NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 28 October 2025

    Cyber Security News
    1
    1
    504
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • UK Fraud Cases Surge 17% Annually
        "UK consumers experienced higher volumes of fraud and more losses in the first half of the year, compared to the same time period in 2024, according to the latest figures from the banking industry. UK Finance’s Half Year Fraud Report 2025 revealed a 3% increase in losses and a 17% surge in fraud cases in H1 2025. In total, consumers lost £629m ($839m) in the first half of the year on the back of 2.1 million cases. It said the rise in losses could be attributed to more being stolen through authorized push payment (APP) fraud, while the increase in cases comes mainly from authorized fraud."
        https://www.infosecurity-magazine.com/news/uk-fraud-cases-surge-17-annually/

      New Tooling

      • Dependency-Track: Open-Source Component Analysis Platform
        "Software is a patchwork of third-party components, and keeping tabs on what’s running under the hood has become a challenge. The open-source platform Dependency-Track tackles that problem head-on. Rather than treating software composition as a one-time scan, it continuously monitors every version of every application, giving organizations a live view of risk across their entire portfolio."
        https://www.helpnetsecurity.com/2025/10/27/dependency-track-open-source-component-analysis-platform/
        https://github.com/DependencyTrack/dependency-track

      Vulnerabilities

      • QNAP Warns Of Critical ASP.NET Flaw In Its Windows Backup Software
        "QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) device. Tracked as CVE-2025-55315, this security bypass flaw was found in the Kestrel ASP.NET Core web server and enables attackers with low privileges to hijack other users' credentials or bypass front-end security controls via HTTP request smuggling. "NetBak PC Agent installs and depends on Microsoft ASP.NET Core components during setup. Therefore, computers running NetBak PC Agent may contain an affected version of ASP.NET Core if the system has not been updated," QNAP said."
        https://www.bleepingcomputer.com/news/security/qnap-warns-its-windows-backup-software-is-also-affected-by-critical-aspnet-flaw/
        https://www.qnap.com/en/security-advisory/qsa-25-44
        “ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability In OpenAI Atlas Browser, Allowing Injection Of * Malicious Instructions Into ChatGPT
        "LayerX discovered the first vulnerability impacting OpenAI’s new ChatGPT Atlas browser, allowing bad actors to inject malicious instructions into ChatGPT’s “memory” and execute remote code. This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware. The vulnerability affects ChatGPT users on any browser, but it is particularly dangerous for users of OpenAI’s new agentic browser: ChatGPT Atlas. LayerX has found that Atlas currently does not include any meaningful anti-phishing protections, meaning that users of this browser are up to 90% more vulnerable to phishing attacks than users of traditional browsers like Chrome or Edge."
        https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
        https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html
        https://hackread.com/chatgpt-tainted-memories-atlas-browser/

      Malware

      • Uncovering Qilin Attack Methods Exposed Through Multiple Cases
        "The Qilin (formerly Agenda) ransomware group has been active since around July 2022. This group employs a double-extortion strategy, combining file encryption with the public disclosure of stolen information. Figure 1 illustrates the leak site used by the attackers to publish lists of compromised companies. Over the past several years, Qilin has expanded its operations and now ranks among the most prolific and damaging ransomware threats on a global scale. The group adopts a Ransomware-as-a-Service (RaaS) business model, where it develops and distributes ransomware platforms and associated tools to affiliates. In turn, these affiliates attack organizations worldwide."
        https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/
        https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html
        https://www.infosecurity-magazine.com/news/qilin-ransomware-40-cases-monthly/
      • Mem3nt0 Mori – The Hacking Team Is Back!
        "In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough. The malicious links were personalized and extremely short-lived to avoid detection. However, Kaspersky’s technologies successfully identified a sophisticated zero-day exploit that was used to escape Google Chrome’s sandbox. After conducting a quick analysis, we reported the vulnerability to the Google security team, who fixed it as CVE-2025-2783."
        https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
        https://www.bleepingcomputer.com/news/security/italian-spyware-vendor-linked-to-chrome-zero-day-attacks/
        https://www.darkreading.com/vulnerabilities-threats/memento-spyware-chrome-zero-day-attacks
        https://therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky
        https://cyberscoop.com/hacking-team-dante-spyware-kaspersky/
        https://www.securityweek.com/chrome-zero-day-exploitation-linked-to-hacking-team-spyware/
        https://securityaffairs.com/183913/apt/memento-labs-the-ghost-of-hacking-team-has-returned-or-maybe-it-was-never-gone-at-all.html
      • RedTiger: New Red Teaming Tool In The Wild Targeting Gamers And Discord Accounts
        "Gamers are a hot target for infostealers these days. This blog post is the second we have published this month about an infostealer targeting gamers, with the previous one describing a Python-based malware targeting Discord. This blog post focuses on RedTiger, a red-teaming tool from which we have seen multiple payloads circulating in the wild."
        https://www.netskope.com/blog/redtiger-new-red-teaming-tool-in-the-wild-targeting-gamers-and-discord-accounts
        https://www.bleepingcomputer.com/news/security/hackers-steal-discord-accounts-with-redtiger-based-infostealer/
      • APT-C-60 Escalates SpyGlace Campaigns Targeting Japan With Evolved Malware, Advanced Evasion TTPs
        "The South Korea-aligned cyber espionage group APT-C-60 continued its aggressive targeting of Japanese organizations throughout Q3 2025, deploying three updated versions of its SpyGlace backdoor with enhanced capabilities and improved evasion techniques. JPCERT/CC’s latest analysis reveals that attacks between June and August employed refined delivery mechanisms, more sophisticated victim tracking methods, and modified encryption schemes designed to complicate detection and analysis."
        https://cyble.com/blog/apt-c-60-escalates-spyglace-campaigns-targeting-japan-with-evolved-malware-advanced-evasion-ttps/
      • HyperRat – A New Android RAT Sold On Cybercrime Networks
        "The Android malware as a service market has matured. Even inexperienced attackers can now launch mobile campaigns with almost no effort. Tools like PhantomOS and Nebula offer silent app installation, two-factor interception, GPS tracking, and managed infrastructure for a few hundred dollars per month. Attackers pay a subscription fee and receive a malicious APK, ready to deploy. The seller handles everything else, including backend servers and customized phishing pages. As demand grows, new kits are surfacing on underground forums more frequently."
        https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
        https://hackread.com/hyperrat-android-malware-sold-spy-tool/
      • Cloud Discovery With AzureHound
        "AzureHound is a data collection tool intended for penetration testing that is part of the BloodHound suite. Threat actors misuse this tool to enumerate Azure resources and map potential attack paths, enabling further malicious operations. Here, we help defenders understand the tool and protect against illegitimate use of it. This look into AzureHound will discuss its capabilities and common usage, and map its tool usage to the MITRE ATT&CK framework. Focusing on relevant ATT&CK techniques, we provide examples of tool execution and highlight how the activity appears in Azure log sources as well as in Cortex XDR."
        https://unit42.paloaltonetworks.com/threat-actor-misuse-of-azurehound/
      • Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence And Sophisticated C&C
        "Trend™ Research is continuously tracking the aggressive malware campaign it identified as Water Saci, which uses WhatsApp as its primary infection vector. In our previous blog, the Water Saci campaign, with its malware identified as SORVEPOTEL, automatically distributes the same malicious ZIP file to all contacts and groups associated with the victim’s compromised account for rapid propagation. More recent activity points to the emergence of a new infection chain that diverges from previously discussed .NET-based methods. On October 8, 2025, Trend Research analysis revealed file downloads originating from WhatsApp web sessions. Closer examination shows that instead of employing .NET binaries, the new chain leverages script-based techniques, orchestrating payload delivery through a combination of Visual Basic Script (VBS) downloaders and PowerShell (PS1) scripts."
        https://www.trendmicro.com/en_us/research/25/j/active-water-saci-campaign-whatsapp-update.html

      Breaches/Hacks/Leaks

      • Google Disputes False Claims Of Massive Gmail Data Breach
        "Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. This claim began over the weekend and into today, with news stories claiming that millions of Gmail accounts were breached, with some outlets saying it affected the full 183 million accounts. However, as the company explained in a series of posts on Monday, Gmail did not suffer a breach, and the compromised accounts were actually from a compilation of credentials stolen by information-stealing malware and other attacks over the years."
        https://www.bleepingcomputer.com/news/security/google-disputes-false-claims-of-massive-gmail-data-breach/
      • Iran's School For Cyberspies Could've Used a Few More Lessons In Preventing Breaches
        "Iran's school for state-sponsored cyberattackers admits it suffered a breach exposing the names and other personal information of its associates and students. The Ravin Academy was established in 2019, ostensibly to train individuals in all facets of cybersecurity and recruit the best to work on Iranian intelligence (MOIS) projects. As part of some broader actions against Iran, Ravin was sanctioned by the UK, US, and EU between 2022 and 2023 for its role in recruiting cyber specialists to carry out human rights violations."
        https://www.theregister.com/2025/10/27/breach_iran_ravin_academy/
        https://www.bankinfosecurity.com/iranian-intel-linked-cybersecurity-school-hit-by-data-breach-a-29846
      • Back-Office Servicer Reports Data Theft Affects 10.5M
        "In what could be the largest healthcare hack of the year, Conduent Business Solutions LLC has told state regulators that a breach discovered in January has affected more than 10.5 million patients. Clients affected include Blue Cross Blue Shield of Montana and Humana, as well as an undisclosed number of other organizations."
        https://www.bankinfosecurity.com/back-office-servicer-reports-data-theft-affects-105m-a-29845
      • House Democrats Official Online Resume Bank Exposed The PII Of Thousands Of Government Job Seekers
        "An anonymous cybersecurity researcher discovered and reported to Safety Detectives about an unencrypted and non-password-protected database that contained approximately 7,000 records. Exposed data included names, email addresses, phone numbers, security clearance status or level, and other personal information. The publicly exposed database was not password-protected or encrypted. It contained 7,028 records marked as “resume bank data” with potentially sensitive applicant information. In a reverse DNS search, it was identified that the IP address that hosted the documents traced back to a website called DomeWatch.us. According to information posted on House.gov by the Democratic Whip, DomeWatch is the House Democrats’ Official Online Resume Bank."
        https://www.safetydetectives.com/news/domewatch-breach-report/
        https://hackread.com/domewatch-leak-capitol-hill-applicants-data/
      • Sweden’s Power Grid Operator Confirms Data Breach Claimed By Ransomware Gang
        "Sweden’s power grid operator is investigating a data breach after a ransomware group threatened to leak hundreds of gigabytes of purportedly stolen internal data. State-owned Svenska kraftnät, which operates the country’s electricity transmission system, said the incident affected a “limited external file transfer solution” and did not disrupt Sweden’s power supply. “We take this breach very seriously and have taken immediate action,” said Chief Information Security Officer Cem Göcgören in a statement. “We understand that this may cause concern, but the electricity supply has not been affected.”"
        https://therecord.media/sweden-power-grid-operator-data

      General News

      • DDoS, Data Theft, And Malware Are Storming The Gaming Industry
        "When the pandemic kept people at home in 2020, millions turned to games for an escape. The surge turned every console, PC, and phone into part of a vast online network. More players meant more logins, payments, and personal data. That created a target larger than the industry had ever faced. The global games market is expected to reach $188.8 billion in 2025, a 3.4% rise from the previous year."
        https://www.helpnetsecurity.com/2025/10/27/gaming-industry-cyber-threats-risks/
      • Insider Threats Loom While Ransom Payment Rates Plummet
        "As we enter the final quarter of 2025, the cyber extortion landscape has split along two clear paths: volume-driven Ransomware-as-a-Service (RaaS) campaigns targeting the mid-market, and high-cost, targeted intrusions aimed at larger enterprises. In the volume category, mid-market companies remain the most impacted by traditional RaaS groups. The Akira RaaS group leveraged a vulnerability that resulted in record-breaking attack volumes between July and August. This quantity-over-quality approach is low-cost for the attackers, generally results in lower demands, but achieves a ransom payment rate that is higher than average. Akira maintains substantial RaaS infrastructure supporting a broad spectrum of attacks against enterprises."
        https://www.coveware.com/blog/2025/10/24/insider-threats-loom-while-ransom-payment-rates-plummet
        https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/
        https://www.securityweek.com/ransomware-payments-dropped-in-q3-2025-analysis/
        https://www.helpnetsecurity.com/2025/10/27/ransomware-extortion-payment-q3-2025/
      • The State Of Exposure Management In 2025: Insights From 3,000+ Organizations
        "In 2025, AI is making it easier for attackers to exploit weaknesses, while businesses are contending with expanding attack surfaces due to a multitude of factors including shadow IT, supply chain risk, and sprawling cloud infrastructure. Faced with these challenges, how well are defenders keeping up? The data highlights progress in some areas, but also pressures in the wider threat environment that are stretching lean security teams to their limits. Intruder’s Exposure Management Index analyzes data from 3,000 small and midsize businesses (1 to 2,000 employees) to understand how the threat environment is changing and how vulnerability response differs across company sizes, industries, and geographies."
        https://www.bleepingcomputer.com/news/security/the-state-of-exposure-management-in-2025-insights-from-3-000-plus-organizations/
      • CISOs Finally Get a Seat At The Board's Table — But There's a Catch
        "In the weeks leading up to a board of directors meeting a few years ago, I'd been lobbying the CEO to add a security and privacy update to the agenda. I had to remind them not just once, but multiple times. Finally, relieved, I saw it had been added. On the day of the meeting, I sat in the virtual boardroom, laptop open, with meticulously prepared slides at the ready. After watching the clock tick down through presentations on market trends, deep dives on strategy, and a product road map, there were only a few minutes left before the meeting was set to adjourn. I stepped in: "We still need to cover privacy and security.""
        https://www.darkreading.com/cybersecurity-operations/cisos-finally-get-seat-board-table
      • US Declines To Join More Than 70 Countries In Signing UN Cybercrime Treaty
        "The world’s first global convention to prevent and respond to cybercrime opened for signature today in Hanoi, Vietnam, and will remain open at United Nations Headquarters in New York until 31 December 2026. Adopted by the UN General Assembly in December 2024, the UN Convention against Cybercrime will enter into force 90 days after its 40th ratification. Once in force, a Conference of the States Parties will meet periodically to strengthen national capacities, enhance cooperation, and review implementation to achieve the Convention’s objectives. 72 states signed the Convention, which must still be ratified by each according to its national procedures."
        https://therecord.media/us-declines-signing-cybercrime-treaty
        https://www.unodc.org/unodc/en/cybercrime/convention/home.html
        https://www.eff.org/deeplinks/2025/10/joint-statement-un-cybercrime-convention-eff-and-global-partners-urge-governments
        https://www.helpnetsecurity.com/2025/10/27/un-convention-against-cybercrime/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA)

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post