NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 January 2026

    Cyber Security News
    1
    1
    74
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • MITRE Launches New Security Framework For Embedded Systems
        "MITRE on Tuesday announced the launch of Embedded Systems Threat Matrix (ESTM), a cybersecurity framework designed to help organizations protect critical embedded systems. Inspired by the popular ATT&CK framework and derived from MITRE’s theoretical research and proof-of-concept models, the ESTM categorizes specific attack tactics and techniques tailored to hardware and firmware environments. The model maps both established and emerging attack vectors to assist organizations in identifying vulnerabilities within embedded architectures."
        https://www.securityweek.com/mitre-launches-new-security-framework-for-embedded-systems/

      Government/Law/Policy

      • Commission Strengthens EU Cybersecurity Resilience And Capabilities
        "Europe faces daily cyber and hybrid attacks on essential services and democratic institutions, carried out by sophisticated state and criminal groups. The European Commission has today proposed a new cybersecurity package to further strengthen the EU's cybersecurity resilience and capabilities in the face of these growing threats. The package includes a proposal for a revised Cybersecurity Act, which enhances the security of the EU's Information and Communication Technologies (ICT) supply chains. It ensures that products reaching EU citizens are cyber-secure by design through a simpler certification process. It also facilitates compliance with existing EU cybersecurity rules and reinforces the EU Agency for Cybersecurity (ENISA) in supporting Member States and the EU in managing cybersecurity threats."
        https://ec.europa.eu/commission/presscorner/detail/en/ip_26_105
        https://www.infosecurity-magazine.com/news/eu-unveils-cybersecurity-act-2/
        https://www.helpnetsecurity.com/2026/01/21/eu-cybersecurity-act-revised/

      New Tooling

      • Bandit: Open-Source Tool Designed To Find Security Issues In Python Code
        "Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the lifecycle, especially in projects that already rely on automated linting and testing. The tool works by examining Python code structure and matching it against a set of security-focused rules. Each finding points to a specific line of code and includes details that help developers understand the issue and decide on next steps."
        https://www.helpnetsecurity.com/2026/01/21/bandit-open-source-tool-find-security-issues-python-code/
        https://github.com/PyCQA/bandit

      Vulnerabilities

      • Zoom And GitLab Release Security Updates Fixing RCE, DoS, And 2FA Bypass Flaws
        "Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844 and discovered internally by its Offensive Security team, carries a CVSS score of 9.9 out of 10.0."
        https://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html
        https://www.bleepingcomputer.com/news/security/gitlab-warns-of-high-severity-2fa-bypass-denial-of-service-flaws/
        https://securityaffairs.com/187165/security/zoom-fixed-critical-node-multimedia-routers-flaw.html
      • Oracle’s First 2026 CPU Delivers 337 New Security Patches
        "Oracle has released 337 new security patches for over 30 products as part of its first Critical Patch Update (CPU) for 2026. There appear to be roughly 230 unique CVEs in Oracle’s January 2026 CPU advisory. More than two dozen of the fresh fixes resolve critical-severity vulnerabilities and over 235 patches address flaws that are remotely exploitable without authentication. Roughly half a dozen patches address CVE-2025-66516 (CVSS score of 10/10), a critical defect in Apache Tika that could lead to XML External Entity (XXE) injection attacks."
        https://www.securityweek.com/oracles-first-2026-cpu-delivers-337-new-security-patches/
      • Cisco Fixes Unified Communications RCE Zero Day Exploited In Attacks
        "Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks. Tracked as CVE-2026-20045, the flaw impacts Cisco Unified Communications Manager (Unified CM), Unified CM Session Management Edition (SME), Unified CM IM & Presence, Cisco Unity Connection, and Webex Calling Dedicated Instance. "This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device," warns Cisco's advisory."
        https://www.bleepingcomputer.com/news/security/cisco-fixes-unified-communications-rce-zero-day-exploited-in-attacks/
        https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
        https://securityaffairs.com/187177/security/cisco-fixed-actively-exploited-unified-communications-zero-day.html
        https://www.helpnetsecurity.com/2026/01/21/cisco-enterprise-communications-cve-2026-20045/
      • Fortinet Admins Report Patched FortiGate Firewalls Getting Hacked
        "Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. Until Fortinet provides a fully patched FortiOS release, admins are advised to temporarily disable the vulnerable FortiCloud login feature (if enabled) to secure their systems against attacks. To disable FortiCloud login, you have to navigate to System -> Settings and switch "Allow administrative login using FortiCloud SSO" to Off."
        https://www.bleepingcomputer.com/news/security/fortinet-admins-report-patched-fortigate-firewalls-getting-hacked/
        https://www.bankinfosecurity.com/attacks-target-freshly-patched-critical-fortinet-flaws-a-30575
        https://www.helpnetsecurity.com/2026/01/21/patched-fortigate-compromised-via-cve-2025-59718/
      • Code Injection Vulnerability In Binary-Parser Library
        "The binary-parser library for Node.js contains a code injection vulnerability that may allow arbitrary JavaScript code execution if untrusted input is used to construct parser definitions. Versions prior to 2.3.0 are affected. The issue has been resolved by the developer in a public update."
        https://kb.cert.org/vuls/id/102648
        https://thehackernews.com/2026/01/certcc-warns-binary-parser-bug-allows.html

      Malware

      • New Android Malware Uses AI To Click On Hidden Browser Ads
        "A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements. The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans. The threat actor is using TensorFlow.js, an open-source library developed by Google for training and deploying machine learning models in JavaScript. It permits running AI models in browsers or on servers using Node.js."
        https://www.bleepingcomputer.com/news/security/new-android-malware-uses-ai-to-click-on-hidden-browser-ads/
      • New Phishing Campaign Targeting LastPass Customers
        "LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team would like to alert our customers to an active phishing campaign that began on or around January 19, 2026. These phishing emails are being sent from several email addresses with various subject lines claiming that LastPass is about to conduct maintenance and urging users to backup their vaults in the next 24 hours. The known list of email addresses and subject lines can be found below."
        https://blog.lastpass.com/posts/new-phishing-campaign-targeting-lastpass-customers
        https://www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/
        https://thehackernews.com/2026/01/lastpass-warns-of-fake-maintenance.html
        https://www.darkreading.com/application-security/phishing-campaign-zeroes-lastpass-customers
        https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/
        https://securityaffairs.com/187145/cyber-crime/crooks-impersonate-lastpass-in-campaign-to-harvest-master-passwords.html
        https://www.theregister.com/2026/01/21/lastpass_backup_phishing_campaign/
      • When The Lab Door Stays Open: Exposed Training Apps Exploited For Fortune 500 Cloud Breaches
        "Pentera Labs uncovered a widespread security issue involving numerous leading security vendors inadvertently exposing intentionally vulnerable training applications – such as OWASP Juice Shop, DVWA, and Hackazon – to the public internet. Primarily deployed for internal testing, product demonstrations, and security training, these applications were frequently left accessible in their default or misconfigured states. These critical flaws not only allowed attackers full control over the compromised compute engine but also provided pathways for lateral movement into sensitive internal systems. Violations of the principle of least privilege and inadequate sandboxing measures further facilitated privilege escalation, endangering critical infrastructure and sensitive organizational data."
        https://pentera.io/blog/exposed-cloud-training-apps-pentera-labs/
        https://www.darkreading.com/application-security/vulnerable-vendors-training-apps
        https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/
      • Peruvian Peaks: The Digital Loan Illusion
        "Crossing the Andes, we found ourselves in the digital valleys of Peru, where a new variation of the loan scam awaited us. Much like the schemes in Brazil, these operations played on hope and desperation, luring victims with promises of financial relief. The setup was so convincing that it seemed like help was just within reach – until it vanished, leaving victims exploited and vulnerable. Since 2024, threat actors have created at least 16 scam domains impersonating one of Peru’s leading banks."
        https://www.group-ib.com/blog/peru-digital-loan-scam/
        https://www.infosecurity-magazine.com/news/loan-scam-harvests-cards-pins/
      • Malware Peddlers Are Now Hijacking Snap Publisher Domains
        "There’s a relentless campaign by scammers to publish malware in the Canonical Snap Store. Some gets caught by automated filters, but plenty slips through. Recently, these miscreants have changed tactics - they’re now registering expired domains belonging to legitimate snap publishers, taking over their accounts, and pushing malicious updates to previously trustworthy applications. This is a significant escalation."
        https://blog.popey.com/2026/01/malware-purveyors-taking-over-published-snap-email-domains/
        https://www.helpnetsecurity.com/2026/01/21/linux-malware-snap-store/
      • Can You Use Too Many LOLBins To Drop Some RATs?
        "Recently, our team came across an infection attempt that stood out—not for its sophistication, but for how determined the attacker was to take a “living off the land” approach to the extreme. The end goal was to deploy Remcos, a Remote Access Trojan (RAT), and NetSupport Manager, a legitimate remote administration tool that’s frequently abused as a RAT. The route the attacker took was a veritable tour of Windows’ built-in utilities—known as LOLBins (Living Off the Land Binaries)."
        https://www.malwarebytes.com/blog/news/2026/01/can-you-use-too-many-lolbins-to-drop-some-rats
      • PurpleBravo’s Targeting Of The IT Software Supply Chain
        "PurpleBravo is a North Korean state-sponsored threat group that overlaps with the “Contagious Interview” campaign first documented in November 2023. It targets software developers, especially in the software development and cryptocurrency verticals, via fake recruiter outreach, interview coding tests, and ClickFix prompts. Activity throughout 2025 has linked multiple fraudulent LinkedIn personas to PurpleBravo through malicious GitHub repositories and fictitious lure brands. The group’s tool set includes BeaverTail (a JavaScript infostealer and loader) and multi-platform remote access trojans (RATs), specifically, PyLangGhost and GolangGhost, optimized for stealing browser credentials and cryptocurrency wallet information."
        https://www.recordedfuture.com/research/purplebravos-targeting-it-software-supply-chain
        https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-nk-2026-0121.pdf
        https://thehackernews.com/2026/01/north-korean-purplebravo-campaign.html

      Breaches/Hacks/Leaks

      • Online Retailer PcComponentes Says Data Breach Claims Are Fake
        "PcComponentes, a major technology retailer in Spain, has denied claims of a data breach on its systems impacting 16 million customers, but confirmed it suffered a credential stuffing attack. The Spanish e-commerce company specializes in the sale of computers, laptops, peripherals, and hardware, and has an estimated 75 million unique marketplace visitors per year. Yesterday, a threat actor named ‘daghetiaw’ published what they claimed to be a customer database stolen from PcComponentes, containing 16.3 million records. The threat actor leaked 500,000 records and offered to sell the rest to the highest bidder."
        https://www.bleepingcomputer.com/news/security/online-retailer-pccomponentes-says-data-breach-claims-are-fake/
      • Carlsberg… Probably Not The Best Cybersecurity In The World
        "My Wife and I visited the Carlsberg exhibition in Copenhagen in August 2025 and we were given wristbands with a QR code on them. As we went through the exhibition, there were various interactive elements where you could create your own blend of beer, create a video of you dancing in a beer glass, and take pictures of you and your group. These were linked to the QR code so they could be accessed and downloaded later. It was a great exhibition and well worth going to if you’re in Copenhagen!"
        https://www.pentestpartners.com/security-blog/carlsberg-probably-not-the-best-cybersecurity-in-the-world/
        https://hackread.com/carlsberg-event-wristband-leaked-pii-disclose/
      • Under Armour Data Breach
        "In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information."
        https://haveibeenpwned.com/Breach/UnderArmour
        https://www.theregister.com/2026/01/21/under_armour_everest/

      General News

      • Tesla Hacked, 37 Zero-Days Demoed At Pwn2Own Automotive 2026
        "Security researchers have hacked the Tesla Infotainment System and earned $516,500 after exploiting 37 zero-days on the first day of the Pwn2Own Automotive 2026 competition. Synacktiv Team took home $35,000 after successfully chaining an information leak and an out‑of‑bounds write flaw to get root permissions on the Tesla Infotainment System in the USB-based attack category. They also chained three vulnerabilities to gain root-level code execution on the Sony XAV-9500ES digital media receiver, earning an additional $20,000 cash award."
        https://www.bleepingcomputer.com/news/security/tesla-hacked-37-zero-days-demoed-at-pwn2own-automotive-2026/
      • The Thin Line Between Saving a Company And Funding a Crime
        "Ransomware negotiation is a dark but widely acknowledged reality in the cybersecurity industry — one that many argue is a necessary practice, even if it largely occurs out of sight. Brokering payments and terms with cybercriminals who hold organizations’ data and operations hostage places security professionals in a fraught position that requires them to balance a responsibility to meet their clients’ needs without fueling the spread of financially-motivated crime."
        https://cyberscoop.com/ransomware-negotiation-pitfalls-moral-gray-zone/
      • 2026 Cloud Security Report Data Reveals “Complexity Gap”
        "As more and more enterprises catapult into an AI-powered future, cloud security is more critical than ever to an organization’s success and, perhaps even, survival. The velocity of AI adoption is fundamentally changing how cloud environments are managed and expanding the attack surface at a speed that outpaces traditional security models and teams’ ability to protect modern deployments."
        https://www.fortinet.com/blog/cloud-security/2026-cloud-security-report-data-reveals-complexity-gap
      • New Research Exposes Critical Gap: 64% Of Third-Party Applications Access Sensitive Data Without Authorization
        "Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client‑side risk across global websites, driven primarily by third‑party applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of third‑party applications now access sensitive data without legitimate business justification, up from 51% last year — a 25% year‑over‑year spike highlighting a widening governance gap."
        https://hackread.com/new-research-exposes-critical-gap-64-of-third-party-applications-access-sensitive-data-without-authorization/
        https://www.reflectiz.com/learning-hub/web-exposure-2026-research/
      • Cybercriminals Speak The Language Young People Trust
        "Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s screens. Constant time online chips away at attention, confidence, and judgment, and pushes young people toward views and choices that don’t always work in their favour. Children are drawn into organized crime for many reasons, often tied to attention, belonging, and a sense of worth. Risk increases when children grow up with unstable family situations, exposure to crime, or limited support. Mental health issues, weak social skills, and early involvement in minor offenses can also raise vulnerability."
        https://www.helpnetsecurity.com/2026/01/21/children-cybercrime-recruitment/
      • Security Leaders Push For Continuous Controls As Audits Stay Manual
        "Security teams say they want real-time insight into controls, but still rely on periodic checks that trail daily operations. New RegScale research shows how wide that gap remains and where organizations are directing time, staff, and budget to manage it."
        https://www.helpnetsecurity.com/2026/01/21/regscale-continuous-controls-monitoring/
      • Why Identity Security Must Move Beyond MFA
        "Multi-factor authentication (MFA) has become a cornerstone of modern cybersecurity. According to Okta’s Secure Sign-In Trends Report 2025 around 70 percent of users in enterprise environments are using MFA as of early 2025. Using multiple authentication factors adds an extra layer of defense that greatly limits unauthorized entry into sensitive systems. However, it is not a complete solution. Cybercriminals continue to target the human element, finding ways to bypass authentication controls through AI-supercharged phishing, impersonation, SIM swapping, social engineering, and credential theft."
        https://www.securityweek.com/why-identity-security-must-move-beyond-mfa/
      • Cyber Insights 2026: API Security – Harder To Secure, Impossible To Ignore
        "Application programming interfaces (APIs) are essential to the operation of a connected cyberworld. “APIs have become the connective tissue of modern technology and are part of our entire digital world,” explains Chrissa Constantine, senior cybersecurity solution architect at Black Duck. “Some recent estimates show that approximately 83% of internet traffic flows through APIs, which reflects how APIs are deeply connected in our digital lives.” Randolph Barr, CISO at Cequence Security, adds, “In many ways, 2026 will mark a phase in which APIs move from ‘just a delivery mechanism’ to the operational backbone of digital business, especially in a world increasingly dominated by agentic AI and monetization imperatives.”"
        https://www.securityweek.com/cyber-insights-2026-api-security/
      • Analysis Of 6 Billion Passwords Shows Stagnant User Behavior
        "Despite years of security awareness efforts, an analysis of 6 billion credentials leaked in 2025 confirms that poor password hygiene persists, as simple numeric sequences and common words remain the primary choice for millions of users. The data comes from a report published by password management firm Specops Software based on an analysis conducted by the threat intelligence team of its parent company, Outpost24. The analysis found that the five most common passwords compromised in 2025 were ‘123456’, ‘123456789’, ‘12345678’, ‘admin’, and ‘password’."
        https://www.securityweek.com/analysis-of-6-billion-passwords-shows-stagnant-user-behavior/
        https://marketing.outpost24.com/hubfs/BreachedPasswordsReport_Updated_Final_EN.pdf
      • Old Habits Die Hard: 2025’s Most Common Passwords Were As Predictable As Ever
        "‘123456’ continues to reign supreme as the most commonly-used password among people across the world, according to two reports, from NordPass and Comparitech, respectively. A full 25 percent of the top 1,000 most-used passwords are made up of nothing but numerals. In addition, ‘123456’ appealed to people of various age cohorts, as it was the most-favored option among millennials, Generation X and baby boomers alike, and the second most-popular option among Generation Z and the Silent Generation (after ‘12345’). This is according to NordPass’ analysis, which is based on billions of leaked passwords and sheds light on password trends among people in 44 countries."
        https://www.welivesecurity.com/en/cybersecurity/old-habits-die-hard-2025-most-common-passwords/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) e999fd97-58e7-46cb-8c77-3fbd9ecf5ccb-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post