NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 May 2025

    Cyber Security News
    1
    1
    79
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Telecom Sector

      • O2 UK Patches Bug Leaking Mobile User Location From Call Metadata
        "A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. The problem was discovered by security researcher Daniel Williams, who says the flaw existed on O2 UK's network since March 27, 2017, and was resolved yesterday. O2 UK is a British telecommunications service provider owned by Virgin Media O2. As of March 2025, the company reported having nearly 23 million mobile customers and 5.8 million broadband clients across the UK, positioning it as one of the major providers in the country."
        https://www.bleepingcomputer.com/news/security/o2-uk-patches-bug-leaking-mobile-user-location-from-call-metadata/

      New Tooling

      • Hanko: Open-Source Authentication And User Management
        "Hanko is an open-source, API-first authentication solution purpose-built for the passwordless era. “We focus on helping developers and organizations modernize their authentication flows by migrating users towards passkeys, while still supporting all common authentication methods like email/password, MFA, OAuth, as well as SAML SSO,” Felix Magedanz, CEO at Hanko, told Help Net Security."
        https://www.helpnetsecurity.com/2025/05/19/hanko-open-source-authentication-user-management/
        https://github.com/teamhanko/hanko

      Vulnerabilities

      • CISA Adds Six Known Exploited Vulnerabilities To Catalog
        "CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
        CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability
        CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
        CVE-2024-11182 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
        CVE-2025-27920 Srimax Output Messenger Directory Traversal Vulnerability
        CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
        CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/05/19/cisa-adds-six-known-exploited-vulnerabilities-catalog
      • Mozilla Fixes Firefox Zero-Days Exploited At Hacking Contest
        "Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. The fixes, which include the Firefox on Desktop and Android and two Extended Support Releases (ESR), came mere hours after the conclusion of Pwn2Own, on Saturday, where the second vulnerability was demonstrated. The first flaw, tracked under CVE-2025-4918, is an out-of-bounds read/write issue in the JavaScript engine when resolving Promise objects."
        https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-days-exploited-at-hacking-contest/
        https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html
        https://securityaffairs.com/178064/security/mozilla-fixed-zero-days-demonstrated-at-pwn2own-berlin-2025.html

      Malware

      • Fake KeePass Password Manager Leads To ESXi Ransomware Attack
        "Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure's Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack started with a malicious KeePass installer promoted through Bing advertisements that promoted fake software sites."
        https://www.bleepingcomputer.com/news/security/fake-keepass-password-manager-leads-to-esxi-ransomware-attack/
        https://labs.withsecure.com/content/dam/labs/docs/W_Intel_Research_KeePass_Trojanised_Malware_Campaign.pdf
      • RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a Malware Delivery Vector
        "The RVTools Bumblebee Malware Attack earlier this week serves as a real-world example of a supply chain compromise that briefly turned a trusted tool into a malware delivery vector. On May 13 2025, our security operations team responded to a high-confidence alert from Microsoft Defender for Endpoint. An employee had attempted to install RVTools—a trusted VMware environment reporting utility. Within moments of launching the installer, Defender flagged a suspicious file: version.dll, which was attempting to execute from within the same directory as the installer itself. RVTools has long been regarded as a legitimate and safe tool used across many enterprises. However, this incident triggered immediate concern, as this behavior is highly atypical for the installer and hinted at a potential compromise. A hash check and upload to VirusTotal revealed 33 out of 71 antivirus engines detecting it as malicious, identifying it as a variant of the Bumblebee loader malware."
        https://zerodaylabs.net/rvtools-bumblebee-malware/
        https://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html
        https://www.helpnetsecurity.com/2025/05/19/rvtools-installer-malware/
      • CTM360 Maps Out Real-Time Phishing Infrastructure Targeting Corporate Banking Worldwide
        "A phishing operation that targets corporate banking accounts across the globe has been analyzed in a new report by CTM360. The campaign uses fake Google ads, advanced filtering techniques, to steal sensitive login credentials and bypass MFA. Researchers uncovered more than 12,000 malicious redirector URLs spread across 35 unique potential phishing redirector templates. The infrastructure supports two distinct phishing techniques, both of which are difficult to detect and designed to evade automated scanning tools."
        https://www.helpnetsecurity.com/2025/05/19/ctm360-cyberheist-phish-report/
        https://www.ctm360.com/reports/cyberheist-phish-report

      Breaches/Hacks/Leaks

      • Legal Aid Agency Admits Major Breach Of Applicant Data
        "An April breach at the UK’s Legal Aid Agency resulted in the theft of a large volume of personal information belonging to applicants, including criminal records, the Ministry of Justice (MoJ) has admitted. The agency, which provides citizens with access to vital civil and criminal legal services, first became aware of the attack on April 23. However, on Friday it discovered the extent of the breach was much greater than at first thought and has temporarily shut down its online services. “We believe the group has accessed and downloaded a significant amount of personal data from those who applied for legal aid through our digital service since 2010,” it admitted."
        https://www.infosecurity-magazine.com/news/legal-aid-agency-admits-major/
        https://www.theregister.com/2025/05/19/legal_aid_agency_data_theft/
        https://therecord.media/uk-legal-aid-agency-data-breach
        https://www.bleepingcomputer.com/news/security/uk-legal-aid-agency-confirms-applicant-data-stolen-in-data-breach/
        https://www.darkreading.com/remote-workforce/legal-aid-agency-data-breach
        https://www.bankinfosecurity.com/hackers-nab-15-years-uk-legal-aid-applicant-data-a-28431
        https://hackread.com/uk-legal-aid-agency-cyberattack-sensitive-data-stolen/
        https://www.securityweek.com/uk-legal-aid-agency-finds-data-breach-following-cyberattack/
      • Arla Foods Confirms Cyberattack Disrupts Production, Causes Delays
        "Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. The Danish food giant clarified that the attack only affected its production unit in Upahl, Germany, though it expects this will result in product delivery delays or even cancellations. "We can confirm that we have identified suspicious activity at our dairy site in Upahl that impacted the local IT network," stated an Arla spokesperson. "Due to the safety measures initiated as a result of the incident, production was temporarily affected.""
        https://www.bleepingcomputer.com/news/security/arla-foods-confirms-cyberattack-disrupts-production-causes-delays/
      • DDoSecrets Adds 410GB Of TeleMessage Breach Data To Index
        "On the 4th of May 2025, TeleMessage, an Israeli company providing modified versions of encrypted messaging apps like Signal, suffered a major data breach. The breach exposed archived messages, contact information of government officials, and backend login credentials. The hacker, whose identity is still unknown, exploited a vulnerability in the company’s system, accessing a publicly exposed Java heap dump file that contained sensitive information. This incident raised serious concerns about the security of communications at the highest levels of the United States government, especially since former National Security Advisor Mike Waltz was seen using TeleMessage’s TM SGNL app during a cabinet meeting."
        https://hackread.com/ddosecrets-adds-410gb-telemessage-breach-data-index/
      • 200,000 Harbin Clinic Patients Impacted By NRS Data Breach
        "Georgia healthcare provider Harbin Clinic is notifying over 200,000 people that their personal information was stolen in a July 2024 data breach at debt collector Nationwide Recovery Services (NRS). The incident was discovered after suspicious activity on NRS’s internal systems resulted in a network outage. The third-party collection agency discovered that the attackers accessed its network between July 5 and July 11, and stole certain data."
        https://www.securityweek.com/200000-harbin-clinic-patients-impacted-by-nrs-data-breach/
        https://www.bankinfosecurity.com/debt-collector-hack-affects-long-list-clients-patients-a-28429
      • Official UK Records Confirm Cyberattacks Put NHS Patients At Risk Of Clinical Harm
        "Two cyberattacks affecting Britain’s National Health Service (NHS) last year put patients at risk of clinical harm, according to official data obtained by Recorded Future News. The data, recorded by the government under the Network and Information Systems (NIS) Regulations and obtained under the Freedom of Information Act, does not identify specific incidents but highlights the growing threat that financially motivated cyber incidents pose to public safety. It follows the head of the National Cyber Security Centre, Richard Horne, telling cybersecurity practitioners earlier this month that their work was “not just about protecting systems, it’s about protecting our people, our economy, our society, from harm.”"
        https://therecord.media/uk-nhs-data-two-cyberattacks-clinical-harm-2024

      General News

      • AI Hallucinations And Their Risk To Cybersecurity Operations
        "AI systems can sometimes produce outputs that are incorrect or misleading, a phenomenon known as hallucinations. These errors can range from minor inaccuracies to misrepresentations that can misguide decision-making processes."
        https://www.helpnetsecurity.com/2025/05/19/ai-hallucinations-risk-cybersecurity-operations/
      • Why EU Encryption Policy Needs Technical And Civil Society Input
        "In this Help Net Security interview, Full Professor at University of Leuven, unpacks the European Commission’s encryption agenda, urging a balanced, technically informed approach to lawful access that safeguards privacy, security, and fundamental rights across the EU."
        https://www.helpnetsecurity.com/2025/05/19/bart-preneel-university-of-leuven-eu-encryption-policy/
      • Dead Man’s Scripts: The Security Risk Of Forgotten Scheduled Tasks In Legacy Systems
        "There are ghosts in the machine. Not the poetic kind. I mean literal, running-code-with-root-access kind. The kind that was set up ten years ago by an admin who retired five jobs ago. The kind that still wakes up every night at 3:30 a.m.; processes something no one remembers, and then quietly vanishes into the system logs. Until, of course, something goes wrong—or someone takes advantage of it. Welcome to the world of dead man's scripts: outdated, unsupervised scheduled tasks buried deep inside legacy systems."
        https://www.tripwire.com/state-of-security/dead-mans-scripts-security-risk-forgotten-scheduled-tasks-legacy-systems
      • #Infosec2025: How CISOs Can Stay Ahead Of Evolving Cloud Threats
        "Cloud environments have become a lucrative target for cyber-threat actors, a subject that will be discussed by experts during the upcoming Infosecurity Europe conference. Research has shown that nearly half of all data breaches now originate in the cloud, with 80% of organizations experiencing a cloud security breach in the past year. This is a result of organizations moving their key applications and data from on-prem to cloud environments to improve efficiency."
        https://www.infosecurity-magazine.com/news/infosec2025-cisos-evolving-cloud/
      • Hackers Earn Over $1 Million At Pwn2Own Berlin 2025
        "More than $1 million were paid out at the Pwn2Own Berlin 2025 hacking competition organized last week by Trend Micro’s Zero Day Initiative (ZDI) in Berlin, Germany. ZDI announced that white hat hackers have been awarded a total of $1,078,750 for 28 previously unknown vulnerabilities across operating systems, AI products, container software, browsers, virtualization software, and servers. Of the total amount, $140,000 was earned for AI hacks, including ones targeting the Chroma open source AI application database, and NVIDIA’s Triton Inference Server and Container Toolkit. This was the first Pwn2Own to include the AI category."
        https://www.securityweek.com/hackers-earn-over-1-million-at-pwn2own-berlin-2025/
        https://www.bleepingcomputer.com/news/security/hackers-earn-1-078-750-for-28-zero-days-at-pwn2own-berlin/
        https://securityaffairs.com/178040/hacking/pwn2own-berlin-2025-total-prize-money-reached-1078750.html
      • From Classrooms To Code Red: 3,000+ Cyber Threats Hit U.S. Schools And Universities Weekly
        "Classrooms and campuses have gone fully digital — and continue to innovate – while cyber criminals are exploiting every gap in that transformation. Schools, colleges, and universities are rapidly digitalizing, but with limited cyber security infrastructure and strained IT resources, they are increasingly vulnerable to cyber attacks. According to new data from Check Point Research, the education sector has seen an alarming surge in cyber threats over the past 18 months. In January 2024, the average number of weekly attacks per education organization stood at 1,176. By April 2025, that number had nearly tripled to 3,323. This steady and significant rise paints a clear picture: education is one of the most targeted sectors in today’s cyber threat landscape."
        https://blog.checkpoint.com/security/from-classrooms-to-code-red-3000-cyber-threats-hit-u-s-schools-and-universities-weekly/
      • CVE Disruption Threatens Foundations Of Defensive Security
        "The Common Vulnerabilities and Exposures (CVE) program has been a constant for the cybersecurity community for more than 25 years. Operating behind the scenes, the program has consistently connected the dots between threat research, patching, incident response, and training. Today, it remains fundamental to many of the cybersecurity tools and strategies keeping organizations and critical national infrastructure protected. But now, as its future hangs on a temporary 11-month funding extension, this once-reliable backbone is under pressure."
        https://www.darkreading.com/threat-intelligence/cve-disruption-threatens-foundations-defensive-security
      • Preventing Malicious Mobile Apps From Taking Over iOS Through App Vetting
        "Mobile devices, particularly those running iOS, are widely assumed to have robust security and privacy features. However, no operating system is foolproof, and one of the most significant vulnerabilities arises not from the system itself but from the apps users install. Most organizations fail to recognize that the non-work related apps on corporate devices may inadvertently open the door to attackers to steal sensitive data, including corporate credentials. Malicious mobile apps can exploit permissions, introduce malware, or exfiltrate sensitive data, often without users realizing the extent of their access. While Apple’s App Store has good review processes, sideloaded apps or apps from less reputable sources pose a particularly high risk. In an era where mobile devices are integral to business operations, neglecting app vetting can lead to severe consequences, including data breaches, compliance failures, and reputational harm."
        https://zimperium.com/blog/preventing-malicious-mobile-apps-from-taking-over-ios-through-app-vetting
        https://hackread.com/40000-ios-apps-found-exploiting-private-entitlements/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b0681920-b479-4d81-97b9-a0f0f4aa4ca5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post