NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 October 2025

    Cyber Security News
    1
    1
    25
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Oxford Nanopore Technologies MinKNOW
        "Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and manipulate data, and bypass authentication controls."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-294-01

      Industrial Sector

      • Rockwell Automation 1783-NATR
        "Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-01
      • Rockwell Automation Compact GuardLogix 5370
        "Successful exploitation of this vulnerability could result in a denial-of-service."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-02
      • Siemens SIMATIC S7-1200 CPU V1/V2 Devices
        "Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to trigger functions by record and playback of legitimate network communication, or place the controller in stop/defect state by causing a communications error."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-03
      • CloudEdge Online Cameras And App
        "Successful exploitation of this vulnerability could allow an attacker to gain access to live video feed and camera control."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-05
      • Raisecomm RAX701-GC Series
        "Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-06
      • Siemens RUGGEDCOM ROS Devices
        "Successful exploitation of these vulnerabilities could allow attackers to perform man-in-the-middle attacks, cause denial of service, compromise encrypted communications, and gain unauthorized access to devices until a reboot occurs."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-04

      Vulnerabilities

      • TP-Link Warns Of Critical Command Injection Flaw In Omada Gateways
        "TP-Link is warning of two command injection vulnerabilities in Omada gateway devices that could be exploited to execute arbitrary OS commands. Omada gateways are marketed as full-stack solutions (router, firewall, VPN gateway) for small to medium businesses, and are constantly increasing in popularity. Although the two security issues lead to the same result when triggered, only one of them, identified as CVE-2025-6542 with a critical severity rating of 9.3, can be exploited by a remote attacker without authentication."
        https://www.bleepingcomputer.com/news/security/tp-link-warns-of-critical-command-injection-flaw-in-omada-gateways/
        https://support.omadanetworks.com/en/document/108455/
      • TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights The Challenges Of Open Source Abandonware
        "The Edera team has uncovered a critical boundary-parsing bug, dubbed TARmageddon (CVE-2025-62518), in the popular async-tar Rust library and its deep lineage of forks, including the widely used tokio-tar. In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends."
        https://edera.dev/stories/tarmageddon
        https://cyberscoop.com/async-tar-rust-open-source-vulnerability/

      Malware

      • Forked And Forgotten: 94 Vulnerabilities In Cursor And Windsurf Put 1.8M Developers At Risk
        "We successfully weaponized CVE-2025-7656 – a patched Chromium vulnerability – against the latest versions of Cursor and Windsurf, affecting 1.8 million developers. This is just 1 of 94+ known vulnerabilities these IDEs are exposed to due to their legacy Chromium builds. Developers are increasingly targeted for supply chain attacks, having highly sensitive company data on their devices."
        https://www.ox.security/blog/94-Vulnerabilities-in-Cursor-and-Windsurf-Put-1-8M-Developers-at-Risk/
        https://www.bleepingcomputer.com/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/
      • Fast, Broad, And Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
        "On October 6, 2025, the developer known as "Loadbaks" announced the release of Vidar Stealer v2.0 on underground forums. This new version features a complete transition from C++ to a pure C implementation, allegedly enhancing performance and efficiency. Its release coincides with a decline in activity surrounding the Lumma Stealer, suggesting cybercriminals under its operation are exploring alternatives like Vidar and StealC. Vidar 2.0 is said to introduce a range of concerning features, including advanced anti-analysis measures, multithreaded data theft capabilities, and sophisticated methods for extracting browser credentials. With a consistent price point of US$300, it offers attackers powerful tools that are both cost-effective and efficient."
        https://www.trendmicro.com/en_us/research/25/j/how-vidar-stealer-2-upgrades-infostealer-capabilities.html
        https://www.bleepingcomputer.com/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/
      • PassiveNeuron: a Sophisticated Campaign Targeting Servers Of High-Profile Organizations
        "Back in 2024, we gave a brief description of a complex cyberespionage campaign that we dubbed “PassiveNeuron”. This campaign involved compromising the servers of government organizations with previously unknown APT implants, named “Neursite” and “NeuralExecutor”. However, since its discovery, the PassiveNeuron campaign has been shrouded in mystery. For instance, it remained unclear how the implants in question were deployed or what actor was behind them. After we detected this campaign and prevented its spreading back in June 2024, we did not see any further malware deployments linked to PassiveNeuron for quite a long time, about six months."
        https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/
        https://www.darkreading.com/cyberattacks-data-breaches/-passiveneuron-cyber-spies-target-industrial-financial-orgs
        https://www.securityweek.com/government-industrial-servers-targeted-in-china-linked-passiveneuron-campaign/
      • Exposing The Immediate Era Fraud In Singapore
        "Group-IB has identified a large-scale scam operation that misappropriate the images and likeness of Singapore officials, including Prime Minister Lawrence Wong and Coordinating Minister for National Security K. Shanmugam, to deceive Singapore citizens and residents into engaging with a fraudulent investment platform. The scam campaign relies on paid Google Ads, intermediary redirect websites designed to conceal fraudulent and malicious activity, and highly convincing fake webpages. Group-IB’s analysis revealed that victims were ultimately directed to a forex investment platform registered in Mauritius, operating under a seemingly legitimate legal entity with an official investment license. This structure created an illusion of compliance while enabling cross-border fraudulent activity."
        https://www.group-ib.com/blog/immediate-era-fraud-singapore/
        https://www.infosecurity-magazine.com/news/singapore-officials-investment-scam/
      • Facebook Credential Phishing With Job Scams Impersonating Well-Known Companies
        "Scammers increase their chances of success by keeping their scams relevant. As the U.S. faces a slowed job market, a fake job opportunity from a reputable company is very relevant bait. Earlier this week, we looked at a Google Careers phishing scam. In this post, we'll be looking at another recent attack campaign in which we saw bad actors impersonate a wide variety of well-known companies in order to credential phish targets looking for social media manager jobs. While the brands varied per message, the intent and methodology remained the same, indicating the use of a phishing kit and/or LLM to quickly create and launch a varied attack."
        https://sublime.security/blog/facebook-credential-phishing-with-job-scams-impersonating-well-known-companies/
        https://hackread.com/phishing-emails-offer-jobs-steal-facebook-logins/
      • The Evolving Landscape Of Email Phishing Attacks: How Threat Actors Are Reusing And Refining Established Techniques
        "Cyberthreats are constantly evolving, and email phishing is no exception. Threat actors keep coming up with new methods to bypass security filters and circumvent user vigilance. At the same time, established – and even long-forgotten – tactics have not gone anywhere; in fact, some are getting a second life. This post details some of the unusual techniques malicious actors are employing in 2025."
        https://securelist.com/email-phishing-techniques-2025/117801/

      Breaches/Hacks/Leaks

      • Official Xubuntu Website Compromised To Serve Malware
        "The official website for Xubuntu, a community-maintained “flavour” of Ubuntu that ships with the Xfce desktop environment, has been compromised to serve Windows malware instead of the Linux distro. Reports about a potential compromise began popping up on Reddit on Sunday, with users saying that instead of pointing to .torrent files, the download page served Xubuntu-Safe-Download.zip, containing a suspicious executable (TestCompany.SafeDownloader.exe) and a text file (tos.txt). “The TOS starts with Copyright (c) 2026 Xubuntu.org which is sus, because it is 2025. I opened the .exe with file-roller and couldn’t find any .torrent inside,” one of the users who raised the alarm noted."
        https://www.helpnetsecurity.com/2025/10/21/xubuntu-website-compromised-malware/

      General News

      • Hackers Exploit 34 Zero-Days On First Day Of Pwn2Own Ireland
        "On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards. The highlight of the day was Bongeun Koo and Evangelos Daravigkas of Team DDOS chaining eight zero-day flaws to hack the QNAP Qhora-322 Ethernet wireless router via the WAN interface and gain access to a QNAP TS-453E NAS device. For this successful attempt, they won $100,000 and are now in second place on the Master of Pwn leaderboard with 8 points."
        https://www.bleepingcomputer.com/news/security/hackers-exploit-34-zero-days-on-first-day-of-pwn2own-ireland/
      • When Everything’s Connected, Everything’s At Risk
        "In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems, the attack surface and dependencies have multiplied. Deitz also shares strategies for managing risk through visibility, segmentation, and resilient recovery planning."
        https://www.helpnetsecurity.com/2025/10/21/ken-deitz-brown-brown-assets-cyber-risk/
      • Your Smart Building Isn’t So Smart Without Security
        "The lights switch on as you walk in. The air adjusts to your presence. Somewhere in the background, a server notes your arrival. It’s the comfort of a smart building, but that comfort might come with a cost. Smart buildings use digital systems that collect information about how people move and work. These networks make life easier but also create openings for misuse or attack. Cybercriminals can take control of heating systems, security cameras, or other automated devices."
        https://www.helpnetsecurity.com/2025/10/21/smart-buildings-cybersecurity-risks/
      • AI’s Split Personality: Solving Crimes While Helping Conceal Them
        "What happens when investigators and cybercriminals start using the same technology? AI is now doing both, helping law enforcement trace attacks while also being tested for its ability to conceal them. A new study from the University of Cagliari digs into this double-edged role of AI, mapping out how it’s transforming cybercrime detection and digital forensics, and why that’s exciting and a little alarming."
        https://www.helpnetsecurity.com/2025/10/21/ai-cybercrime-digital-forensics/
      • Ransomware Payouts Surge To $3.6m Amid Evolving Tactics
        "The average ransomware payment has increased to $3.6m this year, up from $2.5m in 2024 – a 44% surge despite a decline in the overall number of attacks. The 2025 Global Threat Landscape Report findings from ExtraHop point to a clear evolution in cybercriminal strategy: fewer, more targeted operations that aim for higher returns and longer-lasting impact."
        https://www.infosecurity-magazine.com/news/ransomware-payouts-surge-dollar36m/
      • Myanmar Military Shuts Down Major Cybercrime Center And Detains Over 2,000 People
        "Myanmar’s military has shut down a major online scam operation near the border with Thailand, detaining more than 2,000 people and seizing dozens of Starlink satellite internet terminals, state media reported Monday. Myanmar is notorious for hosting cyberscam operations responsible for bilking people all over the world. These usually involve gaining victims’ confidence online with romantic ploys and bogus investment pitches. The centers are infamous for recruiting workers from other countries under false pretenses, promising them legitimate jobs and then holding them captive and forcing them to carry out criminal activities."
        https://www.securityweek.com/myanmar-military-shuts-down-major-cybercrime-center-and-detains-over-2000-people/
      • SOC Threat Radar — October 2025
        "Over the last month, Barracuda Managed XDR’s security solutions, threat intelligence resources and SOC analysts observed the following notable attack behaviors: A rise in ransomware attacks targeting vulnerable SonicWall VPNs, Python scripts used to run malicious tools under the radar, and More Microsoft 365 accounts coming under attack."
        https://blog.barracuda.com/2025/10/21/soc-threat-radar-october-2025
      • Restructuring Risk Operations: Building a Business-Aligned Cyber Strategy
        "As cyber risk continues to escalate, many organizations face a disconnect between cybersecurity investments and actual risk reduction. Despite increased security budgets, formal cyber risk programs, and adoption of new frameworks, recent data shows these efforts often fail to lower risk profiles. According to the Qualys State of Cyber Risk Report by Dark Reading, 71 percent of organizations report rising (51 percent) or consistent (20 percent) cyber risk levels, with only six percent experiencing a decrease. While nearly half (49 percent) of organizations have formal cyber risk programs, the industry remains in early maturity. Notably, 43 percent of these programs have been in place for two years or less, and 19 percent are still in the planning phase."
        https://www.theregister.com/2025/10/21/restructuring_risk_operations_building/
        https://www.qualys.com/forms/whitepapers/state-of-cyber-risk-report-and-roc-promotion/
      • How Malware Vaccines Could Stop Ransomware's Rampage
        "What's better, prevention or cure? For a long time the global cybersecurity industry has operated by reacting to attacks and computer viruses. But given that ransomware has continued to escalate, more proactive action is needed. Malware vaccines were a hot topic of discussion at the recent ONE Conference in The Hague, where Justin Grosfelt, senior manager for the Reversing, Emulation, and Testing team at global cybersecurity firm Recorded Future, presented new research showing it is possible to develop code that makes only cosmetic changes to a Windows PC in order to trick malware into not bothering to infect it."
        https://www.theregister.com/2025/10/21/malware_vaccines/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post