NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 June 2025

    Cyber Security News
    1
    1
    104
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • ICS Patch Tuesday: Vulnerabilities Addressed By Siemens, Schneider, Aveva, CISA
        "Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories. While most of the vulnerabilities described in the advisories have been patched, only mitigations and workarounds are currently available for some of the flaws. Siemens published six new advisories this Patch Tuesday. The most important describes CVE-2025-40585, a critical default credentials issue impacting Siemens Energy Services solutions that use the Elspec G5 Digital Fault Recorder (G5DFR)."
        https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-siemens-schneider-aveva-cisa/

      New Tooling

      • OWASP Nettacker: Open-Source Scanner For Recon And Vulnerability Assessment
        "OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It offers a controlled and extensible framework for running these tests."
        https://www.helpnetsecurity.com/2025/06/11/owasp-nettacker-open-source-scanner/
        https://github.com/OWASP/Nettacker

      Vulnerabilities

      • Chrome, Firefox Updates Resolve High-Severity Memory Bugs
        "Chrome 137 and Firefox 139 updates released on Tuesday resolve four high-severity memory bugs, two in each popular browser. The Chrome update patches a use-after-free issue in Media (tracked as CVE-2025-5958) and a type confusion in the V8 JavaScript engine (CVE-2025-5959), both reported by external researchers. Use-after-free vulnerabilities can be exploited for code execution, data corruption and denial of service. In Chrome, they can lead to sandbox escape, if combined with security defects in a privileged part of the browser, or in the underlying operating system."
        https://www.securityweek.com/chrome-firefox-updates-resolve-high-severity-memory-bugs/
      • Fortinet, Ivanti Patch High-Severity Vulnerabilities
        "Fortinet and Ivanti on Tuesday announced fixes for over a dozen vulnerabilities across their product portfolios, including multiple high-severity flaws. Ivanti released a Workspace Control (IWC) update to address three high-severity bugs that could lead to credential leaks. Tracked as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, the issues exist because of hardcoded keys in IWC versions 10.19.0.0 and prior, which could allow authenticated attackers to decrypt stored SQL credentials and environment passwords."
        https://www.securityweek.com/fortinet-ivanti-patch-high-severity-vulnerabilities/
      • 40,000 Security Cameras Exposed To Remote Hacking
        "More than 40,000 security cameras worldwide are exposed to the internet, cybersecurity firm Bitsight warns. Operating over HTTP or RTSP (Real-Time Streaming Protocol), the cameras expose their live feed to anyone knowing their IP addresses, directly from the web browser, which makes them unintended tools for cyberattacks, espionage, extortion, and stalking, the company says. The HTTP-based cameras rely on standard web technologies for video transmission and control, and are typically found in homes and small offices."
        https://www.securityweek.com/40000-unprotected-security-cameras-found-on-internet/
        https://enablement.bitsight.com/sh/570339668395124546/assets/?id=570339016365373055
      • Breaking Down ‘EchoLeak’, The First Zero-Click AI Vulnerability Enabling Data Exfiltration From Microsoft 365 Copilot
        "Aim Security discovered “EchoLeak”, a vulnerability that exploits design flaws typical of RAG Copilots, allowing attackers to automatically exfiltrate any data from M365 Copilot’s context, without relying on specific user behavior. The primary chain is composed of three distinct vulnerabilities, but Aim Labs has identified additional vulnerabilities in its research process that may also enable an exploit."
        https://www.aim.security/lp/aim-labs-echoleak-blogpost
        https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/
      • SmartAttack Uses Smartwatches To Steal Data From Air-Gapped Systems
        "A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. Air-gapped systems, commonly deployed in mission-critical environments such as government facilities, weapons platforms, and nuclear power plants, are physically isolated from external networks to prevent malware infections and data theft. Despite this isolation, they remain vulnerable to compromise through insider threats such as rogue employees using USB drives or state-sponsored supply chain attacks."
        https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/
        https://arxiv.org/html/2506.08866v1
      • Catdoc Zero-Day, NVIDIA, High-Logic FontCreator And Parallel Vulnerabilities
        "Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy, except in the case of the catdoc zero-day vulnerabilities, which were patched by our researcher (patches found in this repository). This is an unusual case, because the vendor could not be reached to fix these high-risk bugs; our policy does not include fixing third-party vulnerabilities."
        https://blog.talosintelligence.com/catdoc-zero-day-nvidia-high-logic-fontcreator-and-parallel-vulnerabilities/

      Malware

      • Toxic Trend: Another Malware Threat Targets DeepSeek
        "DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing."
        https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/
        https://www.theregister.com/2025/06/11/deepseek_installer_or_infostealing_malware/
      • Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats
        "GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt — registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale."
        https://www.greynoise.io/blog/coordinated-brute-force-activity-targeting-apache-tomcat-manager
        https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.html
        https://www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/
      • Check Point Research Warns Of Holiday-Themed Phishing Surge As Summer Travel Season Begins
        "As summer travel season kicks into high gear, cybercriminals are following the crowds online. Check Point Research (CPR) has uncovered a sharp spike in cyber threats tied to the hospitality and travel sector, with a 55% increase in newly created domains related to holidays and vacations in May 2025 compared to the same period last year. Of over 39,000 domains registered, one in every 21 was flagged as either malicious or suspicious."
        https://blog.checkpoint.com/research/check-point-research-warns-of-holiday-themed-phishing-surge-as-summer-travel-season-begins/
      • Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool
        "Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. Using a combination of unique characteristics, Proofpoint researchers were able to detect and track unauthorized activity attributed to TeamFiltration. According to Proofpoint findings, since December 2024 UNK_SneakyStrike activity has affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover."
        https://www.proofpoint.com/us/blog/threat-insight/attackers-unleash-teamfiltration-account-takeover-campaign
      • Gone But Not Forgotten: Black Basta’s Enduring Legacy
        "In February 2025, the infamous Russian-speaking ransomware-as-a-service (RaaS) group “Black Basta” collapsed after a dramatic internal fallout. A disgruntled member, known as ExploitWhispers, leaked the group’s private chat logs on Telegram, frustrated by its controversial decision to target Russian financial institutions. This leak not only revealed the inner workings of a high-profile ransomware operation but also led to Black Basta’s apparent disbandment. Once responsible for naming up to 50 victims a month on its data-leak site, the group went silent after February, and by the end of the month, its data-leak site had vanished entirely—marking the end of operations under the Black Basta name."
        https://reliaquest.com/blog/decline-and-legacy-of-black-basta-whats-next-ransomware-phishing/
        https://thehackernews.com/2025/06/former-black-basta-members-use.html
      • GhostVendors Exposed: Silent Push Uncovers Massive Network Of 4000+ Fraudulent Domains Masquerading As Major Brands
        "Silent Push Threat Analysts are tracking a massive “fake marketplace” scam that uses thousands of fake websites to abuse dozens of major brands and buy Facebook ads to promote its scam products. Our team is labeling this group “GhostVendors,” and we suspect they are also purchasing ads on other networks to self-promote their scam sites. We will update this report accordingly as our investigation continues."
        https://www.silentpush.com/blog/ghostvendors/

      Breaches/Hacks/Leaks

      • Erie Insurance Confirms Cyberattack Behind Business Disruptions
        "Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. Erie Indemnity Company is the management company for the Erie Insurance Group, a property and casualty insurer with over 6 million active policies. The company provides auto, home, life, and business insurance policies through independent agents. Since Saturday, June 7, Erie Insurance has been suffering from widespread outages and business disruptions, with customers unable to log into the customer portal and reporting difficulties making claims or receiving paperwork from the company."
        https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/

      General News

      • Gartner: Secure Enterprise Browser Adoption To Hit 25% By 2028
        "The modern workplace is increasingly browser-centric, with Omdia estimating that approximately 85% of the workday is spent in the web browser, thanks to web applications, software-as-a-service applications, and cloud services. The shift to cloud and increased support for remote and hybrid work have reduced costs and improved operational efficiency, but they have also increased complexity, created new attack vectors, and exposed organizations to greater security risks."
        https://www.darkreading.com/endpoint-security/gartner-secure-enterprise-browser-adoption-25-by-2028
      • The Path To Better Cybersecurity Isn’t More Data, It’s Less Noise
        "In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than any person can realistically keep up with. When too much data comes in at once, things get missed. Responses slow down and, over time, the constant pressure can lead to burnout. According to a Vectra AI survey, 71% of SOC practitioners worry they will miss a real attack buried in a flood of alerts, and 51% believe they cannot keep pace with the increasing number of security threats."
        https://www.helpnetsecurity.com/2025/06/11/cybersecurity-data-overload/
      • How To Build AI Into Your Business Without Breaking Compliance
        "AI is supposed to make businesses faster, smarter, and more competitive, but most projects fall short. The Cloud Security Alliance (CSA) says the real issue is companies cramming AI into old, rigid processes that just can’t keep up. “AI adoption in business and manufacturing is failing at least twice as often as it succeeds,” the CSA writes. “Companies are trying to integrate AI into outdated, rigid process structures that lack transparency, adaptability, and real-time data integration.”"
        https://www.helpnetsecurity.com/2025/06/11/dynamic-process-landscape-dpl/
      • AI Forces IT Leaders To Rethink Their Network Strategies
        "As AI assistants, agents, and data-driven workloads reshape how work gets done, they’re creating more latency-sensitive, and more complex network traffic, according to Cisco. Combined with the ubiquity of connected devices, 24/7 uptime demands, and security threats, these shifts are driving infrastructure to adapt and evolve. The result: IT leaders are changing how they think about the network: what it is, what it enables, and how it protects the organization. The network they build today will decide the business they become tomorrow."
        https://www.helpnetsecurity.com/2025/06/11/ai-networks-modernization/
      • 86% Of All LLM Usage Is Driven By ChatGPT
        "ChatGPT remains the most widely used LLM among New Relic customers, making up over 86% of all tokens processed. Developers and enterprises are shifting to OpenAI’s latest models, such as GPT-4o and GPT-4o mini, even when more affordable alternatives are available. Speed, reliability, and enterprise readiness are driving ChatGPT’s dominance. Many organizations prefer deploying proven models rather than investing time and resources into training or fine-tuning their own. That said, monitoring remains essential, even for the most trusted models. Teams need to track usage, benchmark performance, and detect anomalies to manage costs and maintain reliability."
        https://www.helpnetsecurity.com/2025/06/11/chatgpt-usage-2025/
      • Hands-On Skills Now Key To Landing Your First Cyber Role
        "Security hiring managers are now emphasizing hands-on experience when making hiring decisions for entry-level positions. While relevant educational qualifications, such as computer science degrees, remain important, they are no longer the only path to an entry-level cybersecurity role. The findings from ISC2’s 2025 Cybersecurity Hiring Trends report discovered that 90% of managers would consider candidates with only previous IT work experience and no educational qualifications."
        https://www.infosecurity-magazine.com/news/hands-on-skills-first-cyber-role/
      • Rethinking Success In Security: Why Climbing The Corporate Ladder Isn’t Always The Goal
        "I didn’t intend to write back-to-back pieces about careers in security. Based on the feedback I received after my last piece and some conversations I’ve had lately, however, it seems that another piece is in order. Although there is plenty of career advice out there from people who are smarter and more experienced than I am, there is one topic that I believe could use some focus. What is that topic you ask? Quite simply put, it is best for the majority of people in the security field not to feel compelled to climb the corporate ladder. How can I make such a bold statement? What do I mean by this? I’ll elaborate."
        https://www.securityweek.com/rethinking-success-in-security-why-climbing-the-corporate-ladder-isnt-always-the-goal/
      • How Scammers Are Using AI To Steal College Financial Aid
        "It was an unusual question coming from a police officer. Heather Brady was napping at home in San Francisco on a Sunday afternoon when the officer knocked on her door to ask: Had she applied to Arizona Western College? She had not, and as the officer suspected, somebody else had applied to Arizona community colleges in her name to scam the government into paying out financial aid money. When she checked her student loan servicer account, Brady saw the scammers hadn’t stopped there. A loan for over $9,000 had been paid out in her name — but to another person — for coursework at a California college."
        https://www.securityweek.com/how-scammers-are-using-ai-to-steal-college-financial-aid/
      • 20,000 Malicious IPs And Domains Taken Down In INTERPOL Infostealer Crackdown
        "More than 20,000 malicious IP addresses or domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure. During Operation Secure (January – April 2025) law enforcement agencies from 26 countries worked to locate servers, map physical networks and execute targeted takedowns."
        https://www.interpol.int/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdown
        https://thehackernews.com/2025/06/interpol-dismantles-20000-malicious-ips.html
        https://www.bleepingcomputer.com/news/security/operation-secure-disrupts-global-infostealer-malware-operations/
        https://therecord.media/dozens-arrested-infostealer-interpol-crackdown
        https://www.darkreading.com/threat-intelligence/infostealer-ring-bust-20000-malicious-ip
        https://cyberscoop.com/operation-secure-asia-takedown/
        https://hackread.com/operation-secure-interpol-disrupts-infostealer-domains/
        https://www.helpnetsecurity.com/2025/06/11/operation-secure-cybercrime-infostealer-crackdown/
        https://www.infosecurity-magazine.com/news/interpol-operation-secure/
        https://securityaffairs.com/178898/cyber-crime/operation-secure-interpol-dismantles-20000-malicious-ips-in-major-cybercrime-crackdown.html
        https://www.theregister.com/2025/06/11/asia_cracks_down_on_infostealers/
      • How To Build a Lean Security Model: 5 Lessons From River Island
        "In today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible - they can be highly effective. River Island, one of the UK’s leading fashion retailers, offers a powerful case study on how to do more with less. As River Island’s InfoSec Officer, Sunil Patel and his small team of three are responsible for securing over 200 stores, an e-commerce platform, a major distribution center, and head offices. With no headcount growth on the horizon, Sunil had to rethink how security could scale effectively."
        https://thehackernews.com/2025/06/how-to-build-lean-security-model-5.html
      • Security Pitfalls & Solutions Of Multiregion Cloud Architectures
        "Today's cloud-first enterprises demand more than high availability; they require true resilience across multiple regions. Designing a resilient multiregion cloud architecture ensures business continuity during outages, provides low-latency access for global users, and supports disaster recovery objectives. However, without a security-first approach, such architectures can inadvertently expand the organization's attack surface and introduce systemic vulnerabilities."
        https://www.darkreading.com/cloud-security/security-pitfalls-solutions-multiregion-cloud-architectures
      • Bridging The Secure Access Gap In Third-Party, Unmanaged Devices
        "With cyberattacks against user devices and corporate data increasing daily, enterprise defenders are deploying enterprise browsers to protect applications and data as part of their secure access service edge (SASE) and zero-trust network access (ZTNA) initiatives, according to an Enterprise Strategy Group (ESG) survey."
        https://www.darkreading.com/endpoint-security/bridging-secure-access-gap-third-party-unmanaged-devices
      • May 2025 Deep Web And Dark Web Trends Report
        "This trend report on the deep web and dark web of May 2025 is sectioned into Ransomware, Data Breach, DarkWeb, CyberAttack, and Threat Actor. Please note that there are some parts of the content that cannot be verified for accuracy."
        https://asec.ahnlab.com/en/88428/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) a3e0d7d8-0873-4d99-a385-1298b08892cc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post