NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 24 November 2025

    Cyber Security News
    1
    1
    359
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Grafana Enterprise Security Update: Critical Severity Security Fix For CVE-2025-41115
        "Along with the release of Grafana Enterprise 12.3, we are releasing updated versions of Grafana Enterprise 12.2.1, 12.1.3 and 12.0.6, all of which contain a fix for a critical severity vulnerability (CVE-2025-41115) discovered in the SCIM (System for Cross-domain Identity Management). This issue could allow privilege escalation or user impersonation under certain configurations."
        https://grafana.com/blog/2025/11/19/grafana-enterprise-security-update-critical-severity-security-fix-for-cve-2025-41115/
        https://www.bleepingcomputer.com/news/security/grafana-warns-of-max-severity-admin-spoofing-vulnerability/
        https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/11/21/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-warns-oracle-identity-manager-rce-flaw-is-being-actively-exploited/
        https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html
        https://www.securityweek.com/critical-oracle-identity-manager-flaw-possibly-exploited-as-zero-day/
        https://securityaffairs.com/184935/security/u-s-cisa-adds-an-oracle-fusion-middleware-flaw-to-its-known-exploited-vulnerabilities-catalog.html
      • LINE Messaging Bugs Open Asian Users To Cyber Espionage
        "LINE, a popular encrypted messaging platform used daily by millions of users in East Asia — most notably in Japan, Taiwan, Thailand, and Indonesia — is offering up a veritable buffet of attack vectors for threat actors, potentially exposing billions of messages to data leakage and misuse. That’s according to researchers Thomas Mogensen and Diego De Freitas Aranha from Aarhus University, who conducted a comprehensive security analysis of LINE's end-to-end, custom encryption protocol (E2EE), dubbed Letter Sealing v2. Among the findings, which the two will be presenting at Black Hat Europe in early December, are critical vulnerabilities that open the door to three main buckets of compromise: message replay attacks, plaintext and sticker leakage, and, most concerningly, impersonation attacks."
        https://www.darkreading.com/application-security/line-messaging-bugs-asian-cyber-espionage
      • CrowdStrike Research: Security Flaws In DeepSeek-Generated Code Linked To Political Triggers
        "In January 2025, China-based AI startup DeepSeek (深度求索) released DeepSeek-R1, a high-quality large language model (LLM) that allegedly cost much less to develop and operate than Western competitors’ alternatives. CrowdStrike Counter Adversary Operations conducted independent tests on DeepSeek-R1 and confirmed that in many cases, it could provide coding output of quality comparable to other market-leading LLMs of the time. However, we found that when DeepSeek-R1 receives prompts containing topics the Chinese Communist Party (CCP) likely considers politically sensitive, the likelihood of it producing code with severe security vulnerabilities increases by up to 50%."
        https://www.crowdstrike.com/en-us/blog/crowdstrike-researchers-identify-hidden-vulnerabilities-ai-coded-software/

      Malware

      • Analysis Report On Malicious Apps Using Advanced Detection And Evasion Techniques
        "Malware developers are using increasingly diverse techniques to evade anti-virus (AV) products. In the past, it was common for a single malicious app to implement all malicious behaviors. However, recently, apps have been discovered in which features are separated and need to be downloaded additionally, or encrypted files need to be decrypted and loaded. There are also a number of apps that set triggers to execute only when certain conditions are met, and remain in a waiting state otherwise."
        https://asec.ahnlab.com/en/91180/
        Inside Europe’s AI-Fuelled GLP-1 Scam Epidemic: How Criminal Networks Are Hijacking The Identities Of The NHS, * AEMPS, ANSM, BfArM And AIFA To Sell Fake Weight-Loss Products
        "The global appetite for GLP-1 medications like Ozempic, Wegovy and Mounjaro have created something far more dangerous than a cultural trend. It has created the perfect opening for cyber criminals who understand how desperation, scarcity and online misinformation intersect. As clinics struggle with shortages and manufacturers warn of supply limits extending well into 2025 and 2026, the demand for “easier,” faster or cheaper alternatives has exploded. Into this void, criminal groups have moved with extraordinary speed."
        https://blog.checkpoint.com/research/inside-europes-ai-fuelled-glp-1-scam-epidemic-how-criminal-networks-are-hijacking-the-identities-of-the-nhs-aemps-ansm-bfarm-and-aifa-to-sell-fake-weight-loss-products/
      • New Matrix Push C2 Abuses Push Notifications To Deliver Malware
        "At BlackFog, we recently uncovered a new command-and-control platform called Matrix Push C2 which cybercriminals are using to deliver malware and phishing attacks via web browser features. This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems. It turns web browsers into an attack delivery vehicle: tricking users with fake system notifications, redirecting them to malicious sites, monitoring infected clients in real time, and even scanning for cryptocurrency wallets."
        https://www.blackfog.com/new-matrix-push-c2-deliver-malware/
        https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html
        https://www.infosecurity-magazine.com/news/browser-push-notifications-deliver/
      • ToddyCat: Your Hidden Email Assistant. Part 1
        "Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure (for example, by deploying Microsoft Exchange Server) or through cloud mail services such as Microsoft 365 or Gmail. At first glance, it might seem that using cloud services offers a higher level of confidentiality for corporate correspondence: mail data remains external, even if the organization’s internal infrastructure is compromised. However, this does not stop highly organized espionage groups like the ToddyCat APT group."
        https://securelist.com/toddycat-apt-steals-email-data-from-outlook/118044/
      • China’s APT31 Linked To Hacks On Russian Tech Firms
        "The China-linked hacking group known as APT31 infiltrated Russia’s technology sector for years and quietly exfiltrated data from companies involved in government contracting and systems integration, according to a new report. The campaign, which ran into this year, was “well-planned” and allowed intruders to remain undetected, Russian cybersecurity firm Positive Technologies said in research published on Thursday. Public reports of Chinese cyber operations against Russia are rare, given the countries are widely seen as strategic partners. In October, U.S.-based cybersecurity firm Symantec attributed an espionage attack on an unnamed Russian IT service provider to Jewelbug, another China-linked group."
        https://therecord.media/russia-report-apt31-china-linked-hacks
        https://thehackernews.com/2025/11/china-linked-apt31-launches-stealthy.html
      • Piecing Together The Puzzle: A Qilin Ransomware Investigation
        "A big part of a security analyst’s everyday role is figuring out what actually happened during an incident. We can do that by piecing together breadcrumbs–whether that’s through logs, antivirus detections, and other clues–that help us understand how the attacker achieved initial access and what they did after. However, it’s not always cut and dry: sometimes there are external factors that limit our visibility. The Huntress agent might not be deployed across all endpoints, for example, or the targeted organization might install the Huntress agent after a compromise has already occurred."
        https://www.bleepingcomputer.com/news/security/piecing-together-the-puzzle-a-qilin-ransomware-investigation/

      Breaches/Hacks/Leaks

      • Local Law Enforcement Agencies In Oklahoma, Massachusetts Responding To Cyber Incidents
        "Local law enforcement agencies in Oklahoma, Massachusetts responding to cyber incidents. Hackers have successfully targeted local law enforcement agencies in two states this week, launching cyberattacks that impacted IT systems. The Cleveland County Sheriff’s Office in Oklahoma published a message on Thursday saying it was facing a ransomware attack that affected parts of its internal computer system."
        https://therecord.media/cleveland-county-okla-attleboro-mass-law-enforcement-cyberattacks
      • Cox Enterprises Discloses Oracle E-Business Suite Data Breach
        "Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. The compromise occurred in August, but the company didn’t detect the intrusion until late September, when it launched its internal investigation. “On September 29, 2025, we became aware of suspicious activity involving Oracle’s E-Business Suite, which is a platform we use for some of our back-office business operations,” reads the notice."
        https://www.bleepingcomputer.com/news/security/cox-enterprises-discloses-oracle-e-business-suite-data-breach/
      • Iberia Discloses Customer Data Leak After Vendor Security Breach
        "Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline."
        https://www.bleepingcomputer.com/news/security/iberia-discloses-customer-data-leak-after-vendor-security-breach/
        https://securityaffairs.com/184985/data-breach/iberia-discloses-security-incident-tied-to-supplier-breach.html

      General News

      • Hardware Hackers Urge Vendor Engagement For Security Success
        "If hardware once had a reputation as an immutable root of trust, more than a decade of worries about compromised supply chains, side channel attacks and insecure enclaves have sanded that standing down to a stump. Vulnerabilities are a fact of life - but how they end up in devices involves numerous factors. "I see hardware security vulnerabilities as a business problem with a business choice," said Alex Guzman, CISO for Cisco Network Devices, speaking this week at the Hardware.io conference in Amsterdam. Information Security Media Group has invested in the conference."
        https://www.bankinfosecurity.com/hardware-hackers-urge-vendor-engagement-for-security-success-a-30102
      • CrowdStrike Catches Insider Feeding Information To Hackers
        "American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. However, the company noted that its systems were not breached as a result of this incident and that customers' data was not compromised."
        https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/
        https://securityaffairs.com/184926/security/crowdstrike-denies-breach-after-insider-sent-internal-screenshots-to-hackers.html
        https://hackread.com/crowdstrike-fires-worker-insider-leak-scattered-lapsus-hunters/
      • 'Scattered Spider' Teens Plead Not Guilty To UK Transport Hack
        "Two British teenagers have denied charges related to an investigation into the breach of Transport for London (TfL) in August 2024, which caused millions of pounds in damage and exposed customer data. Believed to be members of the Scattered Spider hacking collective, 19-year-old Thalha Jubair from east London and 18-year-old Owen Flowers from Walsall were arrested at their homes in September 2024 by officers from the UK National Crime Agency (NCA) and the City of London Police. Flowers was also arrested for his alleged involvement in the TfL attack in September 2024, but was released on bail after being questioned by NCA officers."
        https://www.bleepingcomputer.com/news/security/scattered-spider-teens-plead-not-guilty-to-uk-transport-hack/
        https://news.sky.com/story/teenagers-plead-not-guilty-to-london-transport-cyber-attack-13473518
        https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty
      • Legacy Web Forms Are The Weakest Link In Government Data Security
        "Federal, state, and local government agencies face a critical vulnerability hiding in plain sight: outdated web forms collecting citizen data through insecure channels. While agencies invest in perimeter security and threat detection, many continue using legacy forms built years ago without modern encryption, authentication, or compliance capabilities. These aging systems collect Social Security numbers, financial records, health information, and security clearance data through technology that cannot meet current federal security standards."
        https://cyberscoop.com/government-legacy-web-forms-security-risks/
      • Inside The Industrialization Of Cybercrime: What To Expect In 2026
        "Each year, FortiGuard Labs analyzes how technology, economics, and human behavior shape global cyber risk. The Fortinet Cyberthreat Predictions for 2026 report outlines a turning point in that evolution. Cybercrime will continue to evolve into an organized industry, built on automation, specialization, and artificial intelligence (AI). But in 2026, success in both offense and defense will be determined less by innovation than by throughput: how quickly intelligence can be turned into action."
        https://www.fortinet.com/blog/industry-trends/inside-industrialization-of-cybercrime-what-to-expect-in-2026
        https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/report-threat-predictions-2026.pdf
      • Research Shows Identity Document Checks Are Missing Key Signals
        "Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep up. The study analyzes work published from 2020 to 2025, giving security leaders a view of where these systems stand and what is holding them back."
        https://www.helpnetsecurity.com/2025/11/21/identity-document-fraud-detection-research/
        https://arxiv.org/pdf/2511.06056
      • Convenience Culture Is Breaking Personal Security
        "AI is changing how scams are built, shared, and trusted. A new global survey from Bitdefender shows how far the problem has spread. Over seven in ten consumers encountered some form of scam in the past year. One in seven fell for one. Worry about AI driven fraud is now mainstream, with 37% listing deepfake audio and video as their top concern."
        https://www.helpnetsecurity.com/2025/11/21/bitdefender-ai-powered-scams-report/
      • How To Align Security Requirements And Controls To Express System Threats
        "Threats and how we counter them have become key considerations in a system’s cybersecurity architecture and design. This applies whether we are designing a new system, addressing regulatory requirements to operate in a particular mission environment, or just working to meet organizational needs. Adoption of zero trust strategies, security by design guidance, and DevSecOps are core to a system's cybersecurity architecture and design in both the public and private sector."
        https://www.sei.cmu.edu/blog/how-to-align-security-requirements-and-controls-to-express-system-threats/
      • Operation Destabilise: NCA Exposes Billion-Dollar Money Laundering Network That Purchased Bank To Fund Russian War Effort
        "The NCA have identified that a billion-dollar money laundering network active in the UK purchased a bank in Kyrgyzstan to facilitate sanctions evasion and payments in support of Russian military efforts. Through Operation Destabilise, the NCA and its partners are targeting money launderers who work for this network and are known to operate in at least 28 UK cities and towns."
        https://www.nationalcrimeagency.gov.uk/news/operation-destabilise-nca-exposes-billion-dollar-money-laundering-network-that-purchased-bank-to-fund-russian-war-effort
        https://www.theregister.com/2025/11/21/russia_cybercrime_bank_purchase/
      • The OSINT Playbook: Find Your Weak Spots Before Attackers Do
        "Whatever the reason, we spend vast amounts of time online, tapping into the untold expanse of information, communication and resources. Sometimes, the challenge isn’t finding some data, but knowing what’s relevant, real and worth trusting. Anyone working with information needs to be able to cut through the noise and discern the authenticity of the data, which requires being methodical and deliberate when choosing and using our sources – and having the right tools to expedite the process."
        https://www.welivesecurity.com/en/privacy/osint-playbook-find-weak-spots-attackers-do/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) ec8878cf-c58a-4088-857d-e56bc701f6d5-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post