NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 December 2025

    Cyber Security News
    1
    1
    46
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • The Messy Data Trails Of Telehealth Are Becoming a Security Nightmare
        "In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems and vendors multiply. He also outlines how regulations and new technologies are driving a more adaptive approach to protecting patient information."
        https://www.helpnetsecurity.com/2025/12/16/scott-bachand-ro-telehealth-security/

      Vulnerabilities

      • JUMPSHOT: XM Cyber Uncovers Critical Local Privilege Escalation (CVE-2025-34352) In JumpCloud Agent
        "XM Cyber Researcher Hillel Pinto uncovered CVE-2025-34352, a critical vulnerability in the JumpCloud Remote Assist for Windows agent (versions prior to 0.317.0). The flaw allows any low-privileged local user to exploit insecure file operations—arbitrary file write/delete—performed by the agent running as NT AUTHORITY\SYSTEM within the user’s temporary directory. This vulnerability is immediately exploitable to achieve Local Privilege Escalation (LPE) or cause a Denial of Service (DoS). Users must update immediately to version 0.317.0 or later to patch the issue."
        https://xmcyber.com/blog/jumpshot-xm-cyber-uncovers-critical-local-privilege-escalation-cve-2025-34352-in-jumpcloud-agent/
        https://www.securityweek.com/jumpcloud-remote-assist-vulnerability-can-expose-systems-to-takeover/
        https://www.infosecurity-magazine.com/news/jumpcloud-windows-agent-flaw/
        https://hackread.com/jumpcloud-remote-assist-flaw-full-devices-control/
      • God Mode On: Researchers Run Doom On a Vehicle’s Head Unit After Remotely Attacking Its Modem
        "Imagine you are a driver speeding down the highway in your brand-new electric car. All of a sudden, the entire massive multimedia display is filled with Doom, the iconic 3D shooter game, replacing the navigation map or the controls menu, and you realize someone is playing it right now by remotely controlling the character. This is not a dream or an overactive imagination, but a realistic scenario in today’s world, as vividly demonstrated by Kaspersky ICS CERT experts."
        https://ics-cert.kaspersky.com/publications/reports/2025/11/20/god-mode-on-researchers-run-doom-on-a-vehicles-head-unit-after-remotely-attacking-its-modem/

      Malware

      • Arctic Wolf Observes Malicious SSO Logins On FortiGate Devices Following Disclosure Of CVE-2025-59718 And CVE-2025-59719
        "On December 12, 2025, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Fortinet had previously released an advisory for two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) on December 9, 2025. Arctic Wolf had also sent out a security bulletin for the vulnerabilities shortly thereafter. These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected Devices. Several product lines were reported to be affected, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager."
        https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/
        https://www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/
        https://thehackernews.com/2025/12/fortinet-fortigate-under-active-attack.html
        https://www.securityweek.com/in-the-wild-exploitation-of-fresh-fortinet-flaws-begins/
        https://securityaffairs.com/185748/security/hackers-are-exploiting-critical-fortinet-flaws-days-after-patch-release.html
      • Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users
        "Every extension has a logo. A tiny image sitting in your toolbar, a visual shorthand for trust. You glance at it, you recognize it, you move on. You probably never think about what's actually inside that file. The authors of GhostPoster are counting on that. Our risk engine, Wings, flagged anomalous behavior in a Firefox extension called Free VPN Forever. The extension was reading its own logo file, standard behavior, but then doing something unusual with the raw bytes. When we dug into the code, we found a hidden extraction routine. The extension wasn't just displaying the logo. It was searching through the image data, looking for a marker that shouldn't be there."
        https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users
        https://www.bleepingcomputer.com/news/security/ghostposter-attacks-hide-malicious-javascript-in-firefox-addon-logos/
      • Meet Cellik - A New Android RAT With Play Store Integration
        "Cellik is a newly identified Android RAT that offers full device control and real-time surveillance, with Play Store integration that lets attackers bundle it into legitimate apps. Discovered via cybercrime networks, Cellik comes packed with capabilities previously seen only in advanced spyware: real-time screen streaming, keylogging, remote camera/microphone access, hidden web browsing, notification interception, and even an app-injection system for stealing data from other apps. Uniquely, Cellik integrates with Google Play Store apps and includes a one-click APK builder, allowing attackers to wrap its payload inside legitimate apps for stealthy, widespread deployment."
        https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
        https://www.bleepingcomputer.com/news/security/cellik-android-malware-builds-malicious-versions-from-google-play-apps/
      • Ink Dragon Expands With New Tools And a Growing Victim Network
        "Ink Dragon is a long running espionage group that several security vendors allege to be a China-linked threat actor, based on behavioral and infrastructure indicators. Its activity has grown from operations in Southeast Asia and South America to a rising number of intrusions in European government networks. Check Point Research has tracked this expansion through a series of quiet but disciplined campaigns, many of which initially appeared unremarkable until deeper investigation exposed a consistent pattern of stealthy escalation."
        https://blog.checkpoint.com/research/ink-dragon-expands-with-new-tools-and-a-growing-victim-network/
        https://www.theregister.com/2025/12/16/chinas_ink_dragon_hides_out/
      • BlindEagle Targets Colombian Government Agency With Caminho And DCRAT
        "In early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using a phishing email sent from what appears to be a compromised account within the same organization. In this blog post, ThreatLabz explores the attack chain and analyzes the techniques employed, including the use of a fake web portal, nested JavaScript and PowerShell scripts, steganography to conceal malicious payloads, Caminho as a downloader, and DCRAT as the final payload."
        https://www.zscaler.com/blogs/security-research/blindeagle-targets-colombian-government-agency-caminho-and-dcrat
      • GuardDuty Extended Threat Detection Uncovers Cryptomining Campaign On Amazon EC2 And Amazon ECS
        "Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals across these data sources to raise a critical severity attack sequence finding. Using the massive, advanced threat intelligence capability and existing detection mechanisms of Amazon Web Services (AWS), GuardDuty proactively identified this ongoing campaign and quickly alerted customers to the threat. AWS is sharing relevant findings and mitigation guidance to help customers take appropriate action on this ongoing campaign."
        https://aws.amazon.com/blogs/security/cryptomining-campaign-targeting-amazon-ec2-and-amazon-ecs/
        https://thehackernews.com/2025/12/compromised-iam-credentials-power-large.html
      • Malicious NuGet Package Typosquats Popular .NET Tracing Library To Steal Wallet Passwords
        "The Socket Threat Research Team uncovered a malicious NuGet package, Tracer.Fody.NLog, that typosquats and impersonates the legitimate Tracer.Fody library and its maintainer. It presents itself as a standard .NET tracing integration but in reality functions as a cryptocurrency wallet stealer. Inside the malicious package, the embedded Tracer.Fody.dll scans the default Stratis wallet directory, reads *.wallet.json files, extracts wallet data, and exfiltrates it together with the wallet password to threat actor-controlled infrastructure in Russia at 176[.]113[.]82[.]163."
        https://socket.dev/blog/malicious-nuget-package-typosquats-popular-net-tracing-library
        https://thehackernews.com/2025/12/rogue-nuget-package-poses-as-tracerfody.html
      • React2Shell Vulnerability Actively Exploited To Deploy Linux Backdoors
        "The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of threat intel research at Palo Alto Networks Unit 42, said in a statement."
        https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html
        https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/
        https://jp.security.ntt/insights_resources/tech_blog/react2shell_malware_zndoor/

      Breaches/Hacks/Leaks

      • Cyberattack Disrupts Venezuelan Oil Giant PDVSA's Operations
        "Petróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, was hit by a cyberattack over the weekend that disrupted its export operations. In a Monday statement, PDVSA denied that the Saturday morning incident affected its operations in any way, adding that the breach was limited to some administrative systems. "Thanks to the expertise of PDVSA's human talent, the operational areas were not affected in any way, with the attack being limited to its administrative system," the company said."
        https://www.bleepingcomputer.com/news/security/cyberattack-disrupts-venezuelan-oil-giant-pdvsas-operations/
        https://therecord.media/venezuela-state-oil-company-blames-cyberattack-on-us
        https://www.darkreading.com/cyber-risk/venezuela-oil-company-downplays-alleged-us-cyberattack
        https://securityaffairs.com/185755/security/a-cyber-attack-hit-petroleos-de-venezuela-pdvsa-disrupting-export-operations.html

      General News

      • AI Might Be The Answer For Better Phishing Resilience
        "Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked at whether LLMs can produce training that helps people spot suspicious emails with better accuracy. The research team ran two controlled studies with a total of 480 participants. Both studies used content generated by an LLM to deliver phishing awareness lessons."
        https://www.helpnetsecurity.com/2025/12/16/ai-generated-phishing-training-study/
        https://arxiv.org/pdf/2512.01893
      • Passwordless Is Finally Happening, And Users Barely Notice
        "Security teams know the strain that comes from tightening authentication controls while keeping users productive. A new report from Okta suggests this strain is easing. Stronger authentication methods are gaining traction, and many of them let users move through sign in flows with less effort than before. The report indicates that the long held belief that better security slows people down is becoming less relevant as these methods improve both protection and usability."
        https://www.helpnetsecurity.com/2025/12/16/okta-mfa-security-shift-report/
      • Fraudulent Call Centres In Ukraine Rolled Up
        "Authorities from the Czech Republic, Latvia, Lithuania and Ukraine with the support of Eurojust took action against a criminal network operating call centres in Dnipro, Ivano-Frankivsk and Kyiv, Ukraine that scammed victims across Europe. The criminal group established a professional organisation with employees who received a percentage of the proceeds for each completed scam. The estimated damage to more than 400 known victims is over EUR 10 million. The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and details, or pretending that their victims’ bank accounts had been hacked."
        https://www.eurojust.europa.eu/news/fraudulent-call-centres-ukraine-rolled
        https://www.bleepingcomputer.com/news/security/european-authorities-dismantle-call-center-fraud-ring-in-ukraine/
        https://www.helpnetsecurity.com/2025/12/16/ukraine-scam-call-centers/
      • Common Holiday Phishing Threats And How To Recognize Them
        "The holiday season brings a flurry of online shopping, travel plans, and end-of-year workplace activity. With that, it also brings a surge of phishing scams that try to take advantage of all that hustle and distraction. With inboxes filling up faster than gift lists, it becomes easier for a convincing message to slip through. The United States FBI notes that holiday scams often involve criminals posing as trusted companies or contacts in order to steal personal information, credentials, or money. This includes emails or messages that encourage victims to click links, provide sensitive data, or download malware."
        https://cofense.com/blog/common-holiday-phishing-threats-and-how-to-recognize-them
      • Enterprises Gear Up For 2026’s IT Transformation
        "An IT infrastructure refresh is set for 2026, and while strategies will mainly focus on artificial intelligence (AI), the cloud will also play a pivotal role. First there was COVID, which forced enterprises to adopt more hybrid approaches to the workday. More recently, the industry experienced a shift that put AI front and center. Both of those factors – which ignited the need for better data, access, and security controls - will influence how organizations think about their infrastructure for the coming year."
        https://www.darkreading.com/cybersecurity-operations/enterprises-gear-up-for-2026-s-it-transformation
      • Link11 Identifies Five Cybersecurity Trends Set To Shape European Defense Strategies In 2026
        "Link11, a European provider of web infrastructure security solutions, has released new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respond to threats in 2026. The findings are based on analysis of current threat activity, industry research, and insights from the Link11 European Cyber Report, alongside broader market indicators such as PwC’s Global Digital Trust Insights 2026."
        https://hackread.com/link11-identifies-five-cybersecurity-trends-set-to-shape-european-defense-strategies-in-2026/
      • Android Mobile Adware Surges In Second Half Of 2025
        "Android users spent 2025 walking a tighter rope than ever, with malware, data‑stealing apps, and SMS‑borne scams all climbing sharply while attackers refined their business models around mobile data and access. Looking back, we may view 2025 as the year when one-off scams were replaced on the score charts by coordinated, well-structured, attack frameworks. Comparing two equal six‑month periods—December 2024 through May 2025 versus June through November 2025—our data shows Android adware detections nearly doubled (90% increase), while PUP detections increased by roughly two‑thirds and malware detections by about 20%."
        https://www.malwarebytes.com/blog/mobile/2025/12/android-threats-in-2025-when-your-phone-becomes-the-main-attack-surface
      • Where Cloud Security Stands Today And Where AI Breaks It
        "Every year, the cloud is becoming more distributed, automated and tightly wired into the business. Every day, adversaries compress the timeline between compromise and data exfiltration. What once took them 44 days now takes minutes. For the fifth year in a row, Palo Alto Networks State of Cloud Security Report 2025 captures the changes both big and small that security leaders are navigating in the market today. Our report reveals that the rapid adoption of enterprise AI is fueling an unprecedented surge in cloud security risks, driving a massive expansion of the attack surface. We found that 99% of organizations experienced at least one attack on their AI systems within the past year, and the acceleration of GenAI-assisted coding is outstripping security teams' capacity to keep pace. What’s missing isn't just visibility, it’s alignment."
        https://www.paloaltonetworks.com/blog/2025/12/cloud-security-2025-report-insights/
      • From Open Source To OpenAI: The Evolution Of Third-Party Risk
        "The Silicon Valley mantra to “move fast and break things” prioritizes growth over anything else. Unfortunately, this velocity extends to efficiently introducing vulnerabilities into the software supply chain. From open source software libraries to AI-enabled coding assistants, these tools enable rapid innovations, but they are also enabling attack vectors that threat actors are looking to exploit. Third-party risks have always been an issue, but they have not always been top of mind. For the past decade, ransomware dominated the headlines and mindshare of cybersecurity leaders."
        https://www.securityweek.com/from-open-source-to-openai-the-evolution-of-third-party-risk/
      • CISO Communities – Cybersecurity’s Secret Weapon
        "The only defense better than the expertise of one CISO is the combined expertise of many CISOs. In recent years, closed CISO communities have increased in number and grown in size. They act as an information exchange, advice center, pressure valve, and safe haven from the critical oversight. The need is obvious. CISOs occupy a unique position in business. Despite greater integration with business operations, they remain the only business leaders trying to counter active and adaptive threats; and yet they remain a role that is little understood by the rest of the business. The only other leaders capable of discussing their needs, grouses, pressures and adversaries are other CISOs (although 1001 product vendors claim they understand and offer expensive solutions)."
        https://www.securityweek.com/ciso-communities-cybersecuritys-secret-weapon/
      • CAL, MITRE v18 & MITRE ATLAS: The Map I Wish I Had In The SOC
        "I remember a Thursday night at a previous SOC position in FinTech. The alert queue spiked during a credential stuffing incident, and our team had to scramble to keep up with the influx of alerts. We had a SIEM, a SOAR, and a handful of open-source IOCs we continuously retrieved via Google and other search engines. Each analyst grabbed a ticket and went hunting alone, starting their own process from scratch. We could isolate hosts, block domains, and re-image servers, but it was difficult to see the whole picture as we sorted through mountains of data and noise. Speed was the metric that mattered. I knew we were missing critical patterns, but I couldn’t see them or communicate what I thought we might be missing. We were moving fast, but we were still relatively blind."
        https://threatconnect.com/blog/cal-mitre-v18-mitre-atlas-the-map-i-wish-i-had-in-the-soc/
      • Cyber Risk Management: Defenders Tell It Like It Is
        "Every year, members of the Trend team pack their bags, blow up their neck pillows, and jet off to share cybersecurity insights with customers and industry leaders across the globe as part of our Trend World Tour. In 2024, we decided to make the event more of a two-way conversation by surveying cybersecurity professionals on the challenges they face and what matters to them. The result was our first-ever Trend Micro Defenders Survey Report, a data-driven account of frontline perspectives on key issues and emerging opportunities for cybersecurity professionals. It was so well received, we repeated the exercise in 2025, tripling the scope with more than 3,000 responses from 88 countries."
        https://www.trendmicro.com/en_us/research/25/l/trend-micros-2025-defenders-survey-report.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 2727c63b-25cf-4afb-a855-d1a90115439c-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post