NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 19 September 2025

    Cyber Security News
    1
    1
    413
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Westermo Network Technologies WeOS 5
        "Successful exploitation of this vulnerability could allow an attacker with administrative permissions to execute commands that would typically be inaccessible. This could allow the execution of commands with privileges beyond those normally granted to the attacker."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-01
      • Hitachi Energy Asset Suite
        "Successful exploitation of this vulnerability could allow attackers to trigger resource consumption or information disclosure through SSRF in Apache XML Graphics Batik, mount a Denial-Of-Service attack via poisoned data in logback, discover cleartext passwords in H2 Database Engine, fill up the file system in Apache CXF, perform open redirect or SSRF attacks through UriComponentsBuilder, and execute arbitrary code in Apache ActiveMQ."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-04
      • Hitachi Energy Service Suite
        "Successful exploitation of this vulnerability could allow attackers to compromise Oracle WebLogic Server, resulting in potential impacts on confidentiality, integrity, and availability."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-05
      • Cognex In-Sight Explorer And In-Sight Camera Firmware
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, steal credentials, modify files, or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-06
      • Dover Fueling Solutions ProGauge MagLink LX4 Devices
        "Successful exploitation of these vulnerabilities could result in a remote attacker causing a denial-of-service condition or gaining administrative access to the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07
      • Westermo Network Technologies WeOS 5
        "Successful exploitation of this vulnerability could cause the device to reboot."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-02
      • Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit
        "Successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary shell commands on the affected devices."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-03
      • Threat Landscape For Industrial Automation Systems. Africa, Q2 2025
        "High threat detection rates point to low cybersecurity maturity across industrial companies on the continent: the availability of internet access on OT computers, weak phishing protection, large portions of unprotected infrastructure, and still relatively poor employee cyberhygiene. In Africa, the percentage of ICS computers on which all categories of threats were blocked is higher than the global average."
        https://ics-cert.kaspersky.com/publications/reports/2025/09/18/threat-landscape-for-industrial-automation-systems-africa-q2-2025/

      Vulnerabilities

      • Google Patches Sixth Chrome Zero-Day Exploited In Attacks This Year
        "Google has released emergency security updates to patch a Chrome zero-day vulnerability, the sixth one tagged as exploited in attacks since the start of the year. While it didn't specifically say whether this security flaw is still being actively abused in the wild, the company warned that it has a public exploit, a common indicator of active exploitation. "Google is aware that an exploit for CVE-2025-10585 exists in the wild," Google warned in a security advisory published on Wednesday."
        https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/
        https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
        https://www.securityweek.com/chrome-140-update-patches-sixth-zero-day-of-2025/
        https://securityaffairs.com/182322/uncategorized/cve-2025-10585-is-the-sixth-actively-exploited-chrome-zero-day-patched-by-google-in-2025.html
        https://www.theregister.com/2025/09/18/google_emergency_patch_chrome_0_day/
        https://www.helpnetsecurity.com/2025/09/18/chrome-zero-day-vulnerability-cve-2025-10585/
        https://www.malwarebytes.com/blog/news/2025/09/update-your-chrome-today-google-patches-4-vulnerabilities-including-one-zero-day
      • WatchGuard Warns Of Critical Vulnerability In Firebox Firewalls
        "WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. Tracked as CVE-2025-9242, this critical security flaw is caused by an out-of-bounds write weakness that can allow attackers to execute malicious code remotely on vulnerable devices following successful exploitation. CVE-2025-9242 affects firewalls running Fireware OS 11.x (end of life), 12.x, and 2025.1, and was fixed in versions 12.3.1_Update3 (B722811), 12.5.13, 12.11.4, and 2025.1.1."
        https://www.bleepingcomputer.com/news/security/watchguard-warns-of-critical-vulnerability-in-firebox-firewalls/
        https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015
      • ShadowLeak: A Zero-Click, Service-Side Attack Exfiltrating Sensitive Data Using ChatGPT’s Deep Research Agent
        "We found a zero-click flaw in ChatGPT's Deep Research agent when connected to Gmail and browsing: A single crafted email quietly makes the agent leak sensitive inbox data to an attacker with no user action or visible UI. Service-Side Exfiltration: Unlike prior research that relied on client-side image rendering to trigger the leak, this attack leaks data directly from OpenAI’s cloud infrastructure, making it invisible to local or enterprise defenses. The attack utilizes an indirect prompt injection that can be hidden in email HTML (tiny fonts, white-on-white text, layout tricks) so the user never notices the commands, but the agent still reads and obeys them. Well-crafted social engineering tricks bypassed the agent’s safety-trained restrictions, enabling the attack to succeed with a 100% success rate."
        https://www.radware.com/blog/threat-intelligence/shadowleak/
        https://therecord.media/openai-fixes-zero-click-shadowleak-vulnerability
        https://www.securityweek.com/chatgpt-deep-research-targeted-in-server-side-data-theft-attack/
        https://securityaffairs.com/182334/hacking/shadowleak-radware-uncovers-zero-click-attack-on-chatgpt.html

      Malware

      • CISA Releases Malware Analysis Report On Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems
        "Today, CISA released a Malware Analysis Report detailing the functionality of two sets of malware obtained from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM). The Malware Analysis Report, Malicious Listener for Ivanti EPMM Systems, provides guidance to help organizations detect and mitigate these threats, including indicators of compromise and YARA and SIGMA rules. Mitigations include highlighting the need to upgrade Ivanti EPMM systems to the latest version and to treat mobile device management systems as high-value assets with strengthened monitoring and restrictions."
        https://www.cisa.gov/news-events/alerts/2025/09/18/cisa-releases-malware-analysis-report-malicious-listener-targeting-ivanti-endpoint-manager-mobile
        https://www.cisa.gov/news-events/analysis-reports/ar25-261a
      • SystemBC – Bringing The Noise
        "The Black Lotus Labs team at Lumen Technologies has uncovered new infrastructure behind the “SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems from several large commercial providers. The victims are made into proxies that enable high volumes of malicious traffic for use by a host of criminal threat groups. By manipulating VPS systems instead of devices in residential IP space as is typical in malware-based proxy networks, SystemBC can offer proxies with massive amounts of volume for longer periods of time. Similar, high-bandwidth proxies in residential IP space would alert and disrupt users of smaller, lower bandwidth devices."
        https://blog.lumen.com/systembc-bringing-the-noise/
        https://www.bleepingcomputer.com/news/security/systembc-malware-turns-infected-vps-systems-into-proxy-highway/
      • Fake Empire Podcast Invites Target Crypto Industry With MacOS AMOS Stealer
        "A new phishing campaign is targeting developers and influencers in the crypto industry with fake interview requests that impersonate a popular Web3 podcast. The attackers pose as hosts, luring unsuspecting victims to websites mimicking platforms such as Streamyard and Huddle to distribute AMOS Stealer malware against macOS devices. The latest scam surfaced only weeks after another scheme, reported in August 2025, where fraudsters posed as CoinMarketCap journalists to target crypto executives in a spear-phishing campaign."
        https://hackread.com/fake-empire-podcast-invites-crypto-macos-amos-stealer/
      • CountLoader: Silent Push Discovers New Malware Loader Being Served In 3 Different Versions
        "Silent Push Threat Analysts are tracking the spread of a new malware loader we have named “CountLoader,” that is strongly associated with Russian ransomware gangs. The evolving threat is served in three versions: .NET, PowerShell, and JScript, and was recently used in a phishing lure targeting individuals in Ukraine as part of a campaign impersonating Ukrainian police. Our analysis has observed CountLoader dropping several malware agents, like CobaltStrike and AdaptixC2. Technical evidence obtained from within these samples allowed our team to make the connection between the agents dropped by CountLoader and the malware agents observed in several ransomware attacks."
        https://www.silentpush.com/blog/countloader/
        https://thehackernews.com/2025/09/countloader-broadens-russian-ransomware.html

      Breaches/Hacks/Leaks

      • Token Exfiltration Campaign Via GitHub Actions Workflows
        "I recently responded to an attack campaign where malicious actors injected code into GitHub Actions workflows attempting to steal PyPI publishing tokens. PyPI was not compromised, and no PyPI packages were published by the attackers. Attackers targeted a wide variety of repositories, many of which had PyPI tokens stored as GitHub secrets, modifying their workflows to send those tokens to external servers. While the attackers successfully exfiltrated some tokens, they do not appear to have used them on PyPI. I've invalidated all affected tokens and notified the impacted project maintainers. If you're one of them, I have emailed you from [email protected]."
        https://blog.pypi.org/posts/2025-09-16-github-actions-token-exfiltration/
        https://www.bleepingcomputer.com/news/security/pypi-invalidates-tokens-stolen-in-ghostaction-supply-chain-attack/
      • Survival Flight Reports Second Cybersecurity Incident In Less Than a Year
        "Survival Flight is an Arizona-headquartered firm that provides ground and air emergency medical transportation services. On August 12, they issued a substitute notice saying that on July 17, they had discovered a cybersecurity incident affecting its IT systems. In their substitute notice, which has not been updated as of this publication, they wrote:"
        https://databreaches.net/2025/09/18/survival-flight-reports-second-cybersecurity-incident-in-less-than-a-year/
      • Nearly 250,000 Impacted By Data Breach At Medical Associates Of Brevard
        "Florida-based Medical Associates of Brevard has informed authorities that a data breach suffered earlier this year impacts nearly 250,000 individuals. Medical Associates of Brevard provides healthcare services in the Melbourne, Florida area. The organization discovered in mid-January 2025 that its systems had been breached and an investigation later determined that the attackers may have stolen personal and protected health information."
        https://www.securityweek.com/nearly-250000-impacted-by-data-breach-at-medical-associates-of-brevard/
      • Russian Regional Airline Disrupted By Suspected Cyberattack
        "Russian regional carrier KrasAvia said on Thursday that some of its digital services were disrupted by a system failure — the latest incident to hit the country’s aviation sector amid a wave of suspected cyberattacks. The Krasnoyarsk-based airline said its specialists were “working to minimize risks to the flight schedule and to restore services to normal operation as quickly as possible.” As of Thursday evening local time, its website was down, online ticket sales were suspended, and passengers were advised that digital check-ins were unavailable at airports. Despite the outage, KrasAvia said flights were operating on schedule. The airline largely serves central Siberia and Mongolia."
        https://therecord.media/russia-krasavia-airline-disrupted-suspected-cyberattack
      • Cybercriminals Pwn 850k+ Americans' Healthcare Data
        "Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers. Goshen Medical Center, which runs sites across North Carolina, has this week reported a sizeable breach affecting 456,385 people. The types of data exposed varied for each individual, but basic personal information, as well as social security numbers, driver's license numbers, and medical record numbers were exposed during this attack, which went undetected for almost a month."
        https://www.theregister.com/2025/09/18/850k_americans_affected_by_medical/

      General News

      • Two Charged For TfL Cyber Attack
        "Two men have been charged as part of the National Crime Agency investigation into a cyber attack on Transport for London (TfL). TfL was subject of a network intrusion on 31 August 2024, which investigators believe was carried out by members of the online criminal collective known as Scattered Spider. Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were arrested at their home addresses on Tuesday (16 September) by the NCA and City of London Police."
        https://www.nationalcrimeagency.gov.uk/news/two-charged-for-tfl-cyber-attack
        https://therecord.media/scattered-spider-teenage-suspects-arrested-britain-nca
        https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/
        https://www.bankinfosecurity.com/scattered-spider-sting-2-english-teens-charged-attacks-a-29476
        https://cyberscoop.com/scattered-spider-teenagers-arrested-uk/
        https://hackread.com/two-uk-teenagers-charged-tfl-hack-scattered-spider/
        https://www.infosecurity-magazine.com/news/us-uk-charge-scattered-spider/
        https://www.theregister.com/2025/09/18/two_teens_charged_in_tfl_case/
      • Ransomware Landscape August 2025: Qilin Dominates As Sinobi Emerges
        "In August, Qilin was the most active ransomware group for the fourth time in five months, while a new ransomware group is quickly moving up the ranks. Qilin’s 104 claimed victims in August were nearly double second-place Akira’s 56, but the rapid rise of Sinobi to third place has been one of the more intriguing recent developments in the ransomware landscape (chart below). The dominance of Qilin and the rise of Sinobi were among the revelations in Cyble’s latest global threat landscape report, which also documents a surge in supply chain and critical infrastructure attacks, among other findings."
        https://cyble.com/blog/qilin-ransomware-group-leads-surge/
      • Mastering Digital Breadcrumbs To Stay Ahead Of Evolving Threats
        "Digital forensics is a fast-growing cybersecurity discipline in increasing demand by businesses, and professionals need special preparation and frequent upskilling, but the rewards can add up. It’s a highly attractive area to work in, says Rob T. Lee, chief of research for SANS Institute. “It’s very juicy, and very sought after,” says Lee, a former cyberspace warfare operations officer tasked to the National Security Agency."
        https://www.darkreading.com/vulnerabilities-threats/mastering-digital-breadcrumbs-stay-ahead-of-evolving-threats
      • The Cloud Edge Is The New Attack Surface
        "As companies expand their use of cloud computing beyond a few dozen applications to build the connective tissue between data centers and endpoints, their attack surface — the cloud edge — has grown. But securing that edge can be difficult. While security and operations teams are used to applying security at the edge of their own networks, the cloud edge is not always theirs to manage. Communications between cloud workloads often traverse the public Internet, putting data at risk of interception and opening up new holes in an organization's attack surface, experts say."
        https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface
      • Behind The Scenes Of cURL With Its Founder: Releases, Updates, And Security
        "In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks. Stenberg also explains the team’s approach to handling vulnerabilities, ensuring transparency, and maintaining trust in the open-source ecosystem."
        https://www.helpnetsecurity.com/2025/09/18/daniel-stenberg-running-curl-project/
      • AI Made Crypto Scams Far More Dangerous
        "The first half of 2025 saw one of the worst waves of crypto hacks to date, with more than $3.01 billion stolen. AI was a big part of it, making scams easier to run and letting even low-skill criminals get in on the action. In the U.S. alone, nearly 160,000 crypto-related fraud complaints were reported in 2024. “The adversaries themselves aren’t fundamentally different between traditional finance and the crypto industry, but certain of the tactics they employ are distinct and the sophistication of attackers in the crypto space is notably higher,” said Norah Beers, CISO at Grayscale."
        https://www.helpnetsecurity.com/2025/09/18/ai-crypto-scams-dangerous/
        Global Hiring Risks: What You Need To Know About Identity Fraud And Screening Trends
        "Hiring new employees has always carried some risk, but that risk is growing in new ways, and identity fraud is becoming more common in the hiring process. HireRight’s 2025 Global Benchmark Report takes a close look at how organizations around the world are handling background screening. The findings come from more than 1,100 HR and risk management professionals across North America, EMEA, and APAC."
        https://www.helpnetsecurity.com/2025/09/18/global-hiring-risks-2025/
      • The Dark Side Of GenAI: Strategic Implications For Cyber Defense
        "The rise of malicious generative AI tools such as Evil-GPT, WolfGPT, DarkBard, and PoisonGPT presents significant strategic challenges for enterprises. As cybercriminals increasingly leverage AI as a copilot in their operations, chief information security officers (CISOs) and security leaders must navigate a rapidly evolving threat landscape. Here are the key implications that organizations need to consider:"
        https://blog.barracuda.com/2025/09/18/dark-side-genai-strategic-implications-cyber-defense
      • How CISOs Can Drive Effective AI Governance
        "AI's growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and hope the risk is contained. However, effective governance doesn't work that way. It must be a living system that shapes how AI is used every day, guiding organizations through safe transformative change without slowing down the pace of innovation."
        https://thehackernews.com/2025/09/how-cisos-can-drive-effective-ai.html

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 9f50498d-c866-4002-9f8a-26897e5fd9ea-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post