NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 05 January 2026

    Cyber Security News
    1
    1
    174
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Vulnerabilities

      • Over 10K Fortinet Firewalls Exposed To Actively Exploited 2FA Bypass
        "Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn't immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts targeting their devices. This improper authentication security flaw (rated 9.8/10 in severity) was found in FortiGate SSL VPN and allows attackers to log in to unpatched firewalls without being prompted for the second factor of authentication (FortiToken) when the username's case is changed."
        https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/

      Malware

      • ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
        "GreyNoise observed a coordinated exploitation campaign targeting Adobe ColdFusion servers over the Christmas 2025 holiday period. The attack appears to be a single threat actor operating from Japan-based infrastructure (CTG Server Limited). This source was responsible for ~98% of attack traffic, systematically exploiting 10+ ColdFusion CVEs from 2023-2024. The campaign leveraged ProjectDiscovery Interactsh for out-of-band callback verification, with JNDI/LDAP injection as the primary attack vector. The deliberate timing during Christmas Day (68% of traffic) suggests intentional targeting during reduced security monitoring periods."
        https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
        https://www.securityweek.com/adobe-coldfusion-servers-targeted-in-coordinated-campaign/
        https://securityaffairs.com/186450/uncategorized/thousands-of-coldfusion-exploit-attempts-spotted-during-christmas-holiday.html
      • APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities
        "CYFIRMA has identified a targeted malware campaign attributed to APT36 (Transparent Tribe), a Pakistan aligned threat actor actively engaged in cyber espionage operations against Indian governmental, academic, and strategic entities. The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document and embedded with full PDF content to evade user suspicion."
        https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/
        https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html
        https://therecord.media/pakistan-linked-hacking-group-targets-indian-orgs
      • VVS Discord Stealer Using Pyarmor For Obfuscation And Detection Evasion
        "This article details our technical analysis of VVS stealer, also styled VVS $tealer, including its distributors’ use of obfuscation and detection evasion. The stealer is written in Python and targets Discord users, exfiltrating sensitive information like credentials and tokens stored in Discord accounts. This stealer was once in active development and marketed for sale on Telegram as early as April 2025. VVS stealer's code is obfuscated by Pyarmor. This tool is used to obfuscate Python scripts to hinder static analysis and signature-based detection. Pyarmor can be used for legitimate purposes and also leveraged to build stealthy malware."
        https://unit42.paloaltonetworks.com/vvs-stealer/

      Breaches/Hacks/Leaks

      • Hackers Claim To Hack Resecurity, Firm Says It Was a Honeypot
        "Threat actors associated with the "Scattered Lapsus$ Hunters" (SLH) claim to have breached the systems of cybersecurity firm Resecurity and stolen internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. Today, threat actors published screenshots on Telegram of the alleged breach, claiming they stole employee data, internal communications, threat intelligence reports, and client information. "We would like to announce that we have gained full access to REsecurity systems," the group wrote on Telegram, claiming to have stolen "all internal chats and logs", "full employee data", "threat intel related reports", and a "complete client list with details.""
        https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/
        https://databreaches.net/2026/01/03/shinyhunters-claims-to-have-compromised-resecurity-but-it-looks-like-they-fell-for-a-honeypot/
        https://hackread.com/resecurity-shinyhunters-honeypot-breach/
        https://securityaffairs.com/186528/security/resecurity-caught-shinyhunters-in-honeypot.html
      • Covenant Health Says May Data Breach Impacted Nearly 478,000 Patients
        "The Covenant Health organization has revised to nearly 500,000 the number of individuals affected by a data breach discovered last May. The healthcare entity initially reported in July that the data of 7,864 people had been exposed, but further analysis has revealed a larger impact. After completing “the bulk of its data analysis,” Covenant Health now says that 478,188 individuals were affected. Covenant Health is a Catholic healthcare provider based in Andover, Massachusetts, operating hospitals, nursing and rehabilitation centers, assisted living residences, and elder care organizations across New England and parts of Pennsylvania."
        https://www.bleepingcomputer.com/news/security/covenant-health-says-may-data-breach-impacted-nearly-478-000-patients/
        https://therecord.media/covenant-health-breach-qilin
        https://www.securityweek.com/covenant-health-data-breach-impacts-478000-individuals/
        https://securityaffairs.com/186439/data-breach/covenant-health-data-breach-after-ransomware-attack-impacted-over-478000-people.html
      • Tokyo FM Data Breach: Hacker Claims Over 3 Million Records Stolen
        "A major cyber incident has surfaced involving Tokyo FM Broadcasting Co., LTD., one of the most prominent radio stations in Japan. On January 1st, 2026, a time when most people were busy celebrating the New Year holiday, a person or group using the alias “victim” announced that they had broken into the company’s private computer systems. Radio stations, as we know it, hold a lot of listener and employee information, making them prime targets for cybercriminals. While the station is a big name in the news and multimedia world, this situation is currently being treated as a standard case of cybercrime."
        https://hackread.com/tokyo-fm-data-breach-hacker-3-million-records-stolen/
      • Sedgwick Confirms Cyber Incident Affecting Its Major Federal Contractor Subsidiary
        "Claims administration company Sedgwick confirmed that its government-focused subsidiary is dealing with a cybersecurity incident. On New Year’s Eve, the TridentLocker ransomware gang claimed it attacked Sedgwick Government Solutions and stole 3.4 gigabytes of data. A Sedgwick spokesperson confirmed the company is currently addressing a security incident at the subsidiary, which provides claims and risk management services to federal agencies like the Department of Homeland Security (DHS), Immigration and Customs Enforcement, Customs and Border Protection, Citizenship and Immigration Services, the Department of Labor, and the Cybersecurity and Infrastructure Security Agency (CISA)."
        https://therecord.media/sedgwick-cyber-incident-ransomware
      • Cybercrook Claims To Be Selling Infrastructure Info About Three Major US Utilities
        "A cybercrook claims to have breached Pickett and Associates, a Florida-based engineering firm whose clients include major US utilities, and is selling what they claim to be about 139 GB of engineering data about Tampa Electric Company, Duke Energy Florida, and American Electric Power. The price is 6.5 bitcoin, which amounts to about $585,000. Based in Tampa, Florida, Pickett USA provides transmission and distribution design, project management, surveying, aerial mapping, and LiDAR (Light Detection and Ranging) services to utilities and mining operations across the US and Caribbean."
        https://www.theregister.com/2026/01/02/critical_utility_files_for_sale/

      General News

      • Why 47-Day TLS And SSL Certificate Renewal Cycles Alarm CIOs
        "The era of short-lived Transport Layer Security and Secure Sockets Layer certificates is redefining enterprise resilience. By 2029, certificate lifespans are expected to drop to 47 days - a shift that transforms certificate renewal from a periodic task into a continuous operational function. For many CIOs, this raises critical questions around outage exposure, automation readiness and oversight accountability."
        https://www.bankinfosecurity.com/47-day-tls-ssl-certificate-renewal-cycles-alarm-cios-a-30427
      • CISA Known Exploited Vulnerabilities Surged 20% In 2025
        "The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyberattacks. The agency removed at least one vulnerability from the catalog in 2025 – CVE-2025-6264, a Velociraptor Incorrect Default Permissions vulnerability that CISA determined had insufficient evidence of exploitation – but the database has generally grown steadily since its launch in November 2021."
        https://cyble.com/blog/cisa-kev-2025-exploited-vulnerabilities-growth/
      • Cybersecurity Predictions For 2026: Navigating The Future Of Digital Threats
        "As the digital landscape continues to evolve, so too do the threats that organizations must contend with. In this year's final Reporter's Notebook conversation, cybersecurity experts Rob Wright from Dark Reading, David Jones from Cybersecurity Dive, and Alissa Irei from Tech Target Search Security share their insights on what the future holds for cybersecurity in 2026. Drawing from AI-summarized industry reports and expert opinions, the conversation highlights key trends, challenges, and opportunities that will shape the way businesses approach security in the coming years. From the rise of AI-driven threats to the growing importance of resilience, the panelists paint a vivid picture of the road ahead."
        https://www.darkreading.com/threat-intelligence/cybersecurity-predictions-for-2026-navigating-the-future-of-digital-threats
      • CTO New Year Resolutions For a More Secure 2026
        "As CTOs endeavor to take a breath after a breakneck year of keeping up with continual upheaval in engineering patterns due to AI, the flipping of calendar pages is a perfect time to evaluate what's working and what's not from a security perspective. Dark Reading recently caught up with a panel of software engineering, product security, and cybersecurity experts to discuss the top resolutions that security-minded CTOs should make in the coming year. Here are their top five picks."
        https://www.darkreading.com/cyber-risk/cto-new-year-resolutions-for-a-more-secure-2026
      • From Experiment To Production, AI Settles Into Embedded Software Development
        "AI-generated code is already running inside devices that control power grids, medical equipment, vehicles, and industrial plants. AI tools have become standard in embedded development workflows. More than 80% of respondents to a new RunSafe Security survey say they currently use AI to assist with tasks such as code generation, testing, or documentation. Another 20% say they are actively evaluating AI. No respondents report avoiding AI entirely."
        https://www.helpnetsecurity.com/2026/01/02/ai-embedded-systems-development/
      • How AI Made Scams More Convincing In 2025
        "Most cybercriminals stick with what works. But once a new method proves effective, it spreads quickly—and new trends and types of campaigns follow. In 2025, the rapid development of Artificial Intelligence (AI) and its use in cybercrime went hand in hand. In general, AI allows criminals to improve the scale, speed, and personalization of social engineering through realistic text, voice, and video. Victims face not only financial loss, but erosion of trust in digital communication and institutions."
        https://www.malwarebytes.com/blog/news/2026/01/how-ai-made-scams-more-convincing-in-2025
      • Cybercrime In 2026: Faster, Smarter And Fully Industrialized
        "Cybercrime is no longer a loose collection of hackers, tools and opportunistic attacks. As we move into 2026, it has matured into a highly industrialized ecosystem—complete with specialization, automation, affiliate networks, and even cartel-like business models. The result is a threat landscape defined by speed, scale and sophistication, where attackers adapt faster than traditional defenses can respond."
        https://blog.barracuda.com/2026/01/02/cybercrime-in-2026--faster--smarter-and-fully-industrialized

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 9aafe765-1465-4d14-bba0-1ced01bb5d70-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post