NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 November 2025

    Cyber Security News
    1
    1
    159
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Zenitel TCIV-3+
        "Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03
      • Festo Compact Vision System, Control Block, Controller, And Operator Unit Products
        "Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-05
      • SiRcom SMART Alert (SiSA)
        "Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-06
      • Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-01
      • Rockwell Automation Arena Simulation
        "Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-02
      • Opto 22 Groov View
        "Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-04

      Vulnerabilities

      • Update Firefox To Patch CVE-2025-13016 Vulnerability Affecting 180 Million Users
        "AI security firm AISLE recently discovered a serious vulnerability in the Firefox web browser that went unnoticed for six months. This flaw could have let attackers run their own instructions on a user’s computer, potentially putting over 180 million users at risk."
        https://hackread.com/update-firefox-patch-cve-2025-13016-vulnerability/

      Malware

      • RelayNFC: The New NFC Relay Malware Targeting Brazil
        "Cyble Research and Intelligence Labs (CRIL) has uncovered an active and evolving phishing campaign targeting users in Brazil. Dubbed RelayNFC, this Android malware family is designed specifically to perform NFC relay attacks for fraudulent contactless payments. RelayNFC is a lightweight yet highly evasive malware because of its Hermes-compiled payload. This makes detection significantly harder, enabling it to stealthily capture victims’ card data and relay it in real time to an attacker-controlled server."
        https://cyble.com/blog/relaynfc-nfc-relay-malware-targeting-brazil/
      • Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
        "Welcome to watchTowr vs the Internet, part 68. That feeling you’re experiencing? Dread. You should be used to it by now. As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive environments - and then spent a number of months working out if we could travel back in time to a period in which we just hadn't. Remember, kids - a problem shared is a problem that isn't just your problem anymore. It's the Shared Responsibility model(tm)."
        https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
        https://www.bleepingcomputer.com/news/security/code-beautifiers-expose-credentials-from-banks-govt-tech-orgs/
        https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html
        https://www.bankinfosecurity.com/blogs/data-leaks-are-we-so-stupid-about-free-online-services-p-3982
        https://www.helpnetsecurity.com/2025/11/25/code-formatting-sites-exposing-secrets/
      • Fake Adult Websites Pop Realistic Windows Update Screen To Deliver Stealers Via ClickFix
        "Novel "JackFix" attack: Acronis TRU researchers discover an ongoing campaign that leverages a novel combination of screen hijacking techniques with ClickFix, displaying a realistic, full-screen Windows Update of “Critical Windows Security Updates” to trick victims into executing malicious commands. Adult content bait strategy: Campaign leverages fake adult websites (xHamster, PornHub clones) as its phishing mechanism, likely distributed via malvertising. The adult theme, and possible connection to shady websites, add to victim’s psychological pressure, making victims more likely to comply with sudden “security update” installation instructions."
        https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/
        https://thehackernews.com/2025/11/jackfix-uses-fake-windows-update-pop.html
        https://www.darkreading.com/threat-intelligence/jackfix-attack-clickfix-mitigations
      • The Dual-Use Dilemma Of AI: Malicious LLMs
        "A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to technologies like nuclear physics or biotechnology, but now also central to AI. Any tool powerful enough to build a complex system can also be repurposed to break one. This dilemma manifests in several critical ways related to cybersecurity. While defenders can employ LLMs to speed up and improve responses, attackers can also take advantage of them for their workflows."
        https://unit42.paloaltonetworks.com/dilemma-of-ai-malicious-llms/
        https://www.securityweek.com/wormgpt-4-and-kawaiigpt-new-dark-llms-boost-cybercrime-automation/
        https://www.theregister.com/2025/11/25/wormgpt_4_evil_ai_lifetime_cost_220_dollars/
      • FlexibleFerret Malware Continues To Strike
        "Early in 2025, a SentinelOne blog post brought to light a malware family known as FlexibleFerret. This malware family is attributed to DPRK-aligned operators and tied to fake recruitment lures associated with the Contagious Interview operation. In this operation, individuals are led through staged hiring tasks that result in the execution of malicious instructions. Earlier this month, Validin released a blog highlighting the details of an attack that they identified as a new variant of the Contagious Interview campaign. Jamf Threat Labs has been tracking similar activity stemming from in-the-wild detections that began with the execution of a script called /var/tmp/macpatch.sh."
        https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt/
        https://www.darkreading.com/cyberattacks-data-breaches/dprks-flexibleferret-tightens-macos-grip
        https://www.infosecurity-magazine.com/news/flexibleferret-malware-macos-go/
      • FBI: Cybercriminals Stole $262M By Impersonating Bank Support Teams
        "The FBI warned today of a massive surge in account takeover (ATO) fraud schemes and said that cybercriminals impersonating financial institutions have stolen over $262 million in ATO attacks since the start of the year. Since January 2025, the FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints, with the attacks impacting individuals, as well as businesses and organizations across all industry sectors. In these schemes, criminals gain unauthorized access to online bank, payroll, or health savings accounts using various social engineering techniques or fraudulent websites, the FBI said."
        https://www.bleepingcomputer.com/news/security/fbi-cybercriminals-stole-262-million-by-impersonating-bank-support-teams-since-january/
        https://www.ic3.gov/PSA/2025/PSA251125
        https://therecord.media/millions-in-account-takeover-fbi-warns-ahead-of-holidays
        https://securityaffairs.com/185060/cyber-crime/fbi-bank-impersonators-fuel-262m-surge-in-account-takeover-fraud.html
      • Zscaler Threat Hunting Discovers And Reconstructs a Sophisticated Water Gamayun APT Group Attack
        "This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability, ultimately delivering hidden PowerShell payloads and final malware loaders."
        https://www.zscaler.com/blogs/security-research/water-gamayun-apt-attack
      • Smishing Triad Targets Egypt’s Financial Sector And Postal Services
        "Recently, during one of our threat hunting operations, our squad identified multiple malicious domains impersonating major Egyptian service providers, including Fawry, the Egypt Post, and Careem. These domains were likely established to support fraud, phishing campaigns, and other malicious activities targeting users and organizations. Before we begin our analysis, we will provide an overview of the Smishing Triad, the cybercriminal group relevant to this report."
        https://darkatlas.io/blog/smishing-triad-targets-egypts-financial-sector-and-postal-services
        https://www.infosecurity-magazine.com/news/smishing-triad-campaigns-expand/
      • Threat Spotlight: Akira Ransomware’s SonicWall Campaign Creates Enterprise M&A Risk
        "The “Akira” ransomware group has been weaponizing vulnerabilities in SonicWall SSL VPN devices, revealing an overlooked threat for larger enterprises navigating mergers and acquisitions (M&A). These devices, widely used by small- and medium-sized businesses due to their affordability and ease of use, have become launchpads for Akira’s fast-spreading attacks. ReliaQuest analyzed a series of Akira attacks between June and October 2025 that targeted SonicWall SSL VPN devices to uncover a troubling trend. In every incident, Akira operators gained a foothold in larger, acquiring enterprises by compromising SonicWall devices inherited from smaller, acquired business during M&A. In these cases, the acquiring enterprises were unaware that these devices existed in their new environments, leaving critical vulnerabilities exposed."
        https://reliaquest.com/blog/threat-spotlight-akira-ransomwares-sonicwall-campaign-creates-enterprise-m&a-risk
        https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions/
      • Influencers In The Crosshairs: How Cybercriminals Are Targeting Content Creators
        "It’s not an easy time to be an influencer. Brands are spending less, ad revenue is declining and competition is fierce – including from AI-generated influencers and impersonators. According to one study, around half of the industry makes just $15,000 or less per year, while just one in 10 pull in over $100,000. As if that wasn’t enough, there’s another challenge: influencers are an increasingly popular target for cybercriminals. A recent spear-phishing campaign abusing brands such as Tesla and Red Bull highlights the potential risks."
        https://www.welivesecurity.com/en/social-media/influencers-crosshairs-cybercriminals-targeting-content-creators/
      • Russian Hackers Target US Engineering Firm Because Of Work Done For Ukrainian Sister City
        "Hackers working for Russian intelligence attacked an American engineering company this fall, investigators at a U.S. cybersecurity company said Tuesday — seemingly because that firm had worked for a U.S. municipality with a sister city in Ukraine. The findings reflect the evolving tools and tactics of Russia’s cyber war and demonstrate Moscow’s willingness to attack a growing list of targets, including governments, organizations and private companies that have supported Ukraine, even in a tenuous way."
        https://www.securityweek.com/russian-hackers-target-us-engineering-firm-because-of-work-done-for-ukrainian-sister-city/

      Breaches/Hacks/Leaks

      • Dartmouth College Confirms Data Breach After Clop Extortion Attack
        "​Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. The private Ivy League research university, founded in 1769, has an endowment of $9 billion as of June 30, 2025, over 40 academic departments and programs, and more than 4,000 undergraduate students, with a 7:1 undergraduate-to-faculty ratio. In a breach notification letter filed with the office of Maine's Attorney General, Dartmouth says the attackers exploited an Oracle E-Business Suite (EBS) zero-day vulnerability to steal personal information belonging to 1,494 individuals."
        https://www.bleepingcomputer.com/news/security/dartmouth-college-confirms-data-breach-after-clop-extortion-attack/
        https://www.theregister.com/2025/11/25/clop_dartmouth_college/
      • Canon Says Subsidiary Impacted By Oracle EBS Hack
        "Imaging and optical technology giant Canon has confirmed being targeted in the recent Oracle E-Business Suite (EBS) hacking campaign. However, its investigation has shown that the incident is limited to a subsidiary of Canon U.S.A., Inc., the company told SecurityWeek in an emailed statement. “We have confirmed that the incident only affected the web server, and we have already taken security measures and resumed service,” Canon said. “In addition, we are continuing to investigate further to ensure that there is no other impact.”"
        https://www.securityweek.com/canon-says-subsidiary-impacted-by-oracle-ebs-hack/
      • OnSolve CodeRED Cyberattack Disrupts Emergency Alert Systems Nationwide
        "Risk management company Crisis24 has confirmed its OnSolve CodeRED platform suffered a cyberattack that disrupted emergency notification systems used by state and local governments, police departments, and fire agencies across the United States. The CodeRED platform enables these agencies to send alerts to residents during emergencies. The cyberattack forced Crisis24 to decommission the legacy CodeRED environment, causing widespread disruption for organizations that use the platform for emergency notifications, weather alerts, and other sensitive warnings."
        https://www.bleepingcomputer.com/news/security/onsolve-codered-cyberattack-disrupts-emergency-alert-systems-nationwide/
      • Georgia Court Filing Organization Warns Of Outages After Ransomware Allegations
        "The organization responsible for managing real estate and civil court filings in Georgia has been knocked offline by a cyberattack that began on Friday. The Georgia Superior Court Clerks' Cooperative Authority (GSCCCA) said it is experiencing a “credible and ongoing cybersecurity threat” that forced the organization to temporarily restrict access to its website and services."
        https://therecord.media/georgia-court-filing-org-ransomware-warning

      General News

      • Supply Chain Sprawl Is Rewriting Security Priorities
        "Organizations depend on long chains of vendors, but many cybersecurity professionals say these relationships create gaps they cannot see or control. A new ISC2 survey of more than 1,000 cybersecurity professionals shows that supply chain risk sits near the top of their concerns. 70% of respondents said their organizations are concerned about cybersecurity risks linked to third party suppliers. Concern is highest in enterprise environments and in sectors that handle financial or government data."
        https://www.helpnetsecurity.com/2025/11/25/isc2-vendor-security-gaps-report/
      • The 2026 Tech Tsunami: AI, Quantum, And Web 4.0 Collide
        "The year 2026 will not be defined by incremental upgrades. It will be shaped by an unprecedented collision of forces: next-generation computing, hyper-automation, and a global cyber security reckoning. Technological convergence and the rise of autonomous systems will redefine global resilience. Artificial intelligence is no longer a single discipline. It has become the connective tissue linking cloud, networks, and physical systems. Quantum research is challenging the fundamental mathematics of digital trust, while Web 4.0 is transforming the internet into an immersive, always-on layer of reality."
        https://blog.checkpoint.com/executive-insights/the-2026-tech-tsunami-ai-quantum-and-web-4-0-collide/
      • How An AI Meltdown Could Reset Enterprise Expectations
        "In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once failures start to have business impact."
        https://www.helpnetsecurity.com/2025/11/25/graham-mcmillan-redgate-software-ai-security-future/
      • Aircraft Cabin IoT Leaves Vendor And Passenger Data Exposed
        "The expansion of IoT devices in shared, multi-vendor environments, such as aircraft cabins, has created tension between the benefits of data collaboration and the risks to passenger privacy, vendor intellectual property, and regulatory compliance. A new study finds that even with protections that scramble data while it moves between devices, sensitive information often remains exposed once it reaches its destination."
        https://www.helpnetsecurity.com/2025/11/25/aircraft-cabin-iot-privacy-exposure/
        https://arxiv.org/pdf/2511.15278
      • AI And Deepfake-Powered Fraud Skyrockets Amid Identity Fraud Stagnation
        "AI is reshaping the identity fraud landscape, helping cybercriminals deploy more sophisticated fraud schemes than ever, despite a global stagnation in fraud attempts. The latest of Sumsub’s Identity Fraud Report, published on November 25, 2025, showed that while identity fraud has slightly decreased in 2025, with identity fraud attempts at 2.2% of all analyzed verifications worldwide – compared to 2.6% in 2024 – the most sophisticated of these attempts have jumped 180%."
        https://www.infosecurity-magazine.com/news/ai-deepfake-fraud-skyrockets/
      • Mounting Cyber-Threats Prompt Calls For Economic Security Bill
        "UK lawmakers have called on the government to enshrine in law a new approach to economic security, citing a growing menace to the country from cyber and other threats. The House of Commons Business and Trade Committee issued the call as it published a new report yesterday: Toward a new doctrine for economic security. “Britain is now hugely exposed to the risks of economic warfare and bluntly, our current defenses are not fit for the future,” argued committee chair, Liam Byrne."
        https://www.infosecurity-magazine.com/news/mounting-cyber-threats-economic/
      • CISOs Get Real About Hiring In The Age Of AI
        "Becky Bracken: Hello, and welcome to Dark Reading Confidential. It's a podcast from the editors of Dark Reading, focused on bringing you real world stories straight from the cyber trenches. Today we are talking about the cybersecurity job market, talent pipeline, and the disruption of both as automation and AI start in earnest to take over those traditional entry level tier one analyst roles."
        https://www.darkreading.com/cybersecurity-operations/ciscos-get-real-about-hiring-age-ai
      • Advanced Security Isn't Stopping Ancient Phishing Tactics
        "Phishing is nothing new when it comes to cybersecurity threats, constantly putting users and organizations at risk of compromising sensitive information. But a new study has uncovered alarming insights about the persistent nature of phishing attacks against enterprises in particular, revealing how even some of the most mature companies with the most advanced security systems continue to remain vulnerable — and why phishing attacks aren't going away anytime soon."
        https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
      • Cyberthreats Targeting The 2025 Holiday Season: What CISOs Need To Know
        "Every year, the holiday season brings a predictable spike in online activity. But in 2025, the volume of newly created malicious infrastructure, account compromise activity, and targeted exploitation of e-commerce systems is markedly higher. Attackers began preparing months in advance, leveraging industrialized tools and services that enable them to scale attacks across multiple platforms, geographies, and merchant categories."
        https://www.fortinet.com/blog/threat-research/cyberthreats-targeting-2025-holiday-season-what-cisos-need-to-know
      • Cato CTRL™ Threat Research: HashJack – Novel Indirect Prompt Injection Against AI Browser Assistants
        "HashJack is a newly discovered indirect prompt injection technique that conceals malicious instructions after the # in legitimate URLs. When AI browsers send the full URL (including the fragment) to their AI assistants, those hidden prompts get executed. This enables threat actors to conduct a variety of malicious activities. Cato CTRL’s findings outline six scenarios including callback phishing, data exfiltration (in agentic modes), misinformation, malware guidance, medical harm, and credential theft. Trusted URL. Clean webpage. Compromised AI browser assistant."
        https://www.catonetworks.com/blog/cato-ctrl-hashjack-first-known-indirect-prompt-injection/
        https://www.theregister.com/2025/11/25/hashjack_attack_ai_browser_hashtag/
      • The AI-Fication Of Cyberthreats: Trend Micro Security Predictions For 2026
        "Our annual security predictions report is designed to help organizations navigate an ever-changing threat landscape with confidence so they can face the challenges and seize the opportunities that the coming year has in store. Drawing on insights from Trend Micro’s global team of researchers and security experts, this year’s edition highlights the trends we believe will shape 2026 and beyond. The cybersecurity landscape is entering a new era, one shaped by automation and constant connection. Businesses are embracing AI tools to boost efficiency, sharpen decision-making, and unlock new opportunities. However, cybercriminals are also using these tools to automate reconnaissance, launch phishing campaigns, and carry out attacks at scale. What once required deep expertise can now be done with minimal effort, as AI-driven automation levels the playing field between skilled attackers and opportunistic threat actors."
        https://www.trendmicro.com/vinfo/gb/security/research-and-analysis/predictions/the-ai-fication-of-cyberthreats-trend-micro-security-predictions-for-2026
        https://documents.trendmicro.com/assets/research-reports/the-ai-fication-of-cyberthreats-trend-micro-security-predictions-for-2026.pdf
        https://www.theregister.com/2025/11/25/trend_micro_agentic_ai_assisted_ransomware/
      • Is Your Android TV Streaming Box Part Of a Botnet?
        "On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers."
        https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 05fb3ed5-24ec-4087-8d8f-986d898972b5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post