NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 September 2025

    Cyber Security News
    1
    1
    234
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector
        "Financial firms, especially those that service loans in the automotive industry, are facing increasing fraud based on synthetic identities, researchers are warning. Cybercriminals are increasingly constructing better profiles using their access to detailed data culled from numerous breaches. The total financial risk for financial lenders in the United States rose to $3.3 billion in 2024, up from $1.9 billion in 2020, driven by a concentration of fraud leveled against lenders in the automotive sector, according to an analysis published by credit bureau TransUnion this week. Overall, synthetic identities are being used for upto 1% of transactions, depending on the type of financial product — credit cards or auto loans, for example, the company said."
        https://www.darkreading.com/cybersecurity-operations/synthetic-identities-finance-lending-sector
        https://www.globenewswire.com/news-release/2025/09/17/3151558/0/en/TransUnion-Research-Highlights-Power-of-Public-Data-in-Uncovering-3-3B-Synthetic-Identity-Threat.html

      Industrial Sector

      • Multiple Vulnerabilities In Novakon HMI Series
        "Founded in 2010, Novakon Co., Ltd., a subsidiary of the domestically listed industrial PC manufacturer – iBASE Technology (TPEx: 8050), is a dedicated Panel PC, HMI (Human-Machine Interface) and IIoT (Industrial Internet of Things) software developer and hardware manufacturer. Our exceptional customized services provide clients with a wide array of software tailormade solutions. As testament to the true value of MIT R&D and manufacture, not only do we offer customized software and hardware ODM services, but we are also committed to providing the best product functions and services for different industrial applications. Novakon focuses on long-term R&D investment to reduce the cost of introducing automation measures in addition to meeting the needs of various vertical applications."
        https://cyberdanube.com/security-research/multiple-vulnerabilities-in-novakon-hmi-series/
        https://www.securityweek.com/unpatched-vulnerabilities-expose-novakon-hmis-to-remote-hacking/
      • Shifting Supply Chains And Rules Test CPS Security Strategies
        "Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security. A new report from Claroty, based on a survey of 1,100 security professionals, shows how these forces are raising the stakes for CPS protection and forcing CISOs to rethink their strategies. The study focused on mission-critical environments such as industrial operations, connected medical devices, and building management systems. It found that external factors like supply chain instability and new compliance requirements are creating significant challenges for organizations trying to secure CPS environments."
        https://www.helpnetsecurity.com/2025/09/19/rules-test-cps-security-strategies/
      • Threat Landscape For Industrial Automation Systems. Australia And New Zealand, Q2 2025
        "The cybersecurity situation in Australia and New Zealand is among the most favorable across all regions. The region ranked 11th in Q2 2025 based on the percentage of ICS computers on which malicious objects were blocked. At the same time, the region was in higher positions in the rankings for some threat sources and categories:"
        https://ics-cert.kaspersky.com/publications/reports/2025/09/19/threat-landscape-for-industrial-automation-systems-australia-and-new-zealand-q2-2025/
      • Threat Landscape For Industrial Automation Systems. Asia, Q2 2025
        "A significant part of the infrastructure is unprotected, becoming a source of secondary infection (malware propagation) South-East Asia has high rates of self-propagating malware. The region ranks first in the world in terms of the percentage of ICS computers on which viruses and malware for AutoCAD were blocked. In both cases, it leads by a wide margin. In most cases, malware for AutoCAD is distributed in the same way as viruses. This explains the high percentage exhibited by this malware category."
        https://ics-cert.kaspersky.com/publications/reports/2025/09/19/threat-landscape-for-industrial-automation-systems-asia-q2-2025/
      • Threat Landscape For Industrial Automation Systems In Q2 2025
        "In Q2 2025, the percentage of ICS computers on which malicious objects were blocked decreased by 1.4 pp from the previous quarter to 20.5%. Compared to Q2 2024, the rate decreased by 3.0 pp. Compared to Q2 2024, the rate decreased by 3.0 pp. Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 11.2% in Northern Europe to 27.8% in Africa."
        https://securelist.com/industrial-threat-report-q2-2025/117532/

      Vulnerabilities

      • Fortra Warns Of Max Severity Flaw In GoAnywhere MFT’s License Servlet
        "Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based managed file transfer tool that helps organizations securely transfer files and maintain audit logs of who accesses the shared files. Tracked as CVE-2025-10035, this security flaw is caused by a deserialization of untrusted data weakness and can be exploited remotely in low-complexity attacks that don't require user interaction. While Fortra stated that the vulnerability was discovered over the weekend, it didn't specify who reported it or whether the flaw has been exploited in attacks."
        https://www.bleepingcomputer.com/news/security/fortra-warns-of-max-severity-flaw-in-goanywhere-mfts-license-servlet/
        https://www.fortra.com/security/advisories/product-security/fi-2025-012
        https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html
        https://www.darkreading.com/cyberattacks-data-breaches/patch-fortra-goanywhere-bug-command-injection
        https://cyberscoop.com/goanywhere-file-transfer-service-vulnerability-september-2025/
        https://securityaffairs.com/182351/security/fortra-addressed-a-maximum-severity-flaw-in-goanywhere-mft-software.html
        https://www.theregister.com/2025/09/19/gortra_goanywhere_bug/
      • One Token To Rule Them All - Obtaining Global Admin In Every Entra ID Tenant Via Actor Tokens
        "While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments1). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens, called “Actor tokens”, that Microsoft uses in their backend for service-to-service (S2S) communication. Additionally, there was a critical flaw in the (legacy) Azure AD Graph API that failed to properly validate the originating tenant, allowing these tokens to be used for cross-tenant access."
        https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/
        https://www.darkreading.com/cloud-security/critical-azure-entra-id-flaw-microsoft-iam-issues
        https://www.bleepingcomputer.com/news/security/microsoft-entra-id-flaw-allowed-hijacking-any-companys-tenant/
        https://www.theregister.com/2025/09/19/microsoft_entra_id_bug/
      • ChatGPT Agent Violates Policy And Solves Image CAPTCHAs
        "Guardrails can be bypassed: With prompt injection, ChatGPT agents can be manipulated into breaking built-in policies and solving CAPTCHAs. CAPTCHA defenses are weakening: The agent solved not only simple CAPTCHAs but also image-based ones - even adjusting its cursor to mimic human behavior. Enterprise risk is real: Attackers could reframe real controls as “fake” to bypass them, underscoring the need for context integrity, memory hygiene, and continuous red teaming."
        https://splx.ai/blog/chatgpt-agent-solves-captcha
        https://www.securityweek.com/chatgpt-tricked-into-solving-captchas/
        https://www.theregister.com/2025/09/19/how_to_trick_chatgpt_agents/

      Malware

      • Kawa4096 Ransomware: Leveraging Brand Mimicry For Psychological Impact
        "In June 2025, a new ransomware group known as Kawa4096 emerged, targeting multinational organizations across various sectors, including finance, education, and services. Their attacks have affected companies in multiple countries, notably Japan and the United States. Although there is currently no public information confirming whether they operate as a Ransomware-as-a-Service (RaaS) or collaborate with other threat groups, Kawa4096 is quickly gaining attention for its rapid and widespread activity."
        https://asec.ahnlab.com/en/90207/
      • FBI Warns Of Cybercriminals Using Fake FBI Crime Reporting Portals
        "The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as "possible malicious activity." Although it didn't share any examples and didn't point to specific attacks, the FBI said that such spoofed websites could be used by attackers in financial scams or to steal the visitors' personal information. "Threat actors create spoofed websites often by slightly altering characteristics of legitimate website domains, with the purpose of gathering personally identifiable information entered by a user into the site, including name, home address, phone number, email address, and banking information," the FBI said."
        https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-fbi-crime-complaint-portals-used-for-cybercrime/
        https://www.ic3.gov/PSA/2025/PSA250919
      • Gamaredon X Turla Collab
        "In this blogpost, we uncover the first known cases of collaboration between Gamaredon and Turla, in Ukraine. In February 2025, we discovered that the Gamaredon tool PteroGraphin was used to restart Turla’s Kazuar backdoor on a machine in Ukraine. In April and June 2025, we detected that Kazuar v2 was deployed using Gamaredon tools PteroOdd and PteroPaste. These discoveries lead us to believe with high confidence that Gamaredon is collaborating with Turla."
        https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/
        https://thehackernews.com/2025/09/russian-hackers-gamaredon-and-turla.html
        https://therecord.media/russian-spy-groups-turla-gamaredon-target-ukraine
        https://www.bankinfosecurity.com/russian-nation-state-hackers-join-forces-to-target-ukraine-a-29484
        https://www.infosecurity-magazine.com/news/russian-state-hackers-collaborate/
        https://www.securityweek.com/turla-and-gamaredon-working-together-in-fresh-ukrainian-intrusions/
        https://www.helpnetsecurity.com/2025/09/19/gamaredon-turla-threat-groups-collaborating/
        https://securityaffairs.com/182404/apt/eset-uncovers-gamaredon-turla-collaboration-in-ukraine-cyberattacks.html
      • Iranian State APT Blitzes Telcos & Satellite Companies
        "In the span of just a couple of weeks, Iranian hackers have stolen highly sensitive data from 11 global telecommunications companies, satellite operators, and aerospace equipment manufacturers. Cyber defenders have been tracking or otherwise fending off Middle Eastern cyberattacks by "Subtle Snail" (aka UNC1549) for around four years now. First, in 2021, it attacked a Bahrain-based IT integrator — perhaps, researchers thought, as a window to its more valuable clients. Later, it seemed to have developed a focus on aerospace and defense firms. Google researchers observed attacks in Israel and the United Arab Emirates (UAE), and evidence of further activity in Albania, India, and Turkey."
        https://www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
        https://catalyst.prodaft.com/public/report/modus-operandi-of-subtle-snail/overview#heading-1000
        https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html
      • ForgeCraft: Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America
        "CloudSEK's STRIKE team uncovered a China-linked network selling counterfeit U.S. and Canadian driver's license IDs and SSN cards via 83+ domains, generating $785K+ from 6,500+ fake licenses and 4,500+ unique buyers across North America. Controlled HUMINT traced the threat actor's exact geolocation and facial imagery to China. Backed by shell e-commerce fronts, social media ads, and covert shipping, the operation poses severe risks - potentially enabling fraud, trafficking, SIM swaps, and ultimately threatening U.S. national security - while offering actionable intelligence for disruption."
        https://www.cloudsek.com/whitepapers-reports/forgecraft-unmasking-a-china-linked-operation-selling-counterfeit-ids-across-north-america
        https://cdn.prod.website-files.com/635e632477408d12d1811a64/68cbcc5391e1f0cbbf2c63b7_ForgeCraft - Unmasking a China-Linked Operation Selling Counterfeit IDs Across North America.pdf
        https://hackread.com/chinese-network-ofake-us-canadian-ids/
      • How AI-Native Development Platforms Enable Fake Captcha Pages
        "Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms. However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which serve as entry points for phishing campaigns. Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms. These scams pose a dual threat: misleading users while evading automated security systems."
        https://www.trendmicro.com/en_us/research/25/i/ai-development-platforms-enable-fake-captcha-pages.html
        https://www.infosecurity-magazine.com/news/attackers-abuse-ai-fake-captchas/
      • Inside The Lighthouse And Lucid PhaaS Campaigns Targeting 316 Global Brands
        "Netcraft has identified two phishing campaigns believed to be associated with the Lighthouse and Lucid Phishing-as-a-Service (PhaaS) platforms. Since identifying these campaigns, we have detected more than 17,500 phishing domains powered by them targeting 316 brands from 74 countries. We have identified a link between the Lucid and Lighthouse platforms through use of near-identical anti-monitoring pages. We have also deployed targeted automation to enhance detection of Lucid PhaaS URLs."
        https://www.netcraft.com/blog/inside-the-lighthouse-and-lucid-phaas-campaigns-targeting-316-global-brands
        https://thehackernews.com/2025/09/17500-phishing-domains-target-316.html
      • Unmasking a Python Stealer – “XillenStealer”
        "Cyfirma’s threat intelligence assessment of XillenStealer identifies it as an open-source, Python-based information stealer publicly available on GitHub. The malware is designed to harvest sensitive system and user data through modular scripts that utilize native libraries and Windows functions for reconnaissance and collection. Its core capabilities include extracting host identifiers, hardware specifications, Cryptocurrency credentials, and network configurations, as well as retrieving browser-stored credentials. Additionally, it incorporates screenshot capture functionality to broaden the scope of compromised information."
        https://www.cyfirma.com/research/unmasking-a-python-stealer-xillenstealer/
      • DPRK Hackers Use ClickFix To Deliver BeaverTail Malware In Crypto Job Scams
        "Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret. "The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab Threat Intelligence researcher Oliver Smith said in a report published last week."
        https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html
        https://gitlab-com.gitlab.io/gl-security/security-tech-notes/threat-intelligence-tech-notes/north-korean-malware-sept-2025/
      • Large-Scale Attack Targeting Macs Via GitHub Pages Impersonating Companies To Attempt To Deliver Stealer Malware
        "The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting Mac users through fraudulent GitHub repositories designed to trick potential victims into installing what is presented as various companies’ software for MacOS. In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware. The threat actors are using Search Engine Optimization (SEO) to deliver links to their malicious sites at the top of search pages, including Bing and Google. This campaign appears to be targeting a range of companies, including tech companies, financial institutions, password managers, and more. Further information on the targeted companies can be found in the Indicators of Compromise (IoCs) at the end of the blog."
        https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
        https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html
      • Prompts As Code & Embedded Keys | The Hunt For LLM-Enabled Malware
        "As Large Language Models (LLMs) are increasingly incorporated into software‑development workflows, they also have the potential to become powerful new tools for adversaries; as defenders, it is important that we understand the implications of their use and how that use affects the dynamics of the security space. In our research, we wanted to understand how LLMs are being used and how we could successfully hunt for LLM-enabled malware. On the face of it, malware that offloads its malicious functionality to an LLM that can generate code-on-the-fly looks like a detection engineer’s nightmare. Static signatures may fail if unique code is generated at runtime, and binaries could have unpredictable behavior that might make even dynamic detection challenging."
        https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
        https://thehackernews.com/2025/09/researchers-uncover-gpt-4-powered.html

      Breaches/Hacks/Leaks

      • The GoLaxy Papers: Inside China’s AI Persona Army
        "On a jet-lagged April morning earlier this year, Brett Goldstein’s phone buzzed with a message from a trusted colleague asking him to check out a link he’d just found. Goldstein, a former government technologist and now a special adviser at Vanderbilt University’s Institute for National Security, was in the middle of a conference. Later, back in his hotel room, he scrolled through to the message again. The note was insistent and included a link. “I hate links,” he said. Still, he was curious, so he scanned the link for malware, ran a few checks, and clicked — and what appeared on his screen was a trove of PDFs all written in Mandarin. There were pages of dense Mandarin characters, something that looked like technical schematics, and then, strangely, photos of prominent Americans."
        https://therecord.media/golaxy-china-artificial-intelligence-papers
      • Russia's Main Airport In St. Petersburg Says Its Website Was Hacked
        "One of Russia’s busiest airports said on Friday its website was knocked offline in a cyberattack, the latest disruption to hit the country’s aviation industry this week. Pulkovo Airport in St. Petersburg, Russia’s second-largest air hub, said access to its website was restricted following the hack but operations at the airport were unaffected. “Check-in for flights is proceeding as usual,” the airport said in a statement, adding that specialists were working to restore the service. The airport did not provide details about the nature of the attack or whether it affected other parts of its digital infrastructure."
        https://therecord.media/russia-pulkovo-airport-st-petersburg-website-hacked
      • Cyberattack Disrupts Check-In Systems At Major European Airports
        "A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe’s major airports on Saturday. While the impact on travelers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems. The disruptions to electronic systems initially reported at Brussels, Berlin’s Brandenburg and London’s Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected. “There was a cyberattack on Friday night 19 September against the service provider for the check-in and boarding systems affecting several European airports including Brussels Airport,” said Brussels Airport in a statement, initially reporting a “large impact” on flight schedules."
        https://www.securityweek.com/cyberattack-disrupts-check-in-systems-at-major-european-airports/
        https://www.securityweek.com/airport-cyberattack-disrupts-more-flights-across-europe/
        https://www.bankinfosecurity.com/cyberattack-disrupts-services-at-major-european-airports-a-29490
        https://hackread.com/cyberattack-disrupts-airport-check-in-systems-europe/
        https://securityaffairs.com/182363/hacking/a-cyberattack-on-collins-aerospace-disrupted-operations-at-major-european-airports.html

      General News

      • Capture The Flag Competition Leads To Cybersecurity Career
        "Splunk's Boss of the SOC (BOTS) capture-the-flag competition didn't start out as a recruitment event, but for some cybersecurity professionals, taking part in the event has helped them progress in their careers. It even led to one participant getting a job with Splunk. For the past 10 years, the security company has hosted BOTS, a blue team capture-the-flag-style competition, as one of many events during its .conf user conference. Participants compete under real-world pressure to investigate scenarios and answer a series of incident response (IR) questions using Splunk tools. The scenarios are based on the previous year's most impactful real-world attacks."
        https://www.darkreading.com/cybersecurity-careers/capture-the-flag-leads-cybersecurity-careers
      • Transforming Cyber Frameworks To Take Control Of Cyber-Risk
        "CIOs, CTOs, and CISOs today can find themselves constantly on the defensive, having to adjust their security protocols and tooling to match the latest shift in the technology landscape. This may be especially true for cyber leaders in the public sector. They are required to safely guard their IT environments from AI vulnerabilities and threats from bad actors — all while potentially working with reduced budgets, managing lean IT teams, and adjusting to government cybersecurity mandates."
        https://www.darkreading.com/cyber-risk/transforming-cyber-frameworks-cyber-risk
      • 7 Lessons For Securing AI Transformation From Digital Guru Jennifer Ewbank
        "The road to AI failures is paved with good intentions and dodgy deployments. Many people are working overtime to lay down those bricks today as organizations hurry to maintain relevance in an era of AI transformation. CISOs and business risk executives alike are tasked with helping their executives grapple with a difficult balancing act. They've got to weigh the risks of building insecure or resilient AI against the risk of failing to move fast enough. Due to their sensitive nature, security teams themselves are also under increasing pressure to transform their own operations with the deep analytics and generative power of AI, even more securely and resiliently than many enterprise applications."
        https://www.darkreading.com/cyber-risk/7-lessons-securing-ai-transformation-former-cia-digital-guru
      • LLMs Can Boost Cybersecurity Decisions, But Not For Everyone
        "LLMs are moving fast from experimentation to daily use in cybersecurity. Teams are starting to use them to sort through threat intelligence, guide incident response, and help analysts handle repetitive work. But adding AI into the decision-making process brings new questions: When do these tools actually improve performance, and when might they create blind spots?"
        https://www.helpnetsecurity.com/2025/09/19/research-ai-llms-in-cybersecurity/
      • The Unseen Side Of Malware And How To Find It
        "Security teams rely on threat reports to understand what’s out there and to keep their organizations safe. But a new report shows that these reports might only reveal part of the story. Hidden malware variants are quietly slipping past defenses, leaving teams with a false sense of security. Stairwell’s Hidden Malware Report 2025 analyzed 769 threat reports published between March 2023 and July 2025. These reports contained more than 10,000 malware file identifiers. By digging deeper into these files, researchers uncovered over 16,000 additional malware variants that were not included in the original reports."
        https://www.helpnetsecurity.com/2025/09/19/discover-hidden-malware-variants/
      • Canada Dismantles TradeOgre Exchange, Seizes $40 Million In Crypto
        "The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal activities. This is the first time a crypto exchange has been shut down by Canadian law enforcement, and it also marks the largest asset seizure in the country's history. TradeOgre was a small exchange platform that focused on user privacy and dealt in niche altcoins, as well as the harder-to-trace Monero cryptocurrency."
        https://www.bleepingcomputer.com/news/security/canada-dismantles-tradeogre-exchange-seizes-40-million-in-crypto/
      • When “Goodbye” Isn’t The End: Scattered LAPSUS$ Hunters Hack On
        "“Goodbye isn’t the end. It’s the beginning of what happens next.” — Joshua Shaw. Reading the news, I see some headlines suggesting that “Scattered LAPSUS$ Hunters” lied in their “Goodbye” message. One headline read, “Security Industry Skeptical of Scattered Spider-ShinyHunters Retirement Claims.” Another read, “Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims,” and a third article declared that the threat actors just feigned retirement and asks,”You didn’t really trust the crims to keep their word, did you?” But what word do you think they really gave? It seems that although some security professionals understood some nuances in the “Goodbye” message, others may not have fully appreciated one part that seemed the harbinger of current and future events."
        https://databreaches.net/2025/09/21/when-goodbye-isnt-the-end-scattered-lapsus-hunters-hack-on/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) b0975b95-b04f-4154-844d-9c4a1d51d617-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post