NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 November 202

    Cyber Security News
    1
    1
    49
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Cyber Physical Systems Face Rising Geopolitical Risks
        "Global conflicts, civil unrest and tariff wars provide new opportunities for cyber adversaries, especially those targeting operational technology systems. Attackers are now focusing on fragile supply chains affected by geopolitical conflicts. Researchers predict this heightened threat environment will result in at least one major cyber-physical breach in the next 12 months. Geopolitical risks are creating instability in the sourcing, manufacturing and delivery of critical hardware and software components, said Sean Tufts, field CTO at Claroty, which recently released Global State of CPS Security 2025, a report based on a global survey of 1,100 cybersecurity professionals responsible for the protection of cyber-physical systems."
        https://www.bankinfosecurity.com/cyber-physical-systems-face-rising-geopolitical-risks-a-29931
        https://claroty.com/resources/reports/the-global-state-of-cps-security-2025-navigating-risk-in-an-uncertain-economic-landscape

      Vulnerabilities

      • Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass
        "The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability."
        https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/noo-jobmonster/jobmonster-job-board-wordpress-theme-481-authentication-bypass
        https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-auth-bypass-flaw-in-jobmonster-wordpress-theme/
      • Radiometrics VizAir
        "Successful exploitation of these vulnerabilities could allow attackers to manipulate critical weather parameters and runway settings, mislead air traffic control and pilots, extract sensitive meteorological data, and cause significant disruption to airport operations, leading to hazardous flight conditions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04
      • 400,000 WordPress Sites Affected By Account Takeover Vulnerability In Post SMTP WordPress Plugin
        "On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password reset emails, and change the password of any user, including an administrator, which allows them to take over the account and the website."
        https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-vulnerability-in-post-smtp-wordpress-plugin/
        https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/
      • Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers At Risk
        "The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 – a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to developers."
        https://jfrog.com/blog/cve-2025-11953-critical-react-native-community-cli-vulnerability/
        https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html
        https://www.securityweek.com/critical-flaw-in-popular-react-native-npm-package-exposes-developers-to-attacks/
      • Android Update Patches Critical Remote Code Execution Flaw
        "Google on Monday announced a fresh set of security updates for the Android platform, to address two vulnerabilities in the System component. The November 2025 Android fixes mark another shift from the monthly updates the internet giant has been rolling out since 2015, as they come with a single security patch level, the 2025-11-01 patch level. For nearly a decade, the update was split into two security patch levels, to make it easier for vendors to address vulnerabilities specific to their devices. The second security patch level of each month contained patches for all the bugs described in that month’s security bulletin."
        https://www.securityweek.com/android-update-patches-critical-remote-code-execution-flaw/
        https://securityaffairs.com/184208/security/google-fixed-a-critical-remote-code-execution-in-android.html
      • Survision License Plate Recognition Camera
        "Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-02
      • Delta Electronics CNCSoft-G2
        "Successful exploitation of this vulnerability could allow attackers to execute arbitrary code in the context of the current process."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-03
      • IDIS ICM Viewer
        "Successful exploitation of this vulnerability could result in an attacker executing arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-05
      • Apple Patches 19 WebKit Vulnerabilities
        "Apple on Monday announced the release of security updates for iOS and macOS to resolve over 100 vulnerabilities. iOS 26.1 and iPadOS 26.1 were rolled out with patches for 56 security defects, including 19 issues that affect the WebKit browser engine. Successful exploitation of the flaws, Apple notes in its advisory, could allow websites to exfiltrate data cross-origin, could lead to unexpected process crashes and memory corruption, and could allow applications to monitor keystrokes."
        https://www.securityweek.com/apple-patches-19-webkit-vulnerabilities/
        https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html
        https://securityaffairs.com/184184/security/google-big-sleep-found-five-vulnerabilities-in-safari.html
        https://cyberscoop.com/apple-security-update-november-2025/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-11371 Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability
        CVE-2025-48703 CWP Control Web Panel OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • Fuji Electric Monitouch V-SFT-6
        "Successful exploitation of these vulnerabilities could crash the accessed device; a buffer overflow condition may allow remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-01
      • Exploiting Trust In Collaboration: Microsoft Teams Vulnerabilities Uncovered
        "Trust alone isn’t a security strategy. That’s the key lesson from new research by Check Point Research, which uncovered multiple vulnerabilities in Microsoft Teams that could allow attackers to impersonate executives, manipulate messages, and spoof notifications. With more than 320 million monthly active users, Microsoft Teams has become the backbone of modern workplace communication. From boardroom meetings to quick one-to-one chats, it powers the daily interactions of enterprises, small businesses, and governments worldwide. But Check Point Research’s latest findings show how attackers can twist the very trust mechanisms that make Teams effective, turning collaboration into an attack vector."
        https://blog.checkpoint.com/research/exploiting-trust-in-collaboration-microsoft-teams-vulnerabilities-uncovered/
        https://thehackernews.com/2025/11/microsoft-teams-bugs-let-attackers.html
        https://www.theregister.com/2025/11/04/microsoft_teams_bugs_could_let/
      • TruffleHog, Fade In And BSAFE Crypto-C Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website."
        https://blog.talosintelligence.com/trufflehog-fade-in-and-bsafe-crypto-c-vulnerabilities/
      • Zscaler Discovers Vulnerability In Keras Models Allowing Arbitrary File Access And SSRF (CVE-2025-12058)
        "Zscaler uncovered a vulnerability in Keras that exposed AI and machine learning environments to file access and network exploitation risks, highlighting the urgent need to secure the AI model supply chain. Through responsible disclosure and ongoing research, Zscaler helps enterprises stay protected from emerging AI threats with a Zero Trust approach."
        https://www.zscaler.com/blogs/security-research/zscaler-discovers-vulnerability-keras-models-allowing-arbitrary-file-access

      Malware

      • Curly COMrades: Evasion And Persistence Via Hidden Hyper-V Virtual Machines
        "This investigation, conducted with support from the Georgian CERT functioning under the Operative-Technical Agency of Georgia, uncovered new tools and techniques used by the Curly COMrades threat actor. They established covert, long-term access to victim networks by abusing virtualization features (Hyper-V) on compromised Windows 10 machines to create a hidden remote operating environment. We first documented the Curly COMrades threat actor, operating to support Russian interests in geopolitical hotbeds, in August 2025. Since that initial discovery, subsequent forensics and incident response efforts have revealed critical new tools and techniques."
        https://businessinsights.bitdefender.com/curly-comrades-evasion-persistence-hidden-hyper-v-virtual-machines
        https://www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
        https://www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows
        https://www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/
      • Inside The Rise Of AI-Powered Pharmaceutical Scams
        "Over the past few months, we identified an emerging online threat that combines fraud, social engineering, and genuine health risks. Scammers are now impersonating licensed physicians and medical clinics to promote counterfeit or unsafe medications, frequently leveraging AI and deepfake technology to generate convincing fake photos, videos, and endorsements. The stakes extend beyond financial theft. Victims are persuaded to purchase and consume unapproved or potentially dangerous substances marketed as legitimate prescriptions. This convergence of digital deception and physical harm makes the threat particularly insidious – Criminals exploit the trust inherent in healthcare relationships to generate revenue while amplifying their reach through fraudulent social proof."
        https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
      • Scattered LAPSUS$ Hunters: Anatomy Of a Federated Cybercriminal Brand
        "Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). The collective comprises Scattered Spider, ShinyHunters, and LAPSUS$. The group heavily uses a public encryption communication service as its primary operating base and allows its EaaS affiliates to use the member’s very well-known names to create fear, which it claims will generate a higher financial return."
        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/scattered-lapsuss-hunters-anatomy-of-a-federated-cybercriminal-brand/
        https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html
        https://www.infosecurity-magazine.com/news/scattered-spider-shinyhunters/
      • The DragonForce Cartel: Scattered Spider At The Gate
        "Acronis Threat Research Unit (TRU) analyzed recent activity linked to the DragonForce ransomware group and identified a new malware variant in the wild. The latest sample uses vulnerable drivers such as truesight.sys and rentdrv2.sys to disable security software, terminate protected processes and correct encryption flaws previously associated with Akira ransomware. The updated encryption scheme addresses weaknesses publicly detailed in a Habr article cited on DragonForce’s leak site."
        https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate/
        https://www.infosecurity-magazine.com/news/dragonforce-cartel-conti-derived/
      • LABScon25 Replay | LLM-Enabled Malware In The Wild
        "This presentation explores the emerging threat of LLM-enabled malware, where adversaries embed Large Language Model capabilities directly into malicious payloads. Unlike traditional malware, these threats generate malicious code at runtime rather than embedding it statically, creating significant detection challenges for security teams. SentinelLABS’ Alex Delamotte and Gabriel Bernadett-Shapiro present their team’s research on how LLMs are weaponized in the wild, distinguishing between various adversarial uses, from AI-themed lures to genuine LLM-embedded malware. The research focused on malware that leverages LLM capabilities as a core operational component, exemplified by notable cases like PromptLock ransomware and APT28’s LameHug/PROMPTSTEAL campaigns."
        https://www.sentinelone.com/labs/labscon25-replay-llm-enabled-malware-in-the-wild/

      Breaches/Hacks/Leaks

      • Apache OpenOffice Disputes Data Breach Claims By Ransomware Gang
        "The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. Apache OpenOffice is a free, open-source office suite that includes word processing, spreadsheets, presentations, graphics, and database tools. It's compatible with major file formats, such as Word and Excel, and runs on multiple operating systems. On October 30th, the Akira ransomware gang claimed it had breached Apache OpenOffice and stolen 23 GB of data, including employee and financial information, as well as internal files."
        https://www.bleepingcomputer.com/news/security/apache-openoffice-disputes-data-breach-claims-by-ransomware-gang/
      • Data Breach At Major Swedish Software Supplier Impacts 1.5 Million
        "The Swedish Authority for Privacy Protection (IMY) is investigating a cyberattack on IT systems supplier Miljödata that exposed data belonging to 1.5 million people. Miljödata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it. The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås."
        https://www.bleepingcomputer.com/news/security/data-breach-at-major-swedish-software-supplier-impacts-15-million/
      • Media Giant Nikkei Reports Data Breach Impacting 17,000 People
        "Japanese publishing giant Nikkei announced earlier today that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners. Nikkei is one of the largest media corporations worldwide, owns the Financial Times and The Nikkei, the world's largest financial newspaper. It has approximately 3.7 million digital paid subscriptions, as well as over 40 affiliated companies involved in publishing, broadcasting, events, database services, and the index business."
        https://www.bleepingcomputer.com/news/security/media-giant-nikkei-reports-data-breach-impacting-17-000-people/
      • Polish Loan Platform Hacked; Mobile Payment System And Other Businesses Disrupted
        "Polish authorities are investigating a series of cyberattacks that disrupted digital services and exposed personal data from several major companies, including a leading online lender and the country’s top mobile payment system. Digital Affairs Minister Krzysztof Gawkowski said cyberattacks targeting Poland’s public and private infrastructure are becoming “commonplace.” “We’re seeing thousands of incidents reported daily,” he added."
        https://therecord.media/poland-hacks-loan-platform-mobile-payments-system-travel-agency

      General News

      • How Nations Build And Defend Their Cyberspace Capabilities
        "In this Help Net Security interview, Dr. Bernhards Blumbergs, Lead Cyber Security Expert at CERT.LV, discusses how cyberspace has become an integral part of national and military operations. He explains how countries develop capabilities to act and defend in this domain, often in coordination with activities in other areas of conflict. Dr. Blumbergs also explains that, despite progress in forensics and AI, identifying who is responsible for cyberspace operations remains difficult and often uncertain."
        https://www.helpnetsecurity.com/2025/11/04/bernhards-blumbergs-cert-lv-cyberspace-operations-attribution/
      • Cybercriminals Have Built a Business On YouTube’s Blind Spots
        "The days when YouTube was just a place for funny clips and music videos are behind us. With 2.53 billion active users, it has become a space where entertainment, information, and deception coexist. Alongside everyday videos, the site has seen more scams, deepfakes, and promotions hiding harmful links behind familiar logos. Malware found in tutorials, hijacked creator accounts, and fraudulent investment content have become recurring issues."
        https://www.helpnetsecurity.com/2025/11/04/youtube-video-scams-cybercrime/
        https://www.arxiv.org/abs/2509.23418
      • Financial Services Can’t Shake Security Debt
        "In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” that keeps growing, according to Veracode’s 2025 State of Software Security report. Researchers analyzed data from more than 1.3 million applications and 126 million security findings. Financial institutions perform better than average at preventing severe vulnerabilities, but they are slower to fix them and carry more long-term security debt than most other sectors."
        https://www.helpnetsecurity.com/2025/11/04/veracode-financial-services-security-debt/
        https://www.veracode.com/resources/analyst-reports/state-of-software-security-2025/
      • Decisive Actions Against Cryptocurrency Scammers Earning Over EUR 600 Million
        "Nine people suspected of money laundering have been arrested during a synchronised operation that took place in three countries at the same time. The suspects set up a cryptocurrency money laundering network that scammed victims out of over EUR 600 million. Eurojust, the EU’s judicial cooperation hub, ensured that French, Belgian, Cypriot, German and Spanish authorities worked together to take the network down."
        https://www.eurojust.europa.eu/news/decisive-actions-against-cryptocurrency-scammers-earning-over-eur-600-million
        https://www.bleepingcomputer.com/news/security/european-police-dismantles-600-million-crypto-investment-fraud-ring/
        https://therecord.media/9-arrested-europe-crypto-platform-takedown
        https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html
        https://www.infosecurity-magazine.com/news/french-police-seize-16m-euros/
        https://www.helpnetsecurity.com/2025/11/04/europe-crypto-scam-arrests/
      • Treasury Sanctions DPRK Bankers And Institutions Involved In Laundering Cybercrime Proceeds And IT Worker Funds
        "Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned eight individuals and two entities for their role in laundering funds derived from a variety of illicit Democratic People’s Republic of Korea (DPRK) schemes, including cybercrime and information technology (IT) worker fraud. “North Korean state-sponsored hackers steal and launder money to fund the regime’s nuclear weapons program,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley. “By generating revenue for Pyongyang’s weapons development, these actors directly threaten U.S. and global security. Treasury will continue to pursue the facilitators and enablers behind these schemes to cut off the DPRK’s illicit revenue streams.”"
        https://home.treasury.gov/news/press-releases/sb0302
        https://therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime
        https://cyberscoop.com/north-korean-companies-people-sanctioned-for-money-laundering-from-cybercrime-it-worker-schemes/
      • Software Supply Chain Attacks Surge To Record High In October 2025
        "Software supply chain attacks hit a new record in October that was more than 30% higher than the previous record set in April 2025. Cyble’s data – based on attacks claimed by threat actors on dark web data leak sites – shows that threat actors claimed 41 supply chain attacks in October, 10 more than the previous high seen in April. Supply chain attacks have remained elevated since April, averaging more than 28 a month since then, a rate that is more than twice as high as the 13 attacks per month seen between early 2024 and March 2025 (chart below)."
        https://cyble.com/blog/record-surge-in-software-supply-chain-attacks/
      • CISO Predictions For 2026
        "At the end of every year, Fortinet publishes the Global Threat Landscape Report, which details the year’s activity and makes cybersecurity predictions for the coming year. This year will be no different. However, as part of our CISO Collective, we have also inaugurated an annual CISO Predictions Report for 2026 this year. Here is a selection of issues we expect CISOs to be dealing with in 2026 and beyond."
        https://www.fortinet.com/blog/ciso-collective/ciso-predictions-for-2026
      • 2025 INSIDER RISK REPORT – The Shift To Predictive Whole-Person Insider Risk Management
        "The new 2025 Insider Risk Report [download], produced by Cybersecurity Insiders in collaboration with Cogility, highlights that nearly all security leaders (93%) say insider threats are as difficult or harder to detect than external cyberattacks. Yet only 23% express strong confidence in stopping them before serious damage occurs. The report warns that most organizations remain reactive despite a surge in AI-driven risks and the increasing prevalence of decentralized workforces."
        https://www.cybersecurity-insiders.com/2025-insider-risk-report-the-shift-to-predictive-whole-person-insider-risk-management/
      • Malicious Android Apps On Google Play Downloaded 42 Million Times
        "Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. During the same period, the company observed a 67% year-over-year growth in malware targeting mobile devices, with spyware and banking trojans being a prevalent risk. Telemetry data shows that threat actors are shifting from traditional card fraud to exploiting mobile payments using phishing, smishing, SIM-swapping, and payment scams."
        https://www.bleepingcomputer.com/news/security/malicious-android-apps-on-google-play-downloaded-42-million-times/
      • Preparing For Threats To Come: Cybersecurity Forecast 2026
        "Every November, we make it our mission to equip organizations with the knowledge needed to stay ahead of threats we anticipate in the coming year. The Cybersecurity Forecast 2026 report, released today, provides comprehensive insights to help security leaders and teams prepare for those challenges. This report does not contain "crystal ball" predictions. Instead, our forecasts are built on real-world trends and data we are observing right now. The information contained in the report comes directly from Google Cloud security leaders, and dozens of experts, analysts, researchers, and responders directly on the frontlines."
        https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2026

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 19d066e0-8f6d-475a-83f7-feed22fb071a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post