NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 11 November 2025

    Cyber Security News
    1
    1
    16
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Sqlmap: Open-Source SQL Injection And Database Takeover Tool
        "Finding and exploiting SQL injection vulnerabilities is one of the oldest and most common steps in web application testing. sqlmap streamlines this process. It is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and can take over database servers when configured to do so."
        https://www.helpnetsecurity.com/2025/11/10/sqlmap-open-source-sql-injection-database-takeover-tool/
        https://github.com/sqlmapproject/sqlmap

      Vulnerabilities

      • Vulnerability In Expr-Eval JavaScript Library Can Lead To Arbitrary Code Execution
        "The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input."
        https://kb.cert.org/vuls/id/263614
        https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/
        What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)
        "Happy Friday, friends and.. others. We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend! Today, in a tale that seems all too familar at this point, we begun as innocently as always - to reproduce an N-day in Monsta FTP as part of our emerging threat rapid reaction process we enact across the watchTowr client base. Yet, somehow, we find ourselves saddled with the reality of discussing another zero-day. “What on earth is Monsta FTP?” you might say. Monsta FTP is a web-based FTP client that lets users manage and transfer files directly through a browser on remote servers, with a minimum of 5,000 instances sitting on the Internet."
        https://labs.watchtowr.com/whats-that-coming-over-the-hill-monsta-ftp-remote-code-execution-cve-2025-34299/
        https://hackread.com/monsta-ftp-flaw-web-servers-open-server-takeover/
      • No Place Like Localhost: Unauthenticated Remote Access Via Triofox Vulnerability CVE-2025-12480
        "Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary payloads."
        https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/
        https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-21042 Samsung Mobile Devices Out-of-Bounds Write Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/11/10/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-samsung-zero-day-used-in-spyware-attacks/

      Malware

      • Multi-Brand Themed Phishing Campaign Harvests Credentials Via Telegram Bot API
        "Cyble Research and Intelligence Labs (CRIL) have uncovered a widespread phishing campaign targeting multiple brands to steal credentials. Attackers distribute HTML attachments through email, successfully bypassing conventional security checks by not using suspicious URLs or hosting on external servers. The embedded HTML files run JavaScript that steals user credentials and sends them directly to attacker-controlled Telegram bots."
        https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
      • Quantum Route Redirect: Anonymous Tool Streamlining Global Phishing Attack
        "KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. The attackers are wielding a powerful new tool that’s completely changing the game for cybercriminals—turning what used to be complex, technical phishing setups into simple one-click launches that can bypass certain technical controls. Welcome to the era of “Quantum Route Redirect.""
        https://blog.knowbe4.com/quantum-route-redirect-anonymous-tool-streamlining-global-phishing-attack
        https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/
      • New Phishing Campaign Exploits Meta Business Suite To Target SMBs Across The U.S. And Beyond
        "With more than 5.4 billion users worldwide (according to Statista), Facebook remains the world’s most influential social platform and a critical marketing channel for small and medium-sized businesses. Its vast reach and trusted brand make it a prime target for attackers, meaning that when a phishing campaign abuses Facebook’s name, the consequences can be especially serious."
        https://blog.checkpoint.com/email-security/new-phishing-campaign-exploits-meta-business-suite-to-target-smbs-across-the-u-s-and-beyond/
        https://www.theregister.com/2025/11/10/5k_facebook_advertising_customers_phishing/
      • Fantasy Hub: Another Russian Based RAT As M-a-a-S
        "zLabs identified “Fantasy Hub,” an Android Remote Access Trojan sold on Russian-language channels under a Malware-as-a-Service (MaaS) subscription. The developer of this malware promotes its broad capabilities for device control and espionage. These capabilities include the exfiltration of SMS messages, contacts, call logs, and bulk theft of images and videos. The malware can also intercept, reply, and delete incoming notifications, among other features."
        https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
        https://www.malwarebytes.com/blog/news/2025/11/fantasy-hub-is-spyware-for-rent-complete-with-fake-app-kits-and-support
      • State-Sponsored Remote Wipe Tactics Targeting Android Devices
        "The Genians Security Center (GSC) has identified new attack activity linked to the KONNI APT campaign, which is known to be associated with the Kimsuky or APT37 groups. During its ongoing investigation into KONNI’s operations, GSC discovered that malicious files disguised as “stress-relief programs” were being widely distributed through South Korea’s KakaoTalk messenger platform. KONNI has overlapping targets and infrastructure with Kimsuky and APT37, leading some researchers to classify them as the same group. All three are recognized as state-sponsored threat actors operating under the direction of the North Korean regime."
        https://www.genians.co.kr/en/blog/threat_intelligence/android
        https://thehackernews.com/2025/11/konni-hackers-turn-googles-find-hub.html
        https://www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/

      Breaches/Hacks/Leaks

      • Allianz UK Joins Growing List Of Clop’s Oracle E-Business Suite Victims
        "Allianz UK confirms it was one of the many companies that fell victim to the Clop gang's Oracle E-Business Suite (EBS) attack after crims reported that they had attacked a subsidiary. The criminal crew behind the wave of zero-day data raids claimed to have attacked Allianz-owned British insurer Liverpool Victoria (LV) on Tuesday, but a spokesperson for its parent company waved away these allegations. Allianz UK told The Register that the attack compromised the data of its customers only, and there was no impact on LV's customers or systems at all."
        https://www.theregister.com/2025/11/10/allianz_uk_joins_growing_list/
        https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/

      General News

      • Wi-Fi Signals May Hold The Key To Touchless Access Control
        "Imagine walking into a secure building where the door unlocks the moment your hand hovers near it. No keycards, no PINs, no fingerprints. Instead, the system identifies you by the way your palm distorts the surrounding Wi-Fi signal. That is the idea behind a new study from researchers at the Aeronautics Institute of Technology (ITA) in Brazil."
        https://www.helpnetsecurity.com/2025/11/10/research-wi-fi-palm-authentication/
        https://arxiv.org/pdf/2510.22133
      • Adopting a Counterintelligence Mindset In Luxury Logistics
        "In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He explains why protecting data can be as critical as securing physical assets and how a layered defense approach helps safeguard both. Succi adds that awareness, collaboration, and resilience keep client trust and operations consistent."
        https://www.helpnetsecurity.com/2025/11/10/andrea-succi-ferrari-group-logistics-industry-cybersecurity/
      • AI Is Rewriting How Software Is Built And Secured
        "AI has become part of everyday software development, shaping how code is written and how fast products reach users. A new report from Cycode, The 2026 State of Product Security for the AI Era, explores how deeply AI now runs through development pipelines and how security teams are trying to manage the risks that come with it. Cycode surveyed 400 CISOs, AppSec leaders, and DevSecOps managers across the US and UK. Every organization said they have AI-generated code in their environment, and almost all are already using or testing AI coding assistants."
        https://www.helpnetsecurity.com/2025/11/10/ai-product-security-report/
      • As AI Enables Bad Actors, How Are 3,000+ Teams Responding?
        "This year has shown just how quickly new exposures can emerge, with AI-generated code shipped before review, cloud sprawl racing ahead of controls, and shadow IT opening blind spots. Supply chain compromises have disrupted transport, manufacturing, and other critical services. On the attacker side, AI-assisted exploit development is making it faster than ever to turn those weaknesses into working attacks. Intruder's 2025 Exposure Management Index draws on data from more than 3,000 small and mid-sized businesses (1-2,000 employees) to understand how defenders are adapting – revealing where progress is being made, and where pressure points remain. Below are three key trends shaping exposure management in 2025."
        https://www.theregister.com/2025/11/10/ai_enables_bad_actors/
      • OWASP Highlights Supply Chain Risks In New Top 10
        "OWASP has updated its list of Top 10 software vulnerabilities to align it better with the current threat landscape and modern development practices. The Nov. 6 release is OWASP's first major Top 10 update since 2021 and is notable for its emphasis on supply chain risks and systemic design weakness rather than just common software coding errors. For defenders, the key takeaway is the need to integrate application security, software supply chain oversight, and operational resilience practices more tightly together."
        https://www.darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10
        https://owasp.org/Top10/2025/0x00_2025-Introduction/
        https://www.securityweek.com/two-new-web-application-risk-categories-added-to-owasp-top-10/
      • Why Organizations Can’t Ignore Vendor Risk Assessment In Today’s Cyber-Threat Landscape
        "In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer solely about firewalls and endpoint protection. It’s about the unseen connections, the suppliers, service providers, cloud vendors and subcontractors who form part of the operational supply chain. One critical practice at the heart of this challenge is vendor risk assessment: the process of evaluating the risks that third parties pose to an organisation’s data, operations and reputation."
        https://hackread.com/organizations-vendor-risk-assessment-cyber-threat-landscape/
      • Agentic AI In Cybersecurity: Beyond Triage To Strategic Threat Hunting
        "With a deficit of 4 million cybersecurity workers worldwide, it’s no surprise that most SOCs are still stuck in triage mode. That’s why agentic AI is stepping in to fill the gap. And this boost to internal cybersecurity capabilities gives security teams the ability to do what was only a pipe dream before: engage in proactive security. In other words, agentic AI is taking low-level decisions off SOC’s plates, so they don’t have to spend their days playing a reactive game of cat-and-mouse. Using these new AI capabilities, they can move beyond emergency response and head into a more mature security stage of strategic threat hunting."
        https://securityaffairs.com/184413/uncategorized/agentic-ai-in-cybersecurity-beyond-triage-to-strategic-threat-hunting.html
      • Exposure Report: 65% Of Leading AI Companies Found With Verified Secret Leaks
        "AI companies are racing ahead, but many are leaving their secrets behind. We looked at 50 leading AI companies and found that 65% had leaked verified secrets on GitHub. Think API keys, tokens, and sensitive credentials, often buried deep in deleted forks, gists, and developer repos most scanners never touch. Some of these leaks could have exposed organizational structures, training data, or even private models. For teams building the future of AI, speed and security have to move together."
        https://www.wiz.io/blog/forbes-ai-50-leaking-secrets
        https://www.securityweek.com/many-forbes-ai-50-companies-leak-secrets-on-github/
        https://www.infosecurity-magazine.com/news/leading-ai-companies-secret-leaks/
      • Australia Sanctions Hackers Supporting North Korea’s Weapons Program
        "The Australian government announced sanctions against four entities and an individual believed to be involved in cybercriminal activities supporting North Korea’s weapons programs. “The Australia Government is taking this action with the United States to apply pressure on North Korea’s illegal revenue generation networks and address its persistent challenges to security and stability,” Foreign Minister Penny Wong said. The financial sanctions, accompanied by travel bans, target entities believed to have deep links with North Korea’s malicious cyber activities, such as cryptocurrency theft, fraudulent IT worker schemes, and espionage."
        https://www.securityweek.com/australia-sanctions-hackers-supporting-north-koreas-weapons-program/
      • New Browser Security Report Reveals Emerging Threats For Enterprises
        "According to the new Browser Security Report 2025, security leaders are discovering that most identity, SaaS, and AI-related risks converge in a single place, the user's browser. Yet traditional controls like DLP, EDR, and SSE still operate one layer too low. What's emerging isn't just a blindspot. It's a parallel threat surface: unmanaged extensions acting like supply chain implants, GenAI tools accessed through personal accounts, sensitive data copy/pasted directly into prompt fields, and sessions that bypass SSO altogether."
        https://thehackernews.com/2025/11/new-browser-security-report-reveals.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) c8c77cd2-1236-4771-b461-25ee3c2457f9-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post