NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 15 December 2025

    Cyber Security News
    1
    1
    94
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Money Mules Require Banks To Switch From Defense To Offense
        "QUESTION: How can security and fraud teams identify money mules? Jonathan Frost, director of global advisory for EMEA, BioCatch: The Financial Conduct Authority's (FCA) review of the UK's National Fraud Database (NFD) revealed 194,000 money mule accounts were offboarded between January 2022 and September 2023. Only 37% of mules were reported to the NFD (operated by Cifas) last year."
        https://www.darkreading.com/threat-intelligence/money-mules-require-banks-to-switch-from-defense-to-offense

      Telecom Sector

      • Uneven Regulatory Demands Expose Gaps In Mobile Security
        "Mobile networks carry a great deal of the world’s digital activity, which makes operators a frequent target for attacks. A study released by the GSMA shows that operators spend between $15 and $19 billion a year on core cybersecurity functions. Spending could reach more than $40 billion by 2030. These figures do not include expenses tied to resilience, training, or governance. Security teams face attack volumes that exceed anything planned for a decade ago. Some operators record billions of attempts each year to scan for weaknesses or push malicious traffic into their networks. Outages linked to denial of service attacks remain common, and attempts to gain unauthorized access continue to rise."
        https://www.helpnetsecurity.com/2025/12/12/gsma-mobile-network-security-pressures-report/

      Vulnerabilities

      • Apple Fixes Two Zero-Day Flaws Exploited In 'sophisticated' Attacks
        "Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both issued in response to the same reported exploitation. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26," reads Apple's security bulletin."
        https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-day-flaws-exploited-in-sophisticated-attacks/
        https://support.apple.com/en-us/125884
        https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
        https://securityaffairs.com/185628/hacking/emergency-fixes-deployed-by-google-and-apple-after-targeted-attacks.html
      • New React RSC Vulnerabilities Enable DoS And Source Code Exposure
        "The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could result in denial-of-service (DoS) or source code exposure. The team said the issues were found by the security community while attempting to exploit the patches released for CVE-2025-55182 (CVSS score: 10.0), a critical bug in RSC that has since been weaponized in the wild."
        https://thehackernews.com/2025/12/new-react-rsc-vulnerabilities-enable.html
        https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
        https://www.theregister.com/2025/12/12/new_react_secretleak_bugs/
      • React2Shell Exploitation Escalates Into Large-Scale Global Attacks, Forcing Emergency Mitigation
        "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. The critical vulnerability, tracked as CVE-2025-55182 (CVSS score: 10.0), affects the React Server Components (RSC) Flight protocol. The underlying cause of the issue is an unsafe deserialization that allows an attacker to inject malicious logic that the server executes in a privileged context. It also affects other frameworks, including Next.js, Waku, Vite, React Router, and RedwoodSDK."
        https://thehackernews.com/2025/12/react2shell-exploitation-escalates-into.html
      • Free Micropatches For Windows Remote Access Connection Manager DoS (0day)
        "During our investigation of CVE-2025-59230, a Windows Remote Access Connection Manager elevation of privilege vulnerability that was patched by Microsoft with October 2025 Windows updates, we found an exploit for it that nicely demonstrated local arbitrary code execution as Local System when launched as a non-admin Windows user. Interestingly though, this exploit - while exploiting CVE-2025-59230 - also included an exploit for another vulnerability that turned out to have remained unpatched to this day. Let's take a closer look."
        https://blog.0patch.com/2025/12/free-micropatches-for-windows-remote.html
        https://www.bleepingcomputer.com/news/microsoft/new-windows-rasman-zero-day-flaw-gets-free-unofficial-patches/
        https://www.theregister.com/2025/12/12/microsoft_windows_rasman_dos_0day/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2018-4063 Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/12/12/cisa-adds-one-known-exploited-vulnerability-catalog
        https://thehackernews.com/2025/12/cisa-adds-actively-exploited-sierra.html
        https://securityaffairs.com/185639/security/u-s-cisa-adds-google-chromium-and-sierra-wireless-airlink-aleos-flaws-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • Fake ‘One Battle After Another’ Torrent Hides Malware In Subtitles
        "A fake torrent for Leonardo DiCaprio’s 'One Battle After Another' hides malicious PowerShell malware loaders inside subtitle files that ultimately infect devices with the Agent Tesla RAT malware. The malicious torrent file was discovered by Bitdefender researchers while investigating a spike in detections related to the movie. One Battle After Another is a highly rated Paul Thomas Anderson movie released on September 26, 2025, starring Leonardo DiCaprio, Sean Penn, and Benicio del Toro."
        https://www.bleepingcomputer.com/news/security/fake-one-battle-after-another-torrent-hides-malware-in-subtitles/
      • PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals
        "Over the last several months, dormant GitHub accounts, some inactive for years, suddenly reactivated and began publishing polished, AI-generated projects that included OSINT tools, DeFi bots, GPT wrappers, and security-themed utilities. Several of these repositories climbed into GitHub’s top trending lists, placing them directly in front of IT administrators, cybersecurity analysts, and OSINT professionals. Only after some of these repositories gained traction did attackers introduce subtle “maintenance” commits that deployed a previously undocumented JavaScript/HTA backdoor Morphisec researchers have coined “PyStoreRAT’."
        https://www.morphisec.com/blog/pystorerat-a-new-ai-driven-supply-chain-malware-campaign-targeting-it-osint-professionals/
        https://thehackernews.com/2025/12/fake-osint-and-gpt-utility-github-repos.html
        https://hackread.com/pystorerat-rat-malware-github-osint-researchers/
      • Oyster Backdoor Resurfaces: Analyzing The Latest SEO Poisoning Attacks
        "CyberProof Threat Hunters and Intel Analysts continue to see a new wave of SEO poisoning, that they noticed starting in mid-November 2025, delivering Oyster backdoor tricking users to download malicious office meeting software files like Microsoft teams and Google meet. The samples reviewed were recently compiled and using new infrastructure and difference certificates which were not reported before, however revoked now. We quickly stumbled upon a blog post by Rapid7 researchers in June that shared insights on Oyster backdoor using similar file names but different certificates."
        https://www.cyberproof.com/blog/oyster-backdoor-resurfaces-analyzing-the-latest-seo-poisoning-attacks/
        https://hackread.com/fake-microsoft-teams-google-meet-download-oyster-backdoor/
      • Following The Digital Trail: What Happens To Data Stolen In a Phishing Attack
        "A typical phishing attack involves a user clicking a fraudulent link and entering their credentials on a scam website. However, the attack is far from over at that point. The moment the confidential information falls into the hands of cybercriminals, it immediately transforms into a commodity and enters the shadow market conveyor belt. In this article, we trace the path of the stolen data, starting from its collection through various tools – such as Telegram bots and advanced administration panels – to the sale of that data and its subsequent reuse in new attacks. We examine how a once leaked username and password become part of a massive digital dossier and why cybercriminals can leverage even old leaks for targeted attacks, sometimes years after the initial data breach."
        https://securelist.com/what-happens-to-stolen-data-after-phishing-attacks/118180/
      • Technical Analysis Of The BlackForce Phishing Kit
        "Zscaler ThreatLabz identified a new phishing kit named BlackForce, which was first observed in the beginning of August 2025 with at least five distinct versions. BlackForce is capable of stealing credentials and performing Man-in-the-Browser (MitB) attacks to steal one-time tokens and bypass multi-factor authentication (MFA). The phishing kit is actively marketed and sold on Telegram forums for €200–€300."
        https://www.zscaler.com/blogs/security-research/technical-analysis-blackforce-phishing-kit
        https://thehackernews.com/2025/12/new-advanced-phishing-kits-use-ai-and.html
      • Investigating An Adversary-In-The-Middle Phishing Campaign Targeting Microsoft 365 And Okta Users
        "Datadog has identified an active phishing campaign that targets organizations that use Microsoft 365 and Okta for their single sign-on (SSO) and is able to hijack the legitimate SSO flow. In this post, we provide our analysis of the techniques this campaign uses and share indicators of compromise you can check for in your Okta and Microsoft 365 logs."
        https://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta/
      • Chinese APT Targets Uzbekistan
        "In November, TG Soft's Anti-Malware Research Center (C.R.A.M) identified a cyber-espionage campaign targeting government agencies in Uzbekistan. Since the initial campaign identified on November 12, two other campaigns have been found that can be associated with the same threat actor."
        https://www.tgsoft.it/news/news_archivio.asp?id=1693
      • Beware: PayPal Subscriptions Abused To Send Fake Purchase Emails
        "An email scam is abusing abusing PayPal’s "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field. Over the past couple of months, people have reported [1, 2] receiving emails from PayPal stating, "Your automatic payment is no longer active." The email includes a customer service URL field that was somehow modified to include a message stating that you purchased an expensive item, such as a Sony device, MacBook, or iPhone."
        https://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/

      Breaches/Hacks/Leaks

      • Fieldtex Data Breach Impacts 238,000
        "Fieldtex Products, a US company that provides contract sewing and medical supply fulfillment services, has disclosed a data breach after it was targeted by a notorious ransomware group. In a data security incident notice posted on its website on November 20, Fieldtex said it detected unauthorized access to its systems in mid-August. An investigation showed that hackers may have gained access to “a limited amount of protected health information”."
        https://www.securityweek.com/fieldtex-data-breach-impacts-238000/
        https://www.bankinfosecurity.com/fieldtex-trizetto-reveal-new-healthcare-breaches-a-30280
      • 4B+ Records, Including Numerous LinkedIn Profiles, Exposed In One Of The Largest Lead-Generation Datasets Ever Found Open
        "While massive contact databases can be a significant time-saver for businesses, they also have a major drawback – security. If left unprotected, a single exposed dataset can endanger the privacy of millions of users. That’s exactly what the Cybernews research team discovered in a recent major data leak. The team found an unprotected MongoDB instance containing a staggering 16.14 terabytes of professional and corporate intelligence data. In total, researchers discovered nearly 4.3 billion documents, making it one of the largest lead-generation datasets to have ever leaked."
        Priority: 3 - Important
        Relevance: General
        https://cybernews.com/security/database-exposes-billions-records-linkedin-data/
        https://securityaffairs.com/185661/data-breach/experts-found-an-unsecured-16tb-database-containing-4-3b-professional-records.html

      General News

      • The CISO-COO Partnership: Protecting Operational Excellence
        "At first glance, the chief information security officer and chief operating officer appear to operate in fundamentally different worlds — perhaps even at odds with one another. While the CISO is preoccupied with threat vectors, vulnerabilities and intrusions; the COO obsesses over margins, uptime, and efficiency. However, the digitally transformed enterprise demands CISOs and COOs build strong, intentional partnerships."
        https://www.darkreading.com/cybersecurity-operations/the-ciso-coo-partnership-protecting-operational-excellence
      • Vibe Coding: Innovation Demands Vigilance
        "The hype surrounding AI in software development is undeniable. We are witnessing a paradigm shift, where "vibe coding" — expressing intent in natural language and leveraging AI large language models (LLMs) or agents to generate and refine code — is rapidly gaining traction. This approach promises unprecedented speed, lower barriers to entry, and accelerated prototyping. Yet, as a cybersecurity professional, I see a critical caveat: vibe coding's velocity often comes at the expense of the controls that safeguard our digital infrastructure."
        https://www.darkreading.com/application-security/vibe-coding-innovation-demands-vigilance
      • Supply Chain Attacks Targeting GitHub Actions Increased In 2025
        "Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software developers to host and collaboratively maintain code. Major supply chain attacks, such as Ultralytics, Singularity, Shibaud/Shai-Hulud, and GitHub Action tj-actions/changed-files, are among those in which threat actors compromised GitHub Actions, the continuous integration and continuous delivery capability in GitHub that lets developers automate software development workflows."
        https://www.darkreading.com/application-security/supply-chain-attacks-targeting-github-actions-increased-in-2025
      • Your Updated Guide To AI In Cybersecurity: Adoption, Trends, Challenges, And The Future
        "The influence of AI in various areas of commerce is much larger than what was initially anticipated. AI isn’t just seen as a force multiplier; it’s the new age of business where organizations are betting on its potential even to wipe out certain workforces. Would it be the reality of work? Only time will tell. Soon. However, it is certain that AI is proving to be a worthy companion, making teams more efficient, automating redundant tasks, managing data, systems, and processes, and even narrowing the skill gap between, say, a new security analyst and an experienced one, thereby reducing overheads and operational hiccups."
        https://www.group-ib.com/blog/ai-cybersecurity-guide-2025/
      • What 35 Years Of Privacy Law Say About The State Of Data Protection
        "Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in harm. The study looks at thirty five years of privacy history, from the rise of early data protection efforts to the current landscape of AI driven risk, cross border transfers, and uneven enforcement."
        https://www.helpnetsecurity.com/2025/12/12/global-privacy-enforcement-trends-research/
        https://www.mdpi.com/2624-800X/5/4/103
      • LLM Privacy Policies Keep Getting Longer, Denser, And Nearly Impossible To Decode
        "People expect privacy policies to explain what happens to their data. What users get instead is a growing wall of text that feels harder to read each year. In a new study, researchers reviewed privacy policies for LLMs and traced how they changed. Researchers looked at privacy policies from 11 providers and tracked 74 versions over several years. The average policy reached about 3,346 words, which is about 53 percent longer than the average for general software policies published in 2019."
        https://www.helpnetsecurity.com/2025/12/12/llms-privacy-policies-study/
        https://arxiv.org/pdf/2511.21758
      • Ransomware Keeps Widening Its Reach
        "Ransomware keeps shifting into new territory, pulling in victims from sectors and regions that once saw fewer attacks. The latest Global Threat Briefing for H2 2025 from CyberCube shows incidents spreading in ways that make it harder for security leaders to predict where threats will rise next. Researchers evaluated incident patterns, sector level exposure and signals drawn from threat actor behavior. Their aim was to map where ransomware is spreading, which organizations sit in higher risk clusters and how security posture shapes exposure."
        https://www.helpnetsecurity.com/2025/12/12/global-ransomware-trends-2025/
      • Turn Me On, Turn Me Off: Zigbee Assessment In Industrial Environments
        "We all encounter IoT and home automation in some form or another, from smart speakers to automated sensors that control water pumps. These services appear simple and straightforward to us, but many devices and protocols work together under the hood to deliver them. One of those protocols is Zigbee. Zigbee is a low-power wireless protocol (based on IEEE 802.15.4) used by many smart devices to talk to each other. It’s common in homes, but is also used in industrial environments where hundreds or thousands of sensors may coordinate to support a process."
        https://securelist.com/zigbee-protocol-security-assessment/118373/
      • Nevada Ransomware Attack Offers Lessons In Statewide Cyber Resilience
        "In August 2025, Nevada state government systems suddenly went offline. What initially appeared to be a routine outage turned out to be a full-scale ransomware attack affecting more than 60 state agencies—including Department of Motor Vechiles (DMV) systems, social services, law enforcement, state payroll, and more. Some systems remained offline for 28 days."
        https://blog.barracuda.com/2025/12/11/nevada-ransomware-attack-offers-lessons-in-statewide-cyber-resil
      • Locks, SOCs And a Cat In a Box: What Schrödinger Can Teach Us About Cybersecurity
        "I recently had, what I thought, was a unique brainwave. (Spoiler alert: it wasn’t, but please read on!) As a marketing leader at ESET UK, part of my role is to communicate how our powerful and comprehensive solutions can be implemented to protect organisations, in a way that helps clarify the case for upgrading to higher levels of cybersecurity. And that need for clarity is now more urgent than ever."
        https://www.welivesecurity.com/en/business-security/locks-socs-cat-box-what-schrodinger-can-teach-us-about-cybersecurity/
      • France And Germany Grappling With Nation-State Hacks
        "The French Ministry of Interior is investigating a suspected nation-state cyberattack that targeted its email server. Additionally, the German government on Friday attributed a 2024 hacking incident on air traffic control systems to Russian nation-state hackers. French Interior Minister Laurent Nuñez told French outlet RTL it's uncertain whether hackers stole files. Details of the hack are sparse, but the minister said the attack could be "foreign interference.""
        https://www.bankinfosecurity.com/france-germany-grappling-nation-state-hacks-a-30282

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 0d1b23d5-f45d-4445-a882-cf8e920c875a-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post