NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 April 2025

    Cyber Security News
    1
    1
    534
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • ICS Patch Tuesday: Vulnerabilities Addressed By Rockwell, ABB, Siemens, Schneider
        "Several industrial giants have released their ICS security advisories for the March 2025 Patch Tuesday. Siemens has published nine new advisories. One advisory urges customers to replace the Sentron 7KT PAC1260 Data Manager with the newer PAC1261. The former is affected by critical vulnerabilities that can allow an attacker to access files and execute arbitrary code, but it will not receive any patches."
        https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-rockwell-abb-siemens-schneider/
      • The Real Time Threat Intel Imperative For OT Systems
        "Diminishing supplies tapped by lines of waiting cars at filling stations across the American Southeast in May 2021 were a wakeup call for critical infrastructure operators. The lines accumulated because Colonial Pipeline, operator of the largest pipeline system in the United States, stopped the flow of gas."
        https://www.bankinfosecurity.com/real-time-threat-intel-imperative-for-ot-systems-a-27962

      New Tooling

      • APTRS: Open-Source Automated Penetration Testing Reporting System
        "APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the tool. “APTRS is the only tool specifically focused on pentest reporting combined with project and client management. It’s designed to give clients real-time visibility and control over their penetration tests,” Sourav Kalal, the author of APTRS, told Help Net Security."
        https://www.helpnetsecurity.com/2025/04/09/aptrs-open-source-automated-penetration-testing-reporting-system/
        https://github.com/APTRS/APTRS

      Vulnerabilities

      • Vulnerabilities Patched By Ivanti, VMware, Zoom
        "On Tuesday, Ivanti, VMware, and Zoom announced fixes for dozens of vulnerabilities across their products, including numerous high-severity bugs. Ivanti released security updates that resolve six vulnerabilities in Endpoint Manager, including a high-severity security defect (CVE-2025-22466) that allows unauthenticated attackers to perform XSS attacks to obtain admin privileges."
        https://www.securityweek.com/vulnerabilities-patched-by-ivanti-vmware-zoom/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2024-53197 Linux Kernel Out-of-Bounds Access Vulnerability
        CVE-2024-53150 Linux Kernel Out-of-Bounds Read Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/04/09/cisa-adds-two-known-exploited-vulnerabilities-catalog

      Malware

      • SMS Pumping: How Criminals Turn Your Messaging Service Into Their Cash Machine
        "magine waking up to an alarming spike in SMS costs-hundreds of thousands of messages sent overnight. There’s no surge in new customers, no viral marketing campaign. Just a bill draining your budget. The culprit? A hidden cybercrime tactic known as SMS pumping fraud. Much like a modern-day toll scam, fraudsters exploit SMS verification systems to inflate traffic, generating revenue while leaving businesses to foot the bill. This scheme has quietly siphoned millions from companies relying on SMS-based authentication, sign-ups, and notifications. But with the right strategies, businesses can detect and prevent SMS pumping."
        https://www.group-ib.com/blog/sms-pumping/
      • Familiar Trojan Learns New Trick: Stealing Active Directory Data
        "The TrickBot trojan has been around for a while, first identified in 2016. Once it’s in a target system, it uses a variety of modules that it can download to gain specific capabilities. A security researcher recently discovered that a new TrickBot module, called “ADll”, allows the trojan to find, access and exfiltrate Active Directory databases stored on Windows domain controllers. This adds a pernicious capability, with elevated risks, to an already highly capable cyber threat."
        https://blog.barracuda.com/2025/04/08/familiar-trojan-learns-new-trick-stealing-active-directory-data
      • Campaign Targets Amazon EC2 Instance Metadata Via SSRF
        "This article provides an analysis of the most active CVEs for March 2025, highlighting trends in exploitation activity and offering insights into mitigation strategies. Alongside the CVE analysis, we uncovered a new campaign targeting websites hosted in EC2 instances on AWS, involving exploitation of EC2 Instance Metadata via Server-Side Request Forgery. The data is derived from observed traffic and includes a focus on the top 10 CVEs, their long-term trends, and their relative activity over the past year."
        https://www.f5.com/labs/articles/threat-intelligence/campaign-targets-amazon-ec2-instance-metadata-via-ssrf
        https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/
      • March 2025: Malware Spotlight – FakeUpdates And RansomHub Ransomware Group Dominate Cyber Threats
        "Our latest Global Threat Index for March 2025 shows the continued dominance of FakeUpdates, a downloader malware that remains the most prevalent cyber threat worldwide. This sustained threat comes as RansomHub ransomware campaigns gain traction, marking a growing concern in the ransomware space. Meanwhile, education remains the most impacted industry globally, with both malware and ransomware attacks increasingly targeting this sector."
        https://blog.checkpoint.com/security/march-2025-malware-spotlight-fakeupdates-and-ransomhub-ransomware-group-dominate-cyber-threats/
      • The Rise Of Precision-Validated Credential Theft: A New Challenge For Defenders
        "Threat actors continuously develop new tactics, techniques, and procedures (TTPs) to bypass existing defenses. When defenders identify these methods and implement countermeasures, attackers adapt or create more sophisticated approaches. This article discusses how cybercriminals are leveling up their credential phishing tactics using Precision-Validated Phishing, a technique that leverages real-time email validation to ensure only high-value targets receive the phishing attempt."
        https://cofense.com/blog/the-rise-of-precision-validated-credential-theft-a-new-challenge-for-defenders
        https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/
        https://www.infosecurity-magazine.com/news/precision-validated-phishing/
      • AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale
        "Whenever a new form of digital communications becomes prevalent, actors inevitably adopt it for spam to try to profit from unsuspecting users. Email has been the perennial choice for spam delivery, but the prevalence of new communications platforms has expanded the spam attack surface considerably. This report explores AkiraBot, a Python framework that targets small to medium sized business website contact forms and chat widgets. AkiraBot is designed to post AI-generated spam messages tailored to the targeted website’s content that shill the services for a dubious Search Engine Optimization (SEO) network. The use of LLM-generated content likely helps these messages bypass spam filters, as the spam content is different each time a message is generated. The framework also rotates which attacker-controlled domain is supplied in the messages, further complicating spam filtering efforts."
        https://www.sentinelone.com/labs/akirabot-ai-powered-bot-bypasses-captchas-spams-websites-at-scale/
        https://hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/
      • Thailand: Authorities Must End Malicious Smear Campaigns And Cyberattacks On Civil Society
        "Amnesty International has called on the Thai authorities to investigate and take any necessary measures to end cyberattacks against human rights activists after leaked internal government documents showed that Amnesty International was among several civil society groups targeted in a coordinated, state-sponsored campaign. The documents, which were brought to light in a recent parliamentary debate, revealed Thai police and military units are jointly running a “Cyber Team” which deliberately sought to tarnish the reputations and undermine the legitimate work of civil society organizations and political opposition members."
        https://www.amnesty.org/en/latest/news/2025/04/thailand-authorities-must-end-malicious-smear-campaigns-and-cyberattacks-on-civil-society/
        https://therecord.media/rights-group-calls-on-thai-government-to-stop-alleged-cyberattacks-on-civil-society
      • Germany Links Cyberattack On Research Group To Russian State-Backed Hackers
        "German authorities suspect that Russian state-backed hackers were behind a recent cyberattack on a prominent Berlin-based research institute focused on Eastern Europe, the second such incident involving the organization in recent months. The German Association for Eastern European Studies (DGO) said the attack at the end of March was "highly professional" and targeted email systems, bypassing enhanced cybersecurity measures put in place after a previous breach in October 2024 with suspected Russian links."
        https://therecord.media/germany-links-cyberattack-russian-hackers
      • Grandoreiro Strikes Again: Geofenced Phishing Attacks Target LATAM
        "A new phishing campaign is targeting users across Latin America, and at the center of it is Grandoreiro, a banking trojan known for stealing sensitive financial data. With geofencing and stealthy evasion tactics, this malware is proving difficult to catch with standard defenses. Let’s take a closer look at the campaign, how the attack unfolds, and what makes it so effective."
        https://hackread.com/grandoreiro-strikes-geofenced-phishing-attacks-latam/
      • ViperSoftX Malware Distributed By Arabic-Speaking Threat Actor
        "AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025. ViperSoftX is typically spread through cracked software or torrents, masquerading as legitimate programs. The main characteristic of ViperSoftX is that it operates as a PowerShell script."
        https://asec.ahnlab.com/en/87398/

      Breaches/Hacks/Leaks

      • Oracle Says "obsolete Servers" Hacked, Denies Cloud Breach
        "Oracle finally confirmed in email notifications sent to customers that a hacker stole and leaked credentials that were stolen from what it described as "two obsolete servers." However, the company added that its Oracle Cloud servers were not compromised, and this incident did not impact customer data and cloud services. "Oracle would like to state unequivocally that the Oracle Cloud—also known as Oracle Cloud Infrastructure or OCI—has NOT experienced a security breach," Oracle says in a customer notification shared with BleepingComputer."
        https://www.bleepingcomputer.com/news/security/oracle-says-obsolete-servers-hacked-denies-cloud-breach/
        https://www.darkreading.com/cyberattacks-data-breaches/oracle-breach-2-obsolete-servers
        https://www.securityweek.com/oracle-faces-mounting-criticism-as-it-notifies-customers-of-hack/
      • Hacker Claims WooCommerce Data Breach, Selling 4m User Records
        "A hacker using the alias “Satanic” claims a WooCommerce data breach via a third party, selling data on over 4.4 million users/clients, including records tied to major organizations like NVIDIA, Texas.gov, and the National Institute of Standards and Technology (NIST). Just hours after claiming responsibility for a breach involving Magento, a hacker known as “Satanic” has surfaced again, this time alleging a data breach connected to WooCommerce, one of the most widely used eCommerce platforms on the web."
        https://hackread.com/hacker-claims-woocommerce-data-breach-selling-records/
      • Hackers Claim Magento Breach Via Third-Party, Leak CRM Data Of 700K Users
        "A hacker using the alias “Satanic” claims Magento breach via third-party, leaks CRM data of more than 700,000 users, including emails, phone numbers, and company info from major firms. A threat actor known as “Satanic” has claimed responsibility for a new data breach involving Magento, the open-source e-commerce platform used by thousands of businesses globally. According to the hacker, the alleged data breach occurred on April 9, 2025, via a third-party integration, leading to the theft of a large dataset containing detailed business and personal contact information."
        https://hackread.com/hackers-magento-breach-3rd-party-crm-data-leak/
      • Cybercriminals Attacked National Social Security Fund Of Morocco - Millions Of Digital Identities At Risk Of Data Breach
        "Resecurity has identified a threat actor targeting government systems in Morocco to exfiltrate large volumes of sensitive data relating to citizens. Using the alias 'Jabaroot,' the actor released claims about the successful compromise of the National Social Security Fund of Morocco (CNSS). The motive behind the data breach remains unclear, but the scale of compromise already generated attention across the region's cybersecurity community and privacy experts. The breach could be interpreted as Morocco's most significant cyber-attack by several victims (consumers)."
        https://www.resecurity.com/blog/article/cybercriminals-attacked-national-social-security-fund-of-morocco-millions-of-digital-identities-at-risk-of-data-breach
        https://securityaffairs.com/176388/security/national-social-security-fund-of-morocco-suffers-data-breach.html
      • Industrial Tech Manufacturer Sensata Says Ransomware Attack Is Impacting Production
        "A ransomware attack on Massachusetts-based manufacturer Sensata Technologies last weekend has seriously disrupted the company’s systems. The company, which has sites in about a dozen countries, notified the U.S. Securities and Exchange Commission (SEC) of the incident on Wednesday, warning investors that the ransomware attack forced officials to take its network offline. The incident began on Sunday and prompted the company to contact law enforcement."
        https://therecord.media/sensata-technologies-ransomware-attack

      General News
      Why CISOs Are Doubling Down On Cyber Crisis Simulations
      "Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting, exposing gaps and showing what needs work. It’s a practical way to strengthen response plans before a real attack hits."
      https://www.helpnetsecurity.com/2025/04/09/ciso-cyber-crisis-simulations/

      • Transforming Cybersecurity Into a Strategic Business Enabler
        "In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility."
        https://www.helpnetsecurity.com/2025/04/09/kevin-serafin-ecolab-cybersecurity-strategy-business/
      • Operation Endgame Follow-Up Leads To Five Detentions And Interrogations As Well As Server Takedowns
        "Following the massive botnet takedown codenamed Operation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025."
        https://www.europol.europa.eu/media-press/newsroom/news/operation-endgame-follow-leads-to-five-detentions-and-interrogations-well-server-takedowns
        https://www.bleepingcomputer.com/news/security/police-detains-smokeloader-malware-customers-seizes-servers/
      • Ransomware Attacks Hit All-Time High As Payoffs Dwindle
        "A recent surge in ransomware claims might signal that the profitability of the cybercriminal trade is beginning to falter and payouts are dwindling. Several cyber threat reports recently showed that ransomware attack claims reached record-breaking levels at the beginning of 2025. However, victims appear to be resisting demands in many cases."
        https://www.infosecurity-magazine.com/news/ransomware-attacks-record-payoffs/
      • 72% Of People Are Worried Their Data Is Being Misused By The Government, And That’s Not All…
        "Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are concerned about wrongful data access from nearly every corner of their lives. For example, 89% of people “agreed” or “strongly agreed” that they are “concerned about my personal data being used inappropriately by corporations,” and another 72% agreed or strongly agreed that they are “concerned about my personal data being accessed and used inappropriately by the government.”"
        https://www.malwarebytes.com/blog/news/2025/04/72-of-people-are-worried-their-data-is-being-misused-by-the-government-and-thats-not-all
      • Groucho’s Wit, Cloud Complexity, And The Case For Consistent Security Policy
        "I’ve always been a fan of Groucho Marx. I find his humor, along with his quotes, witty and entertaining. One of my favorite Groucho Marx quotes is: “Those are my principles, and if you don’t like them…well, I have others.” Although the humor in this quote is obvious, the security lesson we can learn from it might not be at first glance. I think it is worth delving into, however, as we can take some wisdom from it that we can use in the security field. The lesson is one of applying consistent security policy."
        https://www.securityweek.com/grouchos-wit-cloud-complexity-and-the-case-for-consistent-security-policy/
      • VibeScamming — From Prompt To Phish: Benchmarking Popular AI Agents’ Resistance To The Dark Side
        "One of the most essential parts of being a cybersecurity researcher at Guardio is always staying a few steps ahead of scammers. With the rapid rise of AI, that challenge just got harder. Today, even complete newcomers to the world of cybercrime can dive straight into phishing and fraud with zero coding skills and no prior experience — just a few clever prompts. But we love challenges! Just like we’ve learned to block phishing schemes and malicious campaigns across emails, SMSs, Search engine results, and even social media, Generative AI abuse is simply the next frontier."
        https://labs.guard.io/vibescamming-from-prompt-to-phish-benchmarking-popular-ai-agents-resistance-to-the-dark-side-1ec2fbdf0a35
        https://thehackernews.com/2025/04/lovable-ai-found-most-vulnerable-to.html
      • How Prompt Attacks Exploit GenAI And How To Fight Back
        "Palo Alto Networks has released “Securing GenAI: A Comprehensive Report on Prompt Attacks: Taxonomy, Risks, and Solutions,” which surveys emerging prompt-based attacks on AI applications and AI agents. While generative AI (GenAI) has many valid applications for enterprise productivity, there is also potential for critical security vulnerabilities in AI applications and AI agents."
        https://unit42.paloaltonetworks.com/new-frontier-of-genai-threats-a-comprehensive-guide-to-prompt-attacks/
        https://www.paloaltonetworks.com/resources/whitepapers/prompt-attack

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 2acd0704-1dd0-4eda-91b3-e65b5a4f7101-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post