NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 May 2025

    Cyber Security News
    1
    1
    117
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Backdoor Found In Popular Ecommerce Components
        "Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor. Curiously, the malware was injected 6 years ago, but came to life this week as attackers took full control of ecommerce servers. Sansec estimates that between 500 and 1000 stores are running backdoored software. Hundreds of stores, including a $40 billion multinational, are running backdoored versions of popular ecommerce software. We found that the backdoor is actively used since at least April 20th. Sansec identified these backdoors in the following packages which were published between 2019 and 2022."
        https://sansec.io/research/license-backdoor
        https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/
      • CISA Adds Two Known Exploited Vulnerabilities To Catalog
        "CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability
        CVE-2024-58136 Yiiframework Yii Improper Protection of Alternate Path Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/05/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
        https://securityaffairs.com/177367/hacking/u-s-cisa-adds-yii-framework-and-commvault-command-center-flaws-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • I StealC You: Tracking The Rapid Changes To StealC
        "StealC is a popular information stealer and malware downloader that has been sold since January 2023. In March 2025, StealC version 2 (V2) was introduced with key updates, including a streamlined command-and-control (C2) communication protocol and the addition of RC4 encryption (in the latest variants). The malware’s payload delivery options have been expanded to include Microsoft Software Installer (MSI) packages and PowerShell scripts. A redesigned control panel provides an integrated builder that enables threat actors to customize payload delivery rules based on geolocation, hardware IDs (HWID), and installed software. Additional features include multi-monitor screenshot capture, a unified file grabber, and server-side brute-forcing for credentials."
        https://www.zscaler.com/blogs/security-research/i-stealc-you-tracking-rapid-changes-stealc
        https://www.bleepingcomputer.com/news/security/stealc-malware-enhanced-with-stealth-upgrades-and-data-theft-tools/
      • TerraStealerV2 And TerraLogger: Golden Chickens' New Malware Families Discovered
        "Insikt Group identified two new malware families — TerraStealerV2 and TerraLogger — linked to the financially motivated threat actor Golden Chickens (also known as Venom Spider). Golden Chickens is known for operating a Malware-as-a-Service (MaaS) platform used by cybercriminal groups such as FIN 6, Cobalt Group, and Evilnum. The new families, observed between January and April 2025, suggest ongoing development aimed at credential theft and keylogging."
        https://www.recordedfuture.com/research/terrastealerv2-and-terralogger
      • Wget To Wipeout: Malicious Go Modules Fetch Destructive Payload
        "Socket’s Threat Research Team uncovered a stealthy and highly destructive supply-chain attack targeting developers using Go modules. Attackers leveraged obfuscation to deliver a catastrophic disk-wiper payload. The Go ecosystem, valued for its simplicity, transparency, and flexibility, has exploded in popularity. With over 2 million modules available, developers rely heavily on public repositories like GitHub. However, this openness is precisely what attackers exploit."
        https://socket.dev/blog/wget-to-wipeout-malicious-go-modules-fetch-destructive-payload
        https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html
        https://securityaffairs.com/177411/malware/malicious-go-modules-designed-to-wipe-linux-systems.html

      Breaches/Hacks/Leaks

      • Co-Op Confirms Data Theft After DragonForce Ransomware Claims Attack
        "The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers. "As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems," Co-op told BleepingComputer. "The accessed data included information relating to a significant number of our current and past members.""
        https://www.bleepingcomputer.com/news/security/co-op-confirms-data-theft-after-dragonforce-ransomware-claims-attack/
        https://securityaffairs.com/177376/cyber-crime/dragonforce-group-claims-the-theft-of-data-after-co-op-cyberattack.html
      • Qilin Announces Attack On Cobb County, Georgia
        "On May 1, Qilin added Cobb County, Georgia to its dark web leak site. The ransomware gang claims to have acquired 150 GB of data and more than 400,000 files. They provided 16 image files as proof of their claims. Qilin threatens to release the data on May 3 if no payment is received. Because Cobb County already announced that it had declined to pay any ransom, it may be just a matter of time until there is a large data leak."
        https://databreaches.net/2025/05/03/qilin-announces-attack-on-cobb-county-georgia/
      • Rhysida Ransomware Gang Claims The Hack Of The Government Of Peru
        "The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State."
        https://securityaffairs.com/177388/cyber-crime/rhysida-ransomware-gang-claims-the-hack-of-the-government-of-peru.html

      General News

      • Phone Theft Is Turning Into a Serious Cybersecurity Risk
        "Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police seizes 1,000 phones each week. Stolen phones don’t just go to local black markets. They often get funneled into larger criminal operations. For example, stolen phones can be used to bypass security features or be reprogrammed and resold."
        https://www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/
      • People Know Password Reuse Is Risky But Keep Doing It Anyway
        "35% of Gen Z said they never or rarely update passwords after a data breach affecting one of their accounts, according to Bitwarden. Only 10% reported always updating compromised passwords. 38% of Gen Z and 31% of Millennials only change a single character or simply recycle an existing password. 79% of Gen Z admit password reuse is risky, yet 59% recycle an existing password when updating accounts with companies that disclose data breaches."
        https://www.helpnetsecurity.com/2025/05/02/passwords-update-security-risks/
      • Half Of Red Flags In Third-Party Deals Never Reach Compliance Teams
        "Third-party risk management (TPRM) is compromised in many organizations because those holding the relationship with the third-party (relationship owners) don’t escalate red flags to compliance teams reliably, according to Gartner. Relationship owners are most often midlevel managers, directors and senior vice presidents who have a crucial and unique view into multiple third parties that compliance leaders deem as high-risk."
        https://www.helpnetsecurity.com/2025/05/02/third-party-relationship-owners/
      • Third Of Online Users Hit By Account Hacks Due To Weak Passwords
        "More than a third (36%) of people have had at least one online account compromised due to weak or stolen passwords in the past year, according to new research by the FIDO Alliance. The survey by the open industry association also found a growing awareness and takeup of passkeys – an alternative to traditional usernames and passwords for authenticating accounts. Around half (48%) of the world’s top 100 websites have already integrated passkey support, FIDO reported. Additionally, 75% of respondents said they are now aware of passkey technology, while 69% have enabled passkeys on one or more accounts."
        https://www.infosecurity-magazine.com/news/third-online-users-hacks-passwords/
      • Yemeni Man Charged In Federal Indictment Alleging He Sent ‘Black Kingdom’ Malware To Extort Businesses, Schools, And Medical Clinics
        "A Yemeni national was charged today in a three-count federal grand jury indictment alleging he deployed the so-called “Black Kingdom” ransomware against computer servers owned organizations worldwide, including businesses, schools, and hospitals in the United States, including a medical billing services company in the San Fernando Valley. Rami Khaled Ahmed, 36, a.k.a. “Black Kingdom,” of Sana’a, Yemen, is charged with one count of conspiracy, one count of intentional damage to a protected computer, and one count of threatening damage to a protected computer. He is believed to be residing in Yemen."
        https://www.justice.gov/usao-cdca/pr/yemeni-man-charged-federal-indictment-alleging-he-sent-black-kingdom-malware-extort
        https://www.bleepingcomputer.com/news/security/us-indicts-black-kingdom-ransomware-admin-for-microsoft-exchange-attacks/
        https://therecord.media/us-indicts-yemeni-man-black-kingdom-ransomware
        https://www.bankinfosecurity.com/us-indicts-black-kingdom-hacker-for-exchange-hacking-tear-a-28230
        https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html
        https://securityaffairs.com/177423/cyber-crime/us-authorities-have-indicted-black-kingdom-ransomware-admin.html
      • UK NCSC: Cyberattacks Impacting UK Retailers Are a Wake-Up Call
        "The United Kingdom's National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a "wake-up call." Part of the GCHQ British intelligence agency, the NCSC provides support and guidance to private and public sector entities following major cybersecurity incidents to protect the UK's critical services. In a statement issued this week, the NCSC also confirmed that it's working with affected organizations in the retail sector to assess the attacks' nature and impact."
        https://www.bleepingcomputer.com/news/security/uk-ncsc-cyberattacks-impacting-uk-retailers-are-a-wake-up-call/
        https://www.darkreading.com/cyberattacks-data-breaches/uk-retailers-reeling-ransomware-attacks
        https://www.theregister.com/2025/05/02/ncsc_steps_in_as_harrods/
      • Despite Arrests, Scattered Spider Continues High-Profile Hacking
        "The notorious Scattered Spider threat group continues to attack high-value targets despite landing on the receiving end of multiple global law enforcement operations. Scattered Spider gained notoriety in recent years with high-profile breaches and ransomware attacks against large enterprises, including Las Vegas casino and hotel giants Caesars Entertainment and MGM Resorts in 2023. First emerging in 2022, the group's members displayed a knack for social engineering schemes that allowed them to steal credentials from targeted organizations and gain privileged access into their networks."
        https://www.darkreading.com/cyberattacks-data-breaches/despite-arrests-scattered-spider-continues-hacking
      • “SCAM” Is a Four-Letter Word: BreachForums Edition
        "When BreachForums[.]st went offline on April 15, the rumor mills sprang into action. Claims that the forum had been seized (again), or that the owner, ShinyHunters, or Anastasia had been arrested were tossed around, with the only evidence to support any of the claims being redirects of Telegram accounts to FBI Telegram accounts. So of course, it was time to send in the clones. ZeroFox would try to make sense of some of what happened next, but as one might predict, they wound up with a bunch of conflicting reports, including claims by DarkStorm that they had DDoSed BreachForums[.]st and then Breached[.]fi."
        https://databreaches.net/2025/05/02/scam-is-a-four-letter-word-breachforums-edition/
      • How To Automate CVE And Vulnerability Advisory Response With Tines
        "Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike threat intelligence, and streamlines ticket creation and notification. Developed by Josh McLaughlin, a security engineer at LivePerson, the workflow drastically reduces manual work while keeping analysts in control of final decisions, helping teams stay on top of new vulnerabilities."
        https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html
      • Ransomware Attacks On Food And Agriculture Industry Have Doubled In 2025
        "Ransomware gangs have long targeted the food and agriculture industry, but seemed to have ramped up attacks in 2025. Jonathan Braley, director of cyber information sharing organization Food and Ag-ISAC, spoke at the RSA Conference on Thursday and warned of not only the increase in ransomware incidents but the continued lack of visibility into the full scope of the problem. “A lot of it never gets reported, so a ransomware attack happens and we never get the full details,” he told Recorded Future News on the sidelines of the conference. “I wish companies would be more open in talking about it and sharing ‘Here's what they use, here's how we fixed it,’ so the rest of us can prevent that.”"
        https://therecord.media/ransomware-attacks-food-and-ag-double-2025
      • Generative AI Makes Fraud Fluent – From Phishing Lures To Fake Lovers
        "Spam messages predate the web itself, and generative AI has given it a fluency upgrade, churning out slick, localized scams and letting crooks hit regions and dialects they used to ignore. One of the red flags that traditionally identified spam, including phishing attempts, was poor spelling and syntax, but the use of generative AI has changed that by taking humans out of the loop. "I'm assuming at this point that probably half of the spam we get is being written by generative AIs, the quantity of spelling and grammar errors has fallen precipitously," Chester Wisniewski, global field CISO of British security biz Sophos, told The Register during this week's RSA Conference. "I've joked about this a few times, but if the grammar and spelling is perfect, it probably is a scam, because even humans make mistakes most of the time.""
        https://www.theregister.com/2025/05/02/gen_ai_spam/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 8e22a119-aa4b-4770-a920-16726582d5cb-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post