NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 June 2026

    Cyber Security News
    1
    1
    7
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Industrial Sector

      • ICS Patch Tuesday: Vulnerabilities Fixed By Siemens, Schneider, Phoenix Contact
        "ICS Patch Tuesday advisories were published this month by Siemens, Schneider Electric, and Phoenix Contact. Siemens published only four new advisories. In Sinec INS, the industrial giant fixed authenticated command execution, information disclosure, privilege escalation, and password exposure flaws. The company also addressed a DoS and potential code execution issue in Siprotec 5, and a sensitive information exposure weakness in WinCC Certificate Manager."
        https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-fixed-by-siemens-schneider-phoenix-contact/
      • Attacking UPS Network Cards To Take Down Data Centers
        "Team82 has uncovered two serious vulnerabilities in Vertiv’s uninterruptible power supply (UPS) network cards that enable authentication bypass to the control interface of the UPS, denial of service, and potentially code execution. UPS devices come in all sizes, from units as small as a laptop to as big as a six-door closet. They serve the same purpose: keeping critical equipment running in the event of a power outage. During an outage, a UPS switches to its internal battery, preventing sudden shutdowns. Data centers, for example, rely on them to keep servers, routers, and control systems stable and protected from power spikes or drops, keeping devices online or shutting them down safely."
        https://claroty.com/team82/research/attacking-ups-network-cards-to-take-down-data-centers
        https://www.securityweek.com/critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers/

      Vulnerabilities

      • Ivanti: Max Severity Sentry Flaw Allows Code Execution As Root
        "Security software company Ivanti has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. Formerly known as MobileIron Sentry, Ivanti Sentry is a security gateway appliance that secures traffic between back-end corporate systems and remote mobile devices. Tracked as CVE-2026-10520, the maximum-severity vulnerability stems from an OS command injection weakness. The second Sentry security flaw patched on Tuesday (tracked as CVE-2026-10523) is a critical authentication bypass that can be exploited remotely by unauthenticated attackers to create rogue administrative accounts and gain full administrative access."
        https://www.bleepingcomputer.com/news/security/new-max-severity-ivanti-sentry-flaw-allows-code-execution-as-root/
        https://nvd.nist.gov/vuln/detail/CVE-2026-10520
        https://www.theregister.com/patches/2026/06/10/ivanti-urges-sentry-users-to-patch-two-critical-bugs/5253428
        https://www.helpnetsecurity.com/2026/06/10/ivanti-sentry-cve-2026-10520-cve-2026-10523/
      • Critical Vulnerabilities Patched In Fortinet, Ivanti Products
        "Fortinet and Ivanti on Tuesday rolled out fixes for multiple vulnerabilities in their products, including critical-severity OS command injection flaws. Fortinet published three advisories describing security defects in FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe of the three bugs is CVE-2026-25089 (CVSS score of 9.8), an OS command injection issue impacting FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI."
        https://www.securityweek.com/critical-vulnerabilities-patched-in-fortinet-ivanti-products/
        https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html
      • Langflow - Path Traversal Arbitrary File Write Via Upload_user_file
        "The 'POST /api/v2/files' endpoint does not sanitize the 'filename' parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences ('../')."
        https://www.tenable.com/security/research/tra-2026-26
        https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html
        https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/
      • Cyera Research Uncovers Six Protobuf.js Vulnerabilities Impacting The Backbone Of Data And AI Systems
        "Cyera researchers discovered and helped remediate six vulnerabilities in protobuf.js, including flaws that could lead to remote code execution (RCE) and denial-of-service (DoS) attacks. If you're wondering why this matters, that's a fair question. Most of us rarely interact directly with protobuf.js. However, it is the most widely used JavaScript runtime for Protocol Buffers, a serialization format that powers communication across millions of applications, databases, cloud-native services, and AI systems. The package alone is downloaded more than 50 million times per week, with true adoption likely far higher due to its widespread inclusion as a dependency in countless software projects."
        https://www.cyera.com/blog/cyera-research-uncovers-six-protobuf-js-vulnerabilities-impacting-the-backbone-of-data-and-ai-systems
        https://www.cyera.com/research/proto6-the-schema-was-not-supposed-to-run
        https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html
      • Microsoft Patches Exchange Server Zero-Day Exploited In Attacks
        "Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. This high-severity spoofing vulnerability (CVE-2026-42897) affects Exchange Server 2016, Exchange Server 2019, and Exchange Server Subscription Edition (SE) software and can be exploited by remote attackers with no privileges."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-exchange-server-zero-day-exploited-in-attacks/
      • Microsoft Patches YellowKey, GreenPlasma, MiniPlasma Zero-Days
        "On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. All three security flaws were disclosed last month by a security researcher using the "Nightmare Eclipse" handle in protest over how the Microsoft Security Response Center (MSRC) handles the disclosure process."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/

      Malware

      • Expanded JDY IoT And SOHO Botnet Enables Rapid Vulnerability Exploitation
        "Black Lotus Labs® recently identified a significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. In this report, we examine how the botnet has expanded its footprint, diversified its device base and enabled rapid vulnerability targeting, giving defenders important insight into how modern reconnaissance supports subsequent exploitation."
        https://www.lumen.com/blog/en-us/expanded-jdy-iot-and-soho-botnet-enables-rapid-vulnerability-exploitation
        https://www.bleepingcomputer.com/news/security/china-linked-jdy-botnet-expands-targeting-of-us-military-networks/
        https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html
        https://www.theregister.com/security/2026/06/11/china-linked-operators-revive-botnet-stir-ai-datacenter-debate/5253873
      • SilabRAT, What’s Your Power?
        "By this point, the security community has analyzed countless Remote Access Trojans (RATs), so one might ask: Who needs another RAT analysis? Rather than simply cataloging another piece of malware, this still provides an opportunity to shed educational light on how attacker tooling continues to evolve. While reputable RAT families remain popular among adversaries, some have begun searching for alternatives. Well-known RATs are heavily monitored, and therefore easily classified or detected by modern security solutions. As a result, attackers frequently experiment with newer, less common tools in an effort to evade detection and extend operational longevity. In this blog, we deep-dive into SilabRAT and look at some of its interesting capabilities."
        https://www.group-ib.com/blog/silabrat-hijackloader-trojan-malware/
        https://www.infosecurity-magazine.com/news/silabrat-trojan-session-hijacking/
      • Phishing Attacks Leverage TikTok, Instagram Reels
        "Short-form videos on social media apps are currently being leveraged by threat actors as a phishing vector, utilizing tutorial style content with the promise of free premium software to lure victims onto malicious sites. This is an important threat to be cognizant of, as the videos can trick users into directly downloading malware. In order to best defend organizations, steps can be taken to mitigate the risks associated with these videos, both in user training and technical guardrails."
        https://www.reversinglabs.com/blog/social-media-attacks-phishing
        https://www.infosecurity-magazine.com/news/fake-software-videos-tiktok-vidar/
        https://hackread.com/scammers-tiktok-instagram-reels-vidar-infostealer/
        https://www.malwarebytes.com/blog/news/2026/06/free-spotify-premium-hacks-on-social-media-are-spreading-infostealers
      • New Browser-In-The-Browser Phishing Uses Fake Login Popups To Steal Microsoft 365 Credentials
        "A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser window embedded within a webpage. Victims who click a Microsoft sign-in button are presented with what appears to be a standard authentication prompt, complete with a spoofed Microsoft OAuth URL and a login form."
        https://www.helpnetsecurity.com/2026/06/10/browser-in-the-browser-phishing-microsoft-365-users/
        https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2026-06-08-Browser-In-The-Browser-Pishing-Campaign.txt
      • FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, And How To Stay Safe
        "The FIFA World Cup 2026 kicks off on June 11, and the world’s biggest sporting event is drawing more than just fans — it is already attracting a wave of cybercriminals targeting ticket buyers, job seekers, streaming viewers, and corporate brands alike. The FBI has issued a formal Public Service Announcement warning that threat actors are creating fraudulent versions of FIFA-affiliated websites to steal personal information, conduct financial fraud, and sell fake products and services. Cyble researchers independently analyzed the domains flagged by the FBI and confirmed that many remained active and operational at the time of publishing this report."
        https://cyble.com/blog/fifa-world-cup-2026-scams/

      Breaches/Hacks/Leaks

      • Oracle PeopleSoft Servers Hacked In ShinyHunters Data Theft Attacks
        "Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. PeopleSoft is an enterprise business software suite used by large organizations to manage business operations such as human resources, payroll, finance, supply chain management, procurement, and student administration. Yesterday, BleepingComputer learned of widespread data theft attacks targeting both cloud and on-premises Oracle PeopleSoft customer instances.These customers were receiving extortion demands that were signed by the ShinyHunters extortion gang."
        https://www.bleepingcomputer.com/news/security/oracle-peoplesoft-servers-hacked-in-shinyhunters-data-theft-attacks/
      • Cyberattack Shuts Down Major Australian Sugar Mills, Disrupting Harvest
        "A cyberattack has disrupted sugar production in one of Australia's largest cane-growing regions, forcing two major sugar mills to shut down and bringing harvesting operations to a halt. Mackay Sugar, Australia's second-largest sugar producer, said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely."
        https://therecord.media/cyberattack-shuts-down-major-australian-sugar-producer

      General News

      • AI Agents Are Becoming Enterprise Workers. Who Secures Them?
        "A sales operations team builds an AI agent to help manage renewal requests. On the surface, the workflow looks ordinary. The agent reads inbound customer emails, checks the account record in the CRM, looks up contract terms, drafts a response, updates the opportunity stage, and creates a follow-up task. No one has set out to build a sentient machine in a basement. They are just trying to remove friction from a familiar business process. Underneath that ordinary workflow, something important has changed."
        https://blog.checkpoint.com/ai-security/ai-agents-are-becoming-enterprise-workers/
      • Patch Smarter, Not Harder
        "Artificial intelligence is assisting both researchers and adversaries in identifying flaws in software, vastly increasing the pace at which new vulnerabilities are discovered. Defenders are already struggling to keep up. Per Verizon’s 2026 Data Breach Investigations Report, only 26% of vulnerabilities on CISA’s Known Exploited Vulnerabilities (KEV) Catalog were fully remediated by organizations in 2025, a drop from the previous year’s 38%. The median time for full resolution rose to 43 days. Defenders need greater clarity and speed to patch systems in today’s threat landscape. We must flip the script on patching prioritization: patch smarter, not harder."
        https://www.cisa.gov/news-events/news/patch-smarter-not-harder
        https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk
        https://www.darkreading.com/cyber-risk/cisa-rewrites-federal-patching-requirements-ai-threat-era
        https://therecord.media/cisa-to-require-federal-agencies-to-patch-3-days
        https://cyberscoop.com/cisa-vulnerability-remediation-directive-bod-26-04/
      • AI Risk Worries Insurers And Businesses Alike
        "The insurance industry is undergoing a major shift as businesses look to quickly adopt artificial intelligence (AI) while seeking insurance policies to manage potential risks — especially those posed by agentic AI systems that could cause significant damage before being caught by human-in-the-loop processes. The current risk is small as companies test potential ways to integrate AI into their operations. But some insurers are already taking steps to exclude AI-caused damage from their more traditional insurance policies, leaving the risk to be absorbed by cyber insurance policies or tech errors-and-omissions (E&O) coverage. Others have already created explicit policies to protect against AI risks, even if the current market for insuring against AI risk is tiny."
        https://www.darkreading.com/cyber-risk/ai-risk-worries-insurers-businesses-alike
      • The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life
        "Chris Inglis, First US National Cyber Director, Semperis Strategic Adviser: For much of my career, battlefields were tangible places, deserts, cities, mountains, and oceans you could see and touch. You could point to the terrain, define the front line, and distinguish between the fight abroad and life at home. Today, one of the most consequential battlefields of all is almost entirely invisible. It is cyberspace — ambient, persistent, and woven into nearly every part of modern life."
        https://www.darkreading.com/endpoint-security/invisible-battlefield-cyber-war-reshaping-everyday-life
      • AI Slop Will Kill Cybersecurity Storytelling If We Let It
        "One of the most valuable lessons I learned about cybersecurity storytelling came more than 20 years ago, and it didn't come from a press relations or marketing guru. It came from Rhonda Maclean, one of the industry's first female Fortune 500 CISOs (roles included Boeing, Bank of America, and Barclays) and the keynote speaker at the inaugural Executive Women's Forum conference in 2003. Given how few women were at her level at the time, I expected her talk to be about female empowerment."
        https://www.darkreading.com/cyber-risk/ai-slop-kill-cybersecurity-storytelling-we-let-it
        Justice Department, FBI Disable 13 Websites Backed By Suspected Chinese Agents That Sought Sensitive U.S. * Information From Security Clearance Holders
        "Thirteen internet domains used to target U.S. persons, including current and former security clearance holders with access to classified and sensitive U.S. government information, were seized today by federal authorities. “These domain seizures offer a glimpse at how foreign actors can use promises of easy money to lure Americans into revealing sensitive or classified information that they are duty‑bound to protect,” said Assistant Attorney General for National Security John A. Eisenberg. “Anyone approached online with offers of easy income for vague ‘consulting’ work should treat those overtures with extreme caution and remain vigilant for warning signs of malicious targeting.”"
        https://www.justice.gov/opa/pr/justice-department-fbi-disable-13-websites-backed-suspected-chinese-agents-sought-sensitive
        https://hackread.com/fbi-seizes-china-fake-consulting-sites-us-clearance/
      • Every Set Of AI Guardrails Can Be Broken By The Right Prompt
        "Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request and refuse. A new mathematical proof sets a limit on how secure those guardrails can ever be. Apostol Vassilev, a senior scientist at the National Institute of Standards and Technology, published the proof in the peer-reviewed journal IEEE Security & Privacy. It demonstrates that for any finite set of guardrails, some prompt exists that gets the AI to disregard them. Finding that prompt is the only requirement."
        https://www.helpnetsecurity.com/2026/06/10/broken-ai-guardrails-research/
        https://ieeexplore.ieee.org/document/11475847
      • The Security In Smartphones Is Helping Send Them To Landfills
        "Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average smartphone stays in use for about three years, and owners often replace handsets that retain enough computing power for other jobs. A team at the Université Libre de Bruxelles examined a barrier to giving those devices a second life. The barrier comes from the security hardware that protects phones during their first life. Secure boot, Trusted Execution Environments, and fused cryptographic keys guard user data and system integrity. These same mechanisms tie a device to its original maker and resist the changes that reuse requires."
        https://www.helpnetsecurity.com/2026/06/10/secure-smartphone-reuse-landfills/
      • Scams Now Operate Like Real Businesses With Budgets And Targets
        "Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, and direct messages to reach users. One in seven consumers fell victim to a scam during the past year. Scam operations resemble organized businesses, with structured workflows, dedicated personnel, and tactics designed to exploit trust through familiar brands, platforms, and communication channels."
        https://www.helpnetsecurity.com/2026/06/10/bitdefender-global-scam-trends-report/
      • Identity Theft Is Turning Into a Chain Reaction For Victims
        "For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, according to the organization’s 2026 Trends in Identity Report. The report is based on data from 6,188 individuals who sought assistance between April 2025 and March 2026."
        https://www.helpnetsecurity.com/2026/06/10/identity-theft-incidents-itrc-report/
      • Cybersecurity Software Fails To Detect Fifth Of Brower-Based Phishing Attacks
        "Cybersecurity software regularly fails to detect and prevent the cyber-attacks they are designed to protect organizations from, especially within the bowser layer, research by Menlo Security has warned. Published on June 9, Menlo Security's 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks. Based on platform telemetry across millions of active browser sessions in enterprise customer environments between January 1 and March 31 2026, the research warned that threat actors are gaining entry to enterprise environments through the browser session layer."
        https://www.infosecurity-magazine.com/news/cybersecurity-fails-to-detect/
        https://www.menlosecurity.com/resources/2026-state-of-browser-security-threat-report
      • Over a Quarter Of Identity Crime Victims Hit By Multiple Incidents, ITRC Data Shows
        "Identity crime experts have warned of “multi-layered crises” after revealing that many victims dealt with two or more incidents over the past year. The findings come from US non-profit the Identity Theft Resource Center (ITRC), which analyzed data from over 6000 reports submitted to it between April 1 2025 and March 31 2026. Its 2026 Trends in Identity Report revealed that nearly 26% of victims managed two or more concurrent identity crime incidents, up from 24% the previous year. ITRC chief operating and programs officer, Mona Terry, said that identity crimes are becoming increasingly complex."
        https://www.infosecurity-magazine.com/news/quarter-identity-crime-victims/
      • One Click To Compromise: ThreatLabz 2026 Phishing And Initial Access Report
        "AI is accelerating the enterprise, but it is also raising the cost of a single user mistake. Phishing remains one of the easiest on-ramps for attackers, with campaigns that look routine, move fast, and convert clicks into access. Identity has also become the real perimeter, and attackers are looking for the fastest path through it. That means more reconnaissance to find exposed entry points, more credential validation to test what will work, and more abuse of encrypted channels to blend into normal traffic."
        https://www.zscaler.com/blogs/security-research/one-click-compromise-threatlabz-2026-phishing-and-initial-access-report
      • Infostealers Turn Millions Of Devices Into Credential Theft Machines
        "Hackers no longer force open the side-window when infostealers can give them a key to the front door. Infostealers have become the primary source of stolen credentials for attackers. Using these credentials is now a favored route for bad actors to access a target effectively as an invited guest. It is quicker, easier, less visible and more effective than forcing an entry. More than 11.1 million devices were infected with infostealers in 2025, reports Flashpoint. More than 3.3 billion credentials, browser artifacts, session information and other forms of identity are now circulating in illicit marketplaces. These don’t simply provide entry to a target, they often provide authorized access to valuable data undisturbed by security defenses within the target."
        https://www.securityweek.com/infostealers-turn-millions-of-devices-into-credential-theft-machines/
        https://flashpoint.io/resources/e-book/2026-guide-to-infostealers/
      • Cybercriminals: The 'auditors' You Never Hired
        "There’s one cognitive bias that we humans are prone to, and it lies at the centre of some of the challenges that cybersecurity professionals face every day. It’s known as the normalcy bias – what Dr. Lauren Braithwaite defines as “our tendency to underestimate the possibility of disaster and believe that life will continue as normal, even in the face of significant threats or crises.” It's why people hesitate after fire alarms go off or delay reacting in other unfolding situations because things still appear manageable."
        https://www.welivesecurity.com/en/business-security/cybercriminals-auditors-never-hired/
      • Chinese, N. Korean Threat Groups Build On Asia-Pacific Success
        "Cyber-threat groups linked to North Korea and China continue to target financial firms and cryptocurrency assets in the Asia-Pacific region, but face increasing headwinds as national governments collaborate more closely with each other and private industry to seize cryptocurrency accounts linked to illegal activity. In its recent 2026 Financial Services Threat Landscape Report, CrowdStrike noted that six of the nine major threat groups targeting financial services in Q1 2026 are linked to China and North Korea, while at least 78 organizations in the Asia-Pacific and Oceania regions were targeted by cybercriminals groups' data-leak-and-ransom operations."
        https://www.darkreading.com/cyberattacks-data-breaches/chinese-korean-threat-groups-asia-pacific-success
      • GenAI Is Both Hunter And Hunted At Pwn2Own Berlin 2026
        "Pwn2Own has unequivocally arrived in the generative AI (GenAI) age. TrendAI™ Research has a full report on the event that took place at OffensiveCon 2026, but I also had the privilege of participating in the disclosure process for some of the artificial intelligence (AI) targets. Obviously, I cannot discuss the details of the actual bugs until the disclosure period is over, but I have some general observations to make."
        https://www.trendmicro.com/en_us/research/26/f/pwn2own-genai.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) c7787093-05c4-4368-b07d-d4eec299037a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post