NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 30 January 2026

    Cyber Security News
    1
    1
    252
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Ivanti Warns Of Two EPMM Flaws Exploited In Zero-Day Attacks
        "Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are code-injection vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable devices without authentication. Both vulnerabilities have a CVSS score of 9.8 and are rated as critical. "We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure," warns Ivanti."
        https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
        https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US
      • GnuPG And Gpg4win Security Advisory (T8044)
        "We are pleased to announce the availability of a new GnuPG release: version 2.5.17. This version fixes a critical security bug in versions 2.5.13 to 2.5.16. We also released a new Gpg4win version and updated Debian packages."
        https://lists.gnupg.org/pipermail/gnupg-announce/2026q1/000501.html
      • Semantic Chaining: A New Image Jailbreak Attack
        "Following the discovery of the Echo Chamber Multi-Turn Jailbreak attack, NeuralTrust researchers have identified a critical vulnerability in the safety architecture of leading multimodal models, including Grok 4, Gemini Nano Banana Pro and Seedance 4.5. This novel technique, which we have named Semantic Chaining, allows users to bypass core safety filters and generate prohibited content, both visual and text-in-image, by exploiting the models' ability to perform complex, multi-stage image modifications."
        https://neuraltrust.ai/blog/semantic-chaining
        https://www.darkreading.com/vulnerabilities-threats/semantic-chaining-jailbreak-gemini-nano-banana-grok-4
      • Silent Brothers | Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails
        "Ollama is an open-source framework that enables users to run large language models locally on their own hardware. By design, the service binds to localhost at 127.0.0.1:11434, making instances accessible only from the host machine. However, exposing Ollama to the public internet requires only a single configuration change: setting the service to bind to 0.0.0.0 or a public interface. At scale, these individual deployment decisions aggregate into a measurable public surface."
        https://www.sentinelone.com/labs/silent-brothers-ollama-hosts-form-anonymous-ai-network-beyond-platform-guardrails/
        https://thehackernews.com/2026/01/researchers-find-175000-publicly.html

      Malware

      • Android Trojan Campaign Uses Hugging Face Hosting For RAT Payload Delivery
        "Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices. What makes this campaign particularly interesting is the attackers’ use of Hugging Face to host malicious payloads, and the scale at which new samples are deployed. Hugging Face is a widely used online hosting service that provides a home to machine learning models and gives users a place to host their open-source models, datasets, and other development tools that researchers and developers usually need."
        https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
        https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
      • Aisuru Botnet Sets New Record With 31.4 Tbps DDoS Attack
        "The Aisuru/Kimwolf botnet launched a new massive distributed denial of service (DDoS) attack that peaked at 31.4 Tbps and 200 million requests per second, setting a new record. The attack was part of a campaign targeting multiple companies, most of them in the telecommunications sector, and was detected and mitigated by Cloudflare last year on December 19. Aisuru is responsible for the previous DDoS record that reached 29.7 Tbps. Another attack that Microsoft attributed to the botnet peaked at 15.72 Tbps and originated from 500,000 IP addresses."
        https://www.bleepingcomputer.com/news/security/aisuru-botnet-sets-new-record-with-314-tbps-ddos-attack/
      • Dissecting UAT-8099: New Persistence Mechanisms And Regional Focus
        "Cisco Talos observed new activity from UAT-8099 spanning from August 2025 through early 2026. Analysis of Cisco's file census and DNS traffic indicates that compromised IIS servers are located across India, Pakistan, Thailand, Vietnam, and Japan, with a distinct concentration of attacks in Thailand and Vietnam. Furthermore, this activity significantly overlaps with the WEBJACK campaign; we have identified high-confidence correlations across malware hashes, C2 infrastructure, victimology, and the promoted gambling sites."
        https://blog.talosintelligence.com/uat-8099-new-persistence-mechanisms-and-regional-focus/
      • LABYRINTH CHOLLIMA Evolves Into Three Adversaries
        "LABYRINTH CHOLLIMA has evolved into three distinct adversaries with specialized malware, objectives, and tradecraft: GOLDEN CHOLLIMA and PRESSURE CHOLLIMA now likely operate separately from the core LABYRINTH CHOLLIMA group. GOLDEN CHOLLIMA and PRESSURE CHOLLIMA target cryptocurrency entities and are distinguished by the scale and scope of their operations; core LABYRINTH CHOLLIMA operations continue to focus on espionage, targeting industrial, logistics, and defense companies. Despite operating independently, these three adversaries share tools and infrastructure, indicating centralized coordination and resource allocation within the DPRK cyber ecosystem."
        https://www.crowdstrike.com/en-us/blog/labyrinth-chollima-evolves-into-three-adversaries/
        https://cyberscoop.com/north-korea-labyrinth-chollima-splits-crowdstrike/
      • Interlock Ransomware: New Techniques, Same Old Tricks
        "The Interlock ransomware group continues to compromise organizations worldwide, with a focus on UK- and US-based organizations, particularly in the education sector. The FortiGuard Incident Response team continues to track the fallout of previous campaigns related to this group. Unlike other current key ransomware threats, the Interlock group is unique in that it does not operate under the RaaS model. Instead, they appear to be a smaller, dedicated group of operators who develop and operate their own malware to support most of their kill chain. The Interlock ransomware group has demonstrated the ability to adapt its techniques and tooling over time as mitigations evolve."
        https://www.fortinet.com/blog/threat-research/interlock-ransomware-new-techniques-same-old-tricks
      • Malicious Google Ads Target Mac Users With Fake Mac Cleaner Pages
        "Researchers at MacKeeper have found malicious Google Ads for “Mac cleaner” tools that trick users into running dangerous Terminal commands. Stay safe by learning how to spot these fake Apple sites. Researchers at MacKeeper have identified malicious Google Ads promoting fake “Mac cleaner” tools that trick users into running dangerous Terminal commands. The campaign directs victims to Apple-lookalike pages designed to gain full control of macOS systems."
        https://hackread.com/malicious-google-ads-mac-fake-mac-cleaner/
      • Clawdbot’s Rename To Moltbot Sparks Impersonation Campaign
        "After the viral AI assistant Clawdbot was forced to rename to Moltbot due to a trademark dispute, opportunists moved quickly. Within days, typosquat domains and a cloned GitHub repository appeared—impersonating the project’s creator and positioning infrastructure for a potential supply-chain attack. The code is clean. The infrastructure is not. With the GitHub downloads and star rating rapidly rising, we took a deep dive into how fake domains target viral open source projects."
        https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign
      • Supply Chain Attack On eScan Antivirus: Detecting And Remediating Malicious Updates
        "On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by an Indian company MicroWorld Technologies. The previously unknown malware was distributed through the eScan update server. The same day, our security solutions detected and prevented cyberattacks involving this malware. On January 21, having been informed by Morphisec, the developers of eScan contained the security incident related to the attack."
        https://securelist.com/escan-supply-chain-attack/118688/
      • Fake Clawdbot VS Code Extension Installs ScreenConnect RAT
        "On January 27, 2026, our malware detection system flagged a new VS Code extension called "ClawdBot Agent" that immediately set off alarm bells. We confirmed the extension is a fully functional trojan: a working AI coding assistant on the surface, while silently dropping malware onto Windows machines the moment VS Code starts. Here's the kicker: the real Clawdbot team never published an official VS Code extension. The attackers just claimed the name first. We immediately reported it to Microsoft, who were very quick to removing the extension. This post documents our investigation into the extension."
        https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware

      Breaches/Hacks/Leaks

      • Marquis Blames Ransomware Breach On SonicWall Cloud Backup Hack
        "Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a security breach reported by SonicWall a month later. The software company provides data analytics, compliance reporting, CRM tools, and digital marketing services to more than 700 banks, credit unions, and mortgage lenders across the United States."
        https://www.bleepingcomputer.com/news/security/marquis-blames-ransomware-breach-on-sonicwall-cloud-backup-hack/
      • Match Group Breach Exposes Data From Hinge, Tinder, OkCupid, And Match
        "Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. The company stated that hackers stole a "limited amount of user data" after the ShinyHunters threat group leaked 1.7 GB of compressed files allegedly containing 10 million records of Hinge, Match, and OkCupid user information, as well as internal documents. In a statement to BleepingComputer, a spokesperson for Match Group confirmed the incident."
        https://www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/
        https://www.theregister.com/2026/01/29/shinyhunters_match_group/
      • Cyberattack On Large Russian Bread Factory Disrupts Supply Deliveries
        "A cyberattack on a major bread producer in Russia’s Vladimir region has disrupted food deliveries, local media reported. The Vladimir Bread Factory — one of the largest bakery producers in the region — said in a statement that its internal digital systems were hit overnight on Sunday, knocking out office computers, servers, electronic document management tools and the widely used 1C enterprise accounting system."
        https://therecord.media/cyberattack-russian-bread-factory-supply-disruptions

      General News

      • What Motivates Hackers And What Makes Them Walk Away
        "Most hackers spend more time learning, testing, and comparing notes than breaking into systems. The work often happens alone or in small groups, shaped by curiosity, persistence, and a habit of examining how systems behave. Bugcrowd examined who these security researchers are, how they build skills, and what their work looks like behind the scenes as they look for flaws and decide what to report."
        https://www.helpnetsecurity.com/2026/01/29/bugcrowd-hacker-community-research/
      • 2026 Security Operations Insights
        "Security is only becoming more complicated for enterprise organizations. Application environments are changing rapidly as DevOps teams dial up velocity and data volumes scale. Hype around AI has created a rush to develop and adopt AI tools while broadening the attack surface and forcing defenders to reconsider the viability of their solutions. At the same time, attackers are escalating their tactics: stealing credentials at scale, disrupting operations through advanced ransomware, and exploiting gaps across supply chains. These types of breaches affect millions of users, illustrating how quickly an exposure can spread across cloud ecosystems."
        https://www.sumologic.com/guides/2026-security-operations-insights
        https://www.infosecurity-magazine.com/news/cybersecurity-teams-embrace-ai/
      • No Place Like Home Network: Disrupting The World's Largest Residential Proxy Network
        "This week Google and partners took action to disrupt what we believe is one of the largest residential proxy networks in the world, the IPIDEA proxy network. IPIDEA’s proxy infrastructure is a little-known component of the digital ecosystem leveraged by a wide array of bad actors. This disruption, led by Google Threat Intelligence Group (GTIG) in partnership with other teams, included three main actions:"
        https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
        https://thehackernews.com/2026/01/google-disrupts-ipidea-one-of-worlds.html
        https://www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/
        https://www.infosecurity-magazine.com/news/google-disrupts-proxy-networks/
        https://www.securityweek.com/google-disrupts-ipidea-proxy-network/
        https://securityaffairs.com/187463/security/google-targets-ipidea-in-crackdown-on-global-residential-proxy-networks.html
        https://www.helpnetsecurity.com/2026/01/29/ipidea-proxy-network-disrupted/
        https://www.theregister.com/2026/01/29/google_ipidea_crime_network/
      • Identity Theft Resource Center 2025 Annual Data Breach Report: Record Number Of Data Compromises In 2025; 79 Percent Jump Over Five Years
        "Today, the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization that supports victims of identity theft, fraud and scams, released its 2025 Annual Data Breach Report, its 20th edition, at today’s Identity, Authentication and the Road Ahead Identity Policy Forum hosted by the Better Identity Coalition, the FIDO Alliance and the ITRC. According to the 2025 Annual Data Breach Report, the number of data compromises in 2025 (3,322) increased by five percent compared to 2024 (3,152). The ITRC set a new record for the number of data compromises tracked in a year, up four percent from the previous all-time high in 2023 (3,202). It is also a 79 percent jump over five years."
        https://www.idtheftcenter.org/post/2025-annual-data-breach-report-record-number-compromises/
        https://www.idtheftcenter.org/publication/2025-data-breach-report/
        https://www.bankinfosecurity.com/data-breaches-in-america-hit-all-time-record-high-in-2025-a-30624
        https://www.infosecurity-magazine.com/news/us-data-breaches-record-high/
      • IR Trends Q4 2025: Exploitation Remains Dominant, Phishing Campaign Targets Native American Tribal Organizations
        "Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response (Talos IR) engagements — a notable decrease from over 60 percent last quarter, when engagements involving ToolShell surged. This quarter included exploitation of Oracle E-Business Suite (EBS) and React2Shell, as well as the deployment of malware implants previously associated with advanced persistent threat (APT) groups. Phishing was the second-most common tactic for initial access, and this quarter included a campaign specifically targeting Native American tribal organizations for credential harvesting. Once the adversaries compromised a legitimate account, they leverage it to send out further internal phishes and gain more credentials."
        https://blog.talosintelligence.com/ir-trends-q4-2025/
        https://www.theregister.com/2026/01/29/faster_patching_please_cry_infoseccers/
      • The ‘staggering’ Cybersecurity Weakness That Isn’t Getting Enough Focus, According To a Top Secret Service Official
        "The internet domain registration system is a major weakness that malicious hackers can exploit, but is often being overlooked, a senior Secret Service official said Thursday. “It is staggering to me that we live in a world where domain registrars and registrars will do bulk registration of various spellings of a major institution’s brand name to create URLs to then use in phishing campaigns or in fraudulent advertising,” the official, Matt Noyes, said at a conference in Washington, D.C."
        https://cyberscoop.com/secret-service-iana-domain-security-weakness/
      • From Quantum To AI Risks: Preparing For Cybersecurity's Future
        "As 2026 begins, the cybersecurity industry faces a pivotal moment, grappling with persistent threats and emerging challenges. The year brings renewed focus on critical goals as discussed in the latest edition of Reporter's Notebook, with Alex Culafi, senior news writer at Dark Reading, joined by Phil Sweeney of TechTarget Search Security and Eric Geller of Cybersecurity Dive. As seasoned reporters immersed in the field, the trio offers unique insights into what cybersecurity professionals should start doing, stop doing, and focus on as 2026 begins. Their conversation highlights pressing issues, emerging trends, and actionable advice for those in the industry."
        https://www.darkreading.com/cybersecurity-operations/quantum-ai-risks-cybersecuritys-future
      • How Can CISOs Respond To Ransomware Getting More Violent?
        "QUESTION: Ransomware attack groups are getting more violent. How should CISOs respond to this change in tactics? Jim Doggett, CISO, Semperis: At the start of 2025, it seemed like the world may have turned a corner in the fight against ransomware. Blockchain analysis revealed a major drop in ransom crypto-payments, with revenue declining for the first time since 2022. Sadly, our optimism was short-lived. Threat actors are an adaptable bunch. When cornered, they can also be dangerous."
        https://www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
      • CISA Urges Critical Infrastructure Organizations To Take Action Against Insider Threats
        "The Cybersecurity and Infrastructure Security Agency (CISA) is calling on critical infrastructure organizations to take decisive action against insider threats. To support this effort, CISA has released today a powerful new resource—Assembling a Multi-Disciplinary Insider Threat Management Team. Designed for critical infrastructure entities and state, local, tribal, and territorial (SLTT) governments, this comprehensive infographic provides actionable strategies guidance to proactively prevent, detect and mitigate insider threats-helping organizations stay ahead of evolving organizational vulnerabilities."
        https://www.cisa.gov/news-events/news/cisa-urges-critical-infrastructure-organizations-take-action-against-insider-threats
        https://www.cisa.gov/resources-tools/resources/assembling-multi-disciplinary-insider-threat-management-team
        https://www.cisa.gov/sites/default/files/2026-01/Assembling a Multidisciplinary Insider Threat Management Team_508.pdf
        https://www.infosecurity-magazine.com/news/cisa-targets-insider-threat-risks/
        https://www.theregister.com/2026/01/29/cisa_insider_threat_guidance/
      • Ransomware And Cyber Extortion In Q4 2025
        "In the final quarter of 2025 (Q4 2025), established groups like “Qilin” and “Akira” maintained their leadership positions, while newer operators like “Sinobi” gained traction. In addition, the number of data-leak site posts increased by 50% between Q3 and Q4 2025, and was up 40% from Q4 2024, despite fewer active groups this quarter. We assess with moderate confidence that this reflects short-term consolidation, where higher-output groups attacked more organizations as weaker operators lost momentum."
        https://reliaquest.com/blog/threat-spotlight-ransomware-and-cyber-extortion-in-q4-2025/
        https://www.infosecurity-magazine.com/news/ransomware-numbers-rise-despite/
      • Number Of Cybersecurity Pros Surges 194% In Four Years
        "Cybersecurity remains the fastest-growing IT occupation in the UK, having seen its ranks expand by 194% since 2021, according to a new Socura report. The managed detection and response (MDR) specialist used Office of National Statistics (ONS) data to compile its latest report out today: A wave in cyber. Specifically, it cited the ONS Annual Population Survey, which tracks employment figures across 400+ Standard Occupational Classification codes, including 13 IT-related roles."
        https://www.infosecurity-magazine.com/news/number-cybersecurity-pros-surges/
        https://socura.co.uk/reports-and-whitepapers/a-wave-in-cyber
      • Cyber Insights 2026: Zero Trust And Following The Path
        "Ask ten experts to describe the current state of zero trust and you will get ten different answers. We asked dozens of experts. Zero trust is not a thing; it is an idea. It is not a product; it is a concept – it is a destination that has no precise route and may never be reached. But it is described very succinctly: trust nothing until the trust is justified. Justification starts with verifying every subject’s identity and authority. This is the single constant in all zero trust journeys: they start with the subject’s identity."
        https://www.securityweek.com/cyber-insights-2026-zero-trust-and-following-the-path/
      • Latvia Says Russia Remains Its Top Cyber Threat As Attacks Hit Record High
        "Latvia’s security agency has warned that Russia’s cyberattacks and sabotage campaigns against the country show no sign of slowing, even though most incidents so far have failed to cause serious disruption. In its annual report released this week, Latvia’s national security service, SAB, said 2025 marked an all-time high in registered cyber threats targeting the country, with activity surging significantly past levels seen before Russia’s invasion of Ukraine in 2022."
        https://therecord.media/latvia-says-russia-remains-top-cyber-threat-record-attacks
        https://www.sab.gov.lv/files/uploads/2026/01/SABs-annual-report_2025_ENG.pdf
      • Understanding The Russian Cyber Threat To The 2026 Winter Olympics
        "The 2026 Winter Games in Milano Cortina extend beyond sport. Tensions between the Russian Federation and the International Olympic Committee (IOC), stemming from disputes over compliance and governance, lie within a broader geopolitical context. In this environment, the Games may face increased cyber risk, as major international events increasingly intersect with geopolitical competition. The exclusion of Russia from a global stage of historic national importance removes a critical geopolitical guardrail protecting the 2026 Winter Olympic Games."
        https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 0c6e0429-dae1-4128-824c-87be82b3c022-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post