NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 08 October 2025

    Cyber Security News
    1
    1
    373
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Delta Electronics DIAScreen
        "Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-280-01

      New Tooling

      • Suspicious
        "Phishing is a widespread form of social engineering attack aimed at stealing sensitive data such as login credentials, payment information, or personal details. Attackers impersonate trusted entities to deceive victims into opening emails, messages, or links that may lead to malware installation, ransomware, or data exposure. These attacks have become increasingly sophisticated, making detection and prevention critical. Suspicious is a web application designed to support this need by providing automated analysis of potentially malicious content."
        https://github.com/thalesgroup-cert/suspicious

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/10/07/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/183085/hacking/u-s-cisa-adds-synacor-zimbra-collaboration-suite-zcs-flaw-to-its-known-exploited-vulnerabilities-catalog.html
      • Google Won’t Fix New ASCII Smuggling Attack In Gemini
        "Google has decided not to fix a new ASCII smuggling attack in Gemini that could be used to trick the AI assistant into providing users with fake information, alter the model’s behavior, and silently poison its data. ASCII smuggling is an attack where special characters from the Tags Unicode block are used to introduce payloads that are invisible to users but can still be detected and processed by large-language models (LLMs). It’s similar to other attacks that researchers presented recently against Google Gemini, which all exploit a gap between what users see and what machines read, like performing CSS manipulation or exploiting GUI limitations."
        https://www.bleepingcomputer.com/news/security/google-wont-fix-new-ascii-smuggling-attack-in-gemini/
      • New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations
        "A team of researchers from the University of California, Irvine, has discovered a security risk right on your desk. It turns out that your high-performance computer mouse, an item you probably trust completely, can be turned into a hidden listening device. This new type of attack is called Mic-E-Mouse, and it has the potential to change our understanding of what computer privacy means. The idea, which the researchers described as “our computer mouse has big ears” and published on their official Google research site, is an interesting one. It focuses on the highly sensitive optical sensors found in modern gaming and professional mice."
        https://hackread.com/mic-e-mouse-attack-computer-mice-conversations/
        https://sites.google.com/view/mic-e-mouse

      Malware

      • CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite Via Zero-Day Vulnerability (now Tracked As CVE-2025-61882)
        "CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications for the purposes of data exfiltration. CrowdStrike Intelligence assesses with moderate confidence that GRACEFUL SPIDER is likely involved in this campaign but cannot rule out the possibility that multiple threat actors have exploited CVE-2025-61882. The first known exploitation occurred on August 9, 2025; however, investigations remain ongoing, and this date is subject to change."
        https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/
        https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
        https://www.resecurity.com/blog/article/cve-2025-61882-mass-exploitation-oracle-e-business-suite-ebs-under-attack-by-cl0p-ransomware
        https://www.rapid7.com/blog/post/etr-cve-2025-61882-critical-0day-in-oracle-e-business-suite-exploited-in-the-wild/
        https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html
        https://www.bleepingcomputer.com/news/security/oracle-zero-day-exploited-in-clop-data-theft-attacks-since-early-august/
        https://www.helpnetsecurity.com/2025/10/07/leaked-oracle-ebs-exploit-attacks-cve-2025-61882/
        https://securityaffairs.com/183065/cyber-crime/crowdstrike-ties-oracle-ebs-rce-cve-2025-61882-to-cl0p-attacks-began-aug-9-2025.html
      • Too Salty To Handle: Exposing Cases Of CSS Abuse For Hidden Text Salting
        "Cisco Talos has been closely monitoring the abuse of cascading style sheets (CSS) properties to include irrelevant content (or salt) in different parts of messages, a technique known as hidden text salting. This blog is a follow-up to our previous reports in January and March 2025 on CSS abuse in emails and shares highlights from a talk given at Blue Team Con 2025. Talos explores why hidden text salting is used, where it typically appears in emails, the types of content and techniques involved, how common content concealment (including hidden text salting) is in both spam and legitimate messages, and the impact that hidden text salting has on email security solutions."
        https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/
        https://www.darkreading.com/cyber-risk/attackers-season-spam-touch-salt
      • Phishing From Home – The Hidden Danger In Remote Jobs Lurking In Tesla, Google, Ferrari, And Glassdoor
        "In Q3 2024, the Cofense Phishing Defense Center (PDC) identified a phishing campaign that impersonated several Fortune 500 companies by targeting individuals in social media and marketing positions through fake job applications. Earlier this year, the team researched how resume details have become valuable tools for threat actors in a blog titled “Job Application Spear Phishing.” Since then, the PDC has continued to monitor the use of this tactic by threat actors who have begun utilizing other well-known brands as well as refining their techniques to further deceive potential victims."
        https://cofense.com/blog/phishing-from-home-the-hidden-danger-in-remote-jobs
      • BatShadow: Vietnamese Threat Actor Expands Its Digital Operations
        "Aryaka Threat Research Labs has identified a new campaign by the Vietnamese threat actor BatShadow, which continues to rely on social engineering to compromise job seekers and digital marketing professionals. The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents. When opened, these lures trigger the infection chain of a Go-based malware we refer to as Vampire Bot. This campaign demonstrates how threat actors exploit trust in professional workflows to achieve persistence, conduct system surveillance, and exfiltrate sensitive information, all while blending their activity into normal-looking traffic."
        https://www.aryaka.com/blog/batshade-vampire-bot-social-engineering-malware/
        https://thehackernews.com/2025/10/batshadow-group-uses-new-go-based.html
      • Yurei Ransomware : The Digital Ghost
        "At CYFIRMA, we are committed to delivering timely insights into emerging cyber threats and the evolving tactics of cybercriminals targeting individuals and organizations. This report provides a concise analysis of Yurei Ransomware, which is a sophisticated ransomware family designed to rapidly encrypt data, disable recovery options, and frustrate forensic investigation. It appends a “.Yurei” extension to encrypted files, deletes shadow copies and system backups, and erases event logs to block restoration and hinder response. The malware spreads laterally via SMB shares, removable drives, and credential-based remote execution (PsExec/CIM). It uses per-file ChaCha20 encryption keys, each wrapped with the attacker’s embedded ECIES public key, making decryption without the operator’s cooperation infeasible."
        https://www.cyfirma.com/research/yurei-ransomware-the-digital-ghost/
      • Responding To Cloud Incidents A Step-By-Step Guide From The 2025 Unit 42 Global Incident Response Report
        "Cloud incidents like ransomware attacks, distributed denial-of-service (DDoS) attacks and account compromise can bring operations to a halt and create a situation in which costs, reputation and customer trust are at stake. What happens when your cloud environment falls under attack? How do you mitigate organizational impact step by step? Unit 42 helps cybersecurity pros understand how cloud investigations differ from traditional incidents, and what matters most when time is critical."
        https://unit42.paloaltonetworks.com/responding-to-cloud-incidents/
      • Breaches/Hacks/Leaks
        DraftKings Warns Of Account Breaches In Credential Stuffing Attacks
        "Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. DraftKings, a gambling company based in Boston and founded in 2012, provides sportsbook and daily fantasy sports (DFS) services and is an official partner of the NFL, NHL, PGA TOUR, WNBA, UFC, and NASCAR. DraftKings employs over 5,100 people and reported revenues of $4.77 billion at the end of 2024. In data breach notification letters sent on Thursday, October 2, DraftKings informed affected customers that attackers had gained access to their accounts and a "limited amount" of their data in attacks that bore all the signs of a credential stuffing campaign."
        https://www.bleepingcomputer.com/news/security/draftkings-warns-of-account-breaches-in-credential-stuffing-attacks/
      • Electronics Giant Avnet Confirms Breach, Says Stolen Data Unreadable
        "Electronic components distributor Avnet confirmed in a statement for BleepingComputer that it suffered a data breach but noted that the stolen data is unreadable without proprietary tools. A company spokesperson told us that the incident occurred after unauthorized actors accessed a database hosted on an external service, which stored information used in the EMEA (Europe, Middle East, Africa) region. "Avnet recently identified unauthorized access to externally hosted cloud storage supporting an internal sales tool used in EMEA," stated the spokesperson. "Most of the data is not easily readable without access to Avnet's proprietary sales tool, which remains secure and was not impacted by this event.""
        https://www.bleepingcomputer.com/news/security/electronics-giant-avnet-confirms-breach-says-stolen-data-unreadable/
      • Hospital Insider Breach Lasted 10 Years, Led To FBI Inquiry
        "Harris Health is contacting 5,000 patients about a breach involving a former employee who improperly accessed electronic health records for over a decade. The Texas healthcare organization said it learned of the incident and reported it to the FBI four years ago. The Harris Health employee accessed patients EHRs without a work-related reason from Jan. 4, 2011, to March 8, 2021. The healthcare entity said it "learned" of the incident on Feb. 10, 2021, "quickly" launched an investigation with assistance from a forensic firm, reported the incident to law enforcement and terminated the employee."
        https://www.bankinfosecurity.com/hospital-insider-breach-lasted-10-years-led-to-fbi-inquiry-a-29668
      • Qilin Ransomware Gang Claims Asahi Cyber-Attack
        "The Qilin ransomware group has claimed responsibility for the cyber-attack on Japan’s Asahi Group and says it has stolen sensitive data from the firm. Consumer website Comparitech revealed that the notorious actor had listed Asahi on its data leak site on October 7, claiming to have stolen 27 GB of files from the company. The data allegedly includes personal details of employees, as well as sensitive Asahi business information. This includes financial documents, budgets, contracts, plans and development forecasts."
        https://www.infosecurity-magazine.com/news/qilin-ransomware-asahi-cyber-attack/
        https://www.darkreading.com/ics-ot-security/cyberattack-beer-shortage-asahi-recovers
      • Qilin Claims Ransomware Attack On Mecklenburg Schools
        "A ransomware attack that disrupted operations at Mecklenburg County Public Schools (MCPS) in early September has been claimed by the Russian cybercrime group Qilin. The gang said it stole 305 GB of sensitive data from the southern Virginia district, including financial records, grant documents, budgets and children’s medical files."
        https://www.infosecurity-magazine.com/news/qilin-ransomware-mecklenburg/
      • Troops And Veterans’ Personal Information Leaked In CPAP Medical Data Breach
        "In December 2024, CPAP Medical Supplies and Services Inc. (CPAP), a Jacksonville—a Florida-based provider of sleep therapy services and CPAP machines—experienced a cybersecurity incident that compromised the personal data of over 90,000 patients. Since CPAP Medical specializes in tailored sleep apnea equipment for the US military, most of the patients are military members, veterans, and their families. An unauthorized actor accessed CPAP’s network between December 13 and December 21, 2024. The breach wasn’t discovered until late June 2025, and affected parties were notified by mid-August."
        https://www.malwarebytes.com/blog/news/2025/10/troops-and-veterans-personal-information-leaked-in-cpap-medical-data-breach
      • Hackers Stole Data From Public Safety Comms Firm BK Technologies
        "Florida-based public safety communications solutions provider BK Technologies Corp (BKTI:NYSE American) revealed on Monday that its IT systems were hacked recently. The company said in a regulatory filing that it detected an intrusion on September 20. An investigation was launched and action was taken to remove the attacker from its systems. The incident resulted in some “minor disruptions” to non-critical systems and operations were not affected, the SEC was told."
        https://www.securityweek.com/hackers-stole-data-from-public-safety-comms-firm-bk-technologies/
        https://www.theregister.com/2025/10/07/police_and_military_radio_maker_bk_admits_breach/
      • Salesforce Refuses To Pay Ransom Over Widespread Data Theft Attacks
        "Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company's customers this year. As first reported by Bloomberg, Salesforce emailed customers on Tuesday to say they would not be paying a ransom and warned that "credible threat intelligence" indicates the threat actors were planning to leak the stolen data. "I can confirm Salesforce will not engage, negotiate with, or pay any extortion demand," Salesforce also confirmed to BleepingComputer."
        https://www.bleepingcomputer.com/news/security/salesforce-refuses-to-pay-ransom-over-widespread-data-theft-attacks/

      General News

      • How To Get Better Results From Bug Bounty Programs Without Wasting Money
        "The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic study based on Google’s Vulnerability Rewards Program (VRP) offers rare data on how to tell the difference. The team behind the study included experts from Harvard, Bocconi University, Hebrew University, and Google Research. They analyzed data before and after a major change in July 2024, when Google increased payouts for the most serious vulnerabilities by up to 200 percent. Their goal was to see how researchers responded when the stakes were raised."
        https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/
        https://arxiv.org/pdf/2509.16655
      • The Architecture Of Lies: Bot Farms Are Running The Disinformation War
        "Bot farms have moved into the center of information warfare, using automated accounts to manipulate public opinion, influence elections, and weaken trust in institutions. Thales reports that in 2024, automated bot traffic made up 51% of all web traffic, the first time in a decade it has surpassed human activity online. As bots become more common and harder to tell from real users, people start to lose confidence in what they see online. This creates the liars dividend, where even authentic content is questioned simply because everyone knows fakes are out there. If any critical voice or inconvenient fact can be dismissed as just a bot or a deepfake, democratic debate takes a hit."
        https://www.helpnetsecurity.com/2025/10/07/bot-farms-misinformation-activity/
      • Cybersecurity’s Next Test: AI, Quantum, And Geopolitics
        "Geopolitics, emerging technology, and skills shortages are reshaping cybersecurity priorities across industries, according to a new PwC report. The findings show a mix of rising awareness, persistent weaknesses, and uneven preparation for the next wave of threats. 60% of executives say cyber risk investment is now one of their top three strategic priorities in response to political instability, trade disputes, and fractured alliances. For many, this also means reconsidering where to place critical infrastructure, how to manage supply chains, and which partners to rely on."
        https://www.helpnetsecurity.com/2025/10/07/pwc-global-cyber-risk-trends-2026/
      • North Korea's Crypto Hackers Have Stolen Over $2 Billion In 2025
        "Elliptic analysis reveals that North Korea-linked hackers have already stolen over $2 billion in cryptoassets in 2025, the largest annual total on record, with three months still to go. This brings the cumulative known value of cryptoassets stolen by the regime to more than $6 billion. According to the United Nations and various government agencies, these funds are believed to play a critical role in financing North Korea’s nuclear weapons and missile development programs."
        https://www.elliptic.co/blog/north-korea-linked-hackers-have-already-stolen-over-2-billion-in-2025
        https://www.bleepingcomputer.com/news/cryptocurrency/north-korean-hackers-stole-over-2-billion-in-crypto-this-year/
      • Hackers Exploit RMM Tools To Deploy Malware
        "Remote monitoring and management, or RMM, tools gained traction during the COVID era when work from home was a mandate. But RMM tools are now being weaponized by cybercriminals. Once adversaries gain remote access using tools, such as SuperOps and TeamViewer, they can disable scheduled backups, destroy images and restore points and push ransomware to thousands of endpoints. RMM tools are used by IT professionals and managed service providers to remotely monitor, manage and maintain client IT systems via a centralized dashboard. Threat actors access these tools with authenticated credentials to avoid triggering security alerts and alarms."
        https://www.bankinfosecurity.com/hackers-exploit-rmm-tools-to-deploy-malware-a-29662
        https://staticfiles.acronis.com/downloads/b0c9bd8858b6ef06146ba1591caabf23
      • Security Concerns Shadow Vibe Coding Adoption
        "Teams are finding some success with AI-powered code generation, but many are finding the security risks too great to make the integration worthwhile. Vibe coding is a term that reflects the process of using natural language to instruct a large language model (LLM) like Google's Gemini to assist with the software development process, often by directly coding without the direct involvement of a human. While AI-assisted coding is quite popular — Snyk chief technology officer (CTO) Danny Allan told Dark Reading in August that he hadn't met a customer in the prior three months that wasn't using AI coding tools — and can result in productivity gains, the security risks are nothing to sneeze at, either."
        https://www.darkreading.com/application-security/security-concerns-shadow-vibe-coding-adoption
      • How Cyberattacks Directly Impact Your Bottom Line
        "Ransomware attacks are growing more costly, enough so to merit finance concern, ranking as a fundamental business challenge. In the face of total operational disruption, cybersecurity has become a strategic risk that can impact brand trust, operations, revenue and more. The real-world consequences of these attacks stretch far beyond just the ransom payment, directly impacting a company's bottom line. As organizations suffer extended downtime, strain on partner and customer relations, as well as bottom-line impacts, attackers gain more leverage through disruptive techniques and demanding increased payments. Our 2025 Unit 42 Global Incident Response Report saw the median initial extortion demand increase nearly 80% from $695,000 in 2023 to $1.25 million in 2024."
        https://www.paloaltonetworks.com/blog/2025/10/from-ransom-to-revenue-loss/
      • The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
        "Widely known time-related software bugs that could cause significant disruptions when triggered in more than a decade are actually exploitable by hackers today, researchers warn. One of the bugs, known as ‘The Year 2038 problem’ and Y2K38, could cause computers to malfunction on January 19, 2038. The issue affects systems that use a 32-bit integer to store time as the number of seconds that have passed since the Unix epoch (January 1, 1970). A 32-bit signed integer variable has a maximum value of 2,147,483,647, which will be reached on January 19, 2038. When the number exceeds its limit and overflows, systems will interpret the date as a negative number, resetting it to December 13, 1901."
        https://www.securityweek.com/the-y2k38-bug-is-a-vulnerability-not-just-a-date-problem-researchers-warn/
      • New Research: AI Is Already The #1 Data Exfiltration Channel In The Enterprise
        "For years, security leaders have treated artificial intelligence as an "emerging" technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data exfiltration—bigger than shadow SaaS or unmanaged file sharing."
        https://thehackernews.com/2025/10/new-research-ai-is-already-1-data.html
        https://go.layerxsecurity.com/the-layerx-enterprise-ai-saas-data-security-report-2025
        https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/
      • OpenAI Bans Suspected Chinese Accounts Using ChatGPT To Plan Surveillance
        "OpenAI has banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts. In its most recent threat report [PDF] published today, the GenAI giant said that these users usually asked ChatGPT to help design tools for large-scale monitoring and analysis - but stopped short of asking the model to perform the surveillance activities."
        https://www.theregister.com/2025/10/07/openai_bans_suspected_china_accounts/
        https://cdn.openai.com/threat-intelligence-reports/7d662b68-952f-4dfd-a2f2-fe55b041cc4a/disrupting-malicious-uses-of-ai-october-2025.pdf
        https://cyberscoop.com/openai-threat-report-ai-cybercrime-hacking-scams/
      • Cybersecurity Awareness Month 2025: Don’t Just Be Aware, Be Ahead
        "This Cybersecurity Awareness Month, it's time to move beyond awareness. Organizations face AI-powered attacks, supply chain vulnerabilities, and brand threats that demand proactive defense strategies—not just reactive responses. Every October, the cybersecurity world comes together to mark Cybersecurity Awareness Month. Organizations send out reminders. Security teams run training sessions. Everyone emphasizes the importance of creating strong passwords and recognizing phishing emails. And yet, here’s the uncomfortable truth: despite all this awareness, we’re still losing ground."
        https://cyble.com/blog/cybersecurity-awareness-month-2025/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 446bddbf-0a9a-427b-a774-15b3cfbe8faa-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post