NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 01 January 2026

    Cyber Security News
    1
    1
    149
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Duplicati: Free, Open-Source Backup Client
        "Duplicati is an open source backup client that creates encrypted, incremental, compressed backup sets and sends them to cloud storage services or remote file servers. Duplicati operates as a client side application designed to back up files and folders from endpoints and servers. It runs locally, collects selected data, packages it into backup volumes, and transfers those volumes to a configured destination. Restore operations support individual files, folders, and point in time recovery based on stored versions."
        https://www.helpnetsecurity.com/2025/12/31/duplicati-free-open-source-backup-client/
        https://github.com/duplicati/duplicati

      Vulnerabilities

      • IBM Warns Of Critical API Connect Auth Bypass Vulnerability
        "IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application programming interface (API) gateway that enables organizations to develop, test, and manage APIs and provide controlled access to internal services for applications, business partners, and external developers. Available in on-premises, cloud, or hybrid deployments, API Connect is used by hundreds of companies in banking, healthcare, retail, and telecommunications sectors."
        https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/
        https://www.ibm.com/support/pages/node/7255149
        https://thehackernews.com/2025/12/ibm-warns-of-critical-api-connect-bug.html

      Malware

      • RondoDoX Botnet Weaponizes React2Shell
        "CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the threat actors have shifted to weaponizing a critical Next.js vulnerability, deploying malicious payloads like "React2Shell" and cryptominers. This analysis offers crucial insights into their evolving infrastructure and provides defensive recommendations to mitigate these sophisticated attacks."
        https://www.cloudsek.com/blog/rondodox-botnet-weaponizes-react2shell
        https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/

      Breaches/Hacks/Leaks

      • Hackers Drain $3.9M From Unleash Protocol After Multisig Hijack
        "The decentralized intellectual property platform Unleash Protocol has lost around $3.9 million worth of cryptocurrency after someone executed an unauthorized contract upgrade that allowed asset withdrawals. According to the team behind the blockchain project, the attacker obtained enough signing power to act as an administrator of Unleash’s multisig governance system. "Our initial investigation indicates that an externally owned address gained administrative control via Unleash’s multisig governance and carried out an unauthorized contract upgrade," the company says in a public announcement."
        https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/
      • Everest Ransomware Leaks 1TB Of Stolen ASUS Data
        "On December 2, 2025, Hackread.com exclusively reported that the Everest ransomware group claimed to have stolen 1TB of sensitive ASUS data, including information related to the company’s AI models, memory dumps, and calibration files. ASUS later confirmed the report and acknowledged the breach, attributing it to a third-party vendor. Everest has now leaked the entire dataset online. The release followed the group’s claim that ASUS failed to meet the deadline to initiate contact. Notably, the ransomware gang had given the tech giant 24 hours to respond, following its usual approach of demanding a ransom."
        https://hackread.com/everest-ransomware-asus-data-leak/
      • Trust Wallet Chrome Extension Hack Drains $8.5M Via Shai-Hulud Supply Chain Attack
        "Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub secrets were exposed in the attack, which gave the attacker access to our browser extension source code and the Chrome Web Store (CWS) API key," the company said in a post-mortem published Tuesday. "The attacker obtained full CWS API access via the leaked key, allowing builds to be uploaded directly without Trust Wallet's standard release process, which requires internal approval/manual review.""
        https://thehackernews.com/2025/12/trust-wallet-chrome-extension-hack.html
        https://www.securityweek.com/shai-hulud-supply-chain-attack-led-to-8-5-million-trust-wallet-heist/

      General News

      • What Consumers Expect From Data Security
        "Security teams spend years building controls around data protection, then a survey asks consumers a simple question about responsibility and the answer lands close to home. Most people believe they are in charge of their own data privacy, and they want systems that support that belief, according to the 2025 Data Privacy Research from the Software & Information Industry Association. The study examines how people view responsibility, cost, and acceptable data use."
        https://www.helpnetsecurity.com/2025/12/31/siia-consumer-data-security-report/
      • Security Coverage Is Falling Behind The Way Attackers Behave
        "Cybercriminals keep tweaking their procedures, trying out new techniques, and shifting tactics across campaigns. Coverage that worked yesterday may miss how those behaviors appear today. The 2025 Threat-Led Defense Report from Tidal Cyber draws on tens of thousands of observed techniques and procedures collected through its threat intelligence platform. The study tracks adversary activity across campaigns, sectors, and regions, then maps that activity to MITRE ATT&CK behaviors."
        https://www.helpnetsecurity.com/2025/12/31/cybercriminals-activity-behavior/
      • Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?
        "The Ivanti Endpoint Manager Mobile (EPMM) zero-day attacks, which began last spring and lasted well into the summer as attackers took advantage of patching lag, were one of the top cyber-stories of 2025, sending thousands of victims to the depths of the data exfiltration sea. A recent deep-dive into the wreckage of those attacks highlights the risk inherent in buggy endpoint management systems — a concern that needs to be a higher priority than it typically is, one researcher argues."
        https://www.darkreading.com/cyber-risk/sunken-ships-ivanti-epmm-attacks
      • Identity Security 2026: Four Predictions & Recommendations
        "Agentic AI adoption and identity security risks, IGA expands in mid-market, SOC-identity team collaboration, and identity platform consolidation—this 2026 predictions post previews identity trends. As an Omdia analyst looking at identity security and data security, I have the privilege of interacting with the enterprise practitioner community as well as talking to the vendor community about what they see over the horizon. Here are my predictions for what we’ll see in identity in 2026."
        https://www.darkreading.com/identity-access-management-security/identity-security-2026-predictions-and-recommendations
      • Contrarians No More: AI Skepticism Is On The Rise
        "As 2025 comes to a close, some of the artificial intelligence industry's biggest skeptics may be poised for a victory lap. In recent months, AI has taken some hits on several fronts. First and foremost, there are increasing fears about an AI bubble potentially popping as major stocks have dipped. Additionally, several studies have shown many companies have yet to achieve the return on investment they'd hoped for with their generative AI (GenAI) pilots."
        https://www.darkreading.com/cybersecurity-operations/contrarians-no-more-ai-skepticism
      • Cybersecurity Predictions 2026: An AI Arms Race And Malware Autonomy
        "The year ahead will see an intensified AI-driven cybersecurity arms race, with attackers leveraging autonomous malware and advanced AI technologies to outpace defenders, while security teams adopt increasingly sophisticated AI tools to combat evolving threats amidst growing vendor consolidation and platformization in the industry."
        https://www.darkreading.com/cyber-risk/cybersecurity-predictions-2026-an-ai-arms-race-and-malware-autonomy

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 8ca59ffd-414d-4a23-8eaf-cc45b60f3138-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post