NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 02 December 2025

    Cyber Security News
    1
    1
    9
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • APT And Financial Attacks On Industrial Organizations In Q3 2025
        "This summary provides an overview of reports on APT and financial attacks on industrial enterprises disclosed in Q3 2025, as well as the related activities of groups observed attacking industrial organizations. For each topic, we summarize the key facts, findings and conclusions of researchers that we believe may be useful to professionals addressing practical issues of cybersecurity in industrial enterprises."
        https://ics-cert.kaspersky.com/publications/reports/2025/12/01/apt-and-financial-attacks-on-industrial-organizations-in-q3-2025/

      Vulnerabilities

      • Google Addresses 107 Android Vulnerabilities, Including Two Zero-Days
        "Google disclosed two actively exploited zero-day vulnerabilities Monday, which it addressed among a total of 107 defects in the company’s monthly security update for Android devices. The zero-days — CVE-2025-48633 and CVE-2025-48572 — are both high-severity defects affecting the Android framework, which attackers can exploit to access information and escalate privileges, respectively. Google said both vulnerabilities, which had not been added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog as of Monday afternoon, may be under limited, targeted exploitation."
        https://cyberscoop.com/android-security-update-december-2025/

      Malware

      • SmartTube YouTube App For Android TV Breached To Push Malicious Update
        "The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk. The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app."
        https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
      • Glassworm's Resurgence
        "Security can't take holidays off, but the code marketplace scanners just might. Over the past week, we've identified and tracked an unprecedented 23 extensions which copy other popular extensions, update after publishing with malware, manipulate download counts, and use KNOWN attack signatures which have been in use for months. Many of these relate to Glassworm malware, but there could be mulitple campaigns at work also."
        https://secureannex.com/blog/glassworm-continued/
        https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/
      • 4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign
        "Koi researchers have identified a threat actor we're calling ShadyPanda - responsible for a seven-year browser extension campaign that has infected 4.3 million Chrome and Edge users. Our investigation uncovered two active operations: A 300,000-user RCE backdoor: Five extensions, including the "Featured" and "Verified" Clean Master, were weaponized in mid-2024 after years of legitimate operation. These extensions now run hourly remote code execution - downloading and executing arbitrary JavaScript with full browser access. They monitor every website visit, exfiltrate encrypted browsing history, and collect complete browser fingerprints."
        https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign
        https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html
        https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/
        https://www.theregister.com/2025/12/01/chrome_edge_malicious_browser_extensions/
      • Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance And Crypto Wallets
        "Over the past few months, the Cleafy Threat Intelligence team has identified and analyzed Albiriox, a newly emerging Android malware family promoted as a Malware-as-a-Service (MaaS) within underground cybercrime forums. First observed in September 2025 during a limited recruitment phase targeting high-reputation forum members, the project transitioned to a publicly available MaaS offering in October 2025. Forum activity, linguistic patterns, and infrastructure analysis indicate that Russian-speaking Threat Actors (TAs) are behind the operation."
        https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
        https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html
        https://www.infosecurity-magazine.com/news/android-maas-malware-albiriox-dark/
        https://www.malwarebytes.com/blog/news/2025/12/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account
        https://www.securityweek.com/new-albiriox-android-malware-developed-by-russian-cybercriminals/
        https://securityaffairs.com/185194/malware/emerging-android-threat-albiriox-enables-full-on‑device-fraud.html
      • Two Years, 17K Downloads: The NPM Malware That Tried To Gaslight Security Scanners
        "We train our AI risk engine to look for something most scanners don't: code that tries to manipulate AI-based security tools. As LLMs become part of the security stack, from code review to package analysis, attackers will adapt. They'll start writing code that's designed not just to evade detection, but to actively mislead the AI doing the analysis. We built our engine to catch that. This week, it caught something interesting."
        https://www.koi.ai/blog/two-years-17k-downloads-the-npm-malware-that-tried-to-gaslight-security-scanners
        https://www.infosecurity-magazine.com/news/malware-ai-detection-npm-package/

      Breaches/Hacks/Leaks

      • Retail Giant Coupang Data Breach Impacts 33.7 Million Customers
        "South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. The firm has warned on its Korean-language site that the incident occurred on June 24, 2025, but it only discovered it and began the investigation on November 18, 2025. "On November 18, 2025, Coupang became aware of unauthorized access to personal information related to the accounts of approximately 4,500 customers," reads the public statement."
        https://www.bleepingcomputer.com/news/security/retail-giant-coupang-suffers-data-breach-impacting-337-million-people/
        https://hackread.com/coupang-data-breach-south-korean-accounts/
        https://www.infosecurity-magazine.com/news/south-korea-coupang-34m-customer/
        https://www.theregister.com/2025/12/01/coupang_breach/
      • Royal Borough Of Kensington And Chelsea Reveals Data Breach
        "The Royal Borough of Kensington and Chelsea (RBKC) has told residents that their data may have been compromised in a cyber-attack on an IT service provider discovered last week. The council, London’s smallest but most densely populated, revealed the news in an update on Friday. “After discovering unusual activity first thing Monday morning, we have been taking all necessary steps to shut down and isolate systems and make them as safe as possible,” it said."
        https://www.infosecurity-magazine.com/news/royal-borough-kensington-chelsea/

      General News

      • Treating MCP Like An API Creates Security Blind Spots
        "In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how misunderstandings about MCP’s runtime behavior, governance, and identity requirements can create exposure. With MCP usage expanding across organizations, well-defined controls and a correct understanding of the protocol become necessary."
        https://www.helpnetsecurity.com/2025/12/01/michael-yaroshefsky-mcp-manager-mcp-security-gaps/
      • Offensive Cyber Power Is Spreading Fast And Changing Global Security
        "Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief from the Geneva Centre for Security Policy examines how these developments influence international stability and what steps could lower the chance of dangerous escalation."
        https://www.helpnetsecurity.com/2025/12/01/global-offensive-cyber-operations-risks/
      • The Weekend Is Prime Time For Ransomware
        "Over half of organizations that experienced a ransomware event in the past year were hit during a weekend or holiday, according to a Semperis report. Those periods often come with thin staffing, slower investigation, and fewer eyes on identity systems. Intruders know that reduced attention allows them to move deeper before alarms are raised. 60% of incidents happened after a merger, acquisition, restructuring, or similar shift inside the business. The most common trigger was an M&A effort. When identity environments are being consolidated, inconsistencies appear. Attackers look for these weak points and move quickly when they find them."
        https://www.helpnetsecurity.com/2025/12/01/semperis-ransomware-risk-trends-report/
      • When Hackers Wear Suits: Protecting Your Team From Insider Cyber Threats
        "In the ever-evolving landscape of cyber threats, a new and insidious danger is emerging, shifting focus from external attacks to internal infiltration. Hackers are now impersonating seasoned cybersecurity and IT professionals to gain privileged access within organizations. These aren't just phishing attempts; they are calculated schemes where malicious actors manipulate the hiring process to become "trusted" staff, all with the intent of breaching company databases or stealing sensitive information."
        https://www.bleepingcomputer.com/news/security/when-hackers-wear-suits-protecting-your-team-from-insider-cyber-threats/
      • Europol And Partners Shut Down ‘Cryptomixer’
        "From 24 to 28 November 2025, Europol supported an action week conducted by law enforcement authorities from Switzerland and Germany in Zurich, Switzerland. The operation focused on taking down the illegal cryptocurrency mixing service ‘Cryptomixer’, which is suspected of facilitating cybercrime and money laundering."
        https://www.europol.europa.eu/media-press/newsroom/news/europol-and-partners-shut-down-cryptomixer
        https://www.eurojust.europa.eu/news/cryptocurrency-mixing-service-used-launder-money-taken-down
        https://therecord.media/cryptomixer-service-takedown-bitcoin-seized
        https://www.bleepingcomputer.com/news/security/police-takes-down-cryptomixer-cryptocurrency-mixing-service/
        https://www.darkreading.com/cyberattacks-data-breaches/police-disrupt-cryptomixer-seize-millions-crypto
        https://cyberscoop.com/cryptomixer-takedown-seizure-europol/
        https://www.infosecurity-magazine.com/news/europol-takes-down-illegal/
        https://hackread.com/cryptomixer-domains-infrastructure-bitcoin-seized/
        https://www.securityweek.com/29-million-worth-of-bitcoin-seized-in-cryptomixer-takedown/
        https://securityaffairs.com/185217/cyber-crime/law-enforcement-shuts-down-cryptomixer-in-major-crypto-crime-takedown.html
        https://www.helpnetsecurity.com/2025/12/01/cryptomixer-takedown-seizure/
      • Officials Accuse North Korea’s Lazarus Of $30 Million Theft From Crypto Exchange
        "A recent cyberattack on South Korea’s largest cryptocurrency exchange was allegedly conducted by a North Korean government-backed hacking group. Yonhap News Agency reported on Friday that South Korean government officials are involved in the investigation surrounding $30 million worth of cryptocurrency that was stolen from Upbit on Wednesday evening. On Friday, South Korean officials told the news outlet that North Korea’s Lazarus hacking group was likely involved in the theft based on the tactics used to break into the cryptocurrency platform and the methods deployed to launder the stolen funds."
        https://therecord.media/officials-accuse-north-korea-hackers-of-attack-on-crypto-exchange

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 1e80bf92-ee7b-46df-bd69-6e6d3b531813-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post