NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 12 November 2025

    Cyber Security News
    1
    1
    20
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Hidden Risks In The Financial Sector’s Supply Chain
        "When a cyber attack hits a major bank or trading platform, attention usually turns to the institution. But new research suggests the real danger may lie elsewhere. BitSight researchers found that many of the technology providers serving the financial sector have weaker cybersecurity performance than the institutions they support. For the Exposed Cyber Risk in the Financial Sector and its Supply Chain report, researchers analyzed more than 41,000 financial organizations and over 50,000 relationships with third-party technology providers. The results point to dependencies, uneven monitoring, and gaps in risk management across the sector’s digital supply chain."
        https://www.helpnetsecurity.com/2025/11/11/hidden-financial-sector-cyber-risk/

      Vulnerabilities

      • Synology Fixes BeeStation Zero-Days Demoed At Pwn2Own Ireland
        "Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. The security issue (CVE-2025-12686) is described as a ‘buffer copy without checking the size of input’ problem, and can be exploited to allow arbitrary code execution. It impacts multiple versions of BeeStation OS, the software powering Synology’s network-attached storage (NAS) devices marketed as a consumer-oriented “personal cloud.”"
        https://www.bleepingcomputer.com/news/security/synology-fixes-beestation-zero-days-demoed-at-pwn2own-ireland/
        https://www.synology.com/en-us/security/advisory/Synology_SA_25_12
      • SAP Fixes Hardcoded Credentials Flaw In SQL Anywhere Monitor
        "SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code injection issue in the Solution Manager platform. The security problem in SQL Anywhere Monitor is tracked as CVE-2025-42890 and consists of hardcoded credentials. Because of the elevated risk, the vulnerability received the maximum severity score of 10.0. "SQL Anywhere Monitor (Non-GUI) baked credentials into the code, exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution," reads the description for the flaw."
        https://www.bleepingcomputer.com/news/security/sap-fixes-hardcoded-credentials-flaw-in-sql-anywhere-monitor/
        https://www.securityweek.com/sap-patches-critical-flaws-in-sql-anywhere-monitor-solution-manager/
        https://securityaffairs.com/184500/security/sap-fixed-a-maximum-severity-flaw-in-sql-anywhere-monitor.html
      • Microsoft November 2025 Patch Tuesday Fixes 1 Zero-Day, 63 Flaws
        "Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also addresses four "Critical" vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of privileges, and the fourth is an information disclosure flaw."
        https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
        https://blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
        https://www.darkreading.com/vulnerabilities-threats/patch-now-microsoft-zero-day-critical-zero-click-bugs
        https://cyberscoop.com/microsoft-patch-tuesday-november-2025/
        https://www.securityweek.com/microsoft-patches-actively-exploited-windows-kernel-zero-day/
      • Adobe Patches 29 Vulnerabilities
        "Adobe’s latest round of Patch Tuesday updates addresses 29 vulnerabilities across the company’s InDesign, InCopy, Photoshop, Illustrator, Pass, Substance 3D Stager, and Format Plugins products. Critical vulnerabilities that can be exploited for arbitrary code execution have been addressed in InDesign, InCopy, Photoshop, Illustrator, Substance 3D Stager, and Format Plugins. A critical security bypass issue has been resolved in Pass. It’s worth noting that Adobe assigns a ‘critical’ severity to issues that, based on their CVSS score, have a ‘high’ severity rating."
        https://www.securityweek.com/adobe-patches-29-vulnerabilities/

      Malware

      • You Thought It Was Over? Authentication Coercion Keeps Evolving
        "Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system. Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack method is called authentication coercion."
        https://unit42.paloaltonetworks.com/authentication-coercion/
      • How a CPU Spike Led To Uncovering a RansomHub Ransomware Attack
        "Varonis recently helped a customer who observed a spike in CPU activity on a server in their environment, where a shallow review of the device revealed an in-progress compromise by an advanced threat actor we later attributed to RansomHub affiliates. Over the next 48 hours, our team worked closely with the customer to investigate, hunt, contain, and remediate the threat before it could become ransomware. Due to our team's advanced intervention capabilities, we secured the customer’s network with zero business downtime. Continue reading to see how the incident started."
        https://www.bleepingcomputer.com/news/security/how-a-cpu-spike-led-to-uncovering-a-ransomhub-ransomware-attack/
      • Malicious NPM Package Found Targeting GitHub By Typosquatting On GitHub Action Packages
        "On Friday 7th November Veracode Threat Research identified a malicious npm package “@acitons/artifact”, that was typosquatting on the legitimate package @actions/artifact, which has accumulated over 206k downloads. The malicious package appeared to be targeting GitHub-owned repositories. We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish new malicious artifacts as GitHub."
        https://www.veracode.com/blog/malicious-npm-package-targeting-github-actions/
        https://thehackernews.com/2025/11/researchers-detect-malicious-npm.html
        https://hackread.com/fake-npm-package-downloads-github-credentials/
      • How Credentials Get Stolen In Seconds, Even With a Script-Kiddie-Level Phish
        "This attempt to phish credentials caught our attention, mostly because of its front-end simplicity. Even though this is a script-kiddie-level type of attack, we figured it was worth writing up—precisely because it’s so easy to follow what they’re up to. The email is direct and to the point. Not a lot of social engineering happening here."
        https://www.malwarebytes.com/blog/threat-intel/2025/11/how-credentials-get-stolen-in-seconds-even-with-a-script-kiddie-level-phish
      • Maverick And Coyote: Analyzing The Link Between Two Evolving Brazilian Banking Trojans
        "The CyberProof SOC Team and Threat Hunters responded to an incident involving a suspicious file download spotted through the messaging application WhatsApp. Further investigation helped uncover more related incidents, however the complete infection chain could not be observed or additional files from Command and control failed to deliver in our investigations. VirusTotal hunting of similar files helped us collect more files tied to this Brazilian targeting campaign and we found our analysis related to public research tied to Maverick banking trojan by Kaspersky, WhatsApp worm by Sophos and Sorvepotel by TrendMicro. We saw good number of similarities with the earlier reported Coyote banking malware campaign programmed to target the Brazilian region."
        https://www.cyberproof.com/blog/maverick-and-coyote-analyzing-the-link-between-two-evolving-brazilian-banking-trojans/
        https://thehackernews.com/2025/11/whatsapp-malware-maverick-hijacks.html
      • Rhadamanthys Infostealer Disrupted As Cybercriminals Lose Server Access
        "The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers. Rhadamanthys is an infostealer malware that steals credentials and authentication cookies from browsers, email clients, and other applications. It is commonly distributed through campaigns promoted as software cracks, YouTube videos, or malicious search advertisements. The malware is offered on a subscription model, where cybercriminals pay the developer a monthly fee for access to the malware, support, and a web panel used to collect stolen data."
        https://www.bleepingcomputer.com/news/security/rhadamanthys-infostealer-disrupted-as-cybercriminals-lose-server-access/

      Breaches/Hacks/Leaks

      • GlobalLogic Warns 10,000 Employees Of Data Theft After Oracle Breach
        "GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach. Based in Santa Clara, California, this software and product development services company was founded in 2000. Since then, it has expanded to 59 product engineering centers and several offices worldwide. In a breach notification letter filed with the office of Maine's Attorney General, the company states that the attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to 10,471 employees."
        https://www.bleepingcomputer.com/news/security/globallogic-warns-10-000-employees-of-data-theft-after-oracle-breach/
        https://cyberscoop.com/globallogic-oracle-clop-attacks/
        https://www.theregister.com/2025/11/11/hitachiowned_globallogic_admits_data_stolen/
      • Cl0p Ransomware Lists NHS UK As Victim, Days After Washington Post Breach
        "Cl0p is claiming responsibility for a new data breach affecting the National Health Service (NHS UK). On November 11, 2026, the ransomware group posted on its dark web leak site, accusing the healthcare provider of neglecting its security, stating, “The company doesn’t care about its customers; it ignored their security.” Although the group has not revealed the volume of stolen data, the announcement aligns with ongoing attacks and reports pointing out CL0p of exploiting vulnerabilities in Oracle’s E-Business Suite (EBS)."
        https://hackread.com/cl0p-ransomware-nhs-uk-washington-post-breach/
      • Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data
        "Have I Been Pwned (HIBP), the popular breach notification service, has added another massive dataset to its platform. This time, 1.96 billion accounts connected to the Synthient Credential Stuffing Threat Data, in collaboration with the threat-intelligence firm Synthient. Users who subscribe to HIBP alerts, including this writer, received an email notification stating: “You’ve been pwned in the Synthient Credential Stuffing Threat Data data breach.”"
        https://hackread.com/have-i-been-pwned-synthient-credential-data-accounts/

      General News

      • Who Owns The Cybersecurity Of Space?
        "As a cybersecurity professional, I have spent decades watching humanity build digital castles without moats. We did it with the internet, with artificial intelligence and with critical infrastructure. Now, we are doing it again, this time in orbit. We are racing to commercialize space to connect the unconnected and monetize orbit, yet we are ignoring the most important question: Who owns the cybersecurity of space?"
        https://www.bankinfosecurity.com/blogs/who-owns-cybersecurity-space-p-3971
      • To Get Funding, CISOs Are Mastering The Language Of Money
        "In this Help Net Security interview, Chris Wheeler, CISO at Resilience, talks about how CISOs are managing changing cybersecurity budgets. While overall spending is up, many say the increases don’t match their most pressing needs. Wheeler explains how organizations are reallocating funds, measuring ROI, and linking cybersecurity plans to business goals."
        https://www.helpnetsecurity.com/2025/11/11/chris-wheeler-resilience-cisos-cybersecurity-budgets/
      • How Far Can Police Push Privacy Before It Breaks
        "Police use drones, body cameras, and license plate readers as part of their daily work. Supporters say these tools make communities safer. Critics see something different, a system that collects too much data and opens the door to abuse. When surveillance expands without public oversight, civil liberties start to slip away, especially for people who already face bias and discrimination."
        https://www.helpnetsecurity.com/2025/11/11/police-surveillance-privacy-risks/
      • CISOs Are Cracking Under Pressure
        "Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out and thinking about walking away. The personal cost is beginning to affect business readiness. Nearly half said burnout has already hurt their ability to prepare for breaches. The researchers warn that when leaders reach this point, the entire organization becomes more vulnerable."
        https://www.helpnetsecurity.com/2025/11/11/stress-ciso-burnout-crisis/
      • AI Browsers Are Rapidly Becoming Major Risk To Cybersecurity
        "As a new type of browser infused with artificial intelligence (AI) capabilities start to become more widely available, significant security concerns are starting to emerge. Like most AI tools, this new type of browser is susceptible to prompt injection attacks. However, the issue is these AI browsers are being connected to a wide range of applications that make it possible to extend the reach of a prompt injection attack well beyond the browser."
        https://blog.barracuda.com/2025/11/10/ai-browsers-major-risk-cybersecurity
      • “Bitcoin Queen” Gets 11 Years In Prison For $7.3 Billion Bitcoin Scam
        "A Chinese woman known as the "Bitcoin Queen" was sentenced in London to 11 years and eight months in jail for laundering Bitcoin from a £5.5 billion ($7.3 billion) cryptocurrency investment scheme. The sentence follows a seven-year investigation by the Met's Economic Crime team into international money laundering, which revealed that the 47-year-old woman, Zhimin Qian (also known as Yadi Zhang), was the head of a large-scale fraud campaign that defrauded over 128,000 victims in China between 2014 and 2017. This action also led to the seizure of 61,000 Bitcoin worth hundreds of millions of pounds at the time and now valued at roughly £5.5 billion, the largest cryptocurrency seizure in Britain's history."
        https://www.bleepingcomputer.com/news/security/bitcoin-queen-gets-11-years-in-prison-for-73-billion-bitcoin-scam/
      • Global Cyber Attacks Surge In October 2025 Amid Explosive Ransomware Growth And Rising GenAI Threats
        "In October 2025, the global volume of cyber attacks continued its upward trajectory. Organizations worldwide experienced an average of 1,938 cyber attacks per week, marking a 2% increase from September and a 5% rise compared to October 2024. Check Point Research data reveals that this steady escalation underscores a persistent and evolving cyber threat landscape fuelled by the growing sophistication of ransomware operations and the expanding risks associated with the adoption of generative AI (GenAI)."
        https://blog.checkpoint.com/research/global-cyber-attacks-surge-in-october-2025-amid-explosive-ransomware-growth-and-rising-genai-threats/
      • Grandparents To C-Suite: Elder Fraud Reveals Gaps In Human-Centered Cybersecurity
        "A retiree answers the phone one afternoon and hears what sounds unmistakably like her grandson's voice. He says he's been in an accident and needs money right away. The caller knows her name, her town, and details about the family. Panicked, she sends the funds — only later learning that the voice was generated by artificial intelligence and the personal information came from publicly available data online."
        https://www.darkreading.com/cyber-risk/grandparents-to-c-suite-elder-fraud-reveals-gaps-in-human-centered-cybersecurity
      • Qilin Ransomware Activity Surges As Attacks Target Small Businesses
        "A rise in ransomware incidents linked to the Qilin ransomware group, one of the longest-running ransomware-as-a-service (RaaS) operations, has been observed by cybersecurity researchers. According to S-RM’s latest intelligence, Qilin continues to exploit weaknesses such as unpatched VPN appliances, lack of multi-factor authentication (MFA) and exposed management interfaces to gain initial access to corporate networks."
        https://www.infosecurity-magazine.com/news/qilin-ransomware-activity-surges/
      • Cyber Insurers Paid Out Over Twice As Much For UK Ransomware Attacks Last Year
        "The number of successful cyber insurance claims made by UK organizations shot up last year, according to the latest figures from the industry's trade association. The Association of British Insurers (ABI) said £197 million ($259 million) in cyber insurance payouts were made to victimized organizations in 2024, up from £59 million ($77 million) in 2023."
        https://www.theregister.com/2025/11/11/ransomware_surge_fuels_230_increase/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 07398a9d-7cc4-4a42-b6b8-403f38ec686f-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post