NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 March 2025

    Cyber Security News
    1
    1
    388
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • How Financial Institutions Can Minimize Their Attack Surface
        "In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on balancing compliance with agility, lessons from regulatory audits, and Discover’s approach to risk management and workforce development."
        https://www.helpnetsecurity.com/2025/03/18/sunil-mallik-discover-financial-institutions-security/

      Industrial Sector

      • Rockwell Automation Lifecycle Services With VMware
        "Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-02
      • Schneider Electric EcoStruxure Power Automation System
        "Successful exploitation of this vulnerability could allow unauthorized access to the underlying software application running WebHMI."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-03
      • Schneider Electric ASCO 5310/5350 Remote Annunciator
        "Successful exploitation of these vulnerabilities could allow an attacker to perform a denial of service, loss of availability, or loss of device integrity."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-05
      • Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI)
        "Successful exploitation of this vulnerability could allow an attacker to bypass device authentication, potentially gain access to sensitive information, or execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-01
      • Schneider Electric EcoStruxure Panel Server
        "Successful exploitation of this vulnerability could allow disclosure of sensitive information, including the disclosure of credentials."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-077-04

      Vulnerabilities

      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
        CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-adds-two-known-exploited-vulnerabilities-catalog
      • New Windows Zero-Day Exploited By 11 State Hacking Groups Since 2017
        "At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. However, as security researchers Peter Girnus and Aliakbar Zahravi with Trend Micro's Zero Day Initiative (ZDI) reported today, Microsoft tagged it as "not meeting the bar servicing" in late September and said it wouldn't release security updates to address it."
        https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
        https://www.zerodayinitiative.com/advisories/ZDI-25-148/
        https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html
        https://therecord.media/windows-lnk-files-nation-state-hacking-campaigns
        https://www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/
        https://securityaffairs.com/175569/apt/nation-state-actors-and-cybercrime-gangs-abuse-malicious-lnk-files-for-espionage-and-data-theft.html
        https://www.theregister.com/2025/03/18/microsoft_trend_flaw/
      • BMC&C: Redfish Alert 3
        "The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely. This research is preceded by two similar disclosures:"
        https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/
        https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html
        https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/
        https://www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/
      • New Vulnerability In GitHub Copilot And Cursor: How Hackers Can Weaponize Code Agents
        "Pillar Security researchers have uncovered a dangerous new supply chain attack vector we've named "Rules File Backdoor." This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent configuration files used by Cursor and GitHub Copilot—the world's leading AI-powered code editors."
        https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents
        https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html

      Malware

      • New GitHub Action Supply Chain Attack: Reviewdog/action-Setup
        "A supply chain attack on the popular GitHub Action tj-actions/changed-files caused many repositories to leak their secrets over the weekend. Wiz Research has discovered an additional supply chain attack on reviewdog/actions-setup@v1, that may have contributed to the compromise of tj-actions/changed-files. At this point we believe this is a chain of supply chain attacks eventually leading to a specific high-value target."
        https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup
        https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
        https://www.bankinfosecurity.com/second-github-actions-supply-chain-attack-discovered-a-27751
      • Legacy Driver Exploitation Through Bypassing Certificate Verification
        "In June 2024, the security company CheckPoint-Research (CPR) published a post on a security threat that used the Legacy Driver Exploitation technique. This attack mostly focused on remotely controlling infected systems using the Gh0stRAT malware and causing additional damage. The threat actor distributed malware using a phishing site and messaging apps, and loaded additional payloads using the DLL side-loading technique. They used a modified TrueSight.sys driver to bypass Microsoft’s driver blocking system, and forcibly terminated security processes such as antivirus and endpoint detection and response (EDR) systems to neutralize security defenses."
        https://asec.ahnlab.com/en/86881/
      • Hundreds Of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
        "Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks. The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of such apps, either on its own volition or after being notified by researchers but criminals adapt."
        https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
        https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html
        https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/
        https://hackread.com/scammers-ad-fraud-apps-google-play-60m-downloads/
        https://www.infosecurity-magazine.com/news/malicious-app-bypass-android/
      • Look Before You Leap: Imposter DeepSeek Software Seek Gullible Users
        "In this blog, we discuss how malware authors recently utilized a popular new trend to entice unsuspecting users into installing malware. This blog is meant as a reminder to stay cautious during a hype cycle. It’s a common trap and pitfall for unassuming consumers."
        https://www.mcafee.com/blogs/internet-security/deepseek-or-deep-threat-how-hackers-are-using-ai-hype-to-deliver-malware/
        https://hackread.com/fake-deepseek-ai-installers-websites-apps-malware/
      • AMOS And Lumma Stealers Actively Spread To Reddit Users
        "We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers which have been laced with Lumma Stealer and Atomic Stealer (AMOS) respectively. These two malware families have wreaked havoc, pillaging victims’ personal data and enabling their distributors to make substantial gains, mostly by taking over cryptocurrency wallets."
        https://www.malwarebytes.com/blog/scams/2025/03/amos-and-lumma-stealers-actively-spread-to-reddit-users
      • Operation AkaiRyū: MirrorFace Invites Europe To Expo 2025 And Revives ANEL Backdoor
        "In August 2024, ESET researchers detected cyberespionage activity carried out by the China-aligned MirrorFace advanced persistent threat (APT) group against a Central European diplomatic institute in relation to Expo 2025, which will be held in Osaka, Japan. Known primarily for its cyberespionage activities against organizations in Japan, to the best of our knowledge, this is the first time MirrorFace intended to infiltrate a European entity. The campaign, which we uncovered in Q2 and Q3 of 2024 and named Operation AkaiRyū (Japanese for RedDragon), showcases refreshed tactics, techniques, and procedures (TTPs) that we observed throughout 2024: the introduction of new tools (such as a customized AsyncRAT), the resurrection of ANEL, and a complex execution chain."
        https://www.welivesecurity.com/en/eset-research/operation-akairyu-mirrorface-invites-europe-expo-2025-revives-anel-backdoor/
        https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html
        https://www.bankinfosecurity.com/chinese-hackers-target-european-diplomats-malware-a-27745
      • China Identifies Taiwanese Hackers Allegedly Behind Cyberattacks And Espionage
        "China’s state security ministry (MSS) has accused four individuals allegedly linked to Taiwan’s military of carrying out cyberattacks and espionage against the mainland. In a statement on Monday, the MSS identified the suspects as members of Taiwan’s Information, Communications, and Electronic Force Command (ICEFCOM) within the defense ministry. It released their names, headshots, birthdates and job titles. Beijing claims that ICEFCOM has been conducting cyber operations since 2023, targeting key infrastructure in China, including power grids, water supplies and telecommunications networks. According to the MSS, the agency has hired hackers and cybersecurity firms to support government-directed cyber warfare."
        https://therecord.media/china-taiwan-hacks-identify-cyber

      Breaches/Hacks/Leaks

      • Sperm Donation Giant California Cryobank Warns Of a Data Breach
        "US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. California Cryobank is a full-service sperm bank providing frozen donor sperm and specialized reproductive services, such as egg and embryo storage. The company is the largest sperm bank in the US and services all 50 states and more than 30 countries worldwide."
        https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/
      • Western Alliance Bank Notifies 21,899 Customers Of Data Breach
        "Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. Western Alliance is a wholly owned subsidiary of Western Alliance Bancorporation, a leading U.S. banking company with over $80 billion in assets."
        https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/
        https://therecord.media/western-alliance-bank-data-breach
        https://www.securityweek.com/western-alliance-bank-discloses-data-breach-linked-to-cleo-hack/
      • Blockchain Gaming Platform WEMIX Hacked To Steal $6.1 Million
        "Blockchain gaming platform WEMIX suffered a cyberattack last month, allowing threat actors to steal 8,654,860 WEMIX tokens, valued at approximately $6,100,000 at the time. During a press conference held yesterday, WEMIX's CEO Kim Seok-Hwan confirmed the incident occurred on February 28, 2025, explaining that the delay in issuing a public announcement wasn't an attempt to cover it up, but rather a conscious choice to protect players from additional losses."
        https://www.bleepingcomputer.com/news/security/blockchain-gaming-platform-wemix-hacked-to-steal-61-million/

      General News

      • Hackers Target AI And Crypto As Software Supply Chain Risks Grow
        "The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According to ReversingLabs data, open-source software remained a key element of supply chain risk in 2024. For example, incidents of exposed development secrets via publicly accessible, open-source packages rose 12% compared to 2023. And critical and exploitable software flaws continued to lurk in even the most widely used open source packages."
        https://www.helpnetsecurity.com/2025/03/18/software-supply-chain-risks/
      • Extortion Crew Threatened To Inform Edward Snowden (?!) If Victim Didn't Pay Up
        "Dark web analysts at infosec software vendor Fortra have discovered an extortion crew named Ox Thief that threatened to contact Edward Snowden if a victim didn’t pay to protect its data – a warning that may be an indicator of tough times in the ransomware world for some, at least. Ox Thief at first stuck to the tried-and-tested racket, claiming on its Tor-hidden site to have stolen 47 GB of "highly sensitive files" from an organization, offering samples of those files for download so its victim could verify its claims, and then threatening to publish the material unless the org paid a ransom demand."
        https://www.theregister.com/2025/03/18/extortionists_ox_thief_legal_threats/
        https://www.darkreading.com/cyberattacks-data-breaches/ransomware-crew-leak-snowden-extortion-tactic
      • Flashpoint 2025 Global Threat Intelligence Report: Stay Ahead Of Emerging Threats
        "Organizations are facing an unprecedented barrage of sophisticated threats that are more complex, interconnected, and higher-stakes than ever before. From the rapid proliferation of information-stealing malware—a gold mine for threat actors—to the exploitation of vulnerabilities, and the rise of ransomware attacks and data breaches, the threat landscape is evolving at a breakneck pace."
        https://flashpoint.io/blog/flashpoint-global-threat-intelligence-report-gtir-2025/
        https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/
        https://www.infosecurity-magazine.com/news/168-billion-records-exposed/
      • 3 AI-Driven Roles In Cybersecurity
        "One year ago, 88% of ISC2 members surveyed believed AI would "significantly impact" their jobs over the next two years. While 56% said AI would make "some" parts of their jobs obsolete, most security professionals (82%) believed AI would help make them more efficient. Twelve months later, the latter has proven to be true. As quickly as AI has evolved since this survey was taken, security operations will always require highly skilled humans to make the final decisions."
        https://www.darkreading.com/cybersecurity-operations/3-ai-driven-roles-cybersecurity
      • How AI And Automation Are Reshaping Security Leadership
        "The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, the promise of security automation is coming to fruition. In theory and practice, security automation should truncate the time SOCs spend investigating and mitigating alerts. However, the tried and true saying about technology still applies: Cybersecurity still relies on the combination of people, processes, and technology. For some time, AI and security automation have achieved gains, but there have also been occasional setbacks."
        https://www.helpnetsecurity.com/2025/03/18/security-leaders-ai-automation-benefits/
      • Security Researcher Proves GenAI Tools Can Develop Google Chrome Infostealers
        "A cyber threat intelligence researcher at Cato Networks has discovered a new technique to utilize the most popular large language models (LLMs) for coding information-stealing malware. For its first-ever annual threat report, Cato’s Cyber Threats Research Lab (Cato CTRL) asked one of its threat intelligence researchers, Vitaly Simonovich, to conduct his own LLM jailbreak attack. While Simonovich had no prior malware coding experience, he successfully tricked popular generative AI (GenAI) tools, including DeepSeek’s R1 and V3, Microsoft Copilot, and OpenAI’s ChatGPT-4o, into developing malware that can steal login credentials from Google Chrome version 133."
        https://www.infosecurity-magazine.com/news/security-researcher-llm/
        https://www.catonetworks.com/resources/2025-cato-ctrl-threat-report-rise-of-zero-knowledge-threat-actor/
      • Third Of UK Supply Chain Relies On “Chinese Military” Companies
        "UK companies have larger, more complex and more exposed digital supply chains than their global peers and are heavily reliant on firms linked to the Chinese military, according to Bitsight. The cybersecurity vendor used data on third-party relationships, alongside its own security scanning technologies, entity mapping and financial data to produce its latest report, Under the Surface: Uncovering Cyber Risk in the Global Supply Chain. The study mapped 500,000 organizations, 40,000 products, 12,000 providers and over 61 million digital supply chain relationships."
        https://www.infosecurity-magazine.com/news/third-uk-supply-chain-relies/
        https://www.bitsight.com/sites/default/files/2025-02/Bitsight TRACE Report - Security Digitization and the Global Supply Chain.pdf
      • The DNA Of Organised Crime Is Changing – And So Is The Threat To Europe
        "Europol’s EU Serious and Organised Crime Threat Assessment (EU-SOCTA) 2025, published today, reveals how the very DNA of crime is shifting – reshaping the tactics, tools and structures employed by criminal networks. The EU-SOCTA offers one of the most thorough analyses conducted on the threats posed by serious organised crime to the EU’s internal security. Based on intelligence from EU Member States and international law enforcement partners, this report not only analyses the state of organised crime today – it anticipates threats of tomorrow, providing a roadmap for Europe’s law enforcement and policymakers to stay ahead of ever-evolving organised crime."
        https://www.europol.europa.eu/media-press/newsroom/news/dna-of-organised-crime-changing-and-so-threat-to-europe
        https://www.europol.europa.eu/publication-events/main-reports/changing-dna-of-serious-and-organised-crime
        https://www.europol.europa.eu/cms/sites/default/files/documents/EU-SOCTA-2025.pdf
        https://www.securityweek.com/ai-is-turbocharging-organized-crime-eu-police-agency-warns/
      • Black Basta Leader In League With Russian Officials, Chat Logs Show
        "The Black Basta ransomware gang may have connections to Russian authorities, according to fresh analysis of leaked internal chat logs. Black Basta is a Russian-speaking ransomware-as-a-service (RaaS) operation first discovered in April 2022. As a prolific threat group, it went on to target and victimize hundreds of organizations globally before its activity drastically slowed down in recent months. The reason? Leaked chat logs that uncovered the group's operational weaknesses."
        https://www.darkreading.com/threat-intelligence/black-basta-league-russian-officials-chat-logs
        https://www.infosecurity-magazine.com/news/blackbasta-ransomwares-ties-russia/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 2fb26ac6-db9c-4879-a325-74120db255f4-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post