NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 06 August 2025

    Cyber Security News
    1
    1
    301
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Tigo Energy Cloud Connect Advanced
        "Successful exploitation of these vulnerabilities could allow attackers to gain unauthorized administrative access using hard-coded credentials, escalate privileges to take full control of the device, modify system settings, disrupt solar energy production, interfere with safety mechanisms, execute arbitrary commands via command injection, cause service disruptions, expose sensitive data, and recreate valid session IDs to access sensitive device functions on connected solar inverter systems due to insecure session ID generation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02
      • Mitsubishi Electric Iconics Digital Solutions Multiple Products
        "Successful exploitation of this vulnerability could result in information tampering."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-01

      Vulnerabilities

      • Adobe Issues Emergency Fixes For AEM Forms Zero-Days After PoCs Released
        "Adobe released emergency updates for two zero-day flaws in Adobe Experience Manager (AEM) Forms on JEE after a PoC exploit chain was disclosed that can be used for unauthenticated, remote code execution on vulnerable instances.
        https://www.bleepingcomputer.com/news/security/adobe-issues-emergency-fixes-for-aem-forms-zero-days-after-pocs-released/
      • ReVault! When Your SoC Turns Against You…
        "Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise persistence technique that can remain even across Windows reinstalls. The ReVault attack can also be used as a physical compromise to bypass Windows Login and/or for any local user to gain Admin/System privileges."
        https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/
        https://therecord.media/critical-firmware-vulnerability-security-professionals
        https://hackread.com/dell-laptop-models-vulnerabilities-impacting-millions/
        https://www.theregister.com/2025/08/05/millions_of_dell_pc_with/
        https://www.helpnetsecurity.com/2025/08/05/dell-laptops-firmware-vulnerabilities-revault-attacks/
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2020-25078 D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
        CVE-2020-25079 D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
        CVE-2022-40799 D-Link DNR-322L Download of Code Without Integrity Check Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/08/05/cisa-adds-three-known-exploited-vulnerabilities-catalog

      Malware

      • Cursor IDE: Persistent Code Execution Via MCP Trust Bypass
        "Cursor is one of the fastest-growing AI-powered coding tools used by developers today. It combines local code editing with powerful large language model (LLM) integrations to help teams write, debug, and explore code more efficiently. But with that deep integration comes increased trust in automated workflows — and increased risk when that trust is exploited. As AI-driven developer environments become more embedded in software development workflows, Check Point Research set out to evaluate the security model behind these tools, especially in collaborative environments where code, configuration files, and AI-based plugins are frequently shared across teams and repositories."
        https://blog.checkpoint.com/research/cursor-ide-persistent-code-execution-via-mcp-trust-bypass/
        https://research.checkpoint.com/2025/cursor-vulnerability-mcpoison/
        https://thehackernews.com/2025/08/cursor-ai-code-editor-vulnerability.html
        https://www.darkreading.com/vulnerabilities-threats/rce-flaw-ai-coding-tool-supply-chain-risk
        https://www.theregister.com/2025/08/05/mcpoison_bug_abuses_cursor_mcp/
      • Multi-RMM Attack: Splashtop Streamer And Atera Payloads Delivered Via Discord CDN Link
        "Remote Monitoring and Management (RMM) software is in every IT toolbox, and with increasing frequency, many bad actors’ too. Once an RMM has been installed maliciously, an attacker can take control of the machine to exfiltrate data, lock it down for ransom, use it as a proxy to deliver other attacks, and more, making RMMs a great way to attack or cover tracks. In a recent attack, we saw two RMMs delivered in a single malicious payload. With two RMMs running, an attacker maintains remote control even if one RMM is discovered. This attack involved a compromised email account, OneDrive impersonation, and file extension manipulation in order to deliver the payload. Let’s take a look."
        https://sublime.security/blog/multi-rmm-attack-splashtop-streamer-and-atera-payloads-delivered-via-discord-cdn-link/
        https://hackread.com/discord-cdn-link-deliver-rat-disguised-onedrive-file/
      • Alleged ‘tap-In’ Scammer Advertised Services On Social Media
        "Would you give a complete stranger your credit card in return for the promise of easy money? No, neither would we. But apparently well over a hundred people did. Hillsborough County Sheriff’s Office arrested 24 year-old Janetcilize Martinez in Tampa, FL, for allegedly using willing participants’ bank accounts to commit fraud. Police are calling this a ‘tap-in’ scam. It’s not uncommon, and it works like this:"
        https://www.malwarebytes.com/blog/news/2025/08/alleged-tap-in-scammer-advertised-services-on-social-media
      • Unexpected Snail Mail Packages Are Being Sent With Scammy QR Codes, Warns FBI
        "Receiving an unexpected package in the post is not always a pleasant surprise. The FBI has warned the public about unsolicited packages containing a QR code which leads to a website aimed at stealing personal data or downloading malware to the victim’s device. The packages are often shipped without sender information, only the QR code. This is a deliberate tactic of the cybercriminals who hope that the lack of information will encourage more people to scan the code."
        https://www.malwarebytes.com/blog/news/2025/08/unexpected-snail-mail-packages-are-being-sent-with-scammy-qr-codes-warns-fbi
        https://www.ic3.gov/PSA/2025/PSA250731
      • CTM360 Spots Malicious ‘FraudOnTok’ Campaign Targeting TikTok Shop Users
        "CTM360 has discovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds. The unique spyware trojan discovered by CTM360 is specifically engineered to exploit TikTok Shop users across the globe. Dubbed as “FraudOnTok”, this highly coordinated scam operation employs a hybrid scam model that combines phishing and malware to deceive buyers and affiliate program participants on TikTok’s growing e-commerce platform."
        https://www.bleepingcomputer.com/news/security/ctm360-spots-malicious-fraudontok-campaign-targeting-tiktok-shop-users/
        https://www.ctm360.com/reports/fraudontok-tiktok-shop-scam-report
      • GenAI Used For Phishing Websites Impersonating Brazil’s Government
        "A common theme discussed by Zscaler ThreatLabz in several reports and blogs is how the rise of generative AI tools serves as a double-edged sword, empowering regular users to work more efficiently while also aiding threat actors in their phishing activities. Threat actors are leveraging generative AI tools to quickly and accurately create replica phishing pages that impersonate trusted websites. These seemingly “legitimate” phishing pages, artificially boosted in web searches using SEO poisoning techniques, lure victims into providing sensitive details that end in financial losses."
        https://www.zscaler.com/blogs/security-research/genai-used-phishing-websites-impersonating-brazil-s-government
      • “CAPTCHAgeddon”: Unmasking The Viral Evolution Of The ClickFix Browser-Based Threat
        "What began as a niche red-team trick posing as a harmless captcha challenge rapidly mutated into one of today’s most dominant attack methods. Like a real-world virus variant, this new “ClickFix” strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year. It did so by removing the need for file downloads, using smarter social engineering tactics, and spreading through trusted infrastructure. The result - a wave of infections ranging from mass drive-by attacks to hyper-targeted spear-phishing lures."
        https://guard.io/labs/captchageddon-unmasking-the-viral-evolution-of-the-clickfix-browser-based-threat
        https://thehackernews.com/2025/08/clickfix-malware-campaign-exploits.html
      • Tracking Candiru’s DevilsTongue Spyware In Multiple Countries
        "Insikt Group identified new infrastructure associated with several clusters linked to the spyware vendor Candiru. This includes both victim-facing components likely used for deploying and controlling Candiru’s DevilsTongue spyware, as well as higher-tier operator infrastructure. DevilsTongue is a sophisticated, modular Windows malware. The clusters vary in design and administration, with some directly managing victim-facing systems, while others use intermediaries or the Tor network. Eight distinct clusters were identified, with five being likely still active, including those linked to Hungary and Saudi Arabia. One cluster tied to Indonesia was active until November 2024, and two associated with Azerbaijan have uncertain status due to a lack of identified victim-facing infrastructure. Insikt Group also identified a company suspected to be part of Candiru’s corporate network"
        https://www.recordedfuture.com/research/tracking-candirus-devilstongue-spyware
        https://assets.recordedfuture.com/content/dam/insikt-report-pdfs/2025/cta-2025-0805.pdf
        https://therecord.media/candiru-spyware-active-infrastructure-hungary-saudi-arabia
      • Project AK47: Uncovering a Link To The SharePoint Vulnerability Attacks
        "Unit 42 observed notable overlaps between Microsoft’s reporting on ToolShell activity (an exploit chain affecting SharePoint vulnerabilities) and activity that we have been separately tracking. The activity, which we track as CL-CRI-1040, caught our attention by deploying a tool set that we call Project AK47, which includes a backdoor, ransomware and loaders. Microsoft's report named a suspected China-based threat actor, Storm-2603. Based on our analysis of host- and network-based artifacts, we assess with high confidence that Storm-2603 is related to the activity cluster that we track as CL-CRI-1040. We initially noted this in our threat brief covering exploitation of recent SharePoint vulnerabilities, and here further expand on our observations. (See Table 1 in the body of this article for clarification of the connection.)"
        https://unit42.paloaltonetworks.com/ak47-activity-linked-to-sharepoint-vulnerabilities/
      • Malware Disguised As A Cryptocurrency Exchange Being Distributed Through Facebook Ads
        "AhnLab SEcurity intelligence Center (ASEC) has identified malware being distributed through Facebook ads targeting cryptocurrency users. The identified malware is disguised as a specific cryptocurrency exchange to prompt users to install the malicious program. When users download a file from the disguised website, a file named “installer.msi” is saved and installed. During the installation process, the malware communicates with a JavaScript loaded on the disguised website, which ultimately executes an Infostealer that collects system information, screen captures, and browser information."
        https://asec.ahnlab.com/en/89383/

      Breaches/Hacks/Leaks

      • Cisco Discloses Data Breach Impacting Cisco.com User Accounts
        "Cisco has disclosed that cybercriminals stole the basic profile information of users registered on Cisco.com following a voice phishing (vishing) attack that targeted a company representative. After becoming aware of the incident on July 24th, the networking equipment giant discovered that the attacker tricked an employee and gained access to a third-party cloud-based Customer Relationship Management (CRM) system used by Cisco. This allowed the threat actor to steal the personal and user information of individuals with Cisco.com user accounts, including names, organization names, addresses, Cisco-assigned user IDs, email addresses, phone numbers, and account metadata such as creation dates."
        https://www.bleepingcomputer.com/news/security/cisco-discloses-data-breach-impacting-ciscocom-user-accounts/
        https://www.darkreading.com/cyberattacks-data-breaches/cisco-user-data-stolen-vishing-attack
        https://www.securityweek.com/cisco-says-user-data-stolen-in-crm-hack/
        https://securityaffairs.com/180816/data-breach/cisco-disclosed-a-crm-data-breach-via-vishing-attack.html
      • Exclusive: Brosix And Chatox Promised To Keep Your Chats Secured. They Didn’t.
        "Chatox and Brosix are communications platforms that advertise for personal use and team use. They are owned by Stefan Chekanov. The only statement Chatox makes about its data security is “Chatox employs encryption across all communications, making it an extremely secure communication and collaboration platform.”"
        https://databreaches.net/2025/08/05/exclusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/
      • Dutch Caribbean Islands Respond To Cyberattacks On Courts, Tax Departments
        "Multiple countries in the Caribbean are recovering from cyberattacks affecting crucial government services. The countries are part of what is known colloquially as the Dutch Caribbean, which includes Curaçao, Aruba and Sint Maarten. The islands have nearly half a million residents and are part of the Kingdom of the Netherlands. The incidents began two weeks ago when the Curaçao Tax Office said it was dealing with a ransomware attack. The country’s Finance Ministry said the incident affected the Dutch Tax and Customs Administration on July 24 — predicting days of service outages."
        https://therecord.media/aruba-curacao-governments-cyberattacks
      • Pandora Confirms Data Breach Amid Ongoing Salesforce Data Theft Attacks
        "Danish jewelry giant Pandora has disclosed a data breach after its customer information was stolen in the ongoing Salesforce data theft attacks. Pandora is one of the largest jewellery brands in the world, with 2,700 locations and over 37,000 employees. "We are writing to inform you that your contact information was accessed by an unauthorized party through a third-party platform we use," reads a Pandora data breach notification sent to customers. "We stopped the access and have further strengthened our security measures.""
        https://www.bleepingcomputer.com/news/security/pandora-confirms-data-breach-amid-ongoing-salesforce-data-theft-attacks/
        https://www.darkreading.com/cyberattacks-data-breaches/pandora-third-party-data-breach
        https://hackread.com/pandora-cyber-attack-customer-data-third-party-vendor/
      • PBS Confirms Data Breach After Employee Info Leaked On Discord Servers
        "PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned. Earlier this month, BleepingComputer was alerted to a file circulated on Discord servers that allegedly contained this information. This data was not distributed on dark web sites, hacking forums, or other mediums frequented by threat actors. Instead, it was being shared on Discord servers for fans of "PBS Kids," where young adults, teenagers, and younger kids can talk about the favorite shows they grew up watching."
        https://www.bleepingcomputer.com/news/security/pbs-confirms-data-breach-after-employee-info-leaked-on-discord-servers/

      General News

      • Why The Old Ways Are Still The Best For Most Cybercriminals
        "One of the most repeated ideas about cybersecurity is that it's a race between attackers and defenders. Cybercrime groups usually are assumed to be early adopters of new technology, used to outwit their adversaries and achieve their goals. But in reality, the picture is more nuanced than that. While the cybercriminal underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020. This presents a significant opportunity for network defenders — but only if they are prepared to proactively embrace emerging technologies like artificial intelligence (AI)."
        https://www.darkreading.com/vulnerabilities-threats/old-ways-still-best-most-cybercriminals
      • MacOS Under Attack: How Organizations Can Counter Rising Threats
        "Microsoft's operating system continues to dominate the market, both in the number of organizations running Windows and the number of attacks targeting it. At the same time, the use of Apple's macOS in organizations has also been growing steadily — and the recent spate of targeted threats against Apple macOS shows attacks against Apple devices are on the rise, too. The tendency to view macOS as a "smaller target compared to its Windows counterpart" and that "Macs don't get viruses" continues to stymie enterprise defenses."
        https://www.darkreading.com/cybersecurity-operations/mac-under-attack-how-organizations-can-counter-rising-threats
      • Security Tooling Pitfalls For Small Teams: Cost, Complexity, And Low ROI
        "In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, cloud-native teams. He explains how simplicity, integration, and automation are key for SMBs with limited resources. Choudhry also shares how AI is beginning to make a difference for mid-market companies in managing risk and compliance."
        https://www.helpnetsecurity.com/2025/08/05/aayush-choudhury-scrut-automation-lean-security-teams/
      • Your Employees Uploaded Over a Gig Of Files To GenAI Tools Last Quarter
        "In Q2 2025, Harmonic reviewed 1 million GenAI prompts and 20,000 uploaded files across more than 300 GenAI and AI-powered SaaS apps, and the findings confirm that sensitive data is being exposed through GenAI tools, something many security leaders fear but find difficult to measure."
        https://www.helpnetsecurity.com/2025/08/05/genai-sensitive-data-exposure/
      • Cybersecurity Teams Hit By Lowest Budget Growth In Five Years
        "Cybersecurity teams have suffered their lowest rate of budget growth in five years, which has had a cascading effect on hiring new staff, according to new research by IANS and Artico. Average annual security budget growth was 4% in 2025, significantly less than the 8% increase recorded in 2024. Just 47% of CISOs reported any increase in budget this year, down from 62% in 2024. Additionally, 39% had stagnant budgets, compared to 26% last year."
        https://www.infosecurity-magazine.com/news/cybersecurity-teams-lowest-budget/
      • Pro-Iran Hackers Aligned Cyber With Kinetic War Aims
        "A new report has laid bare the sudden surge in cyber-threat activity from pro-Iran hacking groups which accompanied the 12-day war against Israel earlier this summer. SecurityScorecard said it analyzed 250,000 Telegram messages to uncover various activity including intelligence gathering, propaganda and direct attacks on critical infrastructure and public entities. This came from a diverse set of groups, including state-backed hackers, proxies and looser collectives of “ideologically aligned hacktivists” supporting Iran’s war aims."
        https://www.infosecurity-magazine.com/news/proiran-hackers-aligned-cyber/
        https://securityscorecard.com/wp-content/uploads/2025/08/From-The-Depths-of-the-Shadows_IRGC-and-Hacker-Collectives_AUG5.pdf
        https://cyberscoop.com/iranian-hackers-12-day-conflict-hacktivism-securityscorecard/
      • AI Fuels Record Number Of Fraud Cases
        "AI tools helped to defraud a record number of victims in the first half of the year, although many legitimate customers also continue to engage in suspect activity, according to Cifas. The non-profit fraud prevention service said its members recorded 217,000 “fraud risk cases” in its National Fraud Database (NFD) between January and June 2025 – an all-time high. AI was a key driver, with Cifas pointing to tools designed to create fake identities, forge documents and bypass verification systems."
        https://www.infosecurity-magazine.com/news/ai-fuels-record-number-of-fraud/
      • Exposed Without a Breach: The Cost Of Data Blindness
        "These are in plain sight without a Breach. No ransomware. No compromise. Just misconfigured systems, overpermissioned users, silent access. When we think of a breach, we imagine firewalls failing, malware spreading, or hackers stealing credentials. But 2025 has made something else clear: you don’t need a breach to suffer breach-level damage. Sometimes, data leaks without ever being attacked, and without anyone noticing until it’s too late. These are the exposures hiding in plain sight. No ransomware. No compromise. Just misconfigured systems, overpermissioned users, silent access, and critical data slipping through the cracks. The root cause is data blindness – the inability to see, track, or understand where sensitive data lives and how it’s being exposed."
        https://securityaffairs.com/180813/security/exposed-without-a-breach-the-cost-of-data-blindness.html
      • Vibe Coding: When Everyone’s a Developer, Who Secures The Code?
        "Just as the smart phone made everyone a digital photographer, vibe coding will make everyone a software developer and will change the software development industry forever. Andrej Karpathy, co-founder of OpenAI and former AI leader at Tesla, introduced the term ‘vibe coding’ in a February 2, 2025, tweet. “There’s a new kind of coding I call ‘vibe coding’, where you fully give in to the vibes, embrace exponentials, and forget that the code even exists.” He was primarily expressing an emotional response to using AI to automate a specific process; but the term took and is now universally used as the general label for AI-generated or assisted programming."
        https://www.securityweek.com/vibe-coding-when-everyones-a-developer-who-secures-the-code/
      • Why Ransomware Attackers Keep Coming Back For More
        "Ransomware is an escalating threat, powered by its ability to evolve and adapt to a changing security landscape. Organizations around the world continue to fall victim to ransomware, often repeatedly, and the impact of these attacks can be devastating. We set out to discover how organizations around the world experienced ransomware in the last 12 months and what this means for security. The findings, detailed in the new Ransomware Insights Report 2025 show that complex and fragmented security defenses are leaving organizations immensely vulnerable to attack, exposing security gaps that attackers are quick to exploit."
        https://blog.barracuda.com/2025/08/05/ransomware-attackers-keep-coming-back-more
        https://www.barracuda.com/reports/the-ransomware-insights-report-2025
      • Chinese Smishing Campaigns Compromise Up To 115 Million US Payment Cards
        "Chinese smishing syndicates may have compromised up to 115 million payment cards in the US between July 2023 and October 2024. Researchers from SecAlliance estimated that these compromises have resulted in billions of dollars in financial losses. The SecAlliance report highlighted the sophisticated nature of these campaigns, which involved the strategic exploitation of digital wallet tokenization, particularly Apple Pay and Google Wallet, to circumvent traditional fraud detection mechanisms."
        https://www.infosecurity-magazine.com/news/chinese-smishing-us-payment-cards/
      • #BHUSA: Experts Urge Greater AI Supply Chain Transparency As GenAI Adoption Surges
        "Experts have called for greater transparency in AI supply chains as generative AI (GenAI) adoption continues to grow, bringing with it more security and data privacy compliance challenges for enterprises. One proposed solution gaining traction is the AI Bill of Materials (AIBOM), a framework designed to document the components, data sources and training methodologies behind AI systems to mitigate risks and improve accountability."
        https://www.infosecurity-magazine.com/news/experts-urge-greater-ai-supply/
      • Scattered Spider Is NOT Quiet. They’re Just Under Another Name Now.
        "Citing a July 30 report in The Hacker News, SC Media reports: Following recent arrests of alleged Scattered Spider members in the UK, Google Cloud’s Mandiant Consulting has reported a noticeable pause in the group’s activities, offering a “critical window of opportunity” for organizations to bolster their defenses, reports The Hacker News."
        https://databreaches.net/2025/08/05/scattered-spider-is-not-quiet-theyre-just-under-another-name-now/
      • Rapid GenAI Adoption Creates Security Challenges
        "Cybersecurity teams are falling behind the pace of generative artificial intelligence (GenAI) tool adoption in a way that makes it probable the number of data breach incidents will rise sharply in the weeks and months ahead, especially as usage of shadow AI services continues to increase. A survey from ManageEngine finds that 70% of IT decision makers (ITDMs) have identified unauthorized AI use within their organizations and 60% of employees are using unapproved AI tools more than they were a year ago. A full 91% have implemented policies, but only 54% have implemented clear, enforced AI governance policies and actively monitor for unauthorized use of generative AI tools."
        https://blog.barracuda.com/2025/08/05/rapid-genai-adoption-creates-security-challenges-
      • Study Finds Humans Not Completely Useless At Malware Detection
        "Researchers from the Universities of Guelph and Waterloo have discovered exactly how users decide whether an application is legitimate or malware before installing it – and the good news is they're better than you might expect, at least when primed to expect malware. "Most existing malware research analyzes 'after action' reports," co-author and Waterloo professor of science Daniel Vogel explained in the paper's announcement. "That is, investigations into what went wrong after a successful attack. Our study, which featured novice, intermediate and expert users, is the first malware research to observe user strategies in real time.""
        https://www.theregister.com/2025/08/05/human_malware_detection/
        https://www.usenix.org/system/files/conference/usenixsecurity25/sec24winter-prepub-678-lit.pdf

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) e7e95f8d-4636-45bd-b605-2684837424ae-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post