NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 26 August 2025

    Cyber Security News
    1
    1
    240
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Smart Manufacturing Demands Workers With AI And Cybersecurity Skills
        "The manufacturing sector is entering a new phase of digital transformation. According to Rockwell Automation’s 10th Annual State of Smart Manufacturing Report, 56% of manufacturers are piloting smart manufacturing initiatives, 20% have deployed them at scale, and another 20% are planning future investments. While energy costs have become less of a concern for manufacturers, cybersecurity risks, competition, and workforce challenges have risen in prominence. Alongside inflation and economic uncertainty, these factors are now among the top obstacles manufacturers expect to face over the next year."
        https://www.helpnetsecurity.com/2025/08/25/ai-powered-smart-manufacturing/

      New Tooling

      • Kopia: Open-Source Encrypted Backup Tool For Windows, MacOS, Linux
        "Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer. It doesn’t create a full image of your machine. Instead, you pick the files and folders you want to back up or restore. Kopia comes with both a command-line interface (CLI) and a graphical user interface (GUI), so it works well for experienced users and beginners alike. Its features include compression, deduplication, end-to-end encryption, and error correction."
        https://www.helpnetsecurity.com/2025/08/25/kopia-open-source-encrypted-backup-tool-windows-macos-linux/
        https://github.com/kopia/kopia

      Vulnerabilities

      • Critical Docker Desktop Flaw Lets Attackers Hijack Windows Hosts
        "A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. “A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted,” reads Docker’s bulletin."
        https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
        https://blog.qwertysecurity.com/Articles/blog3
        https://thehackernews.com/2025/08/docker-fixes-cve-2025-9074-critical.html
      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2024-8069 Citrix Session Recording Deserialization of Untrusted Data Vulnerability
        CVE-2024-8068 Citrix Session Recording Improper Privilege Management Vulnerability
        CVE-2025-48384 Git Link Following Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/08/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • OneFlip: An Emerging Threat To AI That Could Make Vehicles Crash And Facial Recognition Fail
        "Autonomous vehicles and many other automated systems are controlled by AI; but the AI could be controlled by malicious attackers taking over the AI’s weights. Weights within AI’s deep neural networks represent the models’ learning and how it is used. A weight is usually defined in a 32-bit word, and there can be hundreds of billions of bits involved in this AI ‘reasoning’ process. It is a no-brainer that if an attacker controls the weights, the attacker controls the AI. A research team from George Mason University, led by associate professor Qiang Zeng, presented a paper (PDF) at this year’s August USENIX Security Symposium describing a process that can flip a single bit to alter a targeted weight. The effect could change a benign and beneficial outcome to a potentially dangerous and disastrous outcome."
        https://www.securityweek.com/oneflip-an-emerging-threat-to-ai-that-could-make-vehicles-crash-and-facial-recognition-fail/
        https://www.usenix.org/system/files/usenixsecurity25-li-xiang.pdf

      Malware

      • New Android Malware Poses As Antivirus From Russian Intelligence Agency
        "A new Android malware posing as an antivirus tool software created by Russia's Federal Security Services agency (FSB) is being used to target executives of Russian businesses. In a new report from Russian mobile security firm Dr. Web, researchers track the new spyware as 'Android.Backdoor.916.origin,' finding no links to known malware families. Among its various capabilities, the malware can snoop on conversations, stream from the phone's camera, log user input with a keylogger, or exfiltrate communication data from messenger apps."
        https://www.bleepingcomputer.com/news/security/new-android-malware-poses-as-antivirus-from-russian-intelligence-agency/
        https://securityaffairs.com/181503/malware/android-backdoor-916-origin-malware-targets-russian-business-executives.html
      • Trust Issues: How Email Threats Hide Behind Your Partners
        "The most widely used email security tools still focus on yesterday’s threats. Meanwhile, attackers have moved on. By hijacking legitimate business relationships and embedding infostealers in familiar-sounding, well-written emails, cybercriminals bypass conventional defenses. The only way to keep up is by using a behavioral approach."
        https://www.group-ib.com/blog/how-email-threats-hide-behind-your-partners/
      • Arch Linux Project Responding To Week-Long DDoS Attack
        "For more than a week, the Arch Linux Project’s maintainers have been responding to a sustained distributed denial-of-service (DDoS) attack that impacted most of the project’s resources. The project’s maintainers first confirmed that the outage was caused by a DDoS attack on August 16, noting that the Arch User Repository (AUR), the Arch Linux main webpage, and the forums were down. “As you might be aware some of our services (AUR, Forums, main website) are currently affected by a DDoS attack. We are aware of the issue and are actively working on mitigation efforts,” the maintainers said."
        https://www.securityweek.com/arch-linux-project-responding-to-week-long-ddos-attack/
      • Phishing In The Classroom: 115,000 Emails Exploit Google Classroom To Target 13,500 Organizations
        "Check Point researchers have uncovered a large-scale active phishing campaign abusing Google Classroom, a platform trusted by millions of students and educators worldwide. Over the course of just one week, attackers launched five coordinated waves, distributing more than 115,000 phishing emails aimed at 13,500 organizations across multiple industries. Organizations in Europe, North America, the Middle East and Asia are being targeted."
        https://blog.checkpoint.com/email-security/phishing-in-the-classroom-115000-emails-exploit-google-classroom-to-target-13500-organizations/
      • Hackers Lay In Wait, Then Knocked Out Iran Ship Comms
        "A shadowy hacktivist crew known for outing Iran's state-run hackers is claiming credit for knocking out communications aboard dozens of Iranian oil tankers and cargo ships, leaving critical onboard systems completely bricked. UK-based Iran International on Friday described it as one of the largest cyberattacks ever on Iran's maritime sector, disrupting some 25 cargo ships and 39 tankers operated by the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL). Both companies have been sanctioned by the US Treasury Department for various violations linked to the Iranian government."
        https://www.darkreading.com/cyber-risk/hackers-knocked-out-iran-ship-comms
      • Trusted My Summarizer, Now My Fridge Is Encrypted — How Threat Actors Could Weaponize AI Summarizers With CSS-Based ClickFix Attacks
        "A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems. This approach targets summarizers embedded in applications such as email clients, browser extensions, and productivity platforms. By exploiting the trust users place in AI-generated summaries, the method covertly delivers malicious step-by-step instructions that can facilitate ransomware deployment. The attack is achieved by embedding payloads within HTML content using CSS-based obfuscation methods, including zero-width characters, white-on-white text, tiny font rendering, and off-screen positioning."
        https://www.cloudsek.com/blog/trusted-my-summarizer-now-my-fridge-is-encrypted----how-threat-actors-could-weaponize-ai-summarizers-with-css-based-clickfix-attacks
        https://www.darkreading.com/vulnerabilities-threats/clickfix-attack-ai-summaries-pushing-malware
      • Phishing Campaign Targeting Companies Via UpCrypter
        "FortiGuard Labs recently identified a phishing campaign leveraging carefully crafted emails to deliver malicious URLs linked to convincing phishing pages. These pages are designed to entice recipients into downloading JavaScript files that act as droppers for UpCrypter, malware that ultimately deploys various remote access tools (RATs). The attack chain begins with a small, obfuscated script that redirects victims to a spoofed site personalized with the target’s email domain, enhancing credibility. In this blog post, we’ll describe an infection chain using different methods to lure the victim and successfully deliver several RATs, including PureHVNC, DCRat, and Babylon RAT."
        https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-companies-via-upcrypter
        https://www.darkreading.com/cyberattacks-data-breaches/fast-spreading-phishing-installs-rats
        https://thehackernews.com/2025/08/phishing-campaign-uses-upcrypter-in.html
        https://hackread.com/fake-voicemail-emails-install-upcrypter-malware-windows/
      • Deception In Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic To Target Diplomats
        "In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC). The campaign hijacks target web traffic, using a captive portal redirect, to deliver a digitally signed downloader that GTIG tracks as STATICPLUGIN."
        https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/
        https://thehackernews.com/2025/08/unc6384-deploys-plugx-via-captive.html
      • ScreenConnect Super Admin Credential Harvesting
        "Samantha Clarke and the Mimecast Threat Research team have identified an ongoing credential harvesting campaign (designated MCTO3030) that specifically targets ScreenConnect cloud administrators. This sophisticated operation has maintained consistent tactics, techniques, and procedures since 2022, demonstrating remarkable operational security through low-volume distribution that has allowed it to operate largely undetected. The campaign employs spear phishing emails delivered through Amazon Simple Email Service (SES) accounts, targeting senior IT professionals including directors, managers, and security personnel with elevated privileges in ScreenConnect environments. The attackers specifically seek super administrator credentials, which provide comprehensive control over remote access infrastructure across entire organizations."
        https://www.mimecast.com/threat-intelligence-hub/screenconnect-super-admin-credential/
        https://www.helpnetsecurity.com/2025/08/25/screenconnect-admins-targeted-with-spoofed-suspicious-login-alerts/
      • Examining The Tactics Of BQTLOCK Ransomware & Its Variants
        "Ransomware-as-a-Service (RaaS), marketed on dark web forums or Telegram channels, is a growing model in the cybercrime ecosystem where ransomware developers offer their malicious tools and infrastructure to affiliates in a subscription model or a profit share. Affiliates who are responsible for the distribution need not have any coding experience. They can simply purchase or subscribe to a RaaS, which handles the payload generation, encryption mechanisms, victim communication portals, and even automated payment collection via cryptocurrency."
        https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/

      Breaches/Hacks/Leaks

      • Farmers Insurance Data Breach Impacts 1.1M People After Salesforce Attack
        "U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks. Farmers Insurance is a U.S.-based insurer that provides auto, home, life, and business insurance products. It operates through a network of agents and subsidiaries, serving more than 10 million households nationwide. The company disclosed the data breach in an advisory on its website, saying that its database at a third-party vendor was breached on May 29, 2025."
        https://www.bleepingcomputer.com/news/security/farmers-insurance-data-breach-impacts-11m-people-after-salesforce-attack/
        https://therecord.media/farmers-insurance-million-data-breach
        https://www.securityweek.com/farmers-insurance-data-breach-impacts-over-1-million-people/
        https://www.bankinfosecurity.com/farmers-insurance-aflac-report-data-breaches-to-regulators-a-29289
      • Auchan Retailer Data Breach Impacts Hundreds Of Thousands Of Customers
        "French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. The company is sending data breach notifications to customers affected by the incident. "We are writing to inform you that Auchan has been the victim of a cyberattack. This attack resulted in unauthorized access to certain personal data associated with your loyalty account," reads the retailer's notification."
        https://www.bleepingcomputer.com/news/security/auchan-retailer-data-breach-impacts-hundreds-of-thousands-of-customers/
      • Nevada State Offices Halts Services After Cyber Incident
        "Nevada state offices suspended some in-person services Monday after a network security incident disrupted local agency systems, officials confirmed. Emergency services and 911 remained fully operational statewide, but the disruption knocked out access to certain state websites, online portals and office phone lines, according to a release from the governor’s office. The governor’s website was offline at publication time and the state’s media office did not immediately respond to a request for comment."
        https://www.bankinfosecurity.com/nevada-state-offices-halts-services-after-cyber-incident-a-29290
      • Maryland Investigating Cyberattack Impacting Transit Service For Disabled People
        "Several state departments in Maryland are dealing with a cyberattack affecting systems used to organize transportation for disabled people. On Sunday, the Maryland Transit Administration (MTA) published warnings on social media and on its website about a cyber incident involving unauthorized access to some systems. While the MTA’s core transportation services — which include bus lines, subways and a light rail system — were not affected, some real-time information systems and other tools used for the specialized transit service called Mobility were impacted."
        https://therecord.media/maryland-cyberattack-transit-disabled-people

      General News

      • Why a New AI Tool Could Change How We Test Insider Threat Defenses
        "Insider threats are among the hardest attacks to detect because they come from people who already have legitimate access. Security teams know the risk well, but they often lack the data needed to train systems that can spot subtle patterns of malicious behavior. A research team has introduced Chimera, a system that uses LLM agents to simulate both normal and malicious employee activity in enterprise settings. The goal is to solve one of the main problems in insider threat detection: the lack of realistic and shareable datasets."
        https://www.helpnetsecurity.com/2025/08/25/ai-insider-threat-simulation/
      • Why Satellite Cybersecurity Threats Matter To Everyone
        "Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is even greater because many satellites still in service were designed decades ago, at a time when cybersecurity wasn’t a focus, which leaves them with limited defenses."
        https://www.helpnetsecurity.com/2025/08/25/brett-loubert-deloitte-satellite-cybersecurity-threats/
      • Why SIEM Rules Fail And How To Fix Them: Insights From 160 Million Attack Simulations
        "Security Information and Event Management (SIEM) systems act as the primary tools for detecting suspicious activity in enterprise networks, helping organizations identify and respond to potential attacks in real time. However, the new Picus Blue Report 2025, based on over 160 million real-world attack simulations, revealed that organizations are only detecting 1 out of 7 simulated attacks, showing a critical gap in threat detection and response."
        https://thehackernews.com/2025/08/why-siem-rules-fail-and-how-to-fix-them.html
      • Securing The Cloud In An Age Of Escalating Cyber Threats
        "As cloud environments become increasingly complex and attackers become more sophisticated, organizations must rethink their approach to securing infrastructure. Recent cyberattacks in Singapore serve as a critical wake-up call. In a recent report, Rubrick found that nearly 20% of organizations in Singapore experienced more than 25 cyberattacks in 2024, averaging at least one attack every two weeks."
        https://www.darkreading.com/cyberattacks-data-breaches/securing-cloud-age-escalating-cyber-threats
      • AI Browsers Could Leave Users Penniless: A Prompt Injection Warning
        "Artificial Intelligence (AI) browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called “prompt injection.” Large language models (LLMs)—like the ones that power AI chatbots including ChatGPT, Claude, and Gemini—are designed to follow “prompts,” which are the instructions and questions that people provide when looking up info or getting help with a topic. In a chatbot, the questions you ask the AI are the “prompts.” But AI models aren’t great at telling apart the types of commands that are meant for their eyes only (for example, hidden background rules that come directly from developers, like “don’t write ransomware“) from the types of requests that come from users."
        https://www.malwarebytes.com/blog/news/2025/08/ai-browsers-could-leave-users-penniless-a-prompt-injection-warning

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b6696119-1eb6-4dee-b383-e8effbf3e7e0-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post