NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 16 February 2026

    Cyber Security News
    1
    1
    522
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • What Interoperability In Healthcare Really Means For Security And Privacy
        "Healthcare systems are under constant pressure to share data faster. Hospitals exchange records with labs, insurers, pharmacies, and third-party providers every day. While this connectivity improves care, it also introduces one of the sector’s most overlooked risks: data exposure at scale. Interoperability in healthcare is often discussed as an efficiency goal. In practice, it is also a security challenge that directly affects patient privacy, regulatory compliance, and breach risk."
        https://hackread.com/interoperability-in-healthcare-security-privacy/

      Industrial Sector

      • Barriers To Secure OT Communication: Why Johnny Can’t Authenticate
        "CISA released the guidance, Barriers to Secure OT Communication: Why Johnny Can’t Authenticate, which highlights the known issues with insecure-by-design legacy industrial protocols and seeks to understand why the technology to secure these protocols is not widely adopted. CISA developed this guidance in partnership with operational technology (OT) equipment manufacturers and standard development organizations, by interviewing OT asset owners and operators to understand:"
        https://www.cisa.gov/resources-tools/resources/barriers-secure-ot-communication-why-johnny-cant-authenticate
        https://www.cisa.gov/sites/default/files/2026-02/Barriers-to-Secure-Communication-Why-OT-Johnny-Cant-Authenticate_508_2.pdf
        https://www.helpnetsecurity.com/2026/02/13/cisa-secure-ot-communication-protocols/

      New Tooling

      • Brutus: Open-Source Credential Testing Tool For Offensive Security
        "Brutus is an open-source, multi-protocol credential testing tool written in pure Go. Designed to replace legacy tools that have long frustrated penetration testers with dependency headaches and integration gaps, Brutus ships as a single binary with zero external dependencies and native support for the JSON-based reconnaissance pipelines that define offensive security."
        https://www.helpnetsecurity.com/2026/02/13/brutus-open-source-credential-testing-tool-offensive-security/
        https://github.com/praetorian-inc/brutus

      Vulnerabilities

      • Chrome 145 Patches 11 Vulnerabilities
        "Google on Tuesday announced the release of Chrome 145 to the stable channel with fixes for 11 vulnerabilities, including three high-severity bugs. First in line is CVE-2026-2313, a high-severity use-after-free issue in CSS that earned the reporting researchers an $8,000 bug bounty reward. The two other high-severity defects, tracked as CVE-2026-2314 and CVE-2026-2315, were found and reported by Google and are described as a heap buffer overflow in Codecs and an inappropriate implementation in WebGPU, respectively."
        https://www.securityweek.com/chrome-145-patches-11-vulnerabilities/
      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2026-1731 BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/02/13/cisa-adds-one-known-exploited-vulnerability-catalog
        https://securityaffairs.com/187982/breaking-news/u-s-cisa-adds-a-flaw-in-beyondtrust-rs-and-pra-to-its-known-exploited-vulnerabilities-catalog.html

      Malware

      • Claude LLM Artifacts Abused To Push Mac Infostealers In ClickFix Attack
        "Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. At least two variants of the malicious activity have been observed in the wild, and more than 10,000 users have accessed the content with dangerous instructions. A Claude artifact is content generated with Antropic’s LLM that has been made public by the author. It can be anything from instructions, guides, chunks of code, or other types of output that are isolated from the main chat and accessible to anyone via links hosted on the claude.ai domain."
        https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
      • Malicious Chrome Extension Steals Meta Business Manager Exports And TOTP 2FA Seeds
        "Socket’s Threat Research Team identified a malicious Google Chrome extension CL Suite by @CLMasters (extension ID jkphinfhmfkckkcnifhjiplhfoiefffl), that openly advertises itself as a way to scrape Meta Business Suite data and bypass verification friction and that also, behind the scenes, exfiltrates TOTP seeds, 2FA codes, Business Manager contact lists, and analytics data to infrastructure controlled by the threat actor. Marketed in the Chrome Web Store as a way to “extract people data, analyze Business Managers, remove verification popups, and generate 2FA codes”, the extension requests broad access to meta.com and facebook.com and claims in its privacy policy that 2FA secrets and Business Manager data remain local."
        https://socket.dev/blog/malicious-chrome-extension-steals-meta-business-manager-exports-and-totp-2fa-seeds
        https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html
      • Phishing On The Edge Of The Web And Mobile Using QR Codes
        "QR codes are not a new technology, but their prevalence has increased with the push for contactless interactions, especially during the initial emergency phase of the coronavirus pandemic. QR codes allow companies to interact seamlessly with their customer base for payments, enabling customers to join rewards programs and sign up for apps or mailing services. People have grown used to QR codes in daily life, and often scan them without sufficient caution, increasing their susceptibility to attacks."
        https://unit42.paloaltonetworks.com/qr-codes-as-attack-vector/
      • CTM360: Lumma Stealer And Ninja Browser Malware Campaign Abusing Google Groups
        "CTM360 reports that more than 4,000 malicious Google Groups and 3,500 Google-hosted URLs are being used in an active malware campaign targeting global organizations. The attackers abuse Google’s trusted ecosystem to distribute credential-stealing malware and establish persistent access on compromised devices. The activity is global, with attackers embedding organization names and industry-relevant keywords into posts to increase credibility and drive downloads."
        https://www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
      • Pastebin Comments Push ClickFix JavaScript Attack To Hijack Crypto Swaps
        "Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets. The campaign relies on social engineering that promises large profits from a supposed Swapzone.io arbitrage exploit, but instead runs malicious code that modifies the swap process directly within the victim's browser. It could also be the first known ClickFix attack to use JavaScript to alter a webpage's functionality for a malicious purpose."
        https://www.bleepingcomputer.com/news/security/pastebin-comments-push-clickfix-javascript-attack-to-hijack-crypto-swaps/
      • Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup For Malware Staging
        "Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload. Specifically, the attack relies on using the "nslookup" (short for nameserver lookup) command to execute a custom DNS lookup triggered via the Windows Run dialog. ClickFix is an increasingly popular technique that's traditionally delivered via phishing, malvertising, or drive-by download schemes, often redirecting targets to bogus landing pages that host fake CAPTCHA verification or instructions to address a non-existent problem on their computers by running a command either through the Windows Run dialog or the macOS Terminal app."
        https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html

      Breaches/Hacks/Leaks

      • VK Styles: 500K Users Infected By Chrome Extensions That Hijack VKontakte Accounts
        "Half a million VKontakte users had their accounts silently hijacked. Their settings reset every 30 days. Automatically subscribed to groups they never chose. All through Chrome extensions that looked like simple VK customization tools. We discovered a sophisticated malware campaign targeting VKontakte (VK), Russia's largest social network with over 650 million users. What started as a simple search for Yandex advertising code led us to uncover a network of five malicious Chrome extensions with over 500,000 combined installations."
        https://www.koi.ai/blog/vk-styles-500k-users-infected-by-chrome-extensions-that-hijack-vkontakte-accounts
      • Atlas Air Attackers Warn Boeing Intellectual Property At Risk In Suspected Supply Chain Hack
        "One of the world’s largest cargo airlines, Atlas Air, has been claimed by a prominent ransomware cartel. The attackers’ post about the breach hints at a larger supply-chain attack targeting the American aerospace industry. Atlas Air denies its systems were penetrated."
        https://cybernews.com/security/atlas-air-ransomware-breach-boeing-data/
      • Fintech Firm Figure Disclosed Data Breach After Employee Phishing Attack
        "Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an employee and steal a limited number of files. Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack. According to a company spokesperson, the incident allowed hackers to access and steal a limited number of files. The company disclosed the breach following inquiries and is assessing the impact. Figure Technology Solutions has allegedly been breached by ShinyHunters."
        https://securityaffairs.com/187988/data-breach/fintech-firm-figure-disclosed-data-breach-after-employee-phishing-attack.html

      General News

      • The ROI Reckoning Is Coming For AI
        "These may be the halcyon days for enterprise artificial intelligence, where money and ambition are only hindered by imagination as tech vendors race to gain a competitive edge. But CIOs say they're feeling increasing pressure to show that investments in AI are driving measurable business value - and the reckoning is coming soon, according to a new global survey from Dataiku and The Harris Poll. In the survey, 71% of CIOs said they have until mid-2026 to prove that AI is a value-driver or they risk budget cuts, stalled programs and even losing their job."
        https://www.bankinfosecurity.com/roi-reckoning-coming-for-ai-a-30756
        https://content.dataiku.com/7-career-making-ai-decisions-cios-2026
      • Microsoft Under Pressure To Bolster Defenses For BYOVD Attacks
        "Part 1 in a series. Stay tuned for Part 2 next week. When it comes to bring-your-own-vulnerable-driver (BYOVD) attacks, Microsoft may be stuck between a rock and a hard place. Over the past year, threat actors — most notably, ransomware groups — have increasingly embraced the BYOVD technique to disable security products in a targeted network. The technique involves threat actors identifying a vulnerable driver that they can exploit and dropping it on a targeted system. Attackers then use the kernel-level access and elevated privileges of the driver to kill security processes on a system before deploying their payload, be it ransomware, infostealers, or backdoors."
        https://www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
      • AI Agents 'Swarm,' Security Complexity Follows Suit
        "The maturing AI landscape increases the likelihood that multiple models, and agents, will need to work alongside each other. And this type of "swarm" orchestration introduces a host of additional security concerns that need to be addressed to ensure the integrity of an organization's security. AI agents have become an increasing force in LLM-powered deployments in the workplace. Autonomous AI agents, which are sold under the premise that they can work in a mostly self-directed fashion and make "decisions" about what to use next, are used in data analysis, build process automation, software development (to create and manage code), and more. As businesses make the decision to lean more into this technology, it becomes increasingly likely that multiple agents used for different processes will come into contact with each other."
        https://www.darkreading.com/cloud-security/ai-agents-swarm-security-complexity
      • Edge Computing’s Biggest Lie: “We’ll Patch It Later”
        "Edge computing is spreading fast, from factory floors to remote infrastructure. But many of these systems are hard to maintain once they are deployed. Devices may run old kernels, custom board support packages, or stacks that no one can rebuild years later. Updates can fail due to weak connectivity or power loss, and a mistake can brick thousands of systems at once. Add AI workloads that cannot tolerate downtime, and patching becomes even harder. In this Help Net Security interview, Piotr Buliński, CTO of Qbee, digs into the edge equivalent of “snowflake servers,” why cloud habits break in the field, and what it takes to monitor and update fleets safely."
        https://www.helpnetsecurity.com/2026/02/13/piotr-bulinski-qbee-edge-device-security/
      • Cyber Risk Is Becoming a Hold-Period Problem For Private Equity Firms
        "Private equity firms have spent years treating cybersecurity as an IT hygiene issue inside portfolio companies. That approach is getting harder to sustain as ransomware, data theft, and regulatory pressure interfere with value creation during the hold period. A recent Kroll survey of 325 private equity portfolio leaders found that 80% of firms experienced some form of disruption tied to cybersecurity risk during the hold period over the past year. The disruption ranged from unexpected remediation costs to litigation, downtime, and integration failures after acquisitions."
        https://www.helpnetsecurity.com/2026/02/13/private-equity-cyber-risk-problem/
      • Naming And Shaming: How Ransomware Groups Tighten The Screws On Victims
        "In the realm of cybercrime, change is arguably the only constant. While cyber-extortion as a broader category of crime has proved its staying power, ransomware – its arguably most damaging ‘flavor’ – doesn’t live or die on encryption alone. The playbook of ‘yore’ largely involved locking files or systems and demanding payment for a decryption key, but in recent years campaigns switched to combining encryption with data exfiltration and threats to publish the stolen information."
        https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/
      • Adopting Agentic AI Is a Priority For 87% Of Security Teams, According To Ivanti’s Research
        "Ivanti, a global enterprise IT and security software company, announced the findings of its 2026 State of Cybersecurity Report: Bridging the Divide. Drawing on insights from more than 1,200 cybersecurity professionals worldwide, the report reveals a rapidly widening divide between escalating cyberthreats and organizations’ ability to defend against them. AI is reshaping cybersecurity for both defenders and attackers, but defenders believe they are gaining the edge. The report finds that security professionals are 2.4x more likely to believe defenders use AI as effectively as threat actors, if not more effectively. Additionally, that confidence level grows to 5.5x in favor of defenders using AI as effectively or more effectively than threat actors over the next 24 months."
        https://www.ivanti.com/company/press-releases/2026/adopting-agentic-ai-is-a-priority-for-87-of-security-teams-according-to-ivanti-s-research
        https://www.helpnetsecurity.com/2026/02/13/cyber-threat-preparedness-gap-report/
      • Recorded Future 2026 State Of Security Report Warns Cyber Operations Have Become a Core Tool Of Global Power
        "Recorded Future, the world's largest threat intelligence company, today released its 2026 State of Security Report, showing that cyber operations are now inseparable from physical conflict, coercion, and espionage. The report emphasizes that geopolitical fragmentation and the adoption of artificial intelligence (AI) are creating an environment of instability, with persistent attacks becoming the norm in the global threat landscape. Dr. Christopher Ahlberg, Co-Founder of Recorded Future, shared the key findings and highlighted how cyber operations, intelligence, and emerging technologies are reshaping geopolitical competition and national security during a panel discussion at the Munich Cyber Security Conference."
        https://www.prnewswire.com/news-releases/recorded-future-2026-state-of-security-report-warns-cyber-operations-have-become-a-core-tool-of-global-power-302686566.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) fd16694c-5a8f-4ede-9a36-7184a3ceced2-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post