NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 August 2025

    Cyber Security News
    1
    1
    298
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • FUJIFILM Healthcare Americas Synapse Mobility
        "Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles."
        https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-233-01

      Industrial Sector

      • Modern Vehicle Cybersecurity Trends
        "Modern vehicles are actively evolving into full-fledged gadgets on wheels. They offer users a wide range of options: some represent traditional functionality, now available in new formats, such as subscriptions for seat heating, while others provide lifestyle-related services, like purchasing theater or movie tickets. The array of intelligent systems and services designed to ensure road safety is also expanding — from now basic driver assistance systems such as electronic stability control (ESC), anti-lock braking system (ABS), and brake assist system (BAS), to a set of increasingly popular next-generation intelligent features like collision avoidance system (CAS), slippery road alert (SRA), the eCall emergency call system, and autonomous emergency braking (AEB), among others. All of these systems, intended to make driving more convenient and safe, are implemented using digital technologies, which expand the vehicle’s attack surface."
        https://ics-cert.kaspersky.com/publications/reports/2025/08/21/modern-vehicle-cybersecurity-trends/
      • Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module
        "Successful exploitation of this vulnerability could result in a remote attacker being able to delay the processing of the Web server function and prevent legitimate users from utilizing the Web server function by sending a specially crafted HTTP request."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-233-01

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/08/21/cisa-adds-one-known-exploited-vulnerability-catalog

      Malware

      • Phishing In The Cloud: SendGrid Campaign Exploits Account Security
        "The Cofense Phishing Defense Center (PDC) has recently observed a new wave of credential harvesting attacks involving phishing emails sent via SendGrid. The campaign exploits the trusted reputation of SendGrid, a legitimate cloud-based email service used by businesses to send transactional and marketing emails. By impersonating SendGrid’s platform, attackers can deliver phishing emails that appear authentic and bypass common email security gateways. The campaign delivers the attack through three differently themed emails, each crafted to create a sense of urgency in both the subject line and body. The emails also use spoofed sender addresses, making them appear as if they genuinely originated from SendGrid."
        https://cofense.com/blog/phishing-in-the-cloud-sendgrid-campaign-exploits-account-security
      • MURKY PANDA: A Trusted-Relationship Threat In The Cloud
        "Since 2023, CrowdStrike Services and CrowdStrike Counter Adversary Operations have investigated multiple intrusions conducted by MURKY PANDA, a sophisticated adversary leveraging advanced tradecraft to compromise high-profile targets. MURKY PANDA, active since at least 2023, is a cloud-conscious adversary with a broad targeting scope; the adversary’s operations have particularly focused on government, technology, academia, legal, and professional services entities in North America. MURKY PANDA is likely motivated by intelligence-collection requirements to gain access to sensitive information; the adversary’s activity aligns with China-nexus targeted intrusion activity tracked by industry sources as Silk Typhoon."
        https://www.crowdstrike.com/en-us/blog/murky-panda-trusted-relationship-threat-in-cloud/
        https://cyberscoop.com/crowdstrike-silk-typhoon-murky-panda-china-espionage/
      • From VPS To Phishing: How Darktrace Uncovered SaaS Hijacks Through Virtual Infrastructure Abuse
        "Darktrace identified coordinated SaaS account compromises across multiple customer environments. The incidents involved suspicious logins from VPS-linked infrastructure followed by unauthorized inbox rule creation and deletion of phishing-related emails. These consistent behaviors across devices point to a targeted phishing campaign leveraging virtual infrastructure for access and concealment. Discover how Darktrace uncovered this activity and what it means for the future of SaaS security."
        https://www.darktrace.com/blog/from-vps-to-phishing-how-darktrace-uncovered-saas-hijacks-through-virtual-infrastructure-abuse
        https://www.darkreading.com/application-security/hackers-abuse-vps-infrastructure-stealth-speed
      • Evil-GPT: The “Enemy Of ChatGPT”
        "In the ever-evolving landscape of cybercrime, one tool has emerged as a particularly insidious player: Evil-GPT. Marketed on hacker forums on the dark web as the “ultimate enemy of ChatGPT” and the “best alternative to WormGPT,” this malicious AI chatbot has quickly gained notoriety among cybercriminals. Evil-GPT is designed to help attackers execute a range of nefarious activities, from crafting malware to generating phishing attacks."
        https://blog.barracuda.com/2025/08/21/evil-gpt-enemhy-chatgpt
      • A Cereal Offender: Analyzing The CORNFLAKE.V3 Backdoor
        "Straight from Mandiant Threat Defense, the "Frontline Bulletin" series brings you the latest on the most intriguing compromises we are seeing in the wild right now, equipping our community to understand and respond to the most compelling threats we observe. This edition dissects an infection involving two threat groups, UNC5518 and UNC5774, leading to the deployment of CORNFLAKE.V3."
        https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor
        https://thehackernews.com/2025/08/cybercriminals-deploy-cornflakev3.html
      • IBM X-Force Threat Analysis: QuirkyLoader - A New Malware Loader Delivering Infostealers And RATs
        "Since November 2024, IBM X-Force has observed a new loader, QuirkyLoader, being used to deliver additional payloads to infected systems. Some of the well-known malware families that use QuirkyLoader include:"
        https://www.ibm.com/think/x-force/ibm-x-force-threat-analysis-quirkyloader
        https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html
      • Weaponizing Image Scaling Against Production AI Systems
        "Picture this: you send a seemingly harmless image to an LLM and suddenly it exfiltrates all of your user data. By delivering a multi-modal prompt injection not visible to the user, we achieved data exfiltration on systems including the Google Gemini CLI. This attack works because AI systems often scale down large images before sending them to the model: when scaled, these images can reveal prompt injections that are not visible at full resolution."
        https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
        https://www.theregister.com/2025/08/21/google_gemini_image_scaling_attack/
      • Your Connection, Their Cash: Threat Actors Misuse SDKs To Sell Your Bandwidth
        "We have detected a campaign aimed at gaining access to victims’ machines and monetizing access to their bandwidth. It functions by exploiting the CVE-2024-36401 vulnerability in the GeoServer geospatial database. This Critical-severity remote code execution vulnerability has a CVSS score of 9.8. Criminals have used the vulnerability to deploy legitimate software development kits (SDKs) or modified apps to gain passive income via network sharing or residential proxies."
        https://unit42.paloaltonetworks.com/attackers-sell-your-bandwidth-using-sdks/
      • APT MuddyWater Deploys Multi-Stage Phishing To Target CFOs
        "A sophisticated spear-phishing campaign is actively targeting CFOs and finance executives across multiple continents, leveraging legitimate remote-access tools, such as NetBird, to maintain persistent control over compromised systems. Masquerading as a Rothschild & Co recruiter, the attackers employ Firebase-hosted phishing pages with custom CAPTCHA challenges, malicious VBS scripts, and multi-stage payload delivery to silently deploy remote management capabilities."
        https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos

      Breaches/Hacks/Leaks

      • Colt Confirms Customer Data Stolen As Warlock Ransomware Auctions Files
        "UK-based telecommunications company Colt Technology Services confirms that customer documentation was stolen as Warlock ransomware gang auctions files. The British telecommunications and network services provider previously disclosed it suffered an attack on August 12, but this is the first time they confirmed data had been stolen. "A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web," reads an updated security incident advisory on Colt's site."
        https://www.bleepingcomputer.com/news/security/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files/
        https://www.infosecurity-magazine.com/news/colt-customer-data-likely-stolen/
        https://www.theregister.com/2025/08/21/colt_warlock_auction/
        https://www.securityweek.com/telecom-firm-colt-confirms-data-breach-as-ransomware-group-auctions-files/
      • Qilin Ransomware Gang Claims 4TB Data Breach At Nissan CBI
        "Qilin ransomware claims a 4TB data breach at Nissan CBI, leaking car design files, financial data, 3D models, and VR design images as proof. The Qilin ransomware group says it has compromised Nissan’s Creative Box Inc. (CBI), a Tokyo-based design subsidiary of Nissan Motor Co., Ltd, and is threatening to release sensitive files unless its demands are met. On its dark web leak site, the group claimed it had copied more than 4 terabytes of data, including 405882 files, from Nissan CBI. The post alleged that the stolen material includes 3D design data, reports, photos, videos, and various internal documents linked to Nissan automobile projects."
        https://hackread.com/qilin-ransomware-gang-4tb-data-breach-nissan-cbi/
      • Nearly a Million Records, Including Identification Documents And Health Data Exposed In Medical Marijuana Data Breach
        "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing SSNs, and other internal potentially sensitive information."
        https://www.websiteplanet.com/news/ohio-medical-alliance-breach-report/
        https://hackread.com/ssns-health-records-exposed-marijuana-patient-database/

      General News

      • Scattered Spider Hacker Gets Sentenced To 10 Years In Prison
        "Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April. He was arrested in January 2024, and in November, the U.S. Justice Department charged Urban (also known as King Bob, Gustavo Fring, Elijah, and Sosa), along with four other suspects linked to the same financially motivated cybercrime group. The charges included wire fraud, conspiracy to commit wire fraud, and aggravated identity theft."
        https://www.bleepingcomputer.com/news/security/scattered-spider-hacker-gets-sentenced-to-10-years-in-prison/
        https://thehackernews.com/2025/08/scattered-spider-hacker-gets-10-years.html
        https://databreaches.net/2025/08/21/noah-urban-aka-king-bob-of-scattered-spider-sentenced-to-10-years-in-prison-13-million-restitution/
        https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-member-prison
        https://therecord.media/scattered-spider-affiliate-sentenced-10-years
        https://securityaffairs.com/181383/cyber-crime/a-scattered-spider-member-gets-10-years-in-prison.html
        https://cyberscoop.com/scattered-spider-noah-urban-sentence-10-years/
        https://www.infosecurity-magazine.com/news/cybercriminal-scattered-spider/
        https://www.securityweek.com/scattered-spider-hacker-sentenced-to-prison/
      • Fake Employees Pose Real Security Risks
        "That IT staffer you just hired may not be who you think. They may not even exist. Gartner recently projected that by 2028, one in four job candidates will be artificial intelligence-generated. These fake individuals could be the work of state-sponsored hackers, cybercriminals, or simply fraudsters lining up multiple jobs to collect paychecks while performing little or no work."
        https://www.darkreading.com/cyberattacks-data-breaches/fake-employees-pose-real-security-risks
      • Using Lightweight LLMs To Cut Incident Response Times And Reduce Hallucinations
        "Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM combined with retrieval-augmented generation and decision-theoretic planning."
        https://www.helpnetsecurity.com/2025/08/21/lightweight-llm-incident-response/
        https://arxiv.org/pdf/2508.05188
      • Fractional Vs. Full-Time CISO: Finding The Right Fit For Your Company
        "In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security leadership, and shares when a full-time CISO makes sense."
        https://www.helpnetsecurity.com/2025/08/21/nikoloz-kokhreidze-mandos-fractional-full-time-ciso/
      • URL-Based Threats Become a Go-To Tactic For Cybercriminals
        "Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not just impersonating trusted brands, they are abusing legitimate services, tricking users with fake error prompts, and bypassing traditional security by embedding threats in QR codes and SMS messages."
        https://www.helpnetsecurity.com/2025/08/21/phishing-url-based-threats/
      • CISOs Need To Think About Risks Before Rushing Into AI
        "Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of 1,000 senior executives shows that business and IT leaders are not always aligned on what needs to be in place before the next wave of technology arrives."
        https://www.helpnetsecurity.com/2025/08/21/cloud-ai-security-readiness-2025/
      • NIST Unveils Guidelines To Help Spot Face Morphing Attempts
        "The US National Institute of Standards and Technology (NIST) has published new guidelines it claims will help organizations optimize their efforts to detect face morphing software. Face morphing is a type of deepfake technology that enables threat actors to blend the photos of two people into a single image. In doing so, it simplifies identity fraud by tricking face recognition systems into erroneously identifying an image as belonging to both original individuals. In this way, individual A can assume the identity of individual B and vice versa, NIST said. The new report, Face Analysis Technology Evaluation (FATE) MORPH 4B: Considerations for Implementing Morph Detection in Operations (NISTIR 8584), offers an introduction to the topic and key detection methods."
        https://www.infosecurity-magazine.com/news/nist-unveils-guidelines-spot-face/
        https://pages.nist.gov/frvt/reports/morph/fate_morph_4B_NISTIR_8584.pdf
      • Europol Says Qilin Ransomware Reward Fake
        "Europol says a reward offered for information on two members of the Qilin ransomware group is fake. Several news websites reported in recent days that Europol is offering a reward of up to $50,000 for information on “two primary administrators” of the ransomware gang. The message, reportedly posted on a Telegram channel run by Europol, says the suspects, known online as Haise and XORacle, coordinate affiliates and oversee extortion activities. Europol told SecurityWeek that it’s a “scam” and the message does not come from the law enforcement agency."
        https://www.securityweek.com/europol-says-qilin-ransomware-reward-fake/
        https://www.bleepingcomputer.com/news/security/europol-confirms-that-qilin-ransomware-reward-is-fake/
        https://hackread.com/europol-denies-qilin-ransomware-reward-scam/
      • Insider Threats And Employee Turnover: What You Need To Know
        "There are plenty of reasons why you should work to retain employees as long as they’re being reasonably productive and contributing to the bottom line. The main reason is that it’s really costly, in both time and money, to replace folks who have left. This is something all business owners know, just like they know that no matter how much they try to retain people, there will still be turnover. But too many business owners neglect the elevated risk of insider threats that are related to employee turnover. And all too often they leave themselves more vulnerable to these risks than necessary."
        https://blog.barracuda.com/2025/08/20/insider-threats-employee-turnover
      • AI Crawlers And Fetchers Are Blowing Up Websites, With Meta And OpenAI The Worst Offenders
        "Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot traffic, with the remaining 20 percent used by AI fetchers. Bots and fetchers can hit websites hard, demanding data from a single site in thousands of requests per minute. According to the report [PDF], Facebook owner Meta's AI division accounts for more than half of those crawlers, while OpenAI accounts for the overwhelming majority of on-demand fetch requests."
        https://www.theregister.com/2025/08/21/ai_crawler_traffic/
        https://learn.fastly.com/rs/025-XKO-469/images/Fastly-Threat-Insights-Report.pdf
      • Weak Passwords And Compromised Accounts: Key Findings From The Blue Report 2025
        "As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing password cracking attacks and detecting the malicious use of compromised accounts. With the first half of 2025 behind us, compromised valid accounts remain the most underprevented attack vector, highlighting the urgent need for a proactive approach focused on the threats that are evading organizations' defenses."
        https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html
        https://www.picussecurity.com/blue-report
      • K-12 School Incident Response Plans Fall Short
        "This year's back-to-school essentials aren't all about books and backpacks. Effective incident response (IR) planning is becoming a must-have for K-12 educational institutions in light of increasing attacks, especially ransomware. The education sector is a popular target for attackers because K-12 schools often operate with outdated systems and hold highly sensitive and vulnerable student data. Attackers know that schools have limited IT resources and security staff and can't afford the downtime ransomware and other incidents can cause, increasing the likelihood that they would concede to attacker demands and pay the ransom. Effective IR plans must address student and staff safety, data privacy risks, and ongoing communication with concerned parents."
        https://www.darkreading.com/endpoint-security/without-preparedness-k-12-school-incident-plans-fall-short
      • System Shocks? EV Smart Charging Tech Poses Cyber-Risks
        "In this Dark Reading interview at Black Hat USA 2025, Salvatore Gariuolo, senior threat researcher at Trend Micro, discusses ISO 15118, a global communication standard reshaping electric vehicle charging. Projections suggest that more than 600 million electric vehicles will be on roads by 2040, representing more than 30% of global vehicle volume. To cope with that, the standard supports smart charging and vehicle-to-grid communications to help manage grid strain."
        https://www.darkreading.com/iot/ev-smart-charging-cyber-risks
      • How Architectural Controls Help Can Fill The AI Security Gap
        "In this Dark Reading News Desk interview from Blackhat USA 2025, David Brauchler, technical director and AI/ML security practice lead at NCC Group, discusses critical flaws in current AI security approaches. He explains that organizations are overly reliant on guardrails as their primary security control for large language models, which is insufficient against sophisticated attacks. Through penetration testing, his team has demonstrated how AI systems with inadequate security boundaries can be manipulated to execute arbitrary code, exfiltrate passwords, and even dump entire databases."
        https://www.darkreading.com/cybersecurity-operations/architectural-controls-ai-security-gap
      • Why Video Game Anti-Cheat Systems Are a Cybersecurity Goldmine
        "In this Dark Reading interview from Black Hat USA 2025, Dark Reading senior news director Rob Wright speaks with Sam Collins and Marius Muench from the University of Birmingham about their research on video game anti-cheat systems, "Watching the Watchers: Exploring and Testing Defenses of Anti-Cheat Systems." The researchers explain that even the best anti-cheat systems only stop cheating about 50% of the time, but they serve an important economic function by increasing costs for cheaters — costing up to $200 monthly for premium cheats."
        https://www.darkreading.com/cyberattacks-data-breaches/video-game-anti-cheat-systems-cybersecurity-goldmine
      • Tree Of AST: A Bug-Hunting Framework Powered By LLMs
        "In this News Desk interview with Dark Reading senior editor Alex Culafi from Black Hat USA 2025, high school students Sasha Zyuzin and Ruikai Peng discuss their innovative framework for vulnerability discovery, which combines traditional static analysis with artificial intelligence capabilities. Their approach, "Thinking Outside the Sink: How Tree of AST Redefines the Boundaries of Data Flow Analysis," aims to automate the repetitive manual processes involved in vulnerability hunting while maintaining necessary human oversight."
        https://www.darkreading.com/vulnerabilities-threats/tree-ast-bug-hunting-framework-llms
      • Prepping The Front Line For MFA Social Engineering Attacks
        "Recent alerts from the FBI about groups like Scattered Spider have reinforced a growing reality: Today's most dangerous cyberattacks often begin with a phone call, not a phishing email. Threat actors are executing multistage, high-touch social engineering campaigns targeting the soft underbelly of enterprise defense: people. The most effective tactics bypass traditional perimeter controls altogether, exploiting urgency, familiarity, and human instinct to get network access. Among their most valuable targets are the people who hold the keys to password resets and multifactor authentication (MFA) overrides."
        https://www.darkreading.com/cyberattacks-data-breaches/prepping-front-line-mfa-social-engineering-attacks
      • “Cleanup In Aisle 4:” Telegram Is a Mess Of Fake ShinyHunters Channels
        "On August 9, DataBreaches reported on a Telegram channel with a name that combined the names of three groups: ShinyHunters, Scattered Spider, and Lapsus$. At the time, DataBreaches noted: Commenters on reading the new Telegram channel call it “schizo,” “complete chaos,” and “insane.” DataBreaches would just call it “overwhelming.” Today, DataBreaches would just call it “deleted.” But there is so much confusion about what happened between the time that the Telegram channel opened and now that it may help others to know what channels are acknowledged ShinyHunters’ channel(s), and what channels may appear to be ShinyHunters’ channels or chats but are allegedly scammers or imposters."
        https://databreaches.net/2025/08/21/cleanup-in-aisle-4-telegram-is-a-mess-of-fake-shinyhunters-channels/
      • Threat Spotlight | Cybercrime Is Hiring: Recruiting AI, IoT, And Cloud Experts To Fuel Future Campaigns
        "Adversaries are increasingly recruiting AI experts to automate entire attack workflows, allowing for faster, scalable operations and freeing resources for other objectives. Recruitment of ClickFix experts to distribute malware triggered a 200% spike in ClickFix activity between March and April 2025, while mentions of Azure and Entra quadrupled from 2023 to mid-2025, reflecting growing interest in cloud exploitation."
        https://reliaquest.com/blog/threat-spotlight-cybercrime-is-hiring-recruiting-ai-iot-and-cloud-experts/
        https://www.theregister.com/2025/08/21/impersonation_as_a_service/
      • Unmasking DPRK IT Workers: Email Address Patterns As Hiring Red Flags
        "DPRK (North Korea) actors have been using pseudo-identities to secure remote work from foreign companies, funneling the earnings back to North Korea — including funding its missile programs. These DPRK IT workers, classified by Microsoft under the “Jasper Sleet” threat actor group, primarily target the DApp, Web3, blockchain, and cryptocurrency sectors when applying for jobs overseas."
        https://theravenfile.com/2025/08/19/unmasking-dprk-it-workers-email-address-patterns-as-hiring-red-flags/
      • Dev Gets 4 Years For Creating Kill Switch On Ex-Employer's Systems
        "A software developer has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with custom malware and a kill switch that locked out employees when his account was disabled. Davis Lu, 55, a Chinese national living legally in Houston, worked for an Ohio-based company, reportedly Eaton Corporation, from 2007 until his termination in 2019. After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment."
        https://www.bleepingcomputer.com/news/security/dev-gets-4-years-for-creating-kill-switch-on-ex-employers-systems/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) c3d0ab45-2b6a-4d0a-968f-f02fa1656b9c-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post