NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 September 2025

    Cyber Security News
    1
    1
    446
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • AutomationDirect CLICK PLUS
        "Successful exploitation of these vulnerabilities disclose sensitive information, modify device settings, escalate privileges, or cause a denial-of-service condition on the affected device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01
      • Viessmann Vitogate 300
        "Successful exploitation of this vulnerability could allow an attacker to modify an intended OS command when it is sent to a downstream component, or allow an attacker to cause unexpected interactions between the client and server."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-04
      • Mitsubishi Electric MELSEC-Q Series CPU Module
        "Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS)."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-02
      • Schneider Electric SESU
        "Successful exploitation of this vulnerability could allow an authenticated attacker to write arbitrary data to protected locations, potentially leading to escalation of privilege, arbitrary file corruption, exposure of application and system information or persistent denial of service when a low-privileged attacker tampers with the installation folder."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-03
      • Threat Landscape For Industrial Automation Systems. Europe, Q2 2025
        "High levels of email threats (phishing) and spyware clearly indicate that industrial systems in the region are highly exposed to advanced attackers. In Eastern Europe, the percentage of ICS computers on which threats from email clients were blocked is 1.3 times higher than the global average. The percentage of ICS computers on which malicious documents were blocked exceeds the global average by 1.4 times. Attackers distribute malicious documents in phishing emails and use them as an initial infection vector. Typically, such documents contain exploits, malicious macros, or harmful links."
        https://ics-cert.kaspersky.com/publications/reports/2025/09/23/threat-landscape-for-industrial-automation-systems-europe-q2-2025/
      • Threat Landscape For Industrial Automation Systems. Russia, Q2 2025
        "The main categories of internet threats blocked on ICS computers include denylisted internet resources, malicious scripts and phishing pages, and miners. The list of denylisted internet resources is used to prevent initial infection attempts. In particular, the following threats on ICS computers are blocked with the aid of this list:"
        https://ics-cert.kaspersky.com/publications/reports/2025/09/23/threat-landscape-for-industrial-automation-systems-russia-q2-2025/

      Telecom Sector

      • A Massive Telecom Threat Was Stopped Right As World Leaders Gathered At UN Headquarters In New York
        "While close to 150 world leaders prepared to descend on Manhattan for the U.N. General Assembly, the U.S. Secret Service was quietly dismantling a massive hidden telecom network across the New York area — a system investigators say could have crippled cell towers, jammed 911 calls and flooded networks with chaos at the very moment the city was most vulnerable. The cache, made up of more than 300 SIM servers packed with over 100,000 SIM cards and clustered within 35 miles of the United Nations, represents one of the most sweeping communications threats uncovered on U.S. soil. Investigators warn the system could have blacked out cellular service in a city that relies on it not only for daily life but for emergency response and counterterrorism."
        https://www.securityweek.com/a-massive-telecom-threat-was-stopped-right-as-world-leaders-gathered-at-un-headquarters-in-new-york/
        https://thehackernews.com/2025/09/us-secret-service-seizes-300-sim.html
        https://therecord.media/secret-service-cellular-network-disruption
        https://www.bankinfosecurity.com/secret-service-dismantles-ny-telecom-threat-amid-un-meeting-a-29516
        https://cyberscoop.com/secret-service-dismantles-nyc-telecom-threat-un-general-assembly/
        https://securityaffairs.com/182499/intelligence/us-secret-service-dismantled-covert-communications-network-near-the-u-n-in-new-york.html
        https://www.theregister.com/2025/09/23/secret_service_sim_bust/
        https://www.helpnetsecurity.com/2025/09/23/us-secret-service-telecom-threat/

      Vulnerabilities

      • SolarWinds Releases Third Patch To Fix Web Help Desk RCE Bug
        "SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. Tracked as CVE-2025-26399, the security issue is the company's third attempt to address an older flaw identified as CVE-2024-28986 that impacted Web Help Desk (WHD) 12.8.3 and all previous versions. SolarWinds WHD is a help desk and ticketing suite used by medium-to-large organizations for IT support request tracking, workflow automation, asset management, and compliance assurance. CVE-2025-26399 affects the latest WHD version 12.8.7 and is caused by unsafe deserialization handling in the AjaxProxy component. Successful exploitation allows an unauthenticated attacker to run commands on the host machine."
        https://www.bleepingcomputer.com/news/security/solarwinds-releases-third-patch-to-fix-web-help-desk-rce-bug/
        https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm
        https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html
        https://www.securityweek.com/solarwinds-makes-third-attempt-at-patching-exploited-vulnerability/
        https://www.theregister.com/2025/09/23/solarwinds_patches_rce/
      • SonicWall Releases SMA100 Firmware Update To Wipe Rootkit Malware
        "SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. "SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices," the company said in a Monday advisory. "SonicWall strongly recommends that users of the SMA 100 series products (SMA 210, 410, and 500v) upgrade to the 10.2.2.2-92sv version.""
        https://www.bleepingcomputer.com/news/security/sonicwall-releases-sma100-firmware-update-to-wipe-rootkit-malware/
        https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0015
        https://www.theregister.com/2025/09/23/sonicwall_rootkitbooting_firmware_update/
        https://www.helpnetsecurity.com/2025/09/23/sonicwall-adds-rootkit-removal-capabilities-to-the-sma-100-series/
      • Libraesva ESG Issues Emergency Fix For Bug Exploited By State Hackers
        "Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors believed to be state sponsored. The email security product protects email systems from phishing, malware, spam, business email compromise, and spoofing, using a multi-layer protection architecture. According to the vendor, Libraesva ESG is used by thousands of small and medium businesses as well as large enterprises worldwide, serving over 200,000 users."
        https://www.bleepingcomputer.com/news/security/libraesva-esg-issues-emergency-fix-for-bug-exploited-by-state-hackers/
        https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/
      • Broken Trust: Fixed Supermicro BMC Bug Gains a New Life In Two New Vulnerabilities
        "In a previous blog post, we detailed three Supermicro BMC firmware vulnerabilities that were originally found by the NVIDIA Offensive Security Research Team and disclosed earlier this year. All these issues were related to the BMC firmware update process and could be exploited by an attacker with administrative access to the BMC operating system who uploaded a specially crafted image. To recap briefly, two of the vulnerabilities (CVE-2024-10238 and CVE-2024-10239) were caused by insufficient checks during the parsing process of the uploaded firmware image, resulting in stack-based buffer overflows that could be used by an attacker to execute arbitrary code in the BMC context (see our exploitation PoC for another Supermicro BMC buffer overflow vulnerability)."
        https://www.binarly.io/blog/broken-trust-fixed-supermicro-bmc-bug-gains-a-new-life-in-two-new-vulnerabilities
        https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html
        https://www.securityweek.com/patch-bypassed-for-supermicro-vulnerability-allowing-bmc-hack/
      • CVE-2025-10184: OnePlus OxygenOS Telephony Provider Permission Bypass (NOT FIXED)
        "Rapid7 has identified a permission bypass vulnerability in multiple versions of OnePlus OxygenOS installed on its Android smartphones, across multiple devices. It is expected that a wider range of devices than those tested are affected. When leveraged, the vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider (the package com.android.providers.telephony) without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks."
        https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/
        https://www.theregister.com/2025/09/23/rapid7_oneplus_android_bug/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-10585 Google Chromium V8 Type Confusion Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/09/23/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/182509/security/u-s-cisa-adds-google-chromium-flaw-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • Malicious Fezbox Npm Package Steals Browser Passwords From Cookies Via Innovative QR Code Steganographic Technique
        "Threat actors use many different techniques to obfuscate malicious code, like reversing strings, encoding, and encryption. The Socket Threat Research Team discovered a malicious package, fezbox, with layers of obfuscation including the innovative, steganographic use of a QR code. In this package, the threat actor (npm alias janedu; registration email janedu0216@gmail[.]com) executes a payload within a QR code to steal username and password credentials from web cookies, within the browser. At the time of writing, the malicious package remains live on npm. We have petitioned the npm security team for its removal and for the suspension of the threat actor’s account."
        https://socket.dev/blog/malicious-fezbox-npm-package-steals-browser-passwords-from-cookies-via-innovative-qr-code
        https://www.bleepingcomputer.com/news/security/npm-package-caught-using-qr-code-to-fetch-cookie-stealing-malware/
      • How RainyDay, Turian And a New PlugX Variant Abuse DLL Search Order Hijacking
        "Cisco Talos has identified an ongoing campaign targeting the telecommunications and manufacturing sectors in Central and South Asian countries. Based on our analysis of collected evidence, we assess with medium confidence that this campaign can be attributed to Naikon, an active Chinese-speaking threat actor that has been operating since 2010. This assessment is based on analysis of the PlugX configuration format used during this campaign as well as the malware infection chain involved, which was very similar to their previous malware, RainyDay."
        https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/
      • Cyble Honeypots Detect Exploit Attempts Of Nearly Two Dozen Vulnerabilities
        "Cyble’s network of honeypot sensors has detected dozens of attack attempts on vulnerabilities in the last week. The sensors are part of Cyble’s Threat Hunting service that uses a suite of tools to capture real-time attack data, including exploit attempts, malware intrusions, financial fraud, and brute-force attacks. Cyble’s findings are also summarized in a weekly Sensor Intelligence report to clients. What follows are 12 vulnerabilities that Cyble has detected active attack attempts on, plus an additional 10 vulnerabilities under attack by ransomware groups that Cyble threat intelligence researchers detailed in a separate report to clients. The reports serve as useful guidance for security teams when prioritizing patching and mitigation."
        https://cyble.com/blog/vulnerabilities-under-attack/
      • ShadowV2: An Emerging DDoS For Hire Botnet
        "Darktrace exposed a cybercrime-as-a-service campaign using Python and Go-based malware, Docker containerization, and a full operator UI. With DDoS-as-a-service features, modular APIs, and advanced evasion, this platform highlights the need for defenders to monitor cloud workloads, container orchestration, and API activity to counter evolving threats."
        https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet
        https://www.darkreading.com/cyber-risk/exposed-docker-daemons-fuel-ddos-botnet
        https://thehackernews.com/2025/09/shadowv2-botnet-exploits-misconfigured.html
        https://www.securityweek.com/shadowv2-ddos-service-lets-customers-self-manage-attacks/

      Breaches/Hacks/Leaks

      • EV Charging Biz Zaps Customers With Data Leak Scare
        "An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security "incident" at a service provider. Germany-based Digital Charging Solutions (DCS), which supplies its own electric vehicle charging points and acts as a billing partner for manufacturers' own-branded charging points, said a customer service provider was to blame. In an email sent to Kia customers in the UK, seen by The Register, DCS said: "A few days ago, we identified irregularities in the handling of DCS data records by one of our service providers. This provider supports us with customer service and is authorized to access customer data for this purpose."
        https://www.theregister.com/2025/09/23/dcs_data_breach/
      • Boyd Gaming Discloses Data Breach After Suffering a Cyberattack
        "US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including employee information and data belonging to a limited number of other individuals. Boyd Gaming is a public US casino entertainment company with 28 gaming properties in ten states, including Nevada, Illinois, Indiana, Iowa, Kansas, Louisiana, Mississippi, Missouri, Ohio, and Pennsylvania, and the management of a tribal casino in northern California. The firm employs over 16,000 people and had an annual revenue of $3.9 billion in 2024. In a Tuesday evening FORM 8-K filing with the SEC, Boyd Gaming disclosed it recently suffered a cyberattack in which attackers gained access to its systems."
        https://www.bleepingcomputer.com/news/security/boyd-gaming-discloses-data-breach-after-suffering-a-cyberattack/
      • South Korea Probes Credit Card Company Data Breach Affecting 3 Million Customers
        "South Korea’s data protection watchdog has launched an investigation into a cyberattack at Lotte Card, the country’s fifth-largest card issuer. The Personal Information Protection Commission (PIPC) said on Monday it was working with financial regulators to determine the full scope of the breach, which exposed the personal data of about 3 million customers, and whether Lotte Card had violated the country’s data protection laws. Lotte Card confirmed last week that hackers accessed a wide range of customer data in mid-August, including identification numbers, internal IDs and contact information. Sensitive financial details such as card numbers, expiration dates and verification codes belonging to thousands of customers were also compromised."
        https://therecord.media/south-korea-probes-credit-card-data-breach
      • Suspected Cyberattack Disrupts Circle K Chain’s Operations In Hong Kong
        "Convenience store chain Circle K said a “network disruption” has paralyzed its Hong Kong operations for several days, forcing nearly 400 outlets across the city to suspend most electronic payment and loyalty services. The retailer said the incident, first reported over the weekend, affected e-payment systems, email services, and loyalty programs. Circle K stores remain “open and operating,” and customers can still pay with cash or Octopus, Hong Kong’s widely used contactless smart card."
        https://therecord.media/circle-k-hong-kong-suspected-cyberattack-convience-stores
      • AI-Powered App Exposes User Data, Creates Risk Of Supply Chain Attacks
        "Consistency between company privacy policies and actual data handling practices – particularly with AI-powered applications – and the integrity of AI model deployment are both critical security considerations for organizations in the age of AI. Trend™ Research has identified a case where Wondershare RepairIt, an AI photo editing application, contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data. The application explicitly states that user data will not be stored, as seen in Figure 1. Its website states this as well. However, we observed that sensitive user photos were retained and subsequently exposed because of security oversights."
        https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html
      • Inc Ransomware Group Claims 5.7 TB Theft From Pennsylvania Attorney General’s Office
        "The notorious Inc ransomware group has taken responsibility for an August 2025 data breach at the Pennsylvania Attorney General’s office. According to cybersecurity researchers at Comparitech, the group claims to have stolen a staggering 5.7 TB of data. To prove their point, the Inc ransomware group posted what it says are sample documents from the office on its data leak site. The findings from Comparitech were shared with Hackread.com."
        https://hackread.com/inc-ransomware-data-pennsylvania-attorney-general/

      General News

      • Hackers Working For Lucrative Cyber Attack Industry See Law Firms As Rich Targets
        "With their vast trove of intellectual property and business intelligence, law firms are rich targets for hackers working for the lucrative cyber-attack industry. “Law firms are not seen as the most tech-savvy industry and there may not even be a technology staff at smaller firms,” Mike Mooney, partner and senior vice president at USI Affinity in Newtown Square, Penn., told lawyers gathered at a panel discussion on cyber risks held at the New York State Bar Association’s Annual Meeting in New York City. “Mix that all together and lawyers and law firms make prime targets.”"
        https://nysba.org/hackers-working-for-lucrative-cyber-attack-industry-see-law-firms-as-rich-targets/
        https://www.helpnetsecurity.com/2025/09/23/law-firms-cyberthreats/
      • Gartner: Preemptive Cybersecurity To Dominate 50% Of Security Spend By 2030
        "By 2030, preemptive cybersecurity solutions will account for 50% of IT security spending, up from less than 5% in 2024, replacing standalone detection and response (DR) solutions as the preferred approach to defend against cyberthreats, according to Gartner."
        https://www.helpnetsecurity.com/2025/09/23/preemptive-cybersecurity-solutions-shift/
      • High-Impact IT Outages Cost Businesses $2 Million Per Hour
        "The financial stakes of downtime are climbing, and IT leaders are being pushed to rethink how they monitor complex systems. According to the 2025 Observability Forecast from New Relic, the median cost of a high-impact outage has reached $2 million per hour. Organizations with full-stack observability cut that cost in half, showing the tangible business benefits of stronger monitoring practices."
        https://www.helpnetsecurity.com/2025/09/23/high-impact-it-outages-costs/
      • CISA Releases Advisory On Lessons Learned From An Incident Response Engagement
        "oday, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response tool. This advisory, CISA Shares Lessons Learned from an Incident Response Engagement, highlights takeaways that illuminate the urgent need for timely patching, comprehensive incident response planning, and proactive threat monitoring to mitigate risks from similar vulnerabilities."
        https://www.cisa.gov/news-events/alerts/2025/09/23/cisa-releases-advisory-lessons-learned-incident-response-engagement
        https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-266a
        https://www.bleepingcomputer.com/news/security/cisa-says-hackers-breached-federal-agency-using-geoserver-exploit/
      • Cloudflare Mitigates New Record-Breaking 22.2 Tbps DDoS Attack
        "Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). DDoS attacks typically exhaust either system or network resources, aiming to make services slow or unavailable to legitimate users. Record-breaking DDoS attacks are becoming more frequent, as just three weeks ago, Cloudflare disclosed that it mitigated a massive 11.5 Tbps and 5.1 Bpps attack, the largest publicly announced at the time."
        https://www.bleepingcomputer.com/news/security/cloudflare-mitigates-new-record-breaking-222-tbps-ddos-attack/
      • Eurojust Coordinates Action To Halt Cryptocurrency Fraud Of Over 100 Million Euros Across Europe
        "At the request of the Spanish and Portuguese authorities, Eurojust has coordinated a major operation across Europe to halt an elaborate investment fraud with cryptocurrencies. During an action day, five suspects were arrested, including the alleged main perpetrator behind the scam. Via an online investment platform, he defrauded over a hundred victims in Germany, France, Italy and Spain, among others, of at least EUR 100 million. During the joint action day, five places were searched in both Spain and Portugal, as well as in Italy, Romania and Bulgaria, where bank accounts and other financial assets were also frozen. The alleged main perpetrator is suspected of large-scale fraud and money laundering."
        https://www.eurojust.europa.eu/news/eurojust-coordinates-action-halt-cryptocurrency-fraud-over-100-million-euros-across-europe
        https://www.bleepingcomputer.com/news/security/police-dismantles-crypto-fraud-ring-linked-to-100-million-in-losses/
        https://thehackernews.com/2025/09/eurojust-arrests-5-in-100m.html
      • 7000+ IRs Later: The 11 Essential Cybersecurity Controls
        "Decades in incident response reveal battle-tested cybersecurity controls that minimize attack surface, improve detection and response, reduce incident impact and losses, and build cyber resilience (with compliance mappings for easy implementation). Threats grow in volume and sophistication, compliance frameworks get more stringent and complex, supply chain risk is ever-present, M&A activities introduce new issues… but cybersecurity budgets are stretched thin and experts struggle with burnout. The cliché advice is to focus resources on the highest-impact projects, but which cybersecurity controls produce the highest returns?"
        https://www.cybereason.com/blog/11-essential-controls
      • What To Do If Your Company Discovers a North Korean Worker In Its Ranks
        "Terminating their employment is the easy part. The rest is complicated. When enterprises discover they have inadvertently hired North Korean information technology workers, they face a cascade of urgent decisions involving sanctions law, cybersecurity protocols, and law enforcement cooperation that can expose them to significant legal and financial risks. Incident response experts and cybersecurity lawyers explained how enterprises can navigate these risks Monday at Google’s Cyber Defense Summit in Washington, D.C. The challenges have grown more prominent as cybersecurity firms track what they describe as an organized employment scheme designed to generate revenue for North Korea’s weapons programs."
        https://cyberscoop.com/north-korean-it-workers-enterprise-risks-sanctions-response/
      • As Incidents Rise, Japanese Government's Cybersecurity Falls Short
        "Japan faces increased cyberattacks from nation-state actors and cybercriminals, but has fallen behind in managing the cybersecurity of critical government systems, according to reports. Earlier this month, Japan's Board of Audit identified 58 critical systems at a dozen government agencies that lacked appropriate security controls and management, according to the group's latest report. The findings come as the Japanese government faces increased cyberattacks, with at least 447 cybersecurity incidents reported in 2024, more than double the previous year, according to data cited by online news site Nikkei Asia."
        https://www.darkreading.com/cyber-risk/japanese-governments-cybersecurity-falls-short
      • Dark Reading Confidential: Battle Space: Cyber Pros Land On The Front Lines Of Protecting US Critical Infrastructure
        "Dark Reading Confidential Episode 10: It’s past time for a comprehensive plan to protect vital US systems from nation-state cyberattacks, and increasingly, that responsibility is falling to asset owners across a vast swath of organizations, who likely never bargained for an international cyber conflict playing out in their environments. But here we are. And here's what comes next, according to Frank Cilluffo from the McCrary Institute and Booz Allen's Dave Forbes."
        https://www.darkreading.com/cyber-risk/dark-reading-confidential-battle-space-cyber-pros-land-on-the-front-lines-of-protecting-us-critical-infrastructure
      • Fortinet Report Reveals Continued Rise In Data Loss Despite Smarter Data Security Practices And Record Cybersecurity Spending
        "The 2025 Data Security Report from Fortinet and Cybersecurity Insiders shows that many security leaders are moving beyond a purely tech-driven mindset and adopting a more programmatic approach to protecting sensitive data. Budget trends are positive, with organizations reporting increased funding for insider risk and data protection last year, reflecting success in making the case for investment. However, despite adopting smarter strategies and allocating stronger budgets, data loss continues to rise. Seventy-seven percent of organizations reported at least one insider-related incident in the past 18 months, and 58% reported six or more. The question is, why?"
        https://www.fortinet.com/blog/industry-trends/fortinet-report-reveals-continued-rise-in-data-loss-despite-smarter-data-security-practices-and-record-spending
      • SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
        "SpyCloud, the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report, revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, 85% of organizations were affected by a ransomware incident at least once in the past year – with over one-third affected between six and ten times. Further illustrating the gap between perceived confidence and actual exposure, the market survey of over 500 security leaders across North America and the UK revealed that over two-thirds of organizations are significantly or extremely concerned about identity-based cyberattacks, yet only 38% can detect historical identity exposures that create risk due to poor cyber hygiene like credential reuse. As organizations grapple with sprawling digital identities across SaaS platforms, unmanaged devices, and third-party ecosystems, attackers are capitalizing on these gaps."
        https://hackread.com/spycloud-report-2-3-orgs-extremely-concerned-about-identity-attacks-yet-major-blind-spots-persist/
        https://spycloud.com/resource/report/identity-threat-report-2025/
        https://engage.spycloud.com/rs/713-WIP-737/images/identity-threat-report-2025.pdf
      • Deepfake Attacks Hit Two-Thirds Of Businesses
        "Nearly two-thirds (62%) of organizations have experienced a deepfake attack in the past 12 months, according to a new Gartner survey. These deepfake attacks encompass either social engineering, impersonating someone during a video or audio call with an employee or exploiting automated verification, such as face or voice biometrics. Akif Khan, senior director at Gartner Research, told Infosecurity that continuous improvements in deepfake technologies mean such threats are only going to grow."
        https://www.infosecurity-magazine.com/news/deepfake-attacks-hit-twothirds-of/
        https://www.gartner.com/en/newsroom/press-releases/2025-09-22-gartner-survey-reveals-generative-artificial-intelligence-attacks-are-on-the-rise
        https://www.theregister.com/2025/09/23/gartner_ai_attack/
      • Inside The Mind Of a CISO: Resilience In An AI-Accelerated World
        "Inside the Mind of a CISO 2025 is a digital magazine report comprising 10 articles, each examining different aspects of the modern-day CISO experience."
        https://www.bugcrowd.com/resources/report/inside-the-mind-ciso-resilience-in-an-ai-accelerated-world/
        https://www.bugcrowd.com/wp-content/uploads/2025/09/Inside-The-Mind-of-a-CISO-Resilience-in-an-AI-Accelerated-World.pdf
        https://www.infosecurity-magazine.com/news/critical-security-flaws-grow-ai-use/
      • What’s Trending: Top Cyber Attacker Techniques, June-August 2025
        "Attackers are continually getting faster: The average breakout time—the period from initial access to lateral movement—dropped to 18 minutes this reporting period (June 1 to August 31, 2025). And the numbers just keep getting lower. In 2024, the single lowest breakout time we recorded was 27 minutes. In one incident this reporting period, “Akira” ransomware operators initiated lateral movement within just six minutes of compromising a SonicWall VPN, demonstrating just how fast threat actors can move. The clock is ticking for defenders to close detection gaps and fully leverage automation, as attackers exploit every second. Staying ahead demands a proactive, adaptive approach to security."
        https://reliaquest.com/blog/threat-spotlight-top-cyber-attacker-techniques-june-august-2025
        https://www.infosecurity-magazine.com/news/attacker-breakout-time-falls-18/
      • Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
        "Model Context Protocol (MCP), developed by Anthropic and released as an open standard in 2024, is the de facto (not absolute) standard method of ensuring a consistent and safe interface between an AI agent (or agents) and the data source (or sources). It specifies how AI agents interact with tools, other agents, data, and context in a safe and auditable manner whenever required. It is consequently a fundamental requirement for effective Agentic AI. But like all software, MCP has areas that can be abused by malicious actors. This month a potential attack on ChatGPT’s calendar integration was described, allowing an email calendar invite to deliver a jailbreak to ChatGPT, with no user interaction required."
        https://www.securityweek.com/top-25-mcp-vulnerabilities-reveal-how-ai-agents-can-be-exploited/
      • Lazarus Group: A Criminal Syndicate With a Flag
        "The Lazarus Group is a notorious state-sponsored cybercrime organization linked to the Democratic People’s Republic of Korea (DPRK, North Korea). The group operates within the nation’s primary intelligence agency, the Reconnaissance General Bureau (RGB). Analysts believe most Lazarus Group members operate from Pyongyang, North Korea, with some operating abroad via foreign outposts or cover companies. One example of a foreign operation is detailed in this 2018 statement by the U.S. Department of Justice: Park Jin Hyok, was a computer programmer who worked for over a decade for Chosun Expo Joint Venture … and is affiliated with Lab 110, a component of DPRK military intelligence. … Security researchers that have independently investigated these activities referred to this hacking team as the “Lazarus Group.”"
        https://blog.barracuda.com/2025/09/23/lazarus-group--a-criminal-syndicate-with-a-flag

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 866dc75d-2dd9-4b73-97f7-3f179834d640-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post