NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 13 August 2025

    Cyber Security News
    1
    1
    415
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Santesoft Sante PACS Server
        "Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and steal a user's cookie information."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-224-01

      Industrial Sector

      • Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
        "Successful exploitation of these vulnerabilities may allow an attacker to modify firmware and access the space that is protected by the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-02
      • Schneider Electric EcoStruxure Power Monitoring Expert
        "Successful exploitation of these vulnerabilities could allow a remote attacker to read arbitrary files from the target machine, or to access internal services directly."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-03
      • Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-01
      • AVEVA PI Integrator
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, or upload and execute files."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-224-04

      New Tooling

      • EntraGoat: Vulnerable Microsoft Entra ID Infrastructure To Simulate Identity Security Misconfigurations
        "EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security professionals practice spotting and exploiting common misconfigurations. The tool creates a range of privilege escalation paths and supports black-box testing methods. It uses PowerShell scripts and Microsoft Graph APIs to set up the environment, keeping it separate from production systems so users can experiment safely."
        https://www.helpnetsecurity.com/2025/08/12/entragoat-vulnerable-microsoft-entra-id-simulate-identity-security-misconfigurations/
        https://github.com/semperis/entragoat

      Vulnerabilities

      • Microsoft August 2025 Patch Tuesday Fixes One Zero-Day, 107 Flaws
        "Today is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. This Patch Tuesday also fixes thirteen "Critical" vulnerabilities, nine of which are remote code execution vulnerabilities, three are information disclosure, and one is elevation of privileges. The number of bugs in each vulnerability category is listed below:"
        https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2025-patch-tuesday-fixes-one-zero-day-107-flaws/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-august-2025/
        https://blog.checkpoint.com/research/microsoft-vulnerabilities-exposed-by-check-point-research/
        https://www.darkreading.com/application-security/elevation-privilege-vulns-dominate-microsoft-patches
        https://cyberscoop.com/microsoft-patch-tuesday-august-2025/
        https://hackread.com/patch-tuesday-microsoft-fixes-vulnerabilities-rce-flaws/
        https://securityaffairs.com/181077/hacking/august-2025-patch-tuesday-fixes-a-windows-kerberos-zero-day.html
        https://www.theregister.com/2025/08/12/august_patch_tuesday/
      • SAP Patches Critical S/4HANA Vulnerability
        "SAP has fixed more than a dozen vulnerabilities with its August 2025 Patch Tuesday updates, including critical vulnerabilities. This Patch Tuesday — or as the enterprise software giant calls it, Security Patch Day — 15 new security notes (fixes) have been released, along with four updates to previous fixes. Onapsis, a company specializing in enterprise application security, which often finds SAP product vulnerabilities, pointed out that the vendor has released a total of 26 new and updated fixes since the previous Patch Tuesday."
        https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/
        https://securityaffairs.com/181085/uncategorized/sap-fixed-26-flaws-in-august-2025-update-including-4-critical.html
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2013-3893 Microsoft Internet Explorer Resource Management Errors Vulnerability
        CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability
        CVE-2025-8088 RARLAB WinRAR Path Traversal Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/08/12/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • Over 3,000 NetScaler Devices Left Unpatched Against CitrixBleed 2 Bug
        "Over 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. Tracked as CVE-2025-5777 and referred to as CitrixBleed 2, this out-of-bounds memory read vulnerability results from insufficient input validation, enabling unauthenticated attackers to access restricted memory regions remotely on devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server."
        https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/
      • Poisoned Telemetry Can Turn AIOps Into AI Oops, Researchers Show
        "Automating IT operations using AI may not be the best idea at the moment. Researchers with RSAC Labs and George Mason University say that AI tools that aim to improve IT operations – AIOps – can be attacked with poisoned telemetry. Authors Dario Pasquini, Evgenios M. Kornaropoulos, Giuseppe Ateniese, Omer Akgul, Athanasios Theocharis, and Petros Efstathopoulos describe their findings in a preprint paper titled, "When AIOps Become 'AI Oops': Subverting LLM-driven IT Operations via Telemetry Manipulation.""
        https://www.theregister.com/2025/08/12/ai_models_can_be_tricked/
        https://arxiv.org/abs/2508.06394

      Malware

      • Distribution Of SmartLoader Malware Via Github Repository Disguised As a Legitimate Project
        "AhnLab SEcurity intelligence Center (ASEC) has recently discovered the massive distribution of SmartLoader malware through GitHub repositories. These repositories are carefully crafted to appear as legitimate projects and are attracting user interest by focusing on topics such as game cheats, software cracks, and automation tools. Each repository contains a README file and a compressed file, which in turn contains the SmartLoader malware."
        https://asec.ahnlab.com/en/89551/
      • Persistent Risk: XZ Utils Backdoor Still Lurking In Docker Images
        "At the end of March last year, the entire cybersecurity community was rocked by the discovery of the infamous XZ Utils backdoor. ‘Jia Tan’, a developer who had spent two years building significant credibility in the project through numerous contributions, inserted a sophisticated backdoor into the xz-utils packages. The discovery sent cybersecurity experts, including the Binarly REsearch team, scrambling to reverse engineer the backdoor to understand its scope and potential impact."
        https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images
        https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/
        https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html
      • Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds
        "This research from Bitdefender Labs details a cluster of malicious activity we've been tracking since mid-2024. It uncovers a new threat actor group we’ve named Curly COMrades, operating to support Russian interests, that's been targeting critical organizations in countries facing significant geopolitical shifts. We observed them launching focused attacks against judicial and government bodies in Georgia, as well as an energy distribution company in Moldova."
        https://businessinsights.bitdefender.com/curly-comrades-new-threat-actor-targeting-geopolitical-hotbeds
        https://thehackernews.com/2025/08/new-curly-comrades-apt-using-ngen-com.html
        https://www.bleepingcomputer.com/news/security/curly-comrades-cyberspies-hit-govt-orgs-with-custom-malware/
        https://hackread.com/russian-curly-comrades-mucoragent-malware-europe/
      • Malvertising Campaign Leads To PS1Bot, a Multi-Stage Malware Framework
        "Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance and the establishment of persistent system access. PS1Bot has been designed with stealth in mind, minimizing persistent artifacts left on infected systems and incorporating in-memory execution techniques to facilitate execution of follow-on modules without requiring them to be written to disk."
        https://blog.talosintelligence.com/ps1bot-malvertising-campaign/
      • New Ransomware Charon Uses Earth Baxia APT Techniques To Target Enterprises
        "We recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East's public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a legitimate browser-related file, Edge.exe (originally named cookie_exporter.exe), to sideload a malicious msedge.dll (SWORDLDR), which subsequently deployed the Charon ransomware payload."
        https://www.trendmicro.com/en_us/research/25/h/new-ransomware-charon.html
        https://www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics
        https://therecord.media/charon-ransomware-targeting-middle-east-aviation
      • Home Office Phishing Scam Targets UK Immigration Sponsors
        "An active phishing campaign is impersonating the Home Office to compromise UK organizations licensed to sponsor foreign workers and students. The sophisticated campaign, which closely mimics official UK Home Office communications and web pages, aims to compromise sponsor license holders’ Sponsorship Management System (SMS) credentials. The compromised credentials are used to facilitate a range of elaborate immigration fraud schemes, extortion attempts and other monetization schemes, according to an investigation by cybersecurity firm Mimecast."
        https://www.infosecurity-magazine.com/news/home-office-phishing-uk/
      • MITRE: Russian APT28's LameHug, a Pilot For Future AI Cyber-Attacks
        "APT28’s LameHug wasn’t just malware, it was a trial run for AI-driven cyber war, according to experts at MITRE. Marissa Dotter, lead AI Engineer at MITRE, and Gianpaolo Russo, principal AI/cyber operations Engineer at MITRE, shared their work with MITRE’s new Offensive Cyber Capability Unified LLM Testing (OCCULT) framework at the pre-Black Hat AI Summit, a one-day event held in Las Vegas on August 5. The OCCULT framework initiative started in the spring of 2024 and aimed to measure autonomous agent behaviors and evaluate the performance of large language models (LLMs) and AI agents in offensive cyber capabilities."
        https://www.infosecurity-magazine.com/news/mitre-russian-apt28-lamehug/
      • Don’t Phish-Let Me Down: FIDO Authentication Downgrade
        "As organizations try to keep pace with an ever-evolving threat landscape - particularly the rising danger of adversary-in-the-middle (AiTM) attacks orchestrated by sophisticated cybercriminals and state-sponsored threat actors - the growing adoption of FIDO (Fast Identity Online) authentication has significantly improved online security by providing a robust method for verifying user identities. However, Proofpoint threat researchers have recently uncovered a threat vector that could enable attackers to downgrade FIDO-based authentication mechanisms, presenting a potential risk to organizations and individual users alike."
        https://www.proofpoint.com/us/blog/threat-insight/dont-phish-let-me-down-fido-authentication-downgrade
      • A Coordinated Brute Force Campaign Targets Fortinet SSL VPN
        "On August 3, GreyNoise observed a significant spike in brute-force traffic targeting Fortinet SSL VPNs. Over 780 unique IPs triggered our Fortinet SSL VPN Bruteforcer tag in a single day — the highest single-day volume we’ve seen on this tag in recent months."
        https://www.greynoise.io/blog/vulnerability-fortinet-vpn-bruteforce-spike
        https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html
      • Muddled Libra’s Strike Teams: Amalgamated Evil
        "It’s disingenuous to consider Muddled Libra like a traditional monolithic attack group, one with defined structure and clear lines of leadership. Muddled Libra, Scattered Spider, Octo Tempest or any of the many other names the group is labeled with is not an organized entity but a loose collaboration of like-minded cybercriminals, or personas, with common interests tethered by social chat applications."
        https://unit42.paloaltonetworks.com/muddled-libras-strike-teams/

      Breaches/Hacks/Leaks

      • Hackers Leak Allianz Life Data Stolen In Salesforce Attacks
        "Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. Last month, Allianz Life disclosed that it suffered a data breach when the personal information for the "majority" of its 1.4 million customers was stolen from a third-party, cloud-based CRM system on July 16th. While the company did not name the provider, BleepingComputer first reported the incident was part of a wave of Salesforce-targeted thefts carried out by the ShinyHunters extortion group."
        https://www.bleepingcomputer.com/news/security/hackers-leak-allianz-life-data-stolen-in-salesforce-attacks/
      • Manpower Discloses Data Breach Affecting Nearly 145,000 People
        "Manpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024. Together with Experis and Talent Solutions, the company is part of ManpowerGroup, a multinational corporation with over 600,000 workers in more than 2,700 offices and serving over 100,000 clients worldwide. Last year, ManpowerGroup reported revenues of $17.9 billion and a total gross profit of $3.1 billion."
        https://www.bleepingcomputer.com/news/security/manpower-staffing-agency-discloses-data-breach-after-attack-claimed-by-ransomhub/
        https://www.theregister.com/2025/08/12/manpower_franchise_data_breach/
      • Hackers Raid Dutch Lab, Stealing Data On 500,000 Patients
        "Data from over 485,000 participants in a cervical cancer screening program has been stolen by threat actors after they gained unauthorized access to a third-party laboratory, according to the Dutch authorities. The attack took place at the Clinical Diagnostics NMDL laboratory in Rijswijk, not far from Rotterdam, between July 3-6. However, the laboratory, a subsidiary of Eurofins Scientific, did not inform the authorities until August 6, according to a news release published yesterday by the Dutch Population Screening Association (BDO)."
        https://www.infosecurity-magazine.com/news/hackers-raid-dutch-lab-steal-data/
        https://www.bankinfosecurity.com/data-theft-from-dutch-cancer-screening-lab-affects-485000-a-29199
      • Second Ransomware Attack In Two Months Disrupts South Korean Ticketing Giant
        "South Korea’s largest ticketing and online book retailer, Yes24, said it has restored services after a ransomware attack knocked its website and mobile app offline for several hours on Monday — the company’s second such incident in less than two months. The disruption began around 4:30 a.m. local time, preventing customers from booking concert tickets, accessing e-books and using community forums. Yes24 said it took its systems offline to prevent further damage and relied on backup data to recover operations within seven hours. The company did not name the attackers or say if a ransom was demanded."
        https://therecord.media/yes24-second-ransomware-attack-kpop-ticketing-affected

      General News

      • Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
        "The Justice Department announced today coordinated actions against the BlackSuit (Royal) Ransomware group which included the takedown of four servers and nine domains on July 24, 2025. The takedown was conducted by the Department of Homeland Security’s Homeland Security Investigations (HSI), the U.S. Secret Service, IRS Criminal Investigation (IRS-CI), the FBI, and international law enforcement from the United Kingdom, Germany, Ireland, France, Canada, Ukraine, and Lithuania. These actions include the unsealing of a warrant for the seizure of virtual currency valued at $1,091,453 at the time of the seizure. The unsealing was announced today jointly by the U.S. Attorney’s Offices for the Eastern District of Virginia and the District of Columbia."
        https://www.justice.gov/opa/pr/justice-department-announces-coordinated-disruption-actions-against-blacksuit-royal
        https://www.bleepingcomputer.com/news/security/us-govt-seizes-1-million-in-crypto-from-blacksuit-ransomware-gang/
      • Rapid7 Access Brokers Report: New Research Reveals Depth Of Compromise In Access Broker Deals, With 71% Offering Privileged Access
        "Today, Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, today released its 2025 Access Brokers Report, a new research analysis of illicit underground marketplaces where cybercriminals buy and sell access to corporate networks. Drawing on six months of threat intelligence from dark web forums Exploit, XSS, and BreachForums, the report uncovers new insights into how initial access to compromised businesses is being sold — often for less than $1,000 — and the steps defenders can take to disrupt the process in its earliest stages. Rapid7’s threat intelligence researchers analyzed hundreds of posts by Initial Access Brokers (IABs) offering access to compromised networks across a range of industries and regions. Their findings paint a stark picture: “initial” access doesn’t necessarily equate to minimal; in many cases, this access represents a deep compromise."
        https://www.rapid7.com/about/press-releases/rapid7-access-brokers-report-new-research-reveals-depth-of-compromise-in-access-broker-deals-with-71-offering-privileged-access/
        https://www.bankinfosecurity.com/initial-access-brokers-selling-bundles-privileges-more-a-29197
        https://www.infosecurity-magazine.com/news/cybercriminals-low-cost-initial/
        https://www.securityweek.com/inside-the-dark-webs-access-economy-how-hackers-sell-the-keys-to-enterprise-networks/
      • Ransomware Landscape July 2025: Qilin Stays On Top As New Threats Emerge
        "Qilin was again the most active ransomware group in July, the third time in four months since the decline of RansomHub, as the group has claimed more victims on its data leak site (DLS) than rivals. With 73 claimed victims (chart below), Qilin accounted for 17% of July’s 423 victims. INC Ransom was second with 59, driven by attacks on critical infrastructure and a surge in victim disclosures."
        https://cyble.com/blog/ransomware-groups-july-2025-attacks/
      • How To Stay a Step Ahead Of a Non-Obvious Threat
        "An increasing number of organizations globally are shifting to the cloud, drawn by the flexibility and scalability that software-as-a-service (SaaS) promises. While security teams are accustomed to protecting cloud operations from known cyber threats like ransomware or user account compromise, they might overlook a far less obvious threat that intensifies with rapid SaaS adoption: business logic vulnerabilities."
        https://www.darkreading.com/vulnerabilities-threats/stay-step-ahead-non-obvious-threat
      • Researchers Warn Of 'Hidden Risks' In Passwordless Account Recovery
        "Adoption of secure account recovery methods lags behind passwordless authentication, but users and service providers can take actionable steps to close the gap. Passwordless adoption — which includes biometric authentication, passkeys, and tokens — is taking off, but organizations have not really changed how they handle account recovery, said Sid Rao, senior security research scientist at Nokia Bell Labs, and Gabriela Sonkeria, security engineer at Wolt, at the Black Hat USA conference in Las Vegas. Recovery methods still rely on insecure communication channels like e-mail and SMS, they told attendees."
        https://www.darkreading.com/endpoint-security/researchers-warn-hidden-risks-passwordless-account-recovery
      • Threat Spotlight | ShinyHunters Targets Salesforce Amid Clues Of Scattered Spider Collaboration
        "After a year of inactivity, “ShinyHunters” has resurfaced with a wave of attacks on Salesforce, targeting high-profile companies across various sectors. ReliaQuest has identified a coordinated set of ticket-themed phishing domains and Salesforce credential harvesting pages, likely created for similar campaigns. This resurgence has sparked speculation about collaboration between ShinyHunters and “Scattered Spider,” potentially dating back to July 2024. Supporting this theory is evidence such as the appearance of a “BreachForums” user with the alias “Sp1d3rhunters,” who was linked to a past ShinyHunters breach, as well as overlapping domain registration patterns."
        https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/
        https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html
        https://www.darkreading.com/cyberattacks-data-breaches/shinyhunters-tactics-mirror-scattered-spider
        https://www.infosecurity-magazine.com/news/financial-services-next-line/
        https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/
      • Updating: Two Telegram Channels And Two Accounts Banned, One Bounty Offered, And BreachForums Goes Down
        "If you were glued to a Telegram channel the other day watching people associated with ShinyHunters, Scattered Spider, and Lapsu$ leak data and rant about Mandiant, the NCA, the FBI, and demand that some arrested folks be set free, then you might want to think of yesterday and today as the next episode to the daytime drama. But first: it looks like FalconFeeds.io has a detailed timeline of the Telegram channel in question. I am unabashedly jealous of people who have the time and resources to produce detailed and documented reports that take 18 minutes to read. View the following as a TL;DR version of developments since this site’s previous post about the Telegram channel that appeared on August 8."
        https://databreaches.net/2025/08/12/updating-two-telegram-channels-and-two-accounts-banned-one-bounty-offered-and-breachforums-goes-down/
      • APT Groups Are Getting Personal, And CISOs Should Be Concerned
        "Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store files in cloud accounts, and stay active online. These behaviors open doors for attackers, especially when personal networks are not monitored or protected at the same level as corporate infrastructure."
        https://www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
      • Why DNS Threats Should Be On Every CISO’s Radar In 2025
        "DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are feeling the pressure. The report shows that DNS is being used to exfiltrate data, bypass defenses, and deliver malware. Attacks are also becoming harder to detect. More threat actors are using trusted protocols like HTTPS and DNS over HTTPS (DoH) to hide their tracks. This shift matters to enterprises because DNS is one of the few protocols that must remain open to function. That makes it a tempting entry point. Most networks depend on it, but few monitor it closely."
        https://www.helpnetsecurity.com/2025/08/12/dns-threat-landscape-2025/
      • The Ultimate Battle: Enterprise Browsers Vs. Secure Browser Extensions
        "Most security tools can't see what happens inside the browser, but that's where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees already use and trust. The Ultimate Battle: Enterprise Browsers vs. Enterprise Browser Extensions examines this choice across nine "rounds": adoption, data protection, BYOD, productivity, management overhead, remote access, Zero Trust alignment, supply-chain security, and future-readiness, to show where each approach excels, and where trade-offs emerge."
        https://thehackernews.com/2025/08/the-ultimate-battle-enterprise-browsers.html
      • DEF CON Volunteers Step Up To Help Water Sector After China, Iran Attack Utilities
        "When Jake Braun put out a call online last year seeking volunteers who wanted to help secure a water utility, the response was so overwhelming that he had to shut down the website. He ended up with a list of 350 names, and says he could have probably gathered thousands more. The response enabled the work of DEF CON Franklin, an initiative that recently completed a nine-month pilot program that paired white-hat hackers with water utilities in Indiana, Oregon, Utah and Vermont. The volunteers — many of them annual participants in the DEF CON cybersecurity conference — provided free services necessary to combat an escalating array of nation-state attacks on utilities over the last three years. The emphasis was on no-cost, hands-on support for operational technology (OT) mapping, password protocols and vulnerability assessments."
        https://therecord.media/def-con-franklin-water-utility-cybersecurity-volunteers

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) be484d36-14ff-4cb5-ab54-30bb40b3f0db-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post