NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 30 May 2025

    Cyber Security News
    1
    1
    511
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Santesoft Sante DICOM Viewer Pro
        "Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-148-01

      Industrial Sector

      • Siemens SiPass Integrated
        "Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-02
      • Consilium Safety CS5000 Fire Panel
        "Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-03
      • Instantel Micromate
        "Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-04
      • Siemens SiPass
        "Successful exploitation of this vulnerability could allow an attacker to upload a maliciously modified firmware onto the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-148-01

      Vulnerabilities

      • Unpatched Critical Vulnerability In TI WooCommerce Wishlist Plugin
        "This blog post is about an unauthenticated arbitrary file upload in the TI WooCommerce Wishlist plugin. If you're a TI WooCommerce Wishlist user, deactivate and delete the plugin since there is no patched version available. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, to scan for vulnerabilities and apply protection for only $5 / site per month with Patchstack. For plugin developers, we have security audit services and Enterprise API for hosting companies."
        https://patchstack.com/articles/unpatched-critical-vulnerability-in-ti-woocommerce-wishlist-plugin/
        https://thehackernews.com/2025/05/over-100000-wordpress-sites-at-risk.html
      • Safari Vulnerability Enables Attackers To Steal Credentials With Fullscreen BitM Attacks
        "According to MITRE, Browser-in-the-Middle (BitM) is an attack where “an adversary exploits the inherent functionalities of a web browser, in order to establish an unnoticed remote desktop connection in the victim’s browser to the adversary’s system.” This attack has been used by many attackers to trick victims into unknowingly entering credentials and providing sensitive information on an attacker controlled window. The attack was first disclosed in a paper by researchers from the University of Salento in 2021, and we have seen many cases of BitM being used in the wild since then."
        https://labs.sqrx.com/fullscreen-bitm-f2634a91e6a5
        https://www.bleepingcomputer.com/news/security/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks/
        https://hackread.com/fullscreen-bitm-attack-discovered-by-squarex-exploits-browser-fullscreen-apis-to-steal-credentials-in-safari/
        https://www.infosecurity-magazine.com/news/browser-exploit-technique/

      Malware

      • Haozi’s Plug-And-Play Phishing-As-a-Service Has Facilitated $280,000 Of Criminal Transactions Over Past Five Months
        "Phishing-as-a-Service operations are becoming increasingly user-friendly, and Haozi epitomizes this trend. Unlike legacy phishing kits that require attackers to configure scripts or infrastructure manually, Haozi offers a sleek, public-facing web panel. Once an attacker purchases a server and puts its credentials into the panel, the phishing software is automatically set up, with no need to run a single command."
        https://www.netcraft.com/blog/haozi-s-plug-and-play-phishing-as-a-service-has-facilitated-280-000-of-criminal-transactions
        https://www.darkreading.com/threat-intelligence/haozi-gang-sells-turnkey-phishing-tools-amateurs
      • Behind The Script: Unmasking Phishing Attacks Using Google Apps Script
        "When we think about phishing attacks, we typically picture suspicious emails containing questionable links that lead to fake websites designed to mimic authentic ones. However, threat actors are becoming more strategic, now leveraging tools from trusted tech giants to exploit users. The Cofense Phishing Defense Center recently identified a phishing campaign that takes this approach to the next level. The attack uses an email masquerading as an invoice, containing a link to a webpage that uses Google Apps Script, a development platform integrated across Google’s suite of products. By hosting the phishing page within Google’s trusted environment, attackers create an illusion of authenticity. This makes it easier to trick recipients into handing over sensitive information."
        https://cofense.com/blog/behind-the-script-unmasking-phishing-attacks-using-google-apps-script
        https://www.bleepingcomputer.com/news/security/threat-actors-abuse-google-apps-script-in-evasive-phishing-attacks/
      • Cybercriminals Camouflaging Threats As AI Tool Installers
        "AI has increasingly proliferated across various business verticals, leading to a transformation of industries through automation, data-driven decision-making and enhanced customer engagements. However, as AI continues to propel multiple industry sectors forward, malicious actors are exploiting its popularity by distributing a range of malware disguised as AI solutions’ installers and tools. Threat actors are employing a variety of techniques and channels to distribute these fraudulent installers, including SEO-poisoning tactics to manipulate search engine rankings and cause their malicious websites or download links to appear at the top of search engine results, as well as platforms such as Telegram or social media messengers."
        https://blog.talosintelligence.com/fake-ai-tool-installers/
        https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/
        https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html
        https://hackread.com/fake-chatgpt-invideo-ai-downloads-deliver-ransomware/
      • Lumma Infostealer – Down But Not Out?
        "On May 21, 2025, Europol, FBI, and Microsoft, in collaboration with other public and private sector partners, announced an operation to dismantle the activity of the Lumma infostealer. The malware, considered to be one of the most prolific infostealers, is distributed through a malware-as-a-service model. In addition to its use by common cyber criminals for stealing credentials, Lumma was observed to be part of the arsenal of several prominent threat actor groups, including Scattered Spider, Angry Likho, and CoralRaider."
        https://blog.checkpoint.com/security/lumma-infostealer-down-but-not-out/
      • Deep Dive Into a Dumped Malware Without a PE Header
        "This analysis is part of an incident investigation led by the FortiGuard Incident Response Team. We discovered malware that had been running on a compromised machine for several weeks. The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process. Although obtaining the original malware executable was difficult, a memory dump of the running malware process and a full memory dump of the compromised machine (the “fullout” file, size 33GB) were successfully acquired."
        https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header
        https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html
        https://hackread.com/new-malware-corrupts-its-headers-block-analysis/
        https://www.infosecurity-magazine.com/news/rat-corrupted-headers/

      Breaches/Hacks/Leaks

      • ConnectWise Breached In Cyberattack Linked To Nation-State Hackers
        "IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers," ConnectWise shared in a brief advisory. "We have launched an investigation with one of the leading forensic experts, Mandiant. We have contacted all affected customers and are coordinating with law enforcement.""
        https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/
        https://therecord.media/connectwise-nation-state-attack-targeted-some-customers
        https://www.infosecurity-magazine.com/news/connectwise-confirms-hack/
      • Covenant Health Dealing With Cyberattack Affecting Hospitals
        "Covenant Health, a network of Catholic healthcare organizations serving New England and parts of Pennsylvania, is dealing with a cyber incident affecting services at several facilities where healthcare is still mostly being delivered normally. A Covenant Health spokeswoman in a Thursday statement said the health system has been responding to the incident since its discovery earlier this week."
        https://www.bankinfosecurity.com/covenant-health-dealing-cyberattack-affecting-hospitals-a-28544
      • Billions Of Cookies Up For Grabs As Experts Warn Over Session Security
        "A VPN vendor says billions of stolen cookies currently on sale either on dark web or Telegram-based marketplaces remain active and exploitable. More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide."
        https://www.theregister.com/2025/05/29/billions_of_cookies_available/

      General News

      • What CISOs Can Learn From The Frontlines Of Fintech Cybersecurity
        "At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead."
        https://www.helpnetsecurity.com/2025/05/29/ria-shetty-mastercard-cybersecurity-innovation/
      • How CISOs Can Regain Ground In The AI Fraud War
        "Fraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines clear signals for CISOs trying to build resilient, forward-looking strategies."
        https://www.helpnetsecurity.com/2025/05/29/ciso-ai-fraud-war/
      • CISOs Prioritize AI-Driven Automation To Optimize Cybersecurity Spending
        "Cybersecurity leaders and consultants identified AI-driven automation and cost optimization as top organizational priorities, according to Wipro. 30% of respondents are investing in AI automation to enhance their cybersecurity operations. AI-driven automation can help in detecting and responding to threats more quickly and accurately, thereby reducing the need for extensive manual intervention."
        https://www.helpnetsecurity.com/2025/05/29/ai-automation-investing/
      • #Infosec2025: Over 90% Of Top Email Domains Vulnerable To Spoofing Attacks
        "Over 90% of the world’s top email domains are vulnerable to spoofing, enabling cybercriminals to launch sophisticated phishing attacks, according to new research by EasyDMARC. The email authentication firm found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy. This configuration, known as ‘p=reject’, actively blocks malicious emails from reaching inboxes."
        https://www.infosecurity-magazine.com/news/infosec2025-email-domains-spoofing/
      • Beyond GenAI: Why Agentic AI Was The Real Conversation At RSA 2025
        "Having just returned from the RSA Conference 2025, without a doubt the word on everyone’s lips and the dominant theme on every vendor stand was – you’ve guessed it – AI. AI is a phenomenon that just keeps evolving. Today analysts are predicting a $632B+ AI spend by 2028. What was interesting is that the conversation has also evolved and moved from GenAI to SynthAI and agentic AI."
        https://www.securityweek.com/beyond-genai-why-agentic-ai-was-the-real-conversation-at-rsa-2025/
      • Treasury Takes Action Against Major Cyber Scam Facilitator
        "Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering,” along with its administrator, Liu Lizhi. Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024. Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses."
        https://home.treasury.gov/news/press-releases/sb0149
        https://www.bleepingcomputer.com/news/security/us-sanctions-company-linked-to-hundreds-of-thousands-of-cyber-scam-sites/
        https://therecord.media/southeast-asian-provider-of-scam-infrastructure-sanctioned
        https://cyberscoop.com/funnull-cryptocurrency-scam-sanctions/
        https://www.theregister.com/2025/05/30/fbi_treasury_funnull_sanctions/
      • The 2025 Cybersecurity Pulse Report
        "The 2025 Cybersecurity Pulse Report is the latest intelligence briefing from ISMG, delivering essential insights from 150+ expert interviews and four days of carefully curated programming from the RSAC 2025 Conference. Synthesized through ISMG's AI-powered editorial workflow, this report captures the pivotal conversations, innovations and strategic shifts defining the cybersecurity landscape in 2025."
        https://www.bankinfosecurity.com/2025-cybersecurity-pulse-report-a-28529
        https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/cybersecurity-pulse-report-rsac-2025.pdf
      • A Defense-In-Depth Approach For The Modern Era
        "As we reflect on the rapid evolution of technology, particularly over the past decade, it's evident that security strategies must adapt. With enterprises increasingly shifting toward cloud computing, software-as-a-service (SaaS), and interconnected Internet of Things (IoT) ecosystems, traditional security models are no longer sufficient. Organizations must embrace a defense-in-depth approach — one that extends beyond data centers and into every network edge, from branch offices to IoT devices."
        https://www.darkreading.com/vulnerabilities-threats/defense-depth-approach-modern-era
      • Certified Randomness Uses Quantum Cryptography To Make Stronger Keys
        "Key generators are a foundational technology in cryptography to keep enterprise communication and systems secure. Threat actors are attempting to predict patterns of conventional key generators to break the encryption, leading scientists to explore combining quantum-circuit unpredictability and encryption algorithms to generate random keys that are harder to crack."
        https://www.darkreading.com/endpoint-security/certified-randomnes-squantum-cryptography-stronger-keys

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 64748bad-350c-4e6b-9b65-73935cd15149-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post