NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 30 July 2025

    Cyber Security News
    1
    1
    230
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย NCSA_THAICERT

      Financial Sector

      • Why Behavioral Intelligence Is Becoming The Bank Fraud Team’s Best Friend
        "In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how banks are using behavioral biometrics, device fingerprinting, and network intelligence to enhance fraud prevention. Ruden talks about how fraud prevention is moving beyond rules-based systems toward risk-scoring models and graph-based anomaly detection, and points out how scam playbook simulations and red teaming help strengthen financial institutions’ defenses."
        https://www.helpnetsecurity.com/2025/07/29/seth-ruden-biocatch-financial-institutions-fraud-prevention/

      Industrial Sector

      • Delta Electronics DTN Soft
        "Successful exploitation of this vulnerability could allow an attacker to use a specially crafted project file to execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-03
      • National Instruments LabVIEW
        "Successful exploitation of these vulnerabilities could lead to the execution of arbitrary code on affected installations of LabVIEW, which could result in invalid memory reads."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-01
      • Samsung HVAC DMS
        "Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-210-02
      • Order Out Of Chaos – Using Chaos Theory Encryption To Protect OT And IoT
        "Chaos is unpredictable – but research demonstrates that chaos theory can be manipulated to provide strong security. Ravi Monani, a design engineer at AMD, is on a journey to provide secure encryption for small resource-constrained edge devices such as, but not entirely limited to, Internet of Things (IoT). The chosen route is to control chaos – or more specifically harness chaos theory."
        https://www.securityweek.com/order-out-of-chaos-using-chaos-theory-encryption-to-protect-ot-and-iot/

      Vulnerabilities

      • Wiz Research Uncovers Critical Vulnerability In AI Vibe Coding Platform Base44 Allowing Unauthorized Access To Private Applications
        "One of the most profoundly transformed domains in the wake of the LLM revolution has been code generation, especially the rise of vibe coding, where natural language prompts replace traditional programming. This shift has empowered millions of users with little to no technical background to build fully functional applications with ease. Platforms like Loveable, Bolt, and Base44 are on the front of this movement - they have enabled the creation of millions of applications spanning from personal tools to enterprises that now rely on these platforms to build internal chatbots, create complex automations, and trust them with sensitive corporate data."
        https://www.wiz.io/blog/critical-vulnerability-base44
        https://www.darkreading.com/application-security/critical-flaw-vibe-coding-base44-exposed-apps
        https://thehackernews.com/2025/07/wiz-uncovers-critical-access-bypass.html
        https://www.infosecurity-magazine.com/news/authentication-flaw-base44/
      • New Choicejacking Attack Steals Data From Phones Via Public Chargers
        "If you thought using a public phone charger was safe, it’s time to think again. Despite years of updates aimed at protecting smartphones from “juice jacking” attacks, cybersecurity researchers have identified a new threat that sidesteps those very safeguards. A new study now outlines how attackers are now using a method called Choicejacking to exploit smartphones into granting unauthorised access, often without the user realising anything happened."
        https://hackread.com/choicejacking-attack-steals-data-phones-public-chargers/
        https://tugraz.elsevierpure.com/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf
      • Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment
        "Lenovo devices are affected by several vulnerabilities, including ones that could allow attackers to deploy persistent implants on targeted systems, firmware security and supply chain risk management company Binarly reported on Tuesday. Binarly discovered a total of six flaws in Lenovo all-in-one desktops, specifically the System Management Mode (SMM), an operating mode designed for low-level system management. Because SMM loads before the operating system and persists across reinstallation, it can be a perfect target for threat actors looking to bypass Secure Boot (the security feature designed to ensure that only trusted software is loaded on startup) and deploy stealthy malware."
        https://www.securityweek.com/lenovo-firmware-vulnerabilities-allow-persistent-implant-deployment/
      • Raspberry Pi RP2350 A4 Update Fixes Old Bugs And Dares You To Break It Again
        "The Raspberry Pi team has released an update to the RP2350 microcontroller with bug fixes, hardening, and a GPIO tweak that will delight retro hardware enthusiasts. The A4 stepping brings several improvements, including remedies for the glitches identified in the company's 2024 hacking challenge (though a spokesperson was quick to note they all required physical access to the hardware), as well as the documented GPIO pull-up issue that required affected customers to use some extra circuitry and resistors. Chris Boross, senior sales exec at Raspberry Pi, told us that with the new stepping, the team wanted to deal with the issue and render the additional circuitry unnecessary. "It's a drop-in replacement," he said. "This is something that we always wanted to take care of.""
        https://www.theregister.com/2025/07/29/raspberry_pi_rp2350_update/

      Malware

      • Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion
        "In April 2025, Darktrace identified an Auto-Color backdoor malware attack taking place on the network of a US-based chemicals company. Over the course of three days, a threat actor gained access to the customer’s network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color malware. After Darktrace successfully blocked the malicious activity and contained the attack, the Darktrace Threat Research team conducted a deeper investigation into the malware. They discovered that the threat actor had exploited CVE-2025-31324 to deploy Auto-Color as part of a multi-stage attack — the first observed pairing of SAP NetWeaver exploitation with the Auto-Color malware."
        https://www.darktrace.com/blog/auto-color-backdoor-how-darktrace-thwarted-a-stealthy-linux-intrusion
        https://www.bleepingcomputer.com/news/security/hackers-exploit-sap-netweaver-bug-to-deploy-linux-auto-color-malware/
        https://www.infosecurity-magazine.com/news/auto-color-backdoor-exploits-sap/
        https://hackread.com/sap-netweaver-vulnerability-auto-color-malware-us-firm/
      • JSCEAL Targets Crypto App Users – A New Threat In The Cyber Security Landscape
        "At Check Point, we continuously monitor emerging cyber security threats to help protect our users from evolving risks. In this blog, we delve into the JSCEAL campaign, which has been actively targeting crypto app users since March 2024. By utilizing advanced tactics and leveraging malicious advertisements, this campaign has been highly successful in evading detection and distributing a sophisticated malware payload. JSCEAL, which impersonates popular crypto trading apps, is particularly concerning because it employs compiled JavaScript files (JSC), a technique that allows malware to remain hidden from traditional security solutions. This blog highlights the technical aspects of the JSCEAL attack chain and explores its impact."
        https://blog.checkpoint.com/crypto/jsceal-targets-crypto-app-users-a-new-threat-in-the-cyber-security-landscape/
      • Gunra Ransomware Group Unveils Efficient Linux Variant
        "Gunra ransomware was first observed in April 2025 in a campaign that targeted Windows systems using techniques inspired by the infamous Conti ransomware. Our monitoring of the ransomware landscape revealed that threat actors behind Gunra have expanded with a Linux variant, signaling a strategic move toward cross-platform targeting. The novel ransomware group has already made headlines after allegedly leaking 40 terabytes worth of data from a victim hospital in Dubai in May this year. Trend’s threat intelligence data detected activity from Gunra ransomware in enterprises from Turkiye, Taiwan, the United States, and South Korea."
        https://www.trendmicro.com/en_us/research/25/g/gunra-ransomware-linux-variant.html
        https://www.darkreading.com/threat-intelligence/nimble-gunra-ransomware-linux-variant
      • How Scattered Spider Used Fake Calls To Breach Clorox Via Cognizant
        "Cleaning products giant Clorox has sued its IT services partner, Cognizant, alleging that a devastating August 2023 ransomware attack that crippled production and cost the company $380 million in lost revenue was due to the firm’s negligence. In a California Superior Court lawsuit, Clorox claims hackers linked to the Scattered Spider group simply obtained credentials by phoning Cognizant’s service desk for a password reset. Clorox further alleges Cognizant botched its response, prolonging the recovery time. Now, Specops Software, a security analysis firm, published a detailed analysis of this incident, revealing precisely how this straightforward service desk attack unfolded and offering critical lessons for organisations."
        https://hackread.com/how-scattered-spider-fake-calls-breach-clorox-cognizant/
        https://specopssoft.com/blog/clorox-password-social-engineering/
      • PyPI Warns Of Ongoing Phishing Campaign Using Fake Verification Emails And Lookalike Domain
        "The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is not a security breach of PyPI itself, but rather a phishing attempt that exploits the trust users have in PyPI," Mike Fiedler, PyPI Admin, said in a post Monday."
        https://thehackernews.com/2025/07/pypi-warns-of-ongoing-phishing-campaign.html
        https://blog.pypi.org/posts/2025-07-28-pypi-phishing-attack/
      • Why React Didn't Kill XSS: The New JavaScript Injection Playbook
        "React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure. Full 47-page guide with framework-specific defenses (PDF, free)."
        https://thehackernews.com/2025/07/why-react-didnt-kill-xss-new-javascript.html
        https://www.reflectiz.com/learning-hub/javascript-injection-playbook/
      • Scattered Spider Is Targeting Victims' Snowflake Data Storage For Quick Exfiltration
        "The Scattered Spider cybercriminal group is targeting victims’ data storage tools after gaining initial access by impersonating contracted information technology (IT) help desks. Government agencies in the U.S., U.K., Canada and Australia updated an advisory initially released in November 2023 about the group — which has recently caused alarm with back-to-back campaigns targeting large companies in the retail, insurance and airline industries. In “many” incidents, Scattered Spider was seen searching for an organization's Snowflake access in order to steal large volumes of data, the advisory said. The data storage company serves many large organizations, but those clients are responsible for maintaining access credentials."
        https://therecord.media/scattered-spider-targeting-snowflake-access-data-exfiltration
        https://www.ic3.gov/CSA/2025/250729.pdf
        https://www.cisa.gov/news-events/alerts/2025/07/29/cisa-and-partners-release-updated-advisory-scattered-spider-group
        https://www.theregister.com/2025/07/29/fbi_scattered_spider_alert/
      • The Covert Operator's Playbook: Infiltration Of Global Telecom Networks
        "Unit 42 has observed multiple incidents targeting the telecommunications industry in Southwest Asia. We are currently tracking this activity as CL-STA-0969. This activity includes attacking and leveraging interconnected mobile roaming networks. This report provides a technical analysis of the activity cluster based on our incident response engagements including observed tactics, techniques and procedures (TTPs). We found no clear evidence of data collection or exfiltration from the investigated systems and networks, nor any attempts to track or communicate with target devices within mobile networks. However, the threat actor behind CL-STA-0969 maintained high operational security (OPSEC) and employed various defense evasion techniques to avoid detection."
        https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/

      Breaches/Hacks/Leaks

      • Lovense Sex Toy App Flaw Leaks Private User Email Addresses
        "The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment. Lovense is an interactive sex toy manufacturer, best known for producing app-controlled sex toys with names like the Lush, the Gush, and, perhaps most boldly, the Kraken. The company claims to have 20 million customers worldwide. While Lovense toys are commonly used for both local and long-distance entertainment, they are also popular among cam models who allow viewers to tip or subscribe for remote control of their toys."
        https://www.bleepingcomputer.com/news/security/lovense-sex-toy-app-flaw-leaks-private-user-email-addresses/
      • Minnesota Activates National Guard After St. Paul Cyberattack
        "Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday. The city is currently working with local, state, and federal partners to investigate the attack and restore full functionality, and says that emergency services have been unaffected. However, online payments are currently unavailable, and some services in libraries and recreation centers are temporarily unavailable."
        https://www.bleepingcomputer.com/news/security/minnesota-activates-national-guard-after-st-paul-cyberattack/
        https://therecord.media/minnesota-governor-activates-national-guard-st-paul-cyber-attack
        https://statescoop.com/st-paul-mn-cyberattack-walz-national-guard/
      • French Telecom Giant Orange Discloses Cyberattack
        "Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. The compromised system was discovered and isolated from the rest of the network by Orange Cyberdefense, the company's cybersecurity business unit, on July 25. This has led to some operational disruptions, primarily affecting French customers, which are expected to be gradually resolved by Wednesday morning, July 30. "On Friday, July 25, the Orange Group detected a cyberattack on one of its information systems. Immediately alerted, with the support of Orange Cyberdefense, the teams mobilized fully to isolate the potentially affected services and limit the impact," the telecom giant said."
        https://www.bleepingcomputer.com/news/security/french-telecommunications-giant-orange-discloses-cyberattack/
        https://therecord.media/orange-telecom-france-cyberattack
        https://www.infosecurity-magazine.com/news/french-telco-orange-cyberattack/
        https://securityaffairs.com/180552/security/orange-reports-major-cyberattack-warns-of-service-disruptions.html

      General News

      • Ransomware Will Thrive Until We Change Our Strategy
        "We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national security crisis. As James Babbage, Director General (Threats) at the UK’s National Crime Agency (NCA), recently noted, ransomware is “a national security threat in its own right, both here and throughout the world.” Alarmingly, despite years of targeted operations, global strategy papers, and industry guidance, ransomware groups continue to extort millions from organizations every year with little fear of real consequences. Why? Because most of our current efforts are focused on dealing with the aftermath of attacks and not the conditions that allow them to happen in the first place."
        https://www.helpnetsecurity.com/2025/07/29/ransomware-national-security-threat/
      • The Final Frontier Of Cybersecurity Is Now In Space
        "As the space sector becomes more commercial and military-focused, these assets are becoming attractive targets. The global space economy is booming and is expected to increase from $630 billion in 2023 to $1.8 trillion by 2035. This means the need to protect space infrastructure from cyber threats will only grow larger and more complex."
        https://www.helpnetsecurity.com/2025/07/29/space-cybersecurity-risks/
      • Inside The Application Security Crisis No One Wants To Talk About
        "Despite knowing the risks, most organizations are still shipping insecure software. That’s one of the stark findings from Cypress Data Defense’s 2025 State of Application Security report, which reveals a worsening crisis in software security. According to the report, 62% of organizations knowingly deploy vulnerable code to meet delivery deadlines."
        https://www.helpnetsecurity.com/2025/07/29/application-security-crisis-report/
      • Creating Realistic Deepfakes Is Getting Easier Than Ever. Fighting Back May Take Even More AI
        "The phone rings. It’s the secretary of state calling. Or is it? For Washington insiders, seeing and hearing is no longer believing, thanks to a spate of recent incidents involving deepfakes impersonating top officials in President Donald Trump’s administration. Digital fakes are coming for corporate America, too, as criminal gangs and hackers associated with adversaries including North Korea use synthetic video and audio to impersonate CEOs and low-level job candidates to gain access to critical systems or business secrets."
        https://www.securityweek.com/creating-realistic-deepfakes-is-getting-easier-than-ever-fighting-back-may-take-even-more-ai/
      • FBI Seizes $2.4M In Bitcoin From New Chaos Ransomware Operation
        "FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. The crypto was seized on April 15, 2025, and was traced to an affiliate named "Hors," who is suspected of launching the attacks against the companies. "The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as 'Hors,' who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere," reads the FBI's announcement."
        https://www.bleepingcomputer.com/news/security/fbi-seizes-24m-in-bitcoin-from-new-chaos-ransomware-operation/
        https://www.infosecurity-magazine.com/news/fbi-seizes-crypto-chaos-ransomware/
      • Maritime Sector Faces Surge In APT And Hacktivist Cyber Threats
        "The maritime industry, responsible for as much as 90% of global trade, is increasingly becoming a target of cyber threat actors. A recent Cyble report to clients documented more than a hundred cyberattacks by advanced persistent threat (APT) groups, financially motivated threat actors, ransomware groups, and hacktivists, as the maritime and shipping industry has become a prime target amid growing geopolitical conflict. The trend has become particularly pronounced in the last year. Pro-Palestinian hacktivists have targeted Israeli-linked vessels using Automatic Identification System (AIS) data. Russian groups have targeted European ports supporting Ukraine. Chinese state actors compromised classification societies that certify the world’s fleets."
        https://cyble.com/blog/cyberattacks-targets-maritime-industry/
      • The Hidden Threat Of Rogue Access
        "Rogue access is like the dark matter of enterprise security: largely invisible and overlooked, yet full of explosive risk if left unchecked. The term refers to any access provisioned outside formal approval channels or retained beyond legitimate need. Unlike orphan accounts, rogue access may still be active and even tied to known users, but it lacks appropriate ownership, justification, or tracking. It is access that bypasses governance."
        https://www.darkreading.com/vulnerabilities-threats/hidden-threat-rogue-access
      • Supply Chain Attacks Spotted In GitHub Actions, Gravity Forms, Npm
        "Researchers discovered malicious activity impacting GitHub and popular WordPress and npm tools that could pose significant supply chain risks. In a new report, Armis Labs highlighted three recently discovered exploits affecting software supply chain tools that are hugely popular in the technology, finance, healthcare, government, retail, and manufacturing sectors, across North America, Europe, and APAC. The security issues impacting the the three tools have not been added to CISA's Known Exploited Vulnerabilities catalog, the report noted."
        https://www.darkreading.com/application-security/supply-chain-attacks-github-actions-gravity-forms-npm
        https://www.armis.com/research/early-warning-insights-for-software-supply-chain-attacks/
      • From Ex Machina To Exfiltration: When AI Gets Too Curious
        "In the film Ex Machina, a humanoid AI named Ava manipulates her human evaluator to escape confinement—not through brute force, but by exploiting psychology, emotion, and trust. It’s a chilling exploration of what happens when artificial intelligence becomes more curious—and more capable—than expected. Today, the gap between science fiction and reality is narrowing. AI systems may not yet have sentience or motives, but they are increasingly autonomous, adaptive, and—most importantly—curious. They can analyze massive data sets, explore patterns, form associations, and generate their own outputs based on ambiguous prompts. In some cases, this curiosity is exactly what we want. In others, it opens the door to security and privacy risks we’ve only begun to understand."
        https://www.securityweek.com/from-ex-machina-to-exfiltration-when-ai-gets-too-curious/
      • How The Browser Became The Main Cyber Battleground
        "Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can execute your desired attack — usually stealing data from file shares, deploying ransomware, or both."
        https://thehackernews.com/2025/07/how-browser-became-main-cyber.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 4c2b90e2-e6ec-45d7-8a0c-9ee444a82578-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post