• ล่าสุด
  • แท็ก
  • ฮิต
    • ติดต่อสำนักงาน
  • ลงทะเบียน
  • เข้าสู่ระบบ
NCSA Webboard
  • ล่าสุด
  • แท็ก
  • ฮิต
    • ติดต่อสำนักงาน
  • ลงทะเบียน
  • เข้าสู่ระบบ

Cyber Threat Intelligence 20 March 2025

Cyber Security News
1
1
453
โหลดโพสเพิ่มเติม
  • เก่าสุดไปยังใหม่สุด
  • ใหม่สุดไปยังเก่าสุด
  • Most Votes
ตอบ
  • ตอบโดยตั้งกระทู้ใหม่
เข้าสู่ระบบเพื่อตอบกลับ
Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
  • N
    NCSA_THAICERT
    แก้ไขล่าสุดโดย 15 วันที่แล้ว

    Industrial Sector

    • MySCADA MyPRO Manager And Runtime RCE Vulnerabilities
      "Supervisory Control and Data Acquisition (SCADA) systems are at the core of industrial automation, ensuring seamless operation across sectors such as energy, manufacturing, and critical infrastructure. With the digital transformation of these industries, SCADA systems are increasingly becoming targets for cyber threats. Our security research team at PRODAFT has identified two critical vulnerabilities in mySCADAPRO, which has its headquarters in the Czech Republic, a widely used SCADA management solution. These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses."
      https://catalyst.prodaft.com/public/report/myscada-mypro-manager-and-runtime-rce-vulnerabilities/overview
      https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html

    New Tooling

    • Dependency-Check: Open-Source Software Composition Analysis (SCA) Tool
      "Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links to the relevant Common Vulnerabilities and Exposures (CVE) entries, helping teams address security risks."
      https://www.helpnetsecurity.com/2025/03/19/dependency-check-open-source-software-composition-analysis-sca-tool/
      https://github.com/jeremylong/DependencyCheck

    Vulnerabilities

    • IBM Scores Perfect 10 ... Vulnerability In Mission-Critical OS AIX
      "IBM "strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities, one of which has a perfect 10 severity score. The two vulnerabilities, CVE-2024-56346 (10) and CVE-2024-56347 (9.6), both allow remote attackers to execute arbitrary commands. IBM's security bulletin states that both are caused by improper process controls (CWE-114). IBM has never specified the number of clients on AIX, but third-party sources suggest around 9,000 organizations use the OS, which is generally deployed in critical applications powering high-value industries."
      https://www.theregister.com/2025/03/19/ibm_aix_critical_vulnerabilities/
    • CISA Adds Three Known Exploited Vulnerabilities To Catalog
      "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
      CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
      CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
      CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability"
      https://www.cisa.gov/news-events/alerts/2025/03/19/cisa-adds-three-known-exploited-vulnerabilities-catalog

    Malware

    • Technical Advisory: Mass Exploitation Of CVE-2024-4577
      "Bitdefender Labs is tracking new campaigns as threat actors exploit a vulnerability we first highlighted in June 2024. Bitdefender issued a critical security advisory regarding CVE-2024-4577, a severe argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode. This flaw allowed remote attackers to execute arbitrary code by manipulating character encoding conversions."
      https://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-update-mass-exploitation-cve-2024-4577
      https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html
    • Arcane Stealer: We Want All Your Data
      "At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What’s intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla and DynDNS. The stealer was named Arcane, not to be confused with the well-known Arcane Stealer V. The malicious actor behind Arcane went on to release a similarly named loader, which supposedly downloads cheats and cracks, but in reality delivers malware to the victim’s device."
      https://securelist.com/arcane-stealer/115919/
      https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/
    • DollyWay World Domination: Eight Years Of Evolving Website Malware Campaigns
      "GoDaddy Security researchers have uncovered evidence linking multiple malware campaigns into a single, long-running operation we've named "DollyWay World Domination". While previously thought to be separate campaigns, our research reveals these attacks share common infrastructure, code patterns, and monetization methods - all appearing to be connected to a single sophisticated threat actor. The operation was named after the following tell-tale string, which is found in some variations of the malware: define('DOLLY_WAY', 'World Domination');"
      https://www.godaddy.com/resources/news/dollyway-world-domination
      https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
    • Ukrainian Military Targeted In New Signal Spear-Phishing Attacks
      "Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces. The bulletin mentions that the attacks started this month, with Signal messages containing archives posing as meeting reports. With some of these messages sent from existing contacts targets are familiar with, the chances of them opening the archives are higher."
      https://www.bleepingcomputer.com/news/security/ukrainian-military-targeted-in-new-signal-spear-phishing-attacks/
    • Virtue Or Vice? A First Look At Paragon’s Proliferating Spyware Operations
      "Paragon Solutions Ltd. was established in Israel in 2019. The founders of Paragon include Ehud Barak, the former Israeli Prime Minister, and Ehud Schneorson, the former commander of Israel’s Unit 8200. Paragon sells a spyware product called Graphite, which reportedly provides “access to the instant messaging applications on a device, rather than taking complete control of everything on a phone,” like NSO Group’s Pegasus spyware. According to a Forbes report from 2021, a senior executive at Paragon said the company would only sell to government customers who “abide by international norms and respect fundamental rights and freedoms” and that “authoritarian or non-democratic regimes would never be customers.”"
      https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
      https://therecord.media/ontario-police-citizen-lab-spyware-report
      https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/
      https://securityaffairs.com/175629/security/whatsapp-fixed-zero-day-flaw-used-to-deploy-paragon-graphite-spyware-spyware.html
      https://cyberscoop.com/six-countries-suspected-paragon-spyware-customers/
    • ZDI-CAN-25373: Windows Shortcut Exploit Abused As Zero-Day In Widespread APT Campaigns
      "The Trend Zero Day Initiative™ (ZDI) threat hunting team identified significant instances of the exploitation of ZDI-CAN-25373 across a variety of campaigns dating back to 2017. Our analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft. We discovered nearly a thousand Shell Link (.lnk) samples that exploit ZDI-CAN-25373; however, it is probable that the total number of exploitation attempts are much higher. Subsequently, we submitted a proof-of-concept exploit through Trend ZDI's bug bounty program to Microsoft, who declined to address this vulnerability with a security patch."
      https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
      https://www.darkreading.com/cyber-risk/nation-state-groups-abuse-microsoft-windows-shortcut-exploit
      https://hackread.com/nation-state-hackers-exploit-windows-unpatched-flaw-2017/
      https://www.helpnetsecurity.com/2025/03/19/apts-zero-day-windows-shortcut-vulnerability-exploit-zdi-can-25373/
      https://www.infosecurity-magazine.com/news/zdican25373-exploited-state/
    • VHDs Used To Distribute VenomRAT And Other Malware
      "Threat actors always like to find new ways to deliver malware undetected to target large communities. In this blog post, I’ll cover a current technique threat actors use to bypass security measures, deliver malware, infect systems and exfiltrate data—all by using a virtual hard disk image file to host and distribute the VenomRAT malware."
      https://www.forcepoint.com/blog/x-labs/venomrat-malware-uses-virtual-hard-drives
      https://hackread.com/hackers-hide-venomrat-malware-virtual-hard-disk-files/
    • Threat Spotlight: A Million Phishing-As-a-Service Attacks In Two Months Highlight a Fast-Evolving Threat
      "The first few months of 2025 saw a massive spike in phishing-as-a-service (PhaaS) attacks targeting organizations around the world, with more than a million attacks detected by Barracuda systems in January and February. The attacks were powered by several leading PhaaS platforms, including Tycoon 2FA, EvilProxy, and Sneaky 2FA. Between them, these three platforms show how PhaaS is evolving to become ever more complex and evasive. Tycoon 2FA was the most prominent and sophisticated PhaaS platform active in early 2025. It accounted for 89% of the PhaaS incidents seen in January 2025. Next came EvilProxy, with a share of 8%, followed by a new contender, Sneaky 2FA with a 3% share of attacks."
      https://blog.barracuda.com/2025/03/19/threat-spotlight-phishing-as-a-service-fast-evolving-threat
      https://www.infosecurity-magazine.com/news/sneaky-2fa-joins-tycoon-2fa/
    • LayerX Labs Identifies New Phishing Campaign Targeted At Mac Users
      "A new phishing attack campaign, targeting Mac users and identified by LayerX Labs, shows the trials and tribulations of combating online phishing, and how attacks morph and shift in response to adaptations by security tools. For the past few months, LayerX has been monitoring a sophisticated phishing campaign that initially targeted Windows users by masquerading as Microsoft security alerts. The campaign’s goal was to steal user credentials by employing deceptive tactics that made victims believe their computers were compromised. Now, with new security features rolled out by Microsoft, Chrome, and Firefox, the attackers have shifted their focus to Mac users."
      https://layerxsecurity.com/blog/layerx-identifies-new-phishing-campaign-targeted-at-mac-users/
      https://www.securityweek.com/scareware-combined-with-phishing-in-attacks-targeting-macos-users/
    • ClearFake’s New Widespread Variant: Increased Web3 Exploitation For Malware Delivery
      "ClearFake is a malicious JavaScript framework deployed on compromised websites to deliver malware through the drive-by download technique. When it first emerged in July 2023, the injected code was designed to display a fake web browser download page, tricking users into downloading counterfeit browser updates. By May 20241, ClecarFake adopted the new social engineering tactic ClickFix, displaying fake error messages in the web browser and deceiving users into copying and executing a given malicious PowerShell code that finally infected their systems."
      https://blog.sekoia.io/clearfakes-new-widespread-variant-increased-web3-exploitation-for-malware-delivery/
      https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html
    • Ukraine’s IT Army Keeps Up Attacks On Russia Despite Waning Media Hype
      "Ukraine's IT Army, a group of self-described hacktivists who drew significant media attention for targeting Russian entities in the war’s early days, remains active despite the fading public buzz. According to a new report by Russian cybersecurity firm F6, the number of cyberattacks launched by the IT Army against Russia has risen sharply over the past year. The group became active in February 2022 and “has maintained its momentum” ever since, expanding the range of its targets."
      https://therecord.media/it-army-keeps-up-attacks-on-russia-ukraine
    • Dragon RaaS | Pro-Russian Hacktivist Group Aims To Build On “The Five Families” Cybercrime Reputation
      "Dragon RaaS is a ransomware group that walks the line between hacktivism and cybercrime. Also known as DragonRansom or Dragon Team, it emerged in July 2024 as an offshoot of the Stormous group, itself part of a larger cybercrime syndicate known as “The Five Families,” which includes ThreatSec, GhostSec, Blackforums, and SiegedSec."
      https://www.sentinelone.com/blog/dragon-raas-pro-russian-hacktivist-group-aims-to-build-on-the-five-families-cybercrime-reputation/

    Breaches/Hacks/Leaks

    • Pennsylvania Education Union Data Breach Hit 500,000 People
      "The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying over half a million individuals that attackers stole their personal information in a July 2024 security breach. The union represents over 178,000 education professionals, including teachers, support staff, higher education personnel, nurses, retired educators, and future teachers. "PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment," the organization said in breach notification letters sent to 517,487 individuals."
      https://www.bleepingcomputer.com/news/security/pennsylvania-education-union-data-breach-hit-500-000-people/
      https://therecord.media/half-a-million-impacted-pennsylvania-education-data-breach
      https://www.theregister.com/2025/03/19/pennsylvania_nonprofit_cyberattack/

    General News

    • Moving Beyond Checkbox Security For True Resilience
      "In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize spending based on threat-informed assessments, and address overlooked vulnerabilities like shadow IT and software supply chain risks."
      https://www.helpnetsecurity.com/2025/03/19/william-booth-mitre-proactive-security-measures/
    • Show Top LLMs Buggy Code And They'll Finish Off The Mistakes Rather Than Fix Them
      "Researchers have found that large language models (LLMs) tend to parrot buggy code when tasked with completing flawed snippets. That is to say, when shown a snippet of shoddy code and asked to fill in the blanks, AI models are just as likely to repeat the mistake as to fix it. Nine scientists from institutions, including Beijing University of Chemical Technology, set out to test how LLMs handle buggy code, and found that the models often regurgitate known flaws rather than correct them."
      https://www.theregister.com/2025/03/19/llms_buggy_code/
      https://arxiv.org/abs/2503.11082
    • Identity Attacks And Infostealers Dominate The 2025 Threat Detection Report
      "The 2025 Threat Detection Report is here, arming you and your team with actionable insights into the year’s most prevalent security trends, threats, and MITRE ATT&CK® techniques. Our seventh annual retrospective presents an in-depth analysis of nearly 93,000 threats detected across over 4 million identities, endpoints, and cloud assets over the past year. This report provides you with a comprehensive view of this threat landscape, along with practical guidance on detection, testing, prevention, and mitigation."
      https://redcanary.com/blog/threat-detection/2025-threat-detection-report/
      https://resource.redcanary.com/rs/003-YRU-314/images/2025ThreatDetectionReport_RedCanary.pdf?version=0
      https://www.bankinfosecurity.com/clickfix-attacks-increasingly-lead-to-infostealer-infections-a-27772
    • Why Cybersecurity Needs More Business-Minded Leaders
      "Cybersecurity is at an inflection point. As threats grow in complexity and regulatory scrutiny increases, leadership in the industry is evolving. I know this firsthand: If you had told me years ago that I'd be leading a cybersecurity company, I probably wouldn't have believed you."
      https://www.darkreading.com/cybersecurity-operations/why-cybersecurity-needs-more-business-minded-leaders
    • SpyCloud’s 2025 Identity Exposure Report Reveals The Scale And Hidden Risks Of Digital Identity Threats
      "The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report, highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. As cybercriminals move beyond single data points and leverage stolen data from a number of sources – breaches, malware and phishes – they are embracing a more sophisticated approach to identity exploitation, and organizations must shift their focus to a comprehensive and holistic defense strategy that accounts for the interconnected nature of digital identities."
      https://hackread.com/spyclouds-2025-identity-exposure-report-reveals-the-scale-and-hidden-risks-of-digital-identity-threats/
      https://spycloud.com/resource/spycloud-annual-identity-exposure-report-2025/
    • Most Organizations Change Policies To Reduce CISO Liability Risk
      "93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board level."
      https://www.helpnetsecurity.com/2025/03/19/ciso-liability-policy/
    • Report: The State Of Secrets Sprawl 2025
      "GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic secrets, which made up 58% of all leaked credentials. More troubling, 70% of secrets leaked in 2022 remain active, significantly expanding the attack surface for threat actors."
      https://www.helpnetsecurity.com/2025/03/19/report-the-state-of-secrets-sprawl-2025/
      https://www.gitguardian.com/state-of-secrets-sprawl-report-2025
      https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2025
      752,000 Browser Phishing Attacks Mark 140% Increase YoY
      "A surge in browser-based phishing attacks has been recorded over the past year, with 752,000 incidents identified – marking a 140% increase year-over-year (YoY) between 2023 and 2024. The rise of artificial intelligence (AI)-driven phishing techniques and the exploitation of enterprise browsers have contributed to this trend. According to a new report by Menlo Security, cybercriminals are increasingly focusing on browsers as their primary attack vector, leveraging sophisticated evasion techniques, social engineering and zero-day vulnerabilities to bypass traditional security measures."
      https://www.infosecurity-magazine.com/news/752000-browser-phishing-attacks/
    • Gartner Warns Agentic AI Will Accelerate Account Takeovers
      "Within two years, AI agents will accelerate the time it takes threat actors to hijack exposed accounts by 50%, Gartner has warned. The analyst claimed that the technology would help to automate more of the steps necessary to accomplish account takeovers (ATOs), such as deepfake-driven social engineering and credential compromise."
      https://www.infosecurity-magazine.com/news/gartner-agentic-ai-accelerate/
    • The “free Money” Trap: How Scammers Exploit Financial Anxiety
      "With financial stress at an all-time high, and many Americans grappling with confusion about social security, Medicaid, and Medicare, people are desperately seeking relief. Scammers know this all too well and have tailored their tactics to exploit these fears, preying on vulnerable individuals with promises of “free money.” Whether it’s a so-called “subsidy program,” a “government grant,” or a “relief card,” these scams all share the same underlying goal—to manipulate people into giving away their personal information, or—worse—their hard-earned cash."
      https://www.malwarebytes.com/blog/scams/2025/03/the-free-money-trap-how-scammers-exploit-financial-anxiety
    • The Citizen Lab’s Director Dissects Spyware And The ‘proliferating’ Market For It
      "As the founder of the Citizen Lab, a University of Toronto-based organization known for detecting and diagnosing spyware infections worldwide, Ron Deibert has overseen investigations into privacy abuses in Hungary, Greece, Spain, Poland, El Salvador, Thailand and many other countries. Deibert, who has been a leader in putting the rapidly growing spyware problem on the map, is the author of the new book “Chasing Shadows: Cyber Espionage, Subversion and the Global Fight for Democracy,” which chronicles his longtime battle against commercial surveillance technologies."
      https://therecord.media/ron-deibert-citizen-lab-spyware-interview
    • [New Research] Which Passwords Are Attackers Using Against RDP Ports Right Now?
      "The Specops research team has been analyzing 15 million passwords being used to attack RDP ports, in live attacks happening against networks right now. Our team have found the ten most common passwords attackers are using and analyzed their wordlists for the most common complexity rules and password lengths. We shared the results of a similar analysis back in 2022, so this research is now refreshed and up to date for 2025. The launch of the report also coincides with the latest addition of over 85 million compromised passwords to the Specops Breached Password Protection service. These passwords come from our honeypot network and threat intelligence sources."
      https://specopssoft.com/blog/passwords-used-in-attacking-rdp-ports/
      https://hackread.com/top-10-passwords-hackers-use-to-breach-rdp/

    อ้างอิง
    Electronic Transactions Development Agency(ETDA) f67862b1-a4fa-4c8b-ad1b-67ff1fc0d791-image.png

    1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
    1 จาก 1
    • First post
      1/1
      Last post