NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 January 2026

    Cyber Security News
    1
    1
    46
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Patch Now: Active Exploitation Underway For Critical HPE OneView Vulnerability
        "Check Point Research has identified an active, coordinated exploitation campaign targeting CVE-2025-37164, a critical remote code execution vulnerability affecting HPE OneView. The activity, observed directly in Check Point telemetry, is attributed to the RondoDox botnet and represents a sharp escalation from early probing attempts to large-scale, automated attacks. Check Point has already blocked tens of thousands of exploitation attempts, underscoring both the severity of the vulnerability and the urgency for organizations to act. On January 7, 2026 Check Point Research reported the campaign to CISA, and the vulnerability was added to the Known Exploited Vulnerabilities KEV catalog the same day."
        https://blog.checkpoint.com/research/patch-now-active-exploitation-underway-for-critical-hpe-oneview-vulnerability/
        https://www.theregister.com/2026/01/16/rondodox_botnet_hpe_oneview/
        https://www.infosecurity-magazine.com/news/rondodox-botnet-targets-hpe/
      • Hackers Now Exploiting Critical Fortinet FortiSIEM Flaw In Attacks
        "A critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code is now being abused in attacks. According to security researcher Zach Hanley at penetration testing company Horizon3.ai, who reported the vulnerability (CVE-2025-64155), it is a combination of two issues that allow arbitrary writes with admin permissions and privilege escalation to root access. "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests," Fortinet explained on Tuesday, when it released security updates to patch the flaw."
        https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-fortinet-fortisiem-vulnerability-in-attacks/
        https://www.darkreading.com/vulnerabilities-threats/fortinet-critical-fortisiem-flaw-exploited

      Malware

      • UNO Reverse Card: Stealing Cookies From Cookie Stealers
        "Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be highly exploitable. StealC is an infostealer malware that has been circulating since early 2023, sold under a Malware-as-a-Service (MaaS) model and marketed to threat actors seeking to steal cookies, passwords, and other sensitive data from infected computers. Like many MaaS offerings, it comes with a polished web panel, campaign tracking, and just enough operational security to appear professional."
        https://www.cyberark.com/resources/threat-research-blog/uno-reverse-card-stealing-cookies-from-cookie-stealers
        https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/
      • TamperedChef Serves Bad Ads, With Infostealers As The Main Course
        "In September 2025, Sophos Managed Detection and Response (MDR) teams identified a malvertising campaign distributing an infostealer dubbed TamperedChef – believed to be part of a wider campaign known as EvilAI. Previous coverage of this campaign suggests it began on June 26, 2025, with many of the associated websites being registered or first identified on that date. The sites were promoting a trojanized PDF editing application called AppSuite PDF Editor via Google Ads. This application appeared legitimate to users, but silently deployed an infostealer upon installation, targeting Windows devices."
        https://www.sophos.com/pt-br/blog/tamperedchef-serves-bad-ads-with-infostealers-as-the-main-course
        https://www.infosecurity-magazine.com/news/tamperedchef-malvertising-fake-pdf/
      • 5 Malicious Chrome Extensions Enable Session Hijacking In Enterprise HR And ERP Systems
        "Socket's Threat Research Team identified five malicious Chrome extensions targeting enterprise HR and ERP platforms including Workday, NetSuite, and SuccessFactors. The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking. Four extensions are published under the name databycloud1104, while the fifth operates under different branding softwareaccess but shares identical infrastructure patterns. Combined, these extensions have reached over 2,300 users."
        https://socket.dev/blog/5-malicious-chrome-extensions-enable-session-hijacking
        https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html
        https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/
      • Anatomy Of An Attack: The Payroll Pirates And The Power Of Social Engineering
        "No employee wants their paycheck to go missing. One organization learned about an incident when they started hearing exactly this complaint. It turned out that an attacker had modified direct-deposit details in order to redirect an organization’s paychecks into attacker-controlled accounts. What happened to this organization started with nothing more than a phone call."
        https://unit42.paloaltonetworks.com/social-engineering-payroll-pirates/
      • Hunting Lazarus: Inside The Contagious Interview C2 Infrastructure
        "When you vet enough freelancer code repositories, you develop instincts. A .vscode/tasks.json with runOn: folderOpen. A getCookie() function that fetches from a Vercel domain. An errorHandler.js with Function.constructor. These patterns don't belong in legitimate projects. In early January 2026, during routine vetting of a cryptocurrency project sourced via Upwork, Red Asgard's threat research team discovered all three. The contractor—using a fake identity—had embedded malware in a legitimate-looking code repository. What followed was a five-day investigation into active Lazarus Group infrastructure. This article documents what we found."
        https://redasgard.com/blog/hunting-lazarus-contagious-interview-c2-infrastructure

      Breaches/Hacks/Leaks

      • 750,000 Impacted By Data Breach At Canadian Investment Watchdog
        "The Canadian Investment Regulatory Organization (CIRO) this week revealed that hackers compromised the personal information of 750,000 individuals in an August 2025 cyberattack. The data breach, CIRO says, was the result of a sophisticated phishing attack, and resulted in some systems being shut down. The incident did not impact the organization’s critical functions. “We are confident that the incident is contained and that there is no active threat in ClRO’s environment,” the organization says."
        https://www.securityweek.com/750000-impacted-by-data-breach-at-canadian-investment-watchdog/
        https://therecord.media/canada-ciro-investing-regulator-confirms-data-breach
        https://www.bleepingcomputer.com/news/security/ciro-data-breach-last-year-exposed-info-on-750-000-canadian-investors/
        https://securityaffairs.com/186993/data-breach/data-breach-at-canadas-investment-watchdog-canadian-investment-regulatory-organization-impacts-750000-people.html

      General News

      • December 2025 APT Attack Trend Report (South Korea)
        "AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each attack type."
        https://asec.ahnlab.com/en/92137/
      • December 2025 Threat Trend Report On Ransomware
        "This report provides the number of affected systems confirmed during December 2025, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information. The statistics on the number of ransomware samples and affected systems are based on the diagnostic names assigned by AhnLab. Please note that the statistics on affected companies are based on the information publicly available on the DLS (Dedicated Leak Sites, equivalent to what is referred to as ransomware PR sites or PR pages) of the ransomware groups and were collected by the ATIP infrastructure."
        https://asec.ahnlab.com/en/92139/
      • December 2025 Infostealer Trend Report
        "This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of December 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report."
        https://asec.ahnlab.com/en/92142/
      • CISOs Rise To Prominence: Security Leaders Join The Executive Suite
        "Businesses are increasingly giving top cybersecurity leaders the title of chief information security officer (CISO) and treating them as high-ranking executives — a reflection of how digitally dependent the world has become. CISOs agree the trend reflects how pivotal cybersecurity now is to an enterprise, but additional benefits are not totally clear. Implementing effective cybersecurity strategies in the wake of rising attacks and data breaches is paramount to an organization's infrastructure. Then there's the compliance angle, where new laws, regulations, and standards are emerging too fast for businesses to maintain."
        https://www.darkreading.com/cybersecurity-operations/cisos-rise-to-prominence-security-leaders-join-the-executive-suite
      • As AI Raises The Stakes, App Modernization And Security Are Becoming Inseparable
        "Security leaders are under pressure to support AI programs that move from pilots into production. New Cloudflare research suggests that success depends less on experimentation and more on disciplined application modernization tied closely to security strategy. The survey examines how application architecture, decision structures, and security alignment affect AI readiness at scale."
        https://www.helpnetsecurity.com/2026/01/16/cloudflare-ai-application-modernization-report/
      • New Intelligence Is Moving Faster Than Enterprise Controls
        "AI is being integrated into core enterprise systems faster than many organizations can secure and govern it. A new global study from NTT shows companies expanding AI deployment while gaps in infrastructure readiness, data integrity controls, and governance frameworks continue to limit safe operation at scale."
        https://www.helpnetsecurity.com/2026/01/16/ntt-data-enterprise-ai-governance/
      • Who’s On The Other End? Rented Accounts Are Stress-Testing Trust In Gig Platforms
        "Fraud has become a routine part of gig work for many earners, and the ways workers respond are creating new security problems for platforms. A recent TransUnion study of U.S. gig workers shows broad exposure to fraud, inconsistent reporting, and growing participation in prohibited practices such as account renting and selling."
        https://www.helpnetsecurity.com/2026/01/16/transunion-gig-worker-fraud-risks/
      • Account Compromise Surged 389% In 2025, Says eSentire
        "Cyber threat actors went all in on credential theft in 2025, with eSentire reporting a 389% year-over-year rise in account compromise, making up 55% of all attacks observed by the cybersecurity firm. The firm’s 2025 Year in Review & 2026 Threat Landscape Outlook Report, published on January 15, 2026, showed that credential access represented 75% of the malicious activity observed in the wild by its Threat Response Unit (TRU) over the reported period. Two-thirds of it was aimed at conducting account takeovers and another third to deliver phishing campaigns. Microsoft 365 accounts were prime targets, noted eSentire"
        https://www.infosecurity-magazine.com/news/account-compromise-surged-2025/
        https://www.esentire.com/resources/library/esentire-2026-annual-cyber-threat-report
      • Cyber Insights 2026: Social Engineering
        "The most successful breaches in 2026 are likely to exploit trust, not vulnerabilities. All courtesy of artificial intelligence (AI). We’re going to explore how AI-assisted social engineering attacks might evolve from 2026 onward, and how cybersecurity could, and perhaps should, adapt to meet the new challenge. The threat is no longer against individuals, nor even businesses, but entire cultures."
        https://www.securityweek.com/cyber-insights-2026-social-engineering/
      • Qilin Ransomware Surges Into 2026
        "It is not unusual for high-profile groups to go dark after causing a large disruption to public resources, whether it’s healthcare, fuel or some other critical resource. Qilin also grew quickly. Affiliates leaving the RansomHub and LockBit ransomware‑as‑a‑service (RaaS) operations brought experience and momentum that strengthened the group. That was a nice boost for Qilin, but these weren’t loyal affiliates. They had already proven they would leave a RaaS operation at any hint of instability. So in July 2025, there were doubts as to whether Qilin would remain a relevant threat through the rest of the year. But wow, that group is thriving."
        https://blog.barracuda.com/2026/01/15/qilin-ransomware-surges-into-2026
      • Police Raid Homes Of Alleged Black Basta Hackers, Hunt Suspected Russian Ringleader
        "Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware group Black Basta and have placed the group’s alleged leader, a Russian national, on an international wanted list, officials said on Thursday. Black Basta has been active since at least early 2022 and is believed to be responsible for extorting hundreds of companies, hospitals and public institutions worldwide — including Swiss industrial giant ABB and U.S. healthcare provider Ascension — causing hundreds of millions of dollars in estimated damages."
        https://therecord.media/police-raid-homes-of-alleged-black-basta-hackers
        https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html
        https://securityaffairs.com/187008/cyber-crime/ukraine-germany-operation-targets-black-basta-russian-leader-wanted.html
      • Closing The Door On Net-NTLMv1: Releasing Rainbow Tables To Accelerate Protocol Deprecation
        "Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. Despite Net-NTLMv1 being deprecated and known to be insecure for over two decades—with cryptanalysis dating back to 1999—Mandiant consultants continue to identify its use in active environments. This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk."
        https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables
      • Your 100 Billion Parameter Behemoth Is a Liability
        "The "bigger is better" era of AI is hitting a wall. We are in an LLM bubble, characterized by ruinous inference costs and diminishing returns. The future belongs to Agentic AI powered by specialized Small Language Models (SLMs). Think of it as a shift from hiring a single expensive genius to running a highly efficient digital factory. It’s cheaper, faster, and frankly, the only way to make agents work at scale."
        https://www.trendmicro.com/en_us/research/26/a/your-100-billion-parameter-behemoth-is-a-liability.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) e39e5e14-ca50-48a8-8662-4fca19d434f3-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post