NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 04 April 2025

    Cyber Security News
    1
    1
    458
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Hitachi Energy RTU500 Series
        "Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-01
      • ABB ACS880 Drives Containing CODESYS RTS
        "Successful exploitation of these vulnerabilities could allow an attacker to gain full access to the device or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-03
      • ABB Low Voltage DC Drives And Power Controllers CODESYS RTS
        "Successful exploitation of these vulnerabilities could allow attackers to trigger a denial-of-service condition or execute arbitrary code over the fieldbus interfaces."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-04
      • B&R APROL
        "Successful exploitation of these vulnerabilities could allow an attacker to execute commands, elevate privileges, gather sensitive information, or alter the product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-05
      • Hitachi Energy TRMTracker
        "Successful exploitation of these vulnerabilities could allow an attacker to execute limited remote commands, poison web-cache, or disclose and modify sensitive information."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-093-02
      • Emerging Risks Require IT/OT Collaboration To Secure Physical Systems
        "Education and awareness remain key to defending against cyberattacks against systems that disrupt operations or cause physical harm. Preventing cyber-physical attacks is not an impossible feat, but it requires greater collaboration between IT and operational technology (OT) professionals. Attacks targeting vulnerabilities in physical systems, such as buildings, manufacturing equipment, sensors, and Internet of Things, can result in damaged equipment, theft or destruction or property, or injuries to people as a result of malfunctioning devices. Collaboration and awareness between IT and OT professionals are increasingly necessary because these cyber-physical attacks threaten both IT and OT sides."
        https://www.darkreading.com/ics-ot-security/experts-discuss-current-and-emerging-ics-security-risks
      • New Semperis Study Reveals That Cyberattacks On Water And Electric Utilities Threaten Public Safety And Economic Stability
        "Semperis, a leader in AI-powered identity security and cyber resilience, today released a new study analyzing cyberattacks targeting water and electricity operators across the U.S. and U.K. 62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times. More than half (54%) suffered permanent corruption or destruction of data and systems."
        https://www.semperis.com/press-release/cyberattacks-water-electric-utilities-threaten-public-safety-economic-stability/
        https://www.semperis.com/the-state-of-critical-infrastructure-resilence/
        https://www.semperis.com/wp-content/uploads/resources-pdfs/resources-semperis-ransomware-water-electricity-survey-report.pdf
        https://www.infosecurity-magazine.com/news/half-attacks-electricity-water/

      Vulnerabilities

      • Max Severity RCE Flaw Discovered In Widely Used Apache Parquet
        "A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The vulnerability is tracked under CVE-2025-30065 and has a CVSS v4 score of 10.0. The flaw was fixed with the release of Apache version 1.15.1."
        https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/
      • Ivanti Patches Connect Secure Zero-Day Exploited Since Mid-March
        "Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. Tracked as CVE-2025-22457, this critical security flaw is due to a stack-based buffer overflow weakness. It impacts Pulse Connect Secure 9.1x (which reached end-of-support in December), Ivanti Connect Secure 22.7R2.5 and earlier, Policy Secure, and Neurons for ZTA gateways."
        https://www.bleepingcomputer.com/news/security/ivanti-patches-connect-secure-zero-day-exploited-since-mid-march/
        https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457?language=en_US
        https://www.theregister.com/2025/04/03/suspected_chines_snoops_hijacked_buggy/
      • CrushFTP Auth Bypass Vulnerability: Disclosure Mess Leads To Attacks
        "Outpost24 analysts recently discovered a critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161. The vulnerability has a CVSSv3.1 score of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). We reached out to MITRE for a CVE on 13th March 2025 and were within an agreed 90-day non-disclosure period with CrushFTP. The plan was to give users plenty of time to patch before attackers were alerted to the vulnerability and able to exploit it. Unfortunately, other parties have circulated news of the vulnerability under a separate CVE (CVE-2025-2825) without cooperating with Outpost24 and CrushFTP. This means the vulnerability has not been disclosed in a secure manner as intended."
        https://outpost24.com/blog/crushftp-auth-bypass-vulnerability/
        https://www.darkreading.com/vulnerabilities-threats/disclosure-drama-clouds-crushftp-vulnerability-exploitation
        https://www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/
        https://www.securityweek.com/details-emerge-on-cve-controversy-around-exploited-crushftp-vulnerability/
      • An Update On QuickShell: Sharing Is Caring About An RCE Attack Chain On Quick Share
        "Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version."
        https://www.safebreach.com/blog/an-update-on-quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share/
        https://thehackernews.com/2025/04/google-patches-quick-share.html
        https://www.darkreading.com/application-security/google-quick-share-bug-bypasses-zero-click-file-transfer
        https://www.securityweek.com/google-released-second-fix-for-quick-share-flaws-after-patch-bypass/
      • Loose Types Sink Ships: Pre-Authentication SQL Injection In Halo ITSM
        "Halo ITSM is an IT support management software that can be deployed on-premise or in the cloud. Currently, there are around ~1000 cloud deployments of this software under the haloitsm.com domain, not accounting for all the on-premise deployments. This software is critical, as it houses IT support tickets often containing credentials or internal documentation. When we first noticed the presence of this software on our customers’ attack surfaces, we decided to take a deeper look at its internals to ensure that our customers would not be compromised through the presence of this software on their network."
        https://slcyber.io/assetnote-security-research-center/loose-types-sink-ships-pre-authentication-sql-injection-in-halo-itsm/
        https://www.securityweek.com/halo-itsm-vulnerability-exposed-organizations-to-remote-hacking/

      Malware

      • BeaverTail And Tropidoor Malware Distributed Via Recruitment Emails
        "On November 29, 2024, a case was disclosed in which threat actors impersonated a recruitment email from a developer community called Dev.to to distribute malware. [1] In this case, the attacker provided a BitBucket link containing a project, and the victim discovered malicious code within the project and disclosed it to the community. The project contained BeaverTail, a malware disguised as “tailwind.config.js,” and a downloader malware called “car.dll”."
        https://asec.ahnlab.com/en/87299/
      • NSA, CISA, FBI, And International Partners Release Cybersecurity Advisory On “Fast Flux,” a National Security Threat
        "Today, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on detection and mitigations to safeguard critical infrastructure and national security."
        https://www.cisa.gov/news-events/alerts/2025/04/03/nsa-cisa-fbi-and-international-partners-release-cybersecurity-advisory-fast-flux-national-security
        https://media.defense.gov/2025/Apr/02/2003681172/-1/-1/0/CSA-FAST-FLUX.PDF
        https://www.bleepingcomputer.com/news/security/cisa-warns-of-fast-flux-dns-evasion-used-by-cybercrime-gangs/
        https://therecord.media/us-australia-canada-warn-of-fast-flux-ransomware-rusia
        https://cyberscoop.com/fast-flux-nsa-cisa-advisory-bulletproof-hosting/
        https://www.theregister.com/2025/04/03/cisa_and_annexable_allies_warn/
      • Recent GitHub Supply Chain Attack Traced To Leaked SpotBugs Token
        "A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. The popular static analysis tool SpotBugs was breached in November 2024, leading to the compromise of Reviewdog, which subsequently led to the infection of tj-actions/changed-files. The multi-step supply chain attack eventually exposed secrets in 218 repositories, while the latest findings showed that the threat actors were initially attempting to breach projects belonging to the cryptocurrency exchange Coinbase."
        https://www.bleepingcomputer.com/news/security/recent-github-supply-chain-attack-traced-to-leaked-spotbugs-token/
      • HellCat Ransomware: What You Need To Know
        "HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files."
        https://www.tripwire.com/state-of-security/hellcat-ransomware-what-you-need-know
      • Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
        "On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and earlier. CVE-2025-22457 is a buffer overflow vulnerability, and successful exploitation would result in remote code execution. Mandiant and Ivanti have identified evidence of active exploitation in the wild against ICS 9.X (end of life) and 22.7R2.5 and earlier versions. Ivanti and Mandiant encourage all customers to upgrade as soon as possible."
        https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability
        https://www.darkreading.com/vulnerabilities-threats/china-linked-threat-group-exploits-ivanti-bug
        https://cyberscoop.com/china-espionage-group-ivanti-vulnerability-exploits/
        https://www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
        https://securityaffairs.com/176162/apt/china-linked-group-unc5221-exploited-ivanti-connect-secure-zero-day-since-mid-march.html
        https://www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/
      • Amateur Hacker Leverages Russian Bulletproof Hosting Server To Spread Malware
        "A new, relatively low-skilled cyber threat actor has been uncovered leveraging the services of a bulletproof hosting provider (BPH) to deploy malware under the guise of legitimate software. The hacker, known by the moniker ‘Coquettte,’ was discovered by DomainTools researchers while investigating malicious domains hosted on Proton66. Proton66 is a Russian bulletproof hosting provider notorious for enabling cybercrime by ignoring abuse complaints. DomainTools shared its findings on Coquettte’s activity in a report published on April 3, 2025."
        https://www.infosecurity-magazine.com/news/coquettte-hacker-malware-bph/
      • Threat Actors Leverage Tax Season To Deploy Tax-Themed Phishing Campaigns
        "As Tax Day approaches in the United States on April 15, Microsoft has observed several phishing campaigns using tax-related themes for social engineering to steal credentials and deploy malware. These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection. These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader."
        https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
        https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html
      • Poland’s Prime Minister Says Cyberattack Targeted His Party As Election Nears
        "The online systems of Polish Prime Minister Donald Tusk's party were hit by a cyberattack earlier this week. Tusk did not provide details about the attack or its impact but claimed the incident was motivated by election meddling. “Foreign interference in elections begins. [State] services say traces point to the east,” said Tusk, the cofounder of the Civic Platform political party, in a statement on Wednesday."
        https://therecord.media/poland-prime-minister-cyber-targeted
      • Hackers Hit Ukrainian State Agencies, Critical Infrastructure With New ‘Wrecksteel’ Malware
        "Ukraine recorded at least three cyberattacks in March targeting government agencies and critical infrastructure with new spying malware. The attacks were carried out using previously unknown malware — dubbed Wrecksteel — deployed through phishing emails, according to a report released on Thursday by Ukraine’s computer emergency response team (CERT-UA)."
        https://therecord.media/hackers-ukraine-critical-infrastructure-malware
      • Surge In Scans For Juniper "t128" Default User
        "Last week, I noticed a surge in scans for the username "t128". This username, accompanied by the password "128tRoutes," is a well-known default account for Juniper's Session Smart Networking Platform (or "SSR" for "Session Smart Routing"). The username and password are a bit "odd". Juniper acquired a company called "128 Technologies" a few years ago, and with this acquisition, integrated SSR into its product portfolio. But much of the product, including default usernames and passwords, remained unchanged. The documentation, including the default username and passwords, is still at 128technology.com"
        https://isc.sans.edu/diary/Surge+in+Scans+for+Juniper+t128+Default+User/31824
        https://www.theregister.com/2025/04/03/unknown_scanners_probing_juniper_paloalto/
      • Nearly 600 Phishing Domains Emerge Following Bybit Heist
        "A large number of phishing campaigns emerged in the aftermath of the Bybit heist, designed to siphon cryptocurrency from its customers, according to BforeAI. The security vendor detected 596 suspicious domains originating from at least 13 different countries in the three weeks following news of the biggest crypto theft in history. Dozens of these domains spoofed the cryptocurrency exchange itself, many using typosquatting techniques and including keywords such as “refund,” “wallet,” “information,” “check” and “recovery.”"
        https://www.infosecurity-magazine.com/news/over-500-phishing-domains-bybit/

      Breaches/Hacks/Leaks

      • Texas City Warns Thousands Of Utility Payment Site Breach
        "At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas. The city began sending breach notification letters to victims across the country this week, explaining that the people impacted include anyone who made a utility payment between December 18, 2024, and January 6, 2025. That includes those who paid utilities bills for water, wastewater, storm water and solid waste. The hackers stole names, billing addresses, payment card numbers, CVVs and expiration dates."
        https://therecord.media/texas-city-warns-thousands-of-utility-site-breach
        https://www.bleepingcomputer.com/news/security/texas-state-bar-warns-of-data-breach-after-inc-ransomware-claims-attack/
      • Oracle Privately Confirms Cloud Breach To Customers
        "Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. According to Bloomberg, the company also informed clients that cybersecurity firm CrowdStrike and the FBI are investigating the incident."
        https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/
        https://www.itnews.com.au/news/oracle-tells-clients-of-second-recent-hack-616261
      • Hacker Claims Twilio’s SendGrid Data Breach, Selling 848,000 Records
        "A hacker using the alias Satanic is claiming responsibility for what could be a major breach involving SendGrid, a cloud-based email delivery platform owned by Twilio. According to a post made earlier today, Thursday, April 3, 2025, on Breach Forums, a popular cybercrime platform, Satanic is offering the allegedly stolen data for $2,000 and has shared a sample to support the claim. In the post, the hacker stated: “We would like to announce the breach of the largest Email Hosting Provider – SendGrid is cloud-based email infrastructure provides businesses with email delivery management. (3 April 2025).”"
        https://hackread.com/hacker-twilio-sendgrid-data-breach-customer-data/
      • Thousands Of AI & DeepFake Images Exposed On Nudify Service Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained just under 100k records belonging to GenNomis by AI-NOMIS — an AI company based in South Korea that provides face swapping and “Nudify” adult content as well as a marketplace where images can be bought or sold."
        https://www.vpnmentor.com/news/report-gennomis-breach/
        https://hackread.com/ai-image-site-gennomis-exposed-underage-deepfakes/
      • Sensitive Data Breached In Highline Schools Ransomware Incident
        "Washington-based Highline Public Schools has warned that highly sensitive personal, financial and medical data has been breached as a result of a 2024 ransomware incident. The K-12 school district manages 34 schools containing around 17,500 students and 2000 staff in Washington state. It has recently completed a forensic investigation into the September 2024 ransomware attack. This revealed that an unknown actor had “gained access to certain systems on their network and accessed certain files.”"
        https://www.infosecurity-magazine.com/news/sensitive-data-highline-ransomware/
      • Aussie Super Funds Targeted By Fraudsters Using Stolen Creds
        "Australian superannuation funds have been hit by attackers using stolen credentials to access members' accounts. AustralianSuper said that “up to 600” of its members were impacted by the incident, while Rest Super said that “less than one percent” of its members were impacted, which equates to somewhere less than 20,000 based on membership numbers from its most recent financial report [pdf]."
        https://www.itnews.com.au/news/aussie-super-funds-targeted-by-fraudsters-using-stolen-creds-616269

      General News

      • Israel Enters 'Stage 3' Of Cyber Wars With Iran Proxies
        "Reported cybersecurity incidents in Israel rose 24% in 2024, largely thanks to Iran and its proxy militias. But the trajectory of this cyber conflict has not followed a straight path, as recent signals suggest it might be slowing and evolving. Any simple comparison of cyber threat data before and after Oct. 7, 2023, tells a seemingly straightforward story. In 2023, the Israel National Cyber Directorate (INCD) released 367 alerts about vulnerabilities, attacks, and threats. In 2024, that number doubled to 736, with 518 of them being "red alerts" directed to specific organizations. Calls to Israel's 119 cyberattack hotline rose 24% year-over-year, with 17,078 reports in only 365 days."
        https://www.darkreading.com/threat-intelligence/israel-stage-3-cyber-wars-with-iran-proxies
      • Fraud Underbelly: Australia’s Digital Boom—A Fraudster’s Goldmine?
        "Australia’s digital boom is a goldmine for fraudsters. These sophisticated threat actors do not perform rogue acts of cybercrime but have built entire illicit ecosystems designed for mass disruption — enabling scams, phishing, and cyber theft. Some might argue that this is a downstream consequence of Australia’s thriving digital economy, fueled by over A$2.3 billion in government investment since 2023."
        https://www.group-ib.com/blog/fraud-underbelly-australia/
      • 7 Ways To Get C-Suite Buy-In On That New Cybersecurity Tool
        "You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save countless hours chasing security anomalies. But there’s one final boss to clear: the C-suite. Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet connection. Securing buy-in is not just a technical challenge. It’s a game of strategy, storytelling, and persuasion. Here’s how to win them over."
        https://www.helpnetsecurity.com/2025/04/03/c-suite-cybersecurity-tool-buy-in/
      • Building a Cybersecurity Strategy That Survives Disruption
        "Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s a shift happening: security needs to be ready for chaos, not just focused on keeping things safe. That shift changes everything: how companies plan, how they invest, and how they recover."
        https://www.helpnetsecurity.com/2025/04/03/building-cybersecurity-strategy/
      • It Takes Two: The 2025 Sophos Active Adversary Report
        "The Sophos Active Adversary Report celebrates its fifth anniversary this year. The report grew out of a simple question: What happens after attackers breach a company? Knowing the adversary’s playbook, after all, helps defenders better battle an active attack. (There’s a reason we started life as “The Active Adversary Playbook.”) At the same time we were discussing ways to instrument a testing environment to answer that what-happens question, Sophos was preparing to launch an incident response (IR) service. A cross-team project was born."
        https://news.sophos.com/en-us/2025/04/02/2025-sophos-active-adversary-report/
        https://www.helpnetsecurity.com/2025/04/03/breach-median-time/
      • Open Source Malware Index Q1 2025: Data Exfil Threats Rising Sharply
        "Sonatype's ongoing mission is to equip organizations with the most up-to-date information on open source security threats. As part of that commitment, we will be sharing data and insights on a quarterly basis, diving into how the open source malware space is evolving, including diving into notable malicious packages. The proliferation of open source malware, or malicious open source packages, poses unprecedented risk in the form of software supply chain attacks. Unlike vulnerabilities, which are accidental coding errors, open source malware is intentionally crafted to target developers in order to infiltrate and exploit software supply chains."
        https://www.sonatype.com/blog/open-source-malware-index-q1-2025
        https://www.helpnetsecurity.com/2025/04/03/open-source-malware-index-q1-2025/
      • Social Engineering Just Got Smarter
        "Physical social engineering has become a big play with social engineers, penetration testers, and red teamers. Gaining access to internal network resources can be compared to walking past the firewall. With any physical social engineering effort, open source intelligence (OSINT) is paramount to a successful mission: collecting intelligence for understanding the physical attack vectors of a building, the security controls of a property, the attire of the employees, and company events, as well as any other intelligence relating to the surroundings of the target."
        https://www.darkreading.com/vulnerabilities-threats/social-engineering-smarter
      • Phishers Are Increasingly Impersonating Electronic Toll Collection Companies
        "Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta, Microsoft, or even USPS. But this quarter, it’s Steam, and by a significant margin. Scammers have been targeting the massive gaming community by impersonating Steam to warn users about supposed account issues, like payment failures or suspicious login attempts. These fake messages are designed to trick victims into entering their login credentials on counterfeit websites, which then steal their account information,” the researchers noted."
        https://www.helpnetsecurity.com/2025/04/03/electronic-toll-collection-phishing/
      • Popular VPNs Are Routing Traffic Via Chinese Companies, Including One With Link To Military
        "Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist. That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic."
        https://www.malwarebytes.com/blog/news/2025/04/popular-vpns-are-routing-traffic-via-chinese-companies-including-one-with-link-to-military
      • QR Codes Sent In Attachments Are The New Favorite For Phishers
        "Recently we’ve been seeing quite a few phishing campaigns using QR codes in email attachments. The lure and the targets are varied, but the use of a QR code to get someone to visit the phishing site is fast becoming a preferred method for cybercriminals."
        https://www.malwarebytes.com/blog/news/2025/04/qr-codes-sent-in-attachments-are-the-new-favorite-for-phishers
      • Why Zombie APIs Are a Ticking Time Bomb For Your Business
        "In today's interconnected world, APIs are the backbone of modern software. They enable applications to communicate with each other and share data seamlessly, powering everything from mobile applications to complex enterprise systems. While we often focus on the security of active, well-maintained APIs, a silent threat lurks in the shadows: zombie APIs. These are the forgotten, outdated, and often undocumented APIs, and they pose a significant security risk, acting as hidden entry points for attackers and jeopardizing your entire digital ecosystem."
        https://blog.barracuda.com/2025/04/03/zombie-apis-time-bomb-business
      • Staying Ahead Of Cybersecurity Risks Stemming From Global Events
        "News events can often serve as a gateway for hackers. Disasters or wars provide cybercriminals with immediate opportunities for phishing attacks, while political unrest opens doors for exploitation and financial gain. Even seemingly positive news can pose cybersecurity risks. For example, cybercriminals may exploit public excitement over a sports team’s victory or a national achievement, such as a successful spacewalk, to target unsuspecting individuals."
        https://blog.barracuda.com/2025/04/02/staying-ahead-of-cybersecurity-risks-stemming-from-global-events
      • When Disaster Strikes, Proper Preparation Prevents Poor Performance
        "As Benjamin Franklin famously said: "An ounce of prevention is worth a pound of cure," and that's especially true when it comes to disaster recovery. Most companies with a decent-sized IT department will have an incident response plan, but that in itself is nowhere near enough. Such plans have to be constantly updated and tested regularly – and not just by the internal team. Operators also need to have remediation software and backups ready to roll."
        https://www.theregister.com/2025/04/03/disaster_planning_preparation/
      • Heterogeneous Stacks, Ransomware, And ITaaS: A DR Nightmare
        "Disaster recovery is getting tougher as IT estates sprawl across on-prem gear, public cloud, SaaS, and third-party ITaaS providers. And it's not floods or fires causing most outages anymore - ransomware now leads the pack, taking down systems faster than any natural disaster. This makes one thing clearer: The more homogeneous and standardized your IT environment, the easier it is to recover from disasters – whatever their cause."
        https://www.theregister.com/2025/04/03/heterogeneity_itaas_ransomware_disaster_recovery/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 604aa294-9899-4824-a3b1-53ff243af804-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post