NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 20 January 2026

    Cyber Security News
    1
    1
    133
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • New Reports Reinforce Cyberattack’s Role In Maduro Capture Blackout
        "US officials briefed on the January 3 extraction of Venezuelan President Nicolas Maduro say the operation leveraged cyberattacks to trigger power outages and disable air defense radars, according to The New York Times. Shortly after the world learned of Maduro’s capture, US President Donald Trump stated that “the lights of Caracas were largely turned off due to a certain expertise that we have”. While Trump didn’t explicitly mention a cyberattack, his comments were widely seen that way. Robert Lee, CEO of industrial cybersecurity firm Dragos, noted at the time that from a technical standpoint the US could have caused a power outage and disrupted air defenses using a cyberattack on operational technology (OT) systems."
        https://www.securityweek.com/new-reports-reinforce-cyberattacks-role-in-maduro-capture-blackout/

      Government/Law/Policy

      • A New European Standard Outlines Security Requirements For AI
        "The European Telecommunications Standards Institute (ETSI) has released a new European Standard that addresses a growing concern for security teams working with AI. The standard, ETSI EN 304 223, sets baseline cybersecurity requirements for AI models and systems intended for real-world use. ETSI EN 304 223 treats AI as a distinct category of technology from a security perspective. AI systems introduce risks tied to their data pipelines, model behavior, and operational environments. These include data poisoning, model obfuscation, indirect prompt injection, and weaknesses linked to complex training and deployment practices."
        https://www.helpnetsecurity.com/2026/01/19/etsi-european-standard-ai-security/
        https://www.etsi.org/deliver/etsi_en/304200_304299/304223/02.01.01_60/en_304223v020101p.pdf

      New Tooling

      • Bytebase: Open-Source Database DevOps Tool
        "Bytebase is a DevOps platform for managing database schema and data changes through a structured workflow. It provides a central place for teams to submit change requests, run reviews, and track executions across environments. The open-source edition is designed for organizations that want to run the software on their own infrastructure."
        https://www.helpnetsecurity.com/2026/01/19/bytebase-open-source-database-devops-tool/
        https://github.com/bytebase/bytebase

      Vulnerabilities

      • TP-Link Patches Vulnerability Exposing VIGI Cameras To Remote Hacking
        "TP-Link has patched a serious vulnerability that can be exploited to take control of more than 32 of its VIGI C and VIGI InSight series professional surveillance camera models. The security hole, tracked as CVE-2026-0629 and classified as high severity, is described in a TP-Link advisory published last week as an authentication bypass flaw affecting the password recovery feature in the cameras’ local web interface. The flaw, according to TP-Link, “allows an attacker on the LAN to reset the admin password without verification by manipulating client-side state”, enabling them to gain full admin access to the device."
        https://www.securityweek.com/tp-link-patches-vulnerability-exposing-vigi-cameras-to-hacking/
        https://www.tp-link.com/us/support/faq/4899/

      Malware

      • Remcos RAT Being Distributed To Korean Users
        "AhnLab SEcurity intelligence Center (ASEC) has confirmed the RAT distribution of the Remcos RAT targeting users in South Korea. While the original distribution pages remain unknown, the malware appears to masquerade as VeraCrypt installers or software associated with illegal gambling websites."
        https://asec.ahnlab.com/en/92160/
      • Dissecting CrashFix: KongTuke's New Toy
        "In January 2026, Huntress Senior Security Operations Analyst Tanner Filip observed threat actors using a malicious browser extension to display a fake security warning, claiming the browser had "stopped abnormally" and prompting users to run a “scan” to remediate the threats. Our analysis revealed this campaign is the work of KongTuke, a threat actor we have been tracking since the beginning of 2025. In this latest operation, we identified several new developments: a malicious browser extension called NexShield that impersonates the legitimate uBlock Origin Lite ad blocker, a new ClickFix variant we have dubbed “CrashFix” that intentionally crashes the browser then baits users into running malicious commands, and ModeloRAT, a previously undocumented Python RAT reserved exclusively for domain-joined hosts."
        https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke
        https://www.bleepingcomputer.com/news/security/fake-ad-blocker-extension-crashes-the-browser-for-clickfix-attacks/
        https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers.html
        https://www.helpnetsecurity.com/2026/01/19/fake-browser-crash-alert-chrome-edge-extension/
        https://www.securityweek.com/malicious-chrome-extension-crashes-browser-in-clickfix-variant-crashfix/
      • PDFSIDER Malware - Exploitation Of DLL Side-Loading For AV And EDR Evasion
        "PDFSIDER is a newly identified malware variant distributed through DLL side-loading, designed to covertly deploy a backdoor with encrypted command-and-control (C2) capabilities. The malware uses a fake cryptbase.dll to bypass endpoint detection mechanisms. The malware is identified as an Advanced Persistent Threat (APT), having characteristics commonly associated with APT tradecraft, including stealthy execution, anti-VM checks, and encrypted communications. PDFSIDER blends traditional cyber-espionage behaviors with modern remote-command functionality, enabling operators to gather system intelligence and remotely execute shell commands covertly."
        https://www.resecurity.com/es/blog/article/pdfsider-malware-exploitation-of-dll-side-loading-for-av-and-edr-evasion
        https://www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
        https://hackread.com/hackers-exploit-pdf24-app-pdfsider-backdoor/
        https://www.infosecurity-magazine.com/news/pdfsider-anti-vm-checks-hidden/
      • NCSC Issues Warning Over Hacktivist Groups Disrupting UK Organisations And Online Services
        "Today, 19th January 2026, the National Cyber Security Centre (NCSC) – a part of GCHQ – has issued an alert highlighting the persistent targeting of UK organisations by Russian state-aligned hacktivist groups aiming to disrupt networks. Organisations, particularly local government authorities and operators of critical national infrastructure, are being encouraged to review their defences and improve their cyber resilience by preparing and being able to respond to denial of service (DoS) attacks."
        https://www.ncsc.gov.uk/news/ncsc-issues-warning-over-hacktivist-groups-disrupting-uk-organisations-online-services
        https://www.bleepingcomputer.com/news/security/uk-govt-warns-about-ongoing-russian-hacktivist-group-attacks/
        https://www.infosecurity-magazine.com/news/russia-cyber-pressure-uk-orgs/
        https://www.theregister.com/2026/01/19/dont_underestimate_prorussia_hacktivists_warns/
      • Weaponizing Calendar Invites: A Semantic Attack On Google Gemini
        "As application security professionals, we're trained to spot malicious patterns. But what happens when an attack doesn't look like an attack at all? Our team recently discovered a vulnerability in Google's ecosystem that allowed us to bypass Google Calendar's privacy controls using a dormant payload hidden inside a standard calendar invite. This bypass enabled unauthorized access to private meeting data and the creation of deceptive calendar events without any direct user interaction. This is a powerful example of Indirect Prompt Injection leading to a critical Authorization Bypass. We responsibly disclosed the issue to Google’s security team, who confirmed the findings and mitigated the vulnerability."
        https://www.miggo.io/post/weaponizing-calendar-invites-a-semantic-attack-on-google-gemini
        https://thehackernews.com/2026/01/google-gemini-prompt-injection-flaw.html
        https://hackread.com/google-gemini-ai-calendar-data-leak-meeting-invite/
      • SolyxImmortal : Python Malware Analysis
        "SolyxImmortal is a Python-based Windows information-stealing malware that combines credential theft, document harvesting, keystroke logging, screen surveillance, and persistence into a single, continuously running implant. The malware leverages legitimate system APIs and widely available third-party libraries to extract sensitive user data and exfiltrate it to attacker-controlled Discord webhooks. Its design emphasizes stealth, reliability, and long-term access rather than rapid execution or destructive behaviour. By operating entirely in user space and relying on trusted platforms for command-and-control, the malware reduces its likelihood of immediate detection while maintaining persistent visibility into user activity."
        https://www.cyfirma.com/research/solyximmortal-python-malware-analysis/
        https://www.securityweek.com/solyximmortal-information-stealer-emerges/
      • From Extension To Infection: An In-Depth Analysis Of The Evelyn Stealer Campaign Targeting Software Developers
        "On December 8, 2025, Koi.ai published their findings about a campaign specifically targeting software developers through weaponized Visual Studio Code extensions. Here, we’ll provide a more in-depth analysis of the multistage delivery of the Evelyn information stealer. Evelyn implements multiple anti-analysis techniques to evade detection in research and sandbox environments. It collects system information and harvests browser credentials through DLL injection as well as files and information such as clipboard and Wi-Fi credentials . It can also capture screenshots and steal cryptocurrency wallet. The malware communicates with its command-and-control (C&C) server over FTP."
        https://www.trendmicro.com/en_us/research/26/a/analysis-of-the-evelyn-stealer-campaign.html

      Breaches/Hacks/Leaks

      • Ingram Micro Says Ransomware Attack Affected 42,000 People
        "Information technology giant Ingram Micro has revealed that a ransomware attack on its systems in July 2025 led to a data breach affecting over 42,000 individuals. Ingram Micro, one of the world's largest business-to-business service providers and technology distributors, has over 23,500 associates, more than 161,000 customers, and reported net sales of $48 billion in 2024. In data breach notification letters filed with Maine's Attorney General and sent to those affected by the incident, the company said the attackers stole documents containing a wide range of personal information, including Social Security numbers."
        https://www.bleepingcomputer.com/news/security/ingram-micro-says-ransomware-attack-affected-42-000-people/
        https://www.securityweek.com/42000-impacted-by-ingram-micro-ransomware-attack/
        https://securityaffairs.com/187083/data-breach/ransomware-attack-on-ingram-micro-impacts-42000-individuals.html
        https://www.theregister.com/2026/01/19/ingram_micro_ransomware_affects/

      General News

      • When The Olympics Connect Everything, Attackers Pay Attention
        "Global sporting events bring a surge of network traffic, new systems, and short term partnerships. That mix draws attention from cyber threat actors who see opportunity in scale and distraction. A new Palo Alto Networks threat study on the Milan Cortina 2026 Winter Olympic Games outlines how attackers are expected to operate across the event’s digital ecosystem, from ticketing platforms to telecom infrastructure."
        https://www.helpnetsecurity.com/2026/01/19/palo-alto-networks-olympic-cybersecurity-risks-report/
      • Cyber Risk Keeps Winning, Even As AI Takes Over
        "Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries. Cyber incidents hold the highest ranking for the fifth consecutive year. Risk professionals describe a threat environment defined by ransomware, data theft, service outages, and regulatory exposure. These events affect revenue, trust, and operational continuity."
        https://www.helpnetsecurity.com/2026/01/19/allianz-ai-cyber-risk-report/
      • Hacker Admits To Leaking Stolen Supreme Court Data On Instagram
        "A Tennessee man has pleaded guilty to hacking the U.S. Supreme Court's electronic filing system and breaching accounts at the AmeriCorps U.S. federal agency and the Department of Veterans Affairs. Federal prosecutors said that 24-year-old Nicholas Moore, of Springfield, Tennessee, had accessed the Supreme Court's restricted electronic filing system at least 25 times between August and October 2023 using stolen credentials. Additionally, he sometimes logged into the Supreme Court's systems multiple times per day using the same compromised credentials."
        https://www.bleepingcomputer.com/news/security/hacker-admits-to-leaking-stolen-supreme-court-data-on-instagram/
        https://securityaffairs.com/187048/security/hacker-pleads-guilty-to-hacking-supreme-court-americorps-and-va-systems.html
      • Jordanian Pleads Guilty To Selling Access To 50 Corporate Networks
        "A Jordanian man has pleaded guilty to operating as an "access broker" who sold access to the computer networks of at least 50 companies. The Justice Department's Office of International Affairs secured Albashiti's extradition from Georgia (where he lived and was arrested) in July 2024. 40-year-old Feras Khalil Ahmad Albashiti (also known online as "r1z," "Feras Bashiti" and "Firas Bashiti") has entered a guilty plea to charges of fraud involving access credentials. Albashiti's sentencing before U.S. District Judge Michael A. Shipp is scheduled for May 11, 2026."
        https://www.bleepingcomputer.com/news/security/jordanian-pleads-guilty-to-selling-access-to-50-corporate-networks/
        https://hackread.com/jordanian-man-pleads-guilty-sell-companies-stolen-logins/
        https://www.securityweek.com/jordanian-admits-in-us-court-to-selling-access-to-50-enterprise-networks/
        https://www.theregister.com/2026/01/19/iab_sentencing/
      • Global Tensions Are Pushing Cyber Activity Toward Dangerous Territory
        "Cybersecurity is inseparable from geopolitics. Ongoing conflicts, sanctions, trade wars, geoeconomic rivalry, and technological competition have pushed state competition into cyberspace. States use cyber operations to exert pressure on rivals, enabling disruption without resorting to conventional weapons."
        https://www.helpnetsecurity.com/2026/01/19/cybersecurity-geopolitical-tensions/
      • Cyber Breaches, Compliance And Reputation Top UK Corporate Concerns
        "UK business leaders are most concerned about cybersecurity breaches over the coming year, but doubt their ability to manage related risk, according to a new study from Nardello & Co. The global investigations firm polled 250 business leaders at enterprises with a minimum turnover of £250m to better understand their perception of risk for 2026. Over half (58%) ranked cyber-related breaches as their top risk, with three-quarters doubting their ability to manage them. Their concern is grounded in experience and 20% said they had suffered a breach over the past two years."
        https://www.infosecurity-magazine.com/news/cyber-breaches-compliance/
      • Cyber Insights 2026: Information Sharing
        "Information sharing is necessary for efficient cybersecurity, and is widespread; but never quite perfect in practice. “Information sharing provides an asymmetric defensive advantage,” explains Dario Perfettibile, VP and GM of European operations at Kiteworks. “When one organization detects a novel attack and shares indicators of compromise, threat actor tactics, and defensive measures, hundreds of peers can immunize themselves before being targeted.” Matthew Harmon, chief strategy officer at Merlin Group, adds, “The rapid and persistent exchange of cyber threat intelligence enables organizations – public and private, domestic and international – to detect and respond to intrusions more quickly and effectively.”"
        https://www.securityweek.com/cyber-insights-2026-information-sharing/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 7b2bcb16-634b-4887-8894-987d4ebd45fa-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post