NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 May 2025

    Cyber Security News
    1
    1
    69
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • SPIRE: Toolchain Of APIs For Establishing Trust Between Software Systems
        "SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). It’s a production-ready implementation of the SPIFFE APIs that handles node and workload attestation to securely issue SVIDs to workloads and verify the SVIDs of other workloads, all based on a predefined set of conditions."
        https://www.helpnetsecurity.com/2025/05/12/spire-apis-establishing-trust-between-software-systems/
        https://github.com/spiffe/spire

      Vulnerabilities

      • Apple Patches Major Security Flaws In iOS, MacOS Platforms
        "Apple on Monday pushed out patches for security vulnerabilities across the macOS, iPhone and iPad software stack, warning that code-execution bugs that could be triggered simply by opening a rigged image, video or website. The new iOS 18.5 update, rolled out alongside patches for iPadOS, covers critical bugs in AppleJPEG and CoreMedia with a major warning from Cupertino that attackers could craft malicious media files to run arbitrary code with the privileges of the targeted app. The company also documented serious file-parsing vulnerabilities patched in CoreAudio, CoreGraphics, and ImageIO, each capable of crashing apps or leaking data if booby-trapped content is opened."
        https://www.securityweek.com/apple-patches-major-security-flaws-in-ios-macos-platforms/
        https://support.apple.com/en-us/122404
      • ASUS DriverHub Flaw Let Malicious Sites Run Commands With Admin Rights
        "The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. The flaw was discovered by an independent cybersecurity researcher from New Zealand named Paul (aka "MrBruh"), who found that the software had poor validation of commands sent to the DriverHub background service. This allowed the researcher to create an exploit chain utilizing flaws tracked as CVE-2025-3462 and CVE-2025-3463 that, when combined, achieve origin bypass and trigger remote code execution on the target."
        https://www.bleepingcomputer.com/news/security/asus-driverhub-flaw-let-malicious-sites-run-commands-with-admin-rights/
        https://thehackernews.com/2025/05/asus-patches-driverhub-rce-flaws.html
        https://www.securityweek.com/asus-driverhub-vulnerabilities-expose-users-to-remote-code-execution-attacks/
        https://securityaffairs.com/177731/hacking/researchers-found-one-click-rce-in-asus-s-pre-installed-software-driverhub.html
      • U.S. CISA Adds TeleMessage TM SGNL To Its Known Exploited Vulnerabilities Catalog
        "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive” documentation, as exploited in the wild in May 2025.” reads the advisory."
        https://securityaffairs.com/177743/hacking/u-s-cisa-adds-telemessage-tm-sgnl-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • APT36-Style ClickFix Attack Spoofs Indian Ministry To Target Windows & Linux
        "Threat actors continue to adopt recognizable branding and official imagery to lower suspicion and facilitate malware execution. Infrastructure spoofing India's Ministry of Defence was recently observed delivering cross-platform malware through a ClickFix-style infection chain. The site mimicked government press releases, staged payloads through a possibly compromised .in domain, and used visual deception to appear credible during execution. This activity mirrors patterns seen in other ClickFix cases-reuse of public-sector branding, staging malware in web asset directories, and targeting Windows and Linux to maximize effectiveness."
        https://hunt.io/blog/apt36-clickfix-campaign-indian-ministry-of-defence
        https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/

      • Marbled Dust Leverages Zero-Day In Output Messenger For Regional Espionage
        "Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software. These exploits have resulted in collection of related user data from targets in Iraq. Microsoft Threat Intelligence assesses with high confidence that the targets of the attack are associated with the Kurdish military operating in Iraq, consistent with previously observed Marbled Dust targeting priorities."
        https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/
        https://www.bleepingcomputer.com/news/security/output-messenger-flaw-exploited-as-zero-day-in-espionage-attacks/
        https://therecord.media/microsoft-zero-day-spy-campaign

      • Horabot Unleashed: A Stealthy Phishing Threat
        "In April, FortiGuard Labs observed a threat actor using phishing emails with malicious HTML files to spread Horabot, malware that primarily targets Spanish-speaking users. It is known for using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email credentials, harvest contact lists, and install banking trojans. Horabot leverages Outlook COM automation to send phishing messages from the victim’s mailbox, enabling it to propagate laterally within corporate or personal networks. The threat actor also executed a combination of VBScript, AutoIt, and PowerShell to conduct system reconnaissance, credential theft, and the installation of additional payloads."
        https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat

      • Brief Disruptions, Bold Claims: The Tactical Reality Behind The India-Pakistan Hacktivist Surge
        "In May 2025, multiple Pakistan-linked hacktivist groups claimed over 100 cyberattacks on Indian government, education, and critical infrastructure websites. But CloudSEK’s investigation reveals most of these breaches were exaggerated or fake—ranging from recycled data leaks to defacements that left no real impact. While DDoS attacks barely caused a few minutes of disruption, the real threat came from APT36, which used Crimson RAT malware to target Indian defense networks after the Pahalgam terror attack. This report separates fact from fiction—unmasking the hype, tactics, and real risks behind the India-Pakistan cyber conflict. Read the full analysis to know what truly happened."
        https://www.cloudsek.com/blog/brief-disruptions-bold-claims-the-tactical-reality-behind-the-india-pakistan-hacktivist-surge
        https://www.infosecurity-magazine.com/news/hacktivist-attacks-india/

      • Flashpoint Investigation: Uncovering The DPRK’s Remote IT Worker Fraud Scheme
        "On December 12, 2024, the United States indicted fourteen North Korean nationals for using stolen identities to get remote IT jobs at US-based companies and nonprofits. Over the last six years, this scheme has provided the North Korean government (DPRK) at least $88 million USD and ever since its discovery, Fortune 500 companies, technology and cryptocurrency industries have been reporting even more secret DPRK agents siphoning funds, intellectual property, and information."
        https://flashpoint.io/blog/flashpoint-investigation-uncovering-the-dprks-remote-it-worker-fraud-scheme/

      • **Breaches/Hacks/Leaks

      • BianLian Claims Credit For Two Health Data Hacks**
        "Cybercriminal gang BianLian claims to have stolen patient information in two recent hacks of an Alabama-based ophthalmology practice and a California dental clinic. The two incidents affected nearly 150,000 people and are among the extortion group's latest attacks on the healthcare sector. Alabama Ophthalmology Associates reported its breach to the U.S. Department of Health and Human Services on April 8 as a hacking incident involving a network server and desktop computer affecting nearly 132,000 people."
        https://www.bankinfosecurity.com/bianlian-claims-credit-for-two-health-data-hacks-a-28374

      • US Deportation Airline GlobalX Confirms Hack
        "Global Crossing Airlines, a US airline operating as GlobalX, has confirmed detecting a breach after hackers leaked data allegedly stolen from its systems. GlobalX was in the news recently for playing an important role in the Trump administration’s deportation campaign, particularly the controversial deportations of Venezuelan gang members to El Salvador. The charter airline’s systems were recently targeted by hackers claiming to be part of the Anonymous movement. The hacktivists defaced one of GlobalX’s subdomains, accusing the company over its role in the deportations. In addition, the hackers claimed to have obtained flight records and passenger lists, which they leaked to the media."
        https://www.securityweek.com/us-deportation-airline-globalx-confirms-hack/
        https://therecord.media/airline-carrying-out-deportation-flights-confirms-cyberattack-sec
        https://hackread.com/anonymous-hackers-flight-data-us-deportation-airline-globalx/
        https://www.theregister.com/2025/05/12/globalx_security_incident/

      • Fears 'hackers Still In The System' Leave Co-Op Shelves Running Empty Across UK
        "Grocery shelves at the Co-op retail chain are increasingly depleted in spots across the United Kingdom as the company continues to respond to an attempted cyberattack detected two weeks ago. Recorded Future News understands that the company fears the hackers still have access to its network and is keeping some critical logistics systems offline, preventing shops from getting resupplied with many goods."
        https://therecord.media/co-op-cyberattack-uk-company-fears-hackers-still-in-system

      General News

      • April 2025 Trends Report On Phishing Emails
        "This report provides statistics, trends, and case details on the distribution volume and attachment threats of phishing emails collected and analyzed in April 2025. The following is a part of the statistics and cases included in the original report."
        https://asec.ahnlab.com/en/87895/
      • A Subtle Form Of Siege: DDoS Smokescreens As a Cover For Quiet Data Breaches
        "DDoS attacks have long been dismissed as blunt instruments, favored by script kiddies and hacktivists for their ability to overwhelm and disrupt. But in today's fragmented, hybrid-cloud environments, they've evolved into something far more cunning: a smokescreen. What looks like digital vandalism may actually be a coordinated diversion, engineered to distract defenders from deeper breaches in progress."
        https://www.tripwire.com/state-of-security/subtle-form-siege-ddos-smokescreens-cover-quiet-data-breaches
      • Why Security Teams Cannot Rely Solely On AI Guardrails
        "In this Help Net Security interview, Dr. Peter Garraghan, CEO of Mindgard, discusses their research around vulnerabilities in the guardrails used to protect large AI models. The findings highlight how even billion-dollar LLMs can be bypassed using surprisingly simple techniques, including emojis. To defend against prompt injection, many LLMs are wrapped in guardrails that inspect and filter prompts. But these guardrails are typically AI-based classifiers themselves, and, as Mindgard’s study shows, they are just as vulnerable for certain types of attacks."
        https://www.helpnetsecurity.com/2025/05/12/peter-garraghan-mindgard-ai-guardrails/
      • How To Give Better Cybersecurity Presentations (without Sounding Like a Robot)
        "Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only if you commit and practice.” So, the first step is obvious: Quit avoiding presentations. The more you do them, the better you’ll get."
        https://www.helpnetsecurity.com/2025/05/12/how-to-give-better-cybersecurity-presentations/
      • Unending Ransomware Attacks Are a Symptom, Not The Sickness
        "It's been a devastating few weeks for UK retail giants. Marks and Spencer, the Co-Op, and now uber-posh Harrods have had massive disruptions due to ransomware attacks taking systems down for prolonged periods. If the goods these people sold were one-tenth as shoddy as their corporate cybersecurity, they'd have been out of business years ago. It's a wake-up call, says the UK's National Center for Stating the Obvious. And what will happen? The industry will just press the snooze button again, as we hear reports that other retailers are "patching like crazy.""
        https://www.theregister.com/2025/05/12/opinion_column_ransomware/
      • Moldova Arrests Suspect Linked To DoppelPaymer Ransomware Attacks
        "Moldovan authorities have detained a 45-year-old suspect linked to DoppelPaymer ransomware attacks targeting Dutch organizations in 2021. Police officers searched the suspect's home and car on May 6, seizing an electronic wallet, €84,800, two laptops, a mobile phone, a tablet, six bank cards, and multiple data storage devices. The suspect remains in custody, while Moldovan prosecutors have initiated legal procedures to extradite him to the Netherlands."
        https://www.bleepingcomputer.com/news/security/moldova-arrests-suspect-linked-to-doppelpaymer-ransomware-attacks/
        https://therecord.media/moldova-arrest-suspect-ransomware-attacks-netherlands
      • Ransomware Reloaded: Why 2025 Is The Most Dangerous Year Yet
        "May 12 marks Anti-Ransomware Day, a global awareness initiative created by INTERPOL and Kaspersky to commemorate the 2017 WannaCry outbreak. That infamous ransomware campaign crippled hundreds of thousands of systems worldwide, from UK hospitals to global logistics networks, and its modern descendants are more dangerous, stealthier and relentlessly adaptive. While WannaCry marked a turning point, it was just the beginning of ransomware’s evolution into today’s multibillion dollar criminal enterprise. As we mark this year’s Anti-Ransomware Day, it’s time to look at how the threat has changed — and what lies ahead."
        https://blog.checkpoint.com/security/ransomware-reloaded-why-2025-is-the-most-dangerous-year-yet-2/
      • AI, Agents, And The Future Of Cyber Security
        "In just a few short years, the breakneck speed of advancements in AI have transformed nearly every industry, including cyber security. The pace of acceleration has forced IT and business leaders to rethink approaches to some of the most sensitive areas of their business operations, including workload management, innovation and DevOps, workplace mobility, and security. Understanding how to plan and optimize for the continued evolution of AI and cloud deployments—as well as how to incorporate Agentic AI into cyber defenses and protect against malicious use—is now mission-critical for every modern business. Securing this new and shifting IT estate is a top priority not just for CIOs and CISOs, but the entire C-suite."
        https://blog.checkpoint.com/artificial-intelligence/ai-agents-and-the-future-of-cyber-security/
      • Measuring The US-China AI Gap
        "China has stated its ambition to become the world leader in artificial intelligence (AI) by 2030, a goal that encompasses not only the performance of individual AI models that often attract significant media attention but also AI innovation broadly and widespread adoption of AI for economic and geopolitical benefit. Based on an analysis of key industry pillars informing the US-China competition for AI supremacy — including government and venture capital (VC) funding, industry regulation, talent, technology diffusion, model performance, and compute capacity — Insikt Group assesses that China is unlikely to sustainably surpass the United States (US) on its desired timeline."
        https://www.recordedfuture.com/research/measuring-the-us-china-ai-gap
        https://www.darkreading.com/cyber-risk/can-cybersecurity-keep-up-ai-arms-race
      • Software Code Of Practice: Building a Secure Digital Future
        "There are many things commercial enterprises can do to make their technology products more secure. But in reality, we know cyber security is just one of multiple risks that modern businesses have to juggle. As we explained in the NCSC 2024 Annual Review, technology markets do not incentivise organisations to develop software that is ‘secure by default’. Many standard cyber security features (such as multi-factor authentication or single sign-on) are often deemed ‘premium add-ons', rather than being a fundamental component of the offering."
        https://www.ncsc.gov.uk/blog-post/software-code-of-practice-building-a-secure-digital-future
        https://www.ncsc.gov.uk/section/software-security-code-of-practice
        https://www.darkreading.com/application-security/uk-security-guidelines-boost-software-development
      • NSO Group's Legal Loss May Do Little To Curtail Spyware
        "A California jury's award of $168 million in punitive and compensatory damages to Meta-owned WhatsApp in its lawsuit against spyware purveyor NSO Group highlights that judges and juries have little tolerance for the increasingly popular hack-and-surveil tactics of governments and their commercial providers."
        https://www.darkreading.com/endpoint-security/nso-groups-legal-loss-curtail-spyware
      • Russia’s ‘outsourced’ Bulgarian Spy Ring Sentenced To More Than 50 Years In UK
        "Six members of an “outsourced” spy ring operating in Britain on behalf of the Kremlin were sentenced to a combined 50 years in prison on Monday for activities they’d engaged in under the direction of the Russian state. The sentences are the most significant to be handed down in recent years to proxies used by Russia’s intelligence services, a practice the Kremlin is believed to have doubled-down on following widespread disruption to its traditional intelligence activities in Europe after many of its spies with diplomatic cover were expelled from host nations following the invasion of Ukraine."
        https://therecord.media/bulgarian-members-russian-spy-ring-sentenced-uk

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 09c1a818-47e6-43ed-837b-495bf1e46a8e-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post