NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 31 July 2025

    Cyber Security News
    1
    1
    254
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Voice Of SecOps Spotlight: AI’s Impact On Financial Services Cybersecurity
        "Earlier this year, we released the sixth edition of the Deep Instinct Voice of SecOps Report, “Cybersecurity & AI: Promises, Pitfalls – and Prevention Paradise.” This annual report delves into AI’s influence across enterprises, with a specific focus on Security Operations (SecOps) teams. This year, we found security teams were limited by AI knowledge gaps, inconsistent implementation, and mounting operational pressures, all while facing a complex, relentless AI-driven threat landscape. Drawing on this year’s data, we took a deeper dive into the sector facing the most significant threats – and the highest stakes: financial services. These firms must not only navigate escalating AI-driven cyber threats, but balance strict compliance requirements and the added pressure of safeguarding extremely sensitive, high-value data."
        https://www.deepinstinct.com/blog/voice-of-secops-spotlight-ai-impact-on-financial-services-cybersecurity

      New Tooling

      • Eviction Strategies Tool Released
        "Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes:
        Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations.
        COUN7ER: A database of atomic post-compromise countermeasures users can execute based on adversary tactics, techniques, and procedures."
        https://www.cisa.gov/news-events/alerts/2025/07/30/eviction-strategies-tool-released
        https://www.cisa.gov/eviction-strategies-tool
        https://github.com/cisagov/playbook-ng

      Vulnerabilities

      • Hackers Actively Exploit Critical RCE In WordPress Alone Theme
        "Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover. Wordfence is reporting the malicious activity, saying it has blocked over 120,000 exploitation attempts targeting its customers. The WordPress security firm also reports that the attacks started several days before public disclosure of the flaw, indicating that threat actors are monitoring changelogs and patches to discover trivially exploitable issues before alerts are sent to website owners."
        https://www.bleepingcomputer.com/news/security/hackers-actively-exploit-critical-rce-in-wordpress-alone-theme/
      • Apple Patches Security Flaw Exploited In Chrome Zero-Day Attacks
        "Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. Tracked as CVE-2025-6558, the security bug is due to the incorrect validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine) open-source graphics abstraction layer, which processes GPU commands and translates OpenGL ES API calls to Direct3D, Metal, Vulkan, and OpenGL. The vulnerability enables remote attackers to execute arbitrary code within the browser's GPU process via specially crafted HTML pages, potentially allowing them to escape the sandbox that isolates browser processes from the underlying operating system."
        https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/
        https://support.apple.com/en-us/124147
        https://thehackernews.com/2025/07/apple-patches-safari-vulnerability-also.html
        https://www.malwarebytes.com/blog/news/2025/07/apple-patches-multiple-vulnerabilities-in-ios-and-ipados-update-now
        https://www.securityweek.com/apple-patches-safari-vulnerability-flagged-as-exploited-against-chrome/
        https://securityaffairs.com/180595/security/apple-fixed-a-zero-day-exploited-in-attacks-against-google-chrome-users.html
      • Vulnerabilities Identified In Dahua Hero C1 Smart Cameras
        "Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device. The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication."
        https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
        https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.html
        https://www.bankinfosecurity.com/critical-flaws-found-in-dahua-cameras-a-29093
      • Top 5 GenAI Tools Vulnerable To Man-In-The-Prompt Attack, Billions Could Be Affected
        "LayerX researchers have identified a new class of exploit that directly targets these tools through a previously overlooked vector: the browser extension. This means that practically any user or organization that have browser extensions installed on their browsers (as 99% of enterprise users do) are potentially exposed to this attack vector. LayerX’s research shows that any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks. The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini."
        https://layerxsecurity.com/blog/man-in-the-prompt-top-ai-tools-vulnerable-to-injection/
        https://www.darkreading.com/vulnerabilities-threats/attackers-use-browser-extensions-inject-ai-prompts
      • Stack Overflows, Heap Overflows, And Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 And CVE-2025-40598)
        "It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf. If that’s the case, well done! SonicWall’s SMA100 series has proudly fulfilled the quota - possibly even qualified for a bonus. Our initial journey started with analyzing SonicWall N-days that were receiving coveted attention from our friendly APT groups. But somewhere along the way - deep in a fog of malformed headers and reverse proxy schenanigans - we stumbled across vulnerabilities that feel like they were preserved in amber from a more naïve era of C programming."
        https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-dread-sonicwall-sma100-cve-2025-40596-cve-2025-40597-and-cve-2025-40598/
        https://psirt.global.sonicwall.com/vuln-detail/snwlid-2025-0012
        https://hackread.com/sonicwall-patch-after-3-vpn-vulnerabilities-disclosed/

      Malware

      • Decrypted: FunkSec Ransomware
        "Researchers at Avast developed a decryptor for the FunkSec ransomware. We have been cooperating with law-enforcement agencies to help victims decrypt files for free. Because the ransomware is now considered dead, we released the decryptor for public download."
        https://www.gendigital.com/blog/insights/research/funksec-ai
        https://therecord.media/funksec-ransomware-decryptor-avast
        https://thehackernews.com/2025/07/funksec-ransomware-decryptor-released.html
      • China’s Covert Capabilities | Silk Spun From Hafnium
        "In July 2025, the Department of Justice (DOJ) released an indictment of two hackers, Xu Zewei and Zhang Yu, working on behalf of China’s Ministry of State Security (MSS) that sheds new light on the People’s Republic of China’s (PRC) contracting ecosystem. The indictment outlined that Xu and Zhang worked for two firms previously unattributed in the public domain to the Hafnium (aka Silk Typhoon) threat actor group. Hafnium has a long history of attacks against defense contractors, policy think tanks, higher education, and infectious disease research institutions, with an exceptionally prolific 2021 campaign that exploited several 0-day vulnerabilities in Microsoft Exchange Server (MES). Hafnium’s history of exploits and 0day use, combined with its targets and observed campaigns make it one of China’s best APTs."
        https://www.sentinelone.com/labs/chinas-covert-capabilities-silk-spun-from-hafnium/
        https://thehackernews.com/2025/07/chinese-firms-linked-to-silk-typhoon.html
        https://therecord.media/patents-silk-typhoon-company-beijing
        https://www.darkreading.com/threat-intelligence/silk-typhoon-powerful-offensive-tools-prc
        https://www.infosecurity-magazine.com/news/hafnium-chinese-surveillance-tools/
      • Cobalt Strike Beacon Delivered Via GitHub And Social Media
        "In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered information about their payload via profiles on both Russian and international social media platforms, as well as other popular sites supporting user-generated content. The samples we analyzed communicated with GitHub, Microsoft Learn Challenge, Quora, and Russian-language social networks. The attackers thus aimed to conceal their activities and establish a complex execution chain for the long-known and widely used Cobalt Strike Beacon."
        https://securelist.com/cobalt-strike-attacks-using-quora-github-social-media/117085/
      • Threat Spotlight: How Attackers Poison AI Tools And Defenses
        "Barracuda has reported on how generative AI is being used to create and distribute spam emails and craft highly persuasive phishing attacks. These threats continue to evolve and escalate — but they are not the only ways in which attackers leverage AI. Security researchers are now seeing threat actors manipulate companies’ AI tools and tamper with their AI security features in order to steal and compromise information and weaken a target’s defenses."
        https://blog.barracuda.com/2025/07/30/threat-spotlight-attackers-poison-ai-tools-defenses
      • Scammers Unleash Flood Of Slick Online Gaming Sites
        "Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied “promo code,” interested players can claim a $2,500 credit on the advertised gaming website."
        https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/

      Breaches/Hacks/Leaks

      • ShinyHunters Behind Salesforce Data Theft Attacks At Qantas, Allianz Life, And LVMH
        "A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. In June, Google's Threat Intelligence Group (GTIG) warned that threat actors tracked as UNC6040 were targeting Salesforce customers in social engineering attacks. In these attacks, the threat actors impersonated IT support staff in phone calls to targeted employees, attempting to persuade them into visiting Salesforce's connected app setup page. On this page, they were told to enter a "connection code", which linked a malicious version of Salesforce's Data Loader OAuth app to the target's Salesforce environment."
        https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/
      • SafePay Ransomware Threatens To Leak 3.5TB Of Ingram Micro Data
        "The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month. Ingram Micro is one of the world's largest business-to-business service providers and technology distributors, offering a wide range of solutions to resellers and managed service providers worldwide, including hardware, software, cloud services, logistics, and training. While BleepingComputer first reported on July 5 that SafePay was behind this incident, the ransomware gang didn't claim responsibility for the attack until earlier this week, when it added the tech giant to its dark web leak portal."
        https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/
        https://www.theregister.com/2025/07/30/ingram_micro_ransomware_threat/
      • UNC2891 Bank Heist: Physical ATM Backdoor & Linux Forensic Evasion Evasion
        "When investigating cyber intrusions, the focus is often on payloads, lateral movement, or impact. But in many real-world cases, initial access remains a blind spot in both public research and internal post-incident analysis. This blog uncovers a unique, stealthy approach used by a financially motivated threat actor group to compromise critical banking infrastructure. It reveals a previously undocumented anti-forensics technique (now recognized in MITRE ATT&CK), backdoor presence invisible to process listings, and a rare instance of physical network compromise using embedded hardware."
        https://www.group-ib.com/blog/unc2891-bank-heist/
        https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/
        https://www.infosecurity-magazine.com/news/backdoor-atm-network-raspberry-pi/
      • Dollar Tree Denies Ransomware Claims, Says Stolen Data Is From Defunct Discount Chain
        "Discount retail giant Dollar Tree denied that its systems were impacted by ransomware after a cybercriminal operation claimed on Wednesday to have attacked the company. A company spokesperson told Recorded Future News that it is aware of the claims but said they believe the group actually targeted 99 Cents Only Stores — another discount shopping chain that declared bankruptcy last year and has since shut down. “The files referenced in these claims appear to involve former 99 Cents Only employees. Dollar Tree’s involvement with 99 Cents Only Stores is related to the purchase of select real estate lease rights following their closure,” the spokesperson said."
        https://therecord.media/dollar-tree-discount-stolen-data
        https://hackread.com/inc-ransomware-1-2tb-data-breach-at-dollar-tree/
      • Cyberattack Shuts Down Hundreds Of Russian Pharmacies, Disrupts Healthcare Services
        "Hundreds of pharmacies across Russia shut down this week after a cyberattack hit two of the country’s largest pharmacy chains, disrupting payments and access to medication reservations for patients. The Stolichki pharmacy chain, which operates about 1,000 stores across Russia confirmed that a technical failure that halted its operations on Tuesday was caused by a hack. As of Wednesday, Stolichki was still working to fully restore its services, with about half of its stores reopened. Another major chain, Neofarm, which runs more than 110 pharmacies in Moscow and St. Petersburg, also suspended operations, posting notices at storefronts citing “technical issues.” Online services for both chains, including drug reservations and loyalty programs, were disrupted, and employees were sent home."
        https://therecord.media/cyberattack-shuts-down-russian-pharmacies

      General News

      • Why CISOs Should Rethink Identity Risk Through Attack Paths
        "Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity governance, PAM, and MFA aren’t enough. They help manage access, but they miss the bigger problem: how identity and privilege sprawl across the environment in ways that attackers can string together."
        https://www.helpnetsecurity.com/2025/07/30/ciso-attack-path-management-apm/
      • AI Is Here, Security Still Isn’t
        "Although 79% of organizations are already running AI in production, only 6% have put in place a comprehensive security strategy designed specifically for AI. As a result, most enterprises remain exposed to threats they are not yet prepared to detect or respond to, according to the SandboxAQ AI Security Benchmark Report."
        https://www.helpnetsecurity.com/2025/07/30/report-ai-security-readiness-gap/
      • Boards Shift Focus To Tech And Navigate Cautious Investors
        "Corporate boards are adjusting to a more uncertain proxy landscape, according to EY’s 2025 Proxy Season Review. The report highlights four key 2025 proxy season trends shaping governance this year: more oversight of technology, fewer shareholder proposals (especially on sustainability), stronger support for directors, and continued approval of executive pay packages."
        https://www.helpnetsecurity.com/2025/07/30/ey-2025-proxy-season-trends/
      • The Hidden Risks Of Browser Extensions – And How To Stay Safe
        "What would we do without the web browser? For most of us, it’s our gateway to the digital world. But browsers are such a familiar tool today that we’re in danger of giving them a free ride. In fact, there are plenty of rogue extensions masquerading as legitimate ad blockers, AI assistants, or even security tools that are designed to steal our data, send us to malicious sites and flood our screen with popups. For example, earlier this year, a malicious campaign was uncovered that may have impacted dozens of extensions and compromised nearly three million users. Next time you’re thinking about downloading a web browser add-on, think through the following risks."
        https://www.welivesecurity.com/en/cybersecurity/hidden-risks-browser-extensions/
      • The Food Supply Chain Has a Cybersecurity Problem
        "It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now. Despite agriculture’s importance, cybersecurity in this field doesn’t get the attention it deserves. Farms, processing plants, and distribution systems are going digital, and that’s opening the door to cyber attacks. A big problem is that a lot of the technology farms and food companies use was built long before cyberattacks became such a serious issue. That makes it tough to secure these systems or upgrade them to meet today’s threats."
        https://www.helpnetsecurity.com/2025/07/30/agri-food-sector-cybersecurity/
      • Google Redirect Abuse In 2024: Key Trends & Tactics
        "In recent years, threat actors have persistently adapted their methods to bypass security defenses and exploit Google Accelerated Mobile Pages (AMP) and Google redirect methods. Google AMP is an open-source HTML framework that is primarily used to build websites for both mobile and desktop users. While Google AMP was created to enhance the performance of web content, threat actors continue to find new ways to abuse its features for malicious purposes. In this article, Cofense Intelligence will be revisiting the Google AMP Abuse Strategic Analysis from early 2023 to compare the phishing techniques previously documented, as well as exploring how threat actors have changed their approach to continue to remain effective against improved security defenses."
        https://cofense.com/blog/google-redirect-abuse-in-2024-key-trends-tactics
      • Cybersecurity Trends 2025: What’s Really Coming For Your Digital Defenses
        "The cybersecurity world isn’t just changing, it’s getting a complete makeover. With approximately 600 million cyberattacks per day in 2025, translating to 54 victims every second, the stakes have never been higher. If you’re running a business in 2025, cybersecurity isn’t some back-burner IT concern anymore. It’s your digital lifeline. Whether you’re launching a startup that needs to search for a Domain or protecting an enterprise that’s weathered every tech storm since Y2K, understanding this year’s cybersecurity shifts isn’t optional; it’s survival."
        https://hackread.com/cybersecurity-trends-2025-whats-your-digital-defenses/
      • Extortion Evolves: Akamai SOTI Report Examines The Increasing Complexity Of Ransomware Attacks
        "Akamai Technologies (NASDAQ: AKAM), the cybersecurity and cloud computing company that powers and protects business online, has found that threat actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach. According to the new Akamai State of the Internet (SOTI) report, Ransomware Report 2025: Building Resilience Amid a Volatile Threat Landscape, the emerging trend of quadruple extortion includes using distributed denial-of-service (DDoS) attacks to disrupt business operations and harassing third parties — like customers, partners, and media — to increase the pressure on the victim. It builds on double extortion ransomware in which attackers simply encrypt a victim’s data and threaten to leak it publicly if the ransom isn’t paid."
        https://www.akamai.com/newsroom/press-release/akamai-soti-report-examines-the-increasing-complexity-of-ransomware-attacks
        https://www.akamai.com/lp/soti/ransomware-trends-2025
        https://hackread.com/trickbot-behind-724-million-crypto-theft-extortion/
      • State Of Exploitation - A Look Into The 1H-2025 Vulnerability Exploitation & Threat Activity
        "In the first half of 2025, VulnCheck identified 432 CVEs with evidence of exploitation in the wild for the first time. Known exploited vulnerabilities were disclosed by 82 distinct sources. We continue to see vulnerabilities being exploited at a fast pace with 32.1% of vulnerabilities being exploited on or before the day of the CVE disclosure, often representing zero-day exploitation. This demonstrates the need for defenders to move quickly on emerging threats while continuing to burn down their vulnerability debt."
        https://www.vulncheck.com/blog/state-of-exploitation-1h-2025
        https://www.infosecurity-magazine.com/news/third-kev-exploited/
      • Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report
        "Ransomware remains one of the most persistent threats facing enterprises and public sector organizations. The latest research from ThreatLabz confirms that attacks are not only increasing in volume, but also shifting toward more targeted, data-driven extortion tactics. The newly released Zscaler ThreatLabz 2025 Ransomware Report examines year-over-year spikes in ransomware activity blocked by the Zscaler cloud and a significant rise in public extortion cases. Together, these findings point to a critical reality: today’s ransomware threat landscape demands a new level of operational vigilance and a fundamentally different security architecture than traditional security models provide."
        https://www.zscaler.com/blogs/security-research/ransomware-surges-extortion-escalates-threatlabz-2025-ransomware-report
      • IBM: Average Cost Of a Data Breach In US Shoots To Record $10 Million
        "For the first time in five years, the average costs associated with a data breach globally has fallen, dropping to $4.4 million, according to data from IBM. But the numbers were not the same in every country and — unfortunately for Americans — the costs of a breach in the U.S. grew precipitously to more than $10 million. The cost increases in the U.S. were driven by steeper regulatory penalties and the rising cost of detection systems. The global average cost of a data breach fell from $4.88 million in 2024, a 9% decrease that now matches numbers seen in 2023. Globally, organizations are becoming faster at identifying breaches and containing them using automated tools."
        https://therecord.media/ibm-data-breach-report-us-losses
        https://www.securityweek.com/cost-of-data-breach-in-us-rises-to-10-22-million-says-latest-ibm-report/
        https://cyberscoop.com/ibm-cost-data-breach-2025/
        https://www.infosecurity-magazine.com/news/data-breach-costs-fall/
        https://www.theregister.com/2025/07/30/firms_are_neglecting_ai_security/
      • Google Project Zero To Publicly Announce Bugs Within a Week Of Reporting Them
        "The elite bug-hunters at Google Project Zero are taking aim at how long it takes to fix cybersecurity vulnerabilities by publicly announcing bugs within a week of reporting them privately to vendors. Previously the team of security researchers followed the 90+30 timetable, where vendors were told about a bug and given 90 days to fix it. Then, 30 days after that patch was shipped, the full technical details about the bug were published. This timetable is still going to be used, according to the Project Zero announcement, but now within one week of reporting a bug the team will also publicly share that a vulnerability had been discovered to alert other companies that might be affected."
        https://therecord.media/google-project-zero-publicly-announce-vulnerabilities-week-after-reporting
        https://www.infosecurity-magazine.com/news/google-report-new-vulnerabilities/
      • 2025 Unit 42 Global Incident Response Report: Social Engineering Edition
        "We see social engineering evolving into one of the most reliable, scalable and impactful intrusion methods in 2025 for five key reasons: First, social engineering remained the top initial access vector in Unit 42 incident response cases between May 2024 and May 2025. These attacks consistently bypassed technical controls by targeting human workflows, exploiting trust and manipulating identity systems. More than one-third of social engineering incidents involved non-phishing techniques, including search engine optimization (SEO) poisoning, fake system prompts and help desk manipulation. Second, high-touch attacks are on the rise. Threat actors such as Muddled Libra bypass multi-factor authentication (MFA) and exploit IT support processes to escalate privileges in minutes, often without malware. In one case, a threat actor moved from access to domain administrator in under 40 minutes using only built-in tools and social pretexts."
        https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 717fb0cf-200a-4df3-8e80-cd44297c88dc-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post