolated was part of a broader campaign that shifted from China to Taiwan, then Japan, and most recently Malaysia. This article examines the methodologies employed to identify strategic connections between their campaigns, revealing how seemingly unrelated attacks are linked through shared infrastructure, code patterns, and operational tactics."
        https://www.fortinet.com/blog/threat-research/tracking-malware-and-attack-expansion-a-hacker-groups-journey-across-asia
        https://thehackernews.com/2025/10/silver-fox-expands-winos-40-attacks-to.html
        https://www.bankinfosecurity.com/cross-border-phishing-attacks-spreads-across-asia-a-29758
        https://securityaffairs.com/183580/security/winos-4-0-hackers-expand-to-japan-and-malaysia-with-new-malware.html
      • Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
        "A new malvertising campaign is taking advantage of the popularity of Perplexity’s recently released Comet browser, tricking users into downloading a malicious installer instead of the legitimate product. The fraudulent ads appear at the top of Google search results under domains such as cometswift.com and cometlearn.net, both promoting what looks like a productivity browser linked to Perplexity."
        https://hackread.com/perplexity-comet-browser-download-ads-malware-google/
      • Post-Exploitation Framework Now Also Delivered Via Npm
        "The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down."
        https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
      • SEO Spam And Hidden Links: How To Protect Your Website And Your Reputation
        "When analyzing the content of websites in an attempt to determine what category it belongs to, we sometimes get an utterly unexpected result. It could be the official page of a metal structures manufacturer or online flower shop, or, say, a law firm website, with completely neutral content, but our solutions would place it squarely in the “Adult content” category. On the surface, it is completely unclear how our systems arrived at that verdict, but one look at the content categorization engine’s page analysis log clears it up."
        https://securelist.com/seo-spam-hidden-links/117782/
      • Operation MotorBeacon : Threat Actor Targets Russian Automotive Sector Using .NET Implant
        "SEQRITE Labs Research Team has recently uncovered a campaign which involves targeting Russian Automobile-Commerce industry which involves commercial as well as automobile oriented transactions , we saw the use of unknown .NET malware which we have dubbed as CAPI Backdoor. In this blog, we will explore the technical details of this campaign we encountered during our initial analysis and examine the various stages of the infection chain, starting with a deep dive into the decoy document, to analyzing the CAPI Backdoor. we will then look into the infrastructure along with the common tactics , techniques and procedures (TTPs)."
        https://www.seqrite.com/blog/seqrite-capi-backdoor-dotnet-stealer-russian-auto-commerce-oct-2025/
        https://thehackernews.com/2025/10/new-net-capi-backdoor-targets-russian.html
      • Operation Silk Lure: Scheduled Tasks Weaponized For DLL Side-Loading (drops ValleyRAT)
        "Seqrite Lab has been actively monitoring global cyber threat activity and has recently uncovered an ongoing campaign leveraging a Command and Control (C2) infrastructure hosted in the United States. The threat actors behind this operation are specifically targeting Chinese individuals seeking employment opportunities in the FinTech, cryptocurrency exchange, and trading platform sectors—particularly for engineering and technical roles."
        https://www.seqrite.com/blog/operation-silk-lure-scheduled-tasks-weaponized-for-dll-side-loading-drops-valleyrat/
      • TikTok Videos Continue To Push Infostealers In ClickFix Attacks
        "Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware. ISC Handler Xavier Mertens spotted the ongoing campaign, which is largely the same as the one observed by Trend Micro in May. The TikTok videos seen by BleepingComputer pretend to offer instructions on how to activate legitimate products like Windows, Microsoft 365, Adobe Premiere, Photoshop, CapCut Pro, and Discord Nitro, as well as made-up services such as Netflix and Spotify Premium."
        https://www.bleepingcomputer.com/news/security/tiktok-videos-continue-to-push-infostealers-in-clickfix-attacks/

      Breaches/Hacks/Leaks

      • American Airlines Subsidiary Envoy Confirms Oracle Data Theft Attack
        "Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. "We are aware of the incident involving Envoy's Oracle E-Business Suite application," Envoy Air told BleepingComputer. "Upon learning of the matter, we immediately began an investigation and law enforcement was contacted. We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised.""
        https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/
        https://therecord.media/regional-airline-envoy-oracle
      • Before Their Telegram Channel Was Banned Again, ScatteredLAPSUS$Hunters Dropped Files Doxing Government Employees
        "On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram’s TOS by leaking personal information on people — and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA). DataBreaches did not report on it at the time precisely because the files were still exposed. Instead, DataBreaches contacted Telegram to inquire why the channel hadn’t been banned again for leaking sensitive information about government employees. Today, DataBreaches received a response from Telegram, stating that the channel had been removed for breaching their TOS. They added:"
        https://databreaches.net/2025/10/18/before-their-telegram-channel-was-banned-again-scatteredlapsushunters-dropped-files-doxing-government-employees/
      • From Airport Chaos To Cyber Intrigue: Everest Gang Takes Credit For Collins Aerospace Breach
        "Do you remember the Collins Aerospace supply chain attack that disrupted operations at several major European airports, including Heathrow in London, Brussels, and Berlin? In September, a cyberattack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations."
        https://securityaffairs.com/183567/breaking-news/from-airport-chaos-to-cyber-intrigue-everest-gang-takes-credit-for-collins-aerospace-breach.html
      • 'Catastrophic' Attack As Russians Hack Files On EIGHT MoD Bases And Post Them On The Dark Web
        "Russian hackers have stolen hundreds of sensitive military documents containing details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails – and posted them on the dark web, The Mail on Sunday can reveal. In what has been described as a 'catastrophic' security breach, cybercriminals accessed the cache of files by hacking a maintenance and construction contractor used by the MoD. The 'gateway' attack – which targeted third party the Dodd Group – allowed cyber gangsters to circumvent the almost impenetrable cyber defences used by the Armed Forces."
        https://www.dailymail.co.uk/news/article-15205213/Russians-hack-files-EIGHT-MoD-bases-dark-web.html

      General News

      • Cybercrime-As-a-Service Takedown: 7 Arrested
        "An action day performed in Latvia on 10 October 2025 led to the arrest of five cybercriminals of Latvian nationality and the seizure of infrastructure used to enable crimes against thousands of victims across Europe. During the operation codenamed ‘SIMCARTEL’, law enforcement arrested two further suspects, took down five servers and seized 1 200 SIM box devices alongside 40 000 active SIM cards. Investigators from Austria, Estonia and Latvia, together with their colleagues at Europol und Eurojust, were able to attribute to the criminal network more than 1 700 individual cyber fraud cases in Austria and 1 500 in Latvia, with a total loss of several million euros. The financial loss in Austria alone amounts to around EUR 4.5 million, as well as EUR 420 000 in Latvia."
        https://www.europol.europa.eu/media-press/newsroom/news/cybercrime-service-takedown-7-arrested
        https://www.bleepingcomputer.com/news/security/europol-dismantles-sim-box-operation-renting-numbers-for-cybercrime/
        https://therecord.media/europe-sim-farms-raided-latvia-austria-estonia
        https://thehackernews.com/2025/10/europol-dismantles-sim-farm-network.html
        https://cyberscoop.com/europol-dismantles-cybercime-network-sim-boxes-fraud/
        https://securityaffairs.com/183556/security/simcartel-operation-europol-takes-down-sim-box-ring-linked-to-3200-scams.html
      • Madman Theory Spurs Crazy Scattered Lapsus$ Hunters Playbook
        "Long the province of Russian criminals operating beyond the reach of law enforcement, numerous ransomware campaigns now trace to reckless Western teenagers who have adopted an ethos of "whatever works." Many organize under the banner of Scattered Lapsus$ Hunters, a loose collective that emerged from the cybercrime community The Com, and specialize in a variety of both technical and non-technical tactics. These include using social engineering and technical expertise against help desks, as well as a propensity for targeting enterprise applications built by the likes of Oracle, SAP and Salesforce."
        https://www.bankinfosecurity.com/blogs/madman-theory-spurs-crazy-scattered-lapsus-hunters-playbook-p-3960
      • Generative AI And Agentic Systems: The New Frontline In Phishing And Smishing Defense
        "There’s a quiet revolution happening in cyber security. It isn’t unfolding in dark forums or exotic zero day markets. It’s happening in plain sight—inside large language models, voice cloning tools, and autonomous software agents. Generative AI and agentic systems are rewriting the playbook for phishing and smishing. What used to be crude, one-off scams are now precisely crafted, multilingual, and adaptive campaigns that target individuals and organizations with frightening efficiency."
        https://blog.checkpoint.com/executive-insights/generative-ai-and-agentic-systems-the-new-frontline-in-phishing-and-smishing-defense/
      • AI Agent Security: Whose Responsibility Is It?
        "Agentic AI deployments are becoming an imperative for organizations of all sizes looking to boost productivity and streamline processes, especially as major platforms like Microsoft and Salesforce build agents into their offerings. In the rush to deploy and use these helpers, it's important that businesses understand that there's a shared security responsibility between vendor and customer that will be critical to the success of any agentic AI project."
        https://www.darkreading.com/cybersecurity-operations/ai-agent-security-awareness-responsibility
      • An Arrested Man’s Lawyer Claims His Client Can’t Be ShinyHunters’ Leader. His Argument Wasn’t Persuasive.
        "On October 14, the attorney for the man whom France claims to be the head of ShinyHunters held a press conference that included some statements on his client’s case. So far, neither France nor the attorney, Juan Branco, has disclosed the arrested man’s name, so we are not really sure who his client is. All we know is that France claims he is the head of ShinyHunters, and Branco claims he isn’t. The press conference was in French. Thankfully, Valéry Rieß-Marchive of LeMagIT reported on it, so I could check my understanding of what Branco was saying."
        https://databreaches.net/2025/10/17/an-arrested-mans-lawyer-claims-his-client-cant-be-shinyhunters-leader-his-argument-wasnt-persuasive/
      • A New Approach To Blockchain Spam: Local Reputation Over Global Rules
        "Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains block spam without relying on central control or costly fee mechanisms."
        https://www.helpnetsecurity.com/2025/10/17/new-approach-blockchain-spam-mitigation/
      • Everyone’s Adopting AI, Few Are Managing The Risk
        "AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for the governance requirements that will come with new AI regulations."
        https://www.helpnetsecurity.com/2025/10/17/auditboard-report-enterprise-risk-maturity/
      • Teen Tied To Russian Hackers In Dutch Cyber Espionage Probe
        "In the Netherlands, three 17-year-olds are suspected of providing services to a foreign power with one said to be in contact with an unnamed Russian-government affiliated hacker group. It was also confirmed that the suspect with links to the Russian hacking group instructed the other two to map Wi-Fi networks in The Hague on multiple occasions. This is according to a statement published by the Netherland’s National Public Prosecution Service on October 17."
        https://www.infosecurity-magazine.com/news/teen-russian-hacking-group-ties/
      • Security Teams Must Deploy Anti-Infostealer Defenses Now
        "Infostealers are driving today’s ransomware wave and stealer logs can be bought for as little as $10 on the dark web. At ISACA Europe 2025, Tony Gee, a principal cybersecurity consultant at 3B Data Security, urged security teams to deploy tactical defenses to protect against infostealers."
        https://www.infosecurity-magazine.com/news/deploy-antiinfostealer-defenses/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post