NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 31 December 2025

    Cyber Security News
    1
    1
    161
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • CSA Issues Alert On Critical SmarterMail Bug Allowing Remote Code Execution
        "The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any authentication. "Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution," CSA said."
        https://thehackernews.com/2025/12/csa-issues-alert-on-critical.html
        https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-14847 MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/12/29/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-patch-mongobleed-flaw-actively-exploited-in-attacks/
        https://securityaffairs.com/186297/hacking/u-s-cisa-adds-a-flaw-in-mongodb-server-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • Spearphishing Campaign Abuses Npm Registry To Target U.S. And Allied Manufacturing And Healthcare Organizations
        "The Socket Threat Research Team uncovered a sustained and targeted phishing (spearphishing) operation that has abused the npm registry as a hosting and distribution layer for at least five months. We identified 27 malicious npm packages published under six different npm aliases, all designed to deliver browser-executed phishing components that impersonate secure document-sharing workflows and Microsoft sign-in pages. The campaign is highly-targeted, focusing on sales and commercial personnel at critical infrastructure-adjacent organizations in the United States and allied nations. Across this cluster, we identified 25 distinct targeted individuals in manufacturing, industrial automation, plastics, and healthcare sectors, consistent with victim-specific preparation rather than broad, opportunistic distribution."
        https://socket.dev/blog/spearphishing-campaign-abuses-npm-registry
        https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html
      • The Industrialization Of “ClickFix”: Inside ErrTraffic
        "The landscape of cybercrime is undergoing a profound structural shift. We are witnessing the transition from bespoke, high-skill intrusion methods to commoditized, service-based social engineering. At the center of this transformation is the rapid proliferation of “ClickFix” tools – deceptive overlays that trick users into manually executing malicious scripts. Hudson Rock researchers have identified and analyzed a new, highly sophisticated ClickFix service currently being promoted on top-tier Russian-language cybercrime forums. Dubbed “ErrTraffic” (or ErrTraffic v2), this comprehensive software suite industrializes the deployment of ClickFix lures."
        https://www.infostealers.com/article/the-industrialization-of-clickfix-inside-errtraffic/
        https://www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/
      • DarkSpectre: Unmasking The Threat Actor Behind 8.8 Million Infected Browsers
        "Over the past year, we've encountered hundreds, if not thousands, of malicious items across numerous marketplaces. But this is the first time we've found a well-funded criminal organization responsible for several of the largest and most sophisticated campaigns we’ve ever uncovered. We're calling them DarkSpectre - a Chinese threat actor behind at least three major malware campaigns infecting over 8.8 million users in over 7 years of operation. And today, we are telling their story, along with uncovering another DarkSpectre campaign affecting 2.2M users, and a new Opera browser extension with nearly 1 million installs tied to GhostPoster.."
        https://www.koi.ai/blog/darkspectre-unmasking-the-threat-actor-behind-7-8-million-infected-browsers
        https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/
      • Silver Fox Targeting India Using Tax Themed Phishing Lures
        "CloudSEK's TRIAD reveals a critical campaign by the Chinese "Silver Fox" APT targeting Indian entities with authentic-looking Income Tax phishing lures. While previously misattributed to SideWinder, this sophisticated attack leverages a complex kill chain involving DLL hijacking and the modular Valley RAT to ensure persistence. Discover the full technical breakdown and why accurate attribution is essential for effective defense."
        https://www.cloudsek.com/blog/silver-fox-targeting-india-using-tax-themed-phishing-lures
        https://thehackernews.com/2025/12/silver-fox-targets-indian-users-with.html

      Breaches/Hacks/Leaks

      • European Space Agency Confirms Breach Of "external Servers"
        "The European Space Agency (ESA) confirmed that attackers recently breached servers outside its corporate network, which contained what it described as "unclassified" information on collaborative engineering activities. Founded 50 years ago and headquartered in Paris, ESA is an intergovernmental organization that coordinates the space activities of 23 member states. ESA has around 3000 staff and had a budget of €7.68 billion ($9 billion) in 2025. Today, the space agency issued a statement confirming a breach, following claims by a threat actor on the BreachForums hacking forum that they had breached some of ESA's servers."
        https://www.bleepingcomputer.com/news/security/european-space-agency-confirms-breach-of-external-servers/

      General News

      • Executives Say Cybersecurity Has Outgrown The IT Department
        "Cybersecurity has moved from a technical problem to a boardroom concern tied to survival. A global Rimini Street study of senior executives shows security risk shaping decisions on technology, talent, and long term planning across industries that keep economies running. Security threats rank as the most pressing external risk facing organizations. 54% of respondents list cybersecurity threats as their top concern, ahead of supply chain disruption, regulatory shifts, and economic downturns. This view holds steady across regions and industries, indicating that security exposure is treated as a shared business condition."
        https://www.helpnetsecurity.com/2025/12/30/rimini-street-security-leadership-strategy-report/
      • Non-Human Identities Push Identity Security Into Uncharted Territory
        "Enterprises are grappling with an identity attack surface that keeps expanding and slipping out of reach, according to Veza. Permissions now grow faster than teams can track them. Enterprises often operate with hundreds of millions of active entitlements, each defining what an identity can do in a system. Veza measured more than 230 billion permissions across its dataset."
        https://www.helpnetsecurity.com/2025/12/30/identity-security-permissions-sprawl/
      • Two Americans Plead Guilty To Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
        "Yesterday a federal district court in the Southern District of Florida accepted the guilty pleas of two men to conspiring to obstruct, delay or affect commerce through extortion in connection with ransomware attacks occurring in 2023. “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Extortion via the internet victimizes innocent citizens every bit as much as taking money directly out of their pockets. The Department of Justice is committed to using all tools available to identify and arrest perpetrators of ransomware attacks wherever we have jurisdiction.”"
        https://www.justice.gov/opa/pr/two-americans-plead-guilty-targeting-multiple-us-victims-using-alphv-blackcat-ransomware
        https://therecord.media/ransomware-responders-guilty-plea-using-alphv-blackcat-us-attacks
        https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-plead-guilty-to-blackcat-alphv-ransomware-attacks/
        https://www.bankinfosecurity.com/2-cyber-pros-admit-to-being-blackcat-ransomware-affiliates-a-30415
      • Fraudsters Stick To What Works Even In The Age Of AI
        "Fraudsters stick to the basics, because the basics work. Synthetic identities, fake accounts and tried-and-tested account takeovers still work, even in an age of artificial intelligence-related threats. Deepfakes and other AI threats may dominate the discourse, but scammers are happy to keep on stealing the old-fashioned way."
        https://www.bankinfosecurity.com/blogs/fraudsters-stick-to-what-works-even-in-age-ai-p-4013
      • Going Off Message: CISA Warns Of Sophisticated Spyware Attacks
        "Encrypted mobile messaging tools enable secure data sharing for government agencies and private enterprises. Instead of attempting to break through these digital defenses, however, attackers have found a way around: Targeted social engineering paired with commercial spyware. According to a recent alert from the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals are using malicious QR codes, zero-click exploits and application impersonation to access secure messaging platforms and steal protected data."
        https://blog.barracuda.com/2025/12/30/going-off-message--cisa-warns-of-sophisticated-spyware-attacks
      • Zoom Logs Are a Goldmine (if You Know Where To Look)
        "In February 2024, a finance employee wired $25 million after a video call with what appeared to be their CFO. It was a deepfake. That same year, organized groups disrupted dozens of California city council meetings, forcing several cities to reconsider how they run public sessions on Zoom. These incidents point to a blind spot in many security programs: the meeting itself is an attack surface. Zoom is where social engineering happens in real time. Meeting links behave like long-lived access tokens. External participants interact directly with your employees, often outside the controls you rely on elsewhere. And critically, Zoom records all of this activity – in a structured way – if you’re actually collecting it."
        https://beacon.security/resources/zoom-logs-are-a-goldmine

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 6da4ee6d-d6e1-4608-bc53-09dd76ff6e44-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post