NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 25 December 2025

    Cyber Security News
    1
    1
    29
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Threat Landscape For Industrial Automation Systems. Middle East, Q3 2025
        "In the Middle East, the percentage of ICS computers on which threats from email clients were blocked was 1.8 times higher than the global average. High levels of email threats (phishing), spyware, and ransomware clearly indicate that technological systems in the region are highly exposed to advanced attackers."
        https://ics-cert.kaspersky.com/publications/reports/2025/12/24/threat-landscape-for-industrial-automation-systems-middle-east-q3-2025/
      • Threat Landscape For Industrial Automation Systems. Asia, Q3 2025
        "Southeast Asia has high rates of self-propagating malware. The region ranks first in the world in terms of the percentage of ICS computers on which viruses and malware for AutoCAD were blocked. In both cases, it leads by a wide margin. In most cases, malware for AutoCAD is distributed in the same way as viruses. This explains the high percentage exhibited by this malware category."
        https://ics-cert.kaspersky.com/publications/reports/2025/12/24/threat-landscape-for-industrial-automation-systems-asia-q3-2025/

      New Tooling

      • Conjur: Open-Source Secrets Management And Application Identity
        "Conjur is an open-source secrets management project designed for environments built around containers, automation, and dynamic infrastructure. It focuses on controlling access to credentials such as database passwords, API keys, and tokens that applications need at runtime. The project is maintained in the open and developed with input from a user and contributor base."
        https://www.helpnetsecurity.com/2025/12/24/conjur-open-source-secrets-management/
        https://github.com/cyberark/conjur

      Vulnerabilities

      • MongoDB Warns Admins To Patch Severe RCE Flaw Immediately
        "MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE) attacks targeting vulnerable servers. Tracked as CVE-2025-14847, this security flaw affects multiple MongoDB and MongoDB Server versions and can be exploited by unauthenticated threat actors in low-complexity attacks that don't require user interaction. CVE-2025-14847 is due to an improper handling of length parameter inconsistency, which can allow attackers to execute arbitrary code and potentially gain control of targeted devices."
        https://www.bleepingcomputer.com/news/security/mongodb-warns-admins-to-patch-severe-rce-flaw-immediately/
        https://jira.mongodb.org/browse/SERVER-115508
      • Net-SNMP Snmptrapd Vulnerability
        "A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash."
        https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
      • Security Bulletin: NVIDIA Isaac Launchable - December 2025
        "NVIDIA has released an update for the NVIDIA Isaac Launchable to address a security issue that might lead to the impacts described in this bulletin. To protect your system, download and install the latest version of Isaac Launchable."
        https://nvidia.custhelp.com/app/answers/detail/a_id/5749

      Malware

      • Empty Promises In MENA: How Online Quick Cash Schemes Exploit The Gig Economy
        "Fake online job ads continue to circulate across social media, especially in Arab countries, offering easy remote work and quick income. The sinister goal: to harvest sensitive information, from ID documents to banking details. This blog explains how the scheme operates, who the scammers target, and how to prevent falling victim to it."
        https://www.group-ib.com/blog/online-job-scams-mena/
        https://www.infosecurity-magazine.com/news/scams-mena-fake-online-job/
      • Evasive Panda APT Poisons DNS Requests To Deliver MgBot
        "The Evasive Panda APT group (also known as Bronze Highland, Daggerfly, and StormBamboo) has been active since 2012, targeting multiple industries with sophisticated, evolving tactics. Our latest research (June 2025) reveals that the attackers conducted highly-targeted campaigns, which started in November 2022 and ran until November 2024. The group mainly performed adversary-in-the-middle (AitM) attacks on specific victims."
        https://securelist.com/evasive-panda-apt/118576/
      • GeoServer, Where Various CoinMiner Attacks Occur
        "AhnLab SEcurity intelligence Center (ASEC) previously covered the case of threat actors exploiting the GeoServer vulnerability to install CoinMiner and NetCat through the “CoinMiner Attacks Exploiting GeoServer Vulnerability” blog. [1] The threat actors have been continuously targeting vulnerable GeoServers to install CoinMiner. This post will cover the identified cases of CoinMiner installation."
        https://asec.ahnlab.com/en/91724/
      • Fake MAS Windows Activation Domain Used To Spread PowerShell Malware
        "A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit [1, 2] yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection."
        https://www.bleepingcomputer.com/news/security/fake-mas-windows-activation-domain-used-to-spread-powershell-malware/
      • Product Security Advisory And Analysis: Observed Abuse Of FG-IR-19-283
        "Fortinet has observed recent abuse of the July 2020 vulnerability FG-IR-19-283 / CVE-2020-12812 in the wild based on specific configurations. This blog analysis describes the observed abuse and provides additional context so that administrators can confirm that they are not impacted and guidance based on Fortinet observations to prevent FG-IR-19-283 from being exploited."
        https://www.fortinet.com/blog/psirt-blogs/product-security-advisory-and-analysis-observed-abuse-of-fg-ir-19-283
      • Operation PCPcat: Hunting a Next.js Credential Stealer That's Already Compromised 59K Servers
        "A threat campaign called 'PCPcat' is silently harvesting credentials from Next.js deployments at scale. Through active honeypot reconnaissance, I breached their C2 API and exposed their operational metrics: 59,128 confirmed server compromises, a 64.6% success rate, and a blueprint for exploiting the entire global infrastructure. This is what industrial-scale credential theft looks like, and how to detect it."
        https://beelzebub.ai/blog/threat-huntinga-analysis-of-a-nextjs-exploit-campaign/
      • APT36 LNK-Based Malware Campaign Leveraging MSI Payload Delivery
        "CYFIRMA is dedicated to providing advanced warning and strategic analysis of the evolving cyber threat landscape. Our latest report analyzes a targeted malware campaign attributed to APT-36, which leverages social engineering and a malicious shortcut file disguised as a government advisory PDF. The attack delivers a hidden MSI payload that deploys a .NET-based loader, malicious DLLs, and establishes registry-based persistence while displaying a legitimate-looking decoy document to avoid suspicion."
        https://www.cyfirma.com/research/apt36-lnk-based-malware-campaign-leveraging-msi-payload-delivery/
      • UNG0801: Tracking Threat Clusters Obsessed With AV Icon Spoofing Targeting Israel
        "SEQRITE Labs’ APT Team has been tracking Unknown-Clusters [UNG0801], a slightly advanced yet persistent threat entity believed to originate from Western Asia, with activity primarily observed against Israeli organizations. The cluster shows a strong focus on enterprise environments, relying on socially engineered phishing lures written in Hebrew and designed to resemble routine internal communications, such as compliance updates, security advisories, or corporate webinar announcements."
        https://www.seqrite.com/blog/ung0801-tracking-threat-clusters-obsessed-with-av-icon-spoofing-targeting-israel/
      • Operation Artemis: Analysis Of HWP-Based DLL Side Loading Attacks
        "Genians Security Center identified the “Artemis” campaign conducted by the APT37 group. The threat actor embedded a malicious OLE object inside an HWP document in a covert manner. The attack chain is triggered when the user trusts the document content and clicks the hyperlink. When the OLE object was loaded, the threat actor used a masquerading technique launching a legitimate process first. This multi-stage procedure leverages legitimate execution flow to evade detection by signature-based security solutions. Subsequently, the payload was executed by calling a malicious DLL within the execution context of the legitimate process."
        https://www.genians.co.kr/en/blog/threat_intelligence/dll

      General News

      • Governance Maturity Defines Enterprise AI Confidence
        "AI security has reached a point where enthusiasm alone no longer carries organizations forward. New Cloud Security Alliance research shows that governance has become the main factor separating teams that feel prepared from those that do not."
        https://www.helpnetsecurity.com/2025/12/24/csa-ai-security-governance-report/
      • Counterfeit Defenses Built On Paper Have Blind Spots
        "Counterfeit protection often leans on the idea that physical materials have quirks no attacker can copy. A new study challenges that comfort by showing how systems built on paper surface fingerprints can be disrupted or bypassed. The research comes from teams at the University of Maryland and North Carolina State University, and examines paper based physically unclonable functions, or paper PUFs, which rely on microscopic surface variations in paper to authenticate products."
        https://www.helpnetsecurity.com/2025/12/24/counterfeit-defenses-paper-puf-security/
        https://arxiv.org/pdf/2512.09150
      • Eurostar Accused Researchers Of Blackmail For Reporting AI Chatbot Flaws
        "The rush to add AI to customer service, which we have been witnessing lately in almost every sector, can sometimes come at a high price for security. On December 22, 2025, the team of ethical hackers at Pen Test Partners (PTP) went public with a series of flaws they found in the new AI chatbot for Eurostar. For your information, Eurostar is the famous high-speed rail operator that connects the UK to mainland Europe through the Channel Tunnel, carrying millions of travellers between major hubs like London, Paris, and Amsterdam."
        https://hackread.com/eurostar-blackmail-research-report-ai-chatbot-flaw/
        https://www.theregister.com/2025/12/24/pentesters_reported_eurostar_chatbot_flaws/
      • SEC Files Charges Over $14 Million Crypto Scam Using Fake AI-Themed Investment Tips
        "The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million from retail investors. The complaint charged crypto asset trading platforms Morocoin Tech Corp., Berge Blockchain Technology Co., Ltd., and Cirkor Inc., as well as investment clubs AI Wealth Inc., Lane Wealth Inc., AI Investment Education Foundation (AIIEF) Ltd., and Zenith Asset Tech Foundation, in connection with the operation."
        https://thehackernews.com/2025/12/sec-files-charges-over-14-million.html
        https://www.sec.gov/newsroom/press-releases/2025-144-sec-charges-three-purported-crypto-asset-trading-platforms-four-investment-clubs-scheme-targeted
        https://www.infosecurity-magazine.com/news/sec-charges-crypto-firms/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 4bd7b9f7-4ae8-4078-9d69-59f74386de70-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post