NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 01 December 2025

    Cyber Security News
    1
    1
    51
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      New Tooling

      • Your IP Address Might Be Someone Else's Problem (And Here's How To Find Out)
        "We built something new at GreyNoise Labs, and it started with a question we kept hearing: “How do I know if my home network has been compromised?” It’s not a theoretical concern. Over the past year, residential proxy networks have exploded and have been turning home internet connections into exit points for other people’s traffic. Sometimes folks knowingly install software that does this in exchange for a few dollars. More often, malware sneaks onto devices, usually via nefarious apps or browser extensions, and quietly turns them into nodes in someone else’s infrastructure."
        https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem
        https://check.labs.greynoise.io/
        https://www.bleepingcomputer.com/news/security/greynoise-launches-free-scanner-to-check-if-youre-part-of-a-botnet/

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog
        https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
      • The Hidden Dangers Of Calendar Subscriptions: 4 Million Devices At Risk
        "Day-to-day workload can become overwhelming as time passes alongside the growing tasks and responsibilities of both personal and professional lives. Therefore, a well-structured digital calendar may be an essential organizational tool to navigate through the day, helping with the support we need to manage our time and ongoing commitments."
        https://www.bitsight.com/blog/hidden-dangers-calendar-subscriptions-4-million-devices-risk
        https://www.infosecurity-magazine.com/news/threat-actors-exploit-calendar-subs/

      Malware

      • Tomiris Wreaks Havoc: New Tools And Techniques Of The APT Group
        "While tracking the activities of the Tomiris threat actor, we identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic infrastructure. In several cases, we traced the threat actor’s actions from initial infection to the deployment of post-exploitation frameworks. These attacks highlight a notable shift in Tomiris’s tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as command-and-control (C2) servers. This approach likely aims to blend malicious traffic with legitimate service activity to evade detection by security tools."
        https://securelist.com/tomiris-new-tools/118143/
      • Bootstrap Script Exposes PyPI To Domain Takeover Attacks
        "ReversingLabs researchers have discovered vulnerable code in legacy Python packages that could make possible an attack on the Python Package Index (PyPI) via a domain compromise. Although the vulnerable code is mostly unused in modern development environments, it may still be used in legacy production. RL Spectra Assure Community’s machine learning model, which detects packages with behaviors similar to known malware, found the vulnerability in bootstrap files for a build tool that installs the Python package distribute and performs other tasks in the bootstrapping process."
        https://www.reversinglabs.com/blog/bootstrap-script-exposes-pypi-to-domain-takeover-attack
        https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
      • Inside The GitHub Infrastructure Powering North Korea’s Contagious Interview Npm Attacks
        "The Socket Threat Research Team continues to track North Korea’s Contagious Interview operation as it systematically infiltrates the npm ecosystem. Since we last reported on this campaign, it has added at least 197 more malicious npm packages and over 31,000 additional downloads, with state-sponsored threat actors targeting blockchain and Web3 developers through fake job interviews and “test assignments”. This sustained tempo makes Contagious Interview one of the most prolific campaigns exploiting npm, and it shows how thoroughly North Korean threat actors have adapted their tooling to modern JavaScript and crypto-centric development workflows."
        https://socket.dev/blog/north-korea-contagious-interview-npm-attacks
        https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
        https://securityaffairs.com/185170/apt/contagious-interview-campaign-expands-with-197-npm-ppackages-spreading-new-ottercookie-malware.html
      • PostHog Admits Shai-Hulud 2.0 Was Its Biggest Ever Security Bungle
        "PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials. In a postmortem released by PostHog, one of the various package maintainers impacted by Shai-Hulud 2.0, the company says contaminated packages – which included core SDKs like posthog-node, posthog-js, and posthog-react-native – contained a pre-install script that ran automatically when the software was installed. That script ran TruffleHog to scan for credentials, exfiltrated any found secrets to new public GitHub repositories, then used stolen npm credentials to publish further malicious packages – enabling the worm to spread."
        https://www.theregister.com/2025/11/28/posthog_shaihulud/
        https://posthog.com/blog/nov-24-shai-hulud-attack-post-mortem
      • Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday
        "Shoppers looking for great deals this holiday season need to be extra careful, as a massive operation involving over 2,000 fake online stores has been found, timed perfectly to steal money and personal details during peak sales like Black Friday and Cyber Monday. Cybersecurity firm CloudSEK recently discovered this huge network and shared its research with Hackread.com. According to CloudSEK’s analysis, these aren’t isolated incidents; they are highly organised operations using identical methods to trick people, making this one of the largest coordinated scam efforts seen this shopping season."
        https://hackread.com/fake-shopping-sites-cyber-monday/

      Breaches/Hacks/Leaks

      • Public GitLab Repositories Exposed More Than 17,000 Secrets
        "After scanning all 5.6 million public repositories on GitLab Cloud, a security engineer discovered more than 17,000 exposed secrets across over 2,800 unique domains. Luke Marshall used the TruffleHog open-source tool to check the code in the repositories for sensitive credentials like API keys, passwords, and tokens. The researcher previously scanned Bitbucket, where he found 6,212 secrets spread over 2.6 million repositories. He also checked the Common Crawl dataset that is used to train AI models, which exposed 12,000 valid secrets."
        https://www.bleepingcomputer.com/news/security/public-gitlab-repositories-exposed-more-than-17-000-secrets/
        https://trufflesecurity.com/blog/scanning-5-6-million-public-gitlab-repositories-for-secrets
      • French Football Federation Discloses Data Breach After Cyberattack
        "The French Football Federation (FFF) disclosed a data breach on Friday after attackers used a compromised account to gain access to administrative management software used by football clubs. After detecting the unauthorized access, FFF's security team disabled the compromised account and reset all user passwords across the system. However, before they were detected and evicted from the breached systems, the threat actors stole personal and contact information from members of French football clubs."
        https://www.bleepingcomputer.com/news/security/french-football-federation-fff-discloses-data-breach-after-cyberattack/
        https://www.infosecurity-magazine.com/news/french-football-federation-data/
        https://www.securityweek.com/french-soccer-federation-hit-by-cyberattack-member-data-stolen/
        https://securityaffairs.com/185160/data-breach/attackers-stole-member-data-from-french-soccer-federation.html
      • Brit Telco Brsk Confirms Breach As Bidding Begins For 230K+ Customer Records
        "British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files. An advert posted to a cybercrime forum last week claimed to list 230,105 records stolen from the telco, with interested parties invited to bid for access to the data via Telegram. According to the advert, the stolen data includes customers' full names, email and home addresses, installation details, location data, phone numbers, and indicators of whether they are considered a vulnerable person."
        https://www.theregister.com/2025/11/28/brsk_breach/

      General News

      • Man Behind In-Flight Evil Twin WiFi Attacks Gets 7 Years In Prison
        "A 44-year-old man was sentenced to seven years and four months in prison for operating an “evil twin” WiFi network to steal the data of unsuspecting travelers during flights and at various airports across Australia. The man, an Australian national, was charged in July 2024 after Australian authorities had confiscated his equipment in April and confirmed that he was engaging in malicious activities during domestic flights and at airports in Perth, Melbourne, and Adelaide."
        https://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/
      • Social Data Puts User Passwords At Risk In Unexpected Ways
        "Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how that data influences the strength of user passwords. The study also examines how LLMs behave when asked to generate or evaluate passwords based on that same personal information."
        https://www.helpnetsecurity.com/2025/11/28/research-social-media-password-risk/
        https://arxiv.org/pdf/2511.16716
      • Fragmented Tooling Slows Vulnerability Management
        "Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new report by Hackuity. Organizations use a formalized approach to manage vulnerabilities, but their tooling remains fragmented. Respondents rely on an average of four detection tools, and cloud or container configuration audits are the most common at 85%. This mix suggests broad coverage, but it also explains why teams struggle with visibility, correlation of findings, and consistent prioritization."
        https://www.helpnetsecurity.com/2025/11/28/hackuity-vulnerability-management-trends-report/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) ee49f089-7d58-4fb7-a62b-99f1c3f4b82c-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post