NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 June 2025

    Cyber Security News
    1
    1
    143
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Medical Device Cyberattacks Push Hospitals Into Crisis Mode
        "22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. The survey reveals that healthcare cybersecurity has evolved from primarily an IT concern to a patient safety imperative driving procurement decisions and operational strategies. In fact, the findings demonstrate a shift in healthcare cybersecurity priorities, with 35% of organizations now identifying OT systems like medical devices as their biggest cybersecurity concern, compared to traditional IT systems."
        https://www.helpnetsecurity.com/2025/06/23/medical-devices-cyberattacks/

      Industrial Sector

      • The Illusion Of Control: Can We Ever Fully Secure Autonomous Industrial Systems?
        "In the rapidly evolving world of industrial IoT (IIoT), the integration of AI-driven decision-making into operational technology (OT) systems has created the impression of tighter control, smarter response times and predictive efficiency. This feeling of having control might actually be a risky illusion. Autonomous systems are now responsible for critical infrastructure: smart grids, manufacturing lines and water treatment facilities, all relying on interconnected sensors and AI for autonomous decision-making. But as the layers of automation deepen, so too does the complexity, making it increasingly difficult to understand or audit decisions made by machines."
        https://blog.checkpoint.com/security/the-illusion-of-control-can-we-ever-fully-secure-autonomous-industrial-systems/

      Vulnerabilities

      • Critical Authentication Bypass Flaw Patched In Teleport
        "Teleport on Friday warned of a critical-severity vulnerability in the open source platform that can be exploited remotely to bypass standard authentication controls. Teleport provides connectivity, authentication, and access control for servers and cloud applications. It supports protocols such as SSH, RDP, and HTTPS, and can be used with Kubernetes and various databases. Tracked as CVE-2025-49825 (CVSS score of 9.8), the critical flaw can be exploited to circumvent SSH authentication, allowing attackers to access Teleport-managed systems."
        https://www.securityweek.com/critical-authentication-bypass-flaw-patched-in-teleport/
        https://support.goteleport.com/hc/en-us/articles/42280478593043-CVE-2025-49825-for-Cloud-Customers
      • Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails
        "An AI Researcher at Neural Trust has discovered a novel jailbreak technique that defeats the safety mechanisms of today’s most advanced Large Language Models (LLMs). Dubbed the Echo Chamber Attack, this method leverages context poisoning and multi-turn reasoning to guide models into generating harmful content, without ever issuing an explicitly dangerous prompt."
        https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak
        https://www.darkreading.com/cloud-security/echo-chamber-attack-ai-guardrails
        https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.html
        https://www.securityweek.com/new-echo-chamber-jailbreak-bypasses-ai-guardrails-with-ease/

      Malware

      • APT28 Hackers Use Signal Chats To Launch New Malware Attacks On Ukraine
        "The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. To be clear, this is not a security issue in Signal. Instead, threat actors are more commonly utilizing the messaging platform as part of their phishing attacks due to its increased usage by governments worldwide. The attacks were first discovered by Ukraine's Computer and Emergency Response (CERT-UA) in March 2024, though limited details about the infection vector were uncovered at the time."
        https://www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/
      • SparkKitty, SparkCat’s Little Brother: A New Trojan Spy Found In The App Store And Google Play
        "In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’s gallery. It would then use an OCR model to select and exfiltrate images of interest. Although SparkCat was capable of searching for any text within images, that campaign specifically targeted photos containing seed phrases for crypto wallets. The malware was distributed through unofficial sources as well as Google Play and App Store. Now, we’ve once again come across a new type of spyware that has managed to infiltrate the official app stores. We believe it is connected to SparkCat and also targets the cryptocurrency assets of its victims."
        https://securelist.com/sparkkitty-ios-android-malware/116793/
        https://www.bleepingcomputer.com/news/security/malware-on-google-play-app-store-stole-your-photos-and-crypto/
        https://www.darkreading.com/mobile-security/sparkkitty-swipes-pics-ios-android-devices
      • Unmasking A New China-Linked Covert ORB Network: Inside The LapDogs Campaign
        "In recent years, ORB Networks have quietly emerged as one of the most effective covert infrastructure tools used by nation-state threat actors. Unlike botnets, ORBs use compromised devices to maintain stealthy, long-term infrastructure—not to launch noisy, disruptive attacks. They function as flexible infrastructure and can provide operational cover for malicious activity. The compromised devices in the network continue functioning as usual during campaigns, which can make detection and attribution elusive."
        https://securityscorecard.com/blog/unmasking-a-new-china-linked-covert-orb-network-inside-the-lapdogs-campaign/
        https://securityscorecard.com/wp-content/uploads/2025/06/LapDogs-STRIKE-Report-June-2025.pdf
        https://www.bankinfosecurity.com/chinese-hackers-turn-unpatched-routers-into-orb-spy-network-a-28784
        https://hackread.com/china-lapdogs-drops-shortleash-backdoor-fake-certs/
        https://www.infosecurity-magazine.com/news/chinese-lapdogs-orb-network/
        https://www.helpnetsecurity.com/2025/06/23/lapdogs-shortleash-backdoor-linux-soho-devices/
        https://www.theregister.com/2025/06/23/lapdog_orb_network_attack_campaign/
      • Uncovering a Tor-Enabled Docker Exploit
        "We recently found an interesting attack that used Docker's remote API and the Tor network. We've seen XMRig crypto miners before - they're programs that secretly mine cryptocurrency on victims' computers. However, this time, attackers used a new method to install these miners while hiding their identity through Tor. We observed this attack using an intentionally exposed Docker Remote API server, which was designed to monitor exploit behavior in the wild. This blog post explains how the attack works and what it means for security."
        https://www.trendmicro.com/en_us/research/25/f/tor-enabled-docker-exploit.html
        https://www.darkreading.com/cloud-security/attackers-docker-apis-tor-anonymity-crypto-heist
      • SadFuture: Mapping XDSpy Latest Evolution
        "This report examines recent activities we attribute to the XDSpy threat actor, focusing on an ongoing campaign targeting Eastern European and Russian governmental entities using the XDigo malware, dating back to March 2025. Our investigation stemmed from Trend Micro’s ZDI-CAN-25373 vulnerability, leading us to a small cluster of LNK files used in a multi-stage infection chain. We provide comprehensive malware analysis of XDigo, XDSpy’s Go implant, and its ties to previously known and unattributed XDSpy activities reported by third parties. We further provide in-depth technical analysis of an issue in LNK parsing we discovered being abused in this campaign."
        https://harfanglab.io/insidethelab/sadfuture-xdspy-latest-evolution/
        https://thehackernews.com/2025/06/xdigo-malware-exploits-windows-lnk-flaw.html

      Breaches/Hacks/Leaks

      • Canada Says Salt Typhoon Hacked Telecom Firm Via Cisco Flaw
        "The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. During the February 2025 incident, Salt Typhoon exploited the CVE-2023-20198 flaw, a critical Cisco IOS XE vulnerability allowing remote, unauthenticated attackers to create arbitrary accounts and gain admin-level privileges. The flaw was first disclosed in October 2023, when it was reported that threat actors had exploited it as a zero-day to hack over 10,000 devices."
        https://www.bleepingcomputer.com/news/security/canada-says-salt-typhoon-hacked-telecom-firm-via-cisco-flaw/
        https://www.ic3.gov/CSA/2025/250620.pdf
        https://hackread.com/salt-typhoon-targets-telecoms-router-flaws-fbi-canada/
        https://www.securityweek.com/chinas-salt-typhoon-hackers-target-canadian-telecom-firms/
      • McLaren Health Care Says Data Breach Impacts 743,000 Patients
        "McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang. Although the attack was discovered on August 5, 2024, forensic investigations determining who was impacted were only completed on May 5, 2025, with the notice circulation starting last Friday. McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds). It employs 490 physicians and 28,000 full-time staff while contracting with another 113,000 providers across Michigan and into Indiana."
        https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacts-743-000-patients/
        https://therecord.media/mclaren-health-care-data-breach-notification-ransomware
        https://www.bankinfosecurity.com/mclaren-health-says-743000-affected-by-2024-ransomware-hack-a-28785
        https://www.securityweek.com/743000-impacted-by-mclaren-health-care-data-breach/
        https://securityaffairs.com/179259/data-breach/mclaren-health-care-data-breach-impacted-over-743000-people.html
        https://www.theregister.com/2025/06/23/second_suspected_ransomware_attack_on/
      • Steel Giant Nucor Confirms Hackers Stole Data In Recent Breach
        "Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network. The steel giant employs more than 32,000 people in numerous mills across the U.S., Mexico, and Canada and reported a revenue of $30.73 billion last year. Nucor disclosed this incident last month, revealing that it took down some systems to contain the security breach and halted production at some of its facilities. It also said it had notified law enforcement authorities and hired external cybersecurity experts to assist with the recovery efforts and investigation."
        https://www.bleepingcomputer.com/news/security/steel-giant-nucor-confirms-hackers-stole-data-in-recent-breach/
        https://www.securityweek.com/steelmaker-nucor-says-hackers-stole-data-in-recent-attack/
        https://securityaffairs.com/179247/data-breach/american-steel-giant-nucor-confirms-data-breach-in-may-attack.html
      • Cyber Fattah Leaks Data From Saudi Games In Alleged Iranian Operation
        "Thousands of personal records linked to athletes and visitors of the Saudi Games have been leaked online following a cyber-attack attributed to the pro-Iranian hacktivist group Cyber Fattah. The breach was disclosed on June 22 2025, when the group published SQL dump files stolen via unauthorized access to phpMyAdmin systems. This is the latest in a growing trend of politically motivated cyber-attacks targeting high-profile regional events."
        https://www.infosecurity-magazine.com/news/cyber-fattah-leaks-data-saudi-games/
        https://securityaffairs.com/179239/cyber-warfare-2/iran-linked-threat-actors-cyber-fattah-leak-visitors-and-athletes-data-from-saudi-games.html
      • Iran-Linked Cyberattack Reportedly Disrupts Public Services In Albania’s Capital
        "A cyberattack by an Iranian hacker group disrupted multiple public services in Albania’s capital, Tirana, late last week, taking down the city’s official website and affecting local government operations, local media reported. The group, known as Homeland Justice and previously linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), claimed responsibility for the breach, saying it had taken down the city’s official website, exfiltrated data and wiped servers. The hackers cited Albania’s hosting of the exiled Iranian opposition group Mujahideen-e-Khalq (MEK) as the motive for the attack. The MEK, which has been based at a secured compound in Albania since 2013, has long strained relations between Tirana and Tehran and has made Albania a repeated target of Iranian-linked cyber operations."
        https://therecord.media/tirana-albania-government-cyberattack-iran-linked-group

      General News

      • How CISOs Can Justify Security Investments In Financial Terms
        "In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and elevate cybersecurity as a strategic driver."
        Priority: 3 - Important
        Relevance: General
        https://www.helpnetsecurity.com/2025/06/23/john-verry-cbiz-cyber-risk-business-terms/
      • Quantum Risk Is Already Changing Cybersecurity
        "A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s Too Late, urges companies to prepare for a world where today’s encryption could be broken by quantum computers. But it’s not all doom and gloom. The report focuses on what can be done now: starting with building what it calls cryptographic agility."
        https://www.helpnetsecurity.com/2025/06/23/quantum-cybersecurity-readiness/
      • 71% Of New Hires Click On Phishing Emails Within 3 Months
        "New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Based on data from 237 companies across various industries, the 2025 New Hires Phishing Susceptibility Report found that new hires are 44% more likely to fall for phishing and social engineering scams than longer-term employees. Many are unfamiliar with cybersecurity protocols and may mistake phishing emails for real requests. Onboarding can be overwhelming, making it easy to miss key security steps. New employees also tend to comply with suspicious requests to make a good impression, particularly if the message appears to come from someone in charge. Early security training is often delayed or too brief, leaving them unprepared."
        https://www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/
      • US Homeland Security Warns Of Escalating Iranian Cyberattack Risks
        "The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. This warning was issued as a National Terrorism Advisory System bulletin on Sunday and cautions that the Iranian conflict is causing a "heightened threat environment" in the United States, with "low-level" cyberattacks targeting networks in the U.S. likely."
        https://www.bleepingcomputer.com/news/security/us-homeland-security-warns-of-escalating-iranian-cyberattack-risks/
        https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025
        https://www.dhs.gov/sites/default/files/ntas/alerts/25_0622_S1_NTAS-Bulletin-508.pdf
        https://thehackernews.com/2025/06/dhs-warns-pro-iranian-hackers-likely-to.html
        https://www.darkreading.com/threat-intelligence/dhs-cyberattacks-iran-conflict
        https://www.bankinfosecurity.com/warnings-ratchet-over-iranian-cyberattack-a-28793
        https://www.infosecurity-magazine.com/news/us-risk-iranian-cyber-attacks/
        https://www.securityweek.com/us-braces-for-cyberattacks-after-joining-israel-iran-war/
        https://www.theregister.com/2025/06/23/iran_cyberattacks_against_us/
      • Revil Ransomware Members Released After Time Served On Carding Charges
        "Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. As they confirmed, Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev were involved in the Revil gang's carding activities between October 2015 and January 2022, according to the Russian state-owned news agency TASS. All four were found guilty by the court and sentenced to five years in prison, but were released from custody because the court considered they had served their sentence in a Russian detention center (SIZO) during the investigation and trial."
        https://www.bleepingcomputer.com/news/security/revil-hackers-released-after-time-served-on-carding-charges/
        https://cyberscoop.com/revil-ransomware-sentence-russia-time-served/
      • Clean Up In The Cybersecurity Aisle: Cybercriminals And Groceries
        "Picture this: You’re at the supermarket, looking for your favorite brand of cereal. But the shelves are empty, staff are frazzled, and the checkout terminals are flickering ominously. That’s not just a supply chain hiccup, it’s a direct result of the latest wave of cyberattacks targeting the UK’s biggest grocery chains. In 2025, major retailers like Co-op, Marks & Spencer, and Harrods found themselves at the mercy of criminals who didn’t need crowbars or ski masks; just a laptop and some cunning. Let’s unpack how these attacks happened, the tactics used, and most importantly, how any business can fortify its defenses against such digital heists."
        https://www.tripwire.com/state-of-security/clean-cybersecurity-aisle-cybercriminals-and-groceries
      • A CISO's AI Playbook
        "When you build kitchen cabinets for millions of American homes, "stable" is never the adjective you'd choose for your supply chain. Cabinetworks grew from a patchwork of century-old brands into the country's largest private cabinet maker, and our IT estate is just as eclectic: 20 production sites, cloud workloads, and a fistful of legacy systems that refuse to age out. In the pre-COVID expansion era, security funding flowed almost on autopilot. If a new control produced more telemetry, we paid to ingest it. If analysts fell behind, we opened another requisition. Boards still cared about risk, but few questioned whether incremental spending matched incremental benefit."
        https://www.darkreading.com/vulnerabilities-threats/ciso-ai-playbook

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b48a4dc3-0332-4fe4-9971-cdf38f579a5e-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post