NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 03 March 2026

    Cyber Security News
    1
    1
    64
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Healthcare Sector

      • Iran Conflict Elevates Cyber Risk For Healthcare
        "United States and Israel military strikes on Iran could erupt into cyberattacks against the healthcare sector in the U.S. and elsewhere by Iranian sympathizers and proxies, experts warned Monday. The life-and-death sensitivity of the healthcare sector, as well as its relative vulnerability to cyber incidents, makes it a target for rising attacks ranging from distributed denial of service, wiper malware, ransomware, data theft and other such assaults."
        https://www.bankinfosecurity.com/iran-conflict-elevates-cyber-risk-for-healthcare-a-30894

      New Tooling

      • BlacksmithAI: Open-Source AI-Powered Penetration Testing Framework
        "BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents. Each agent maps to a common penetration testing function. The recon agent handles attack surface mapping and information gathering. The scan and enumeration agent performs service discovery. A vulnerability analysis agent evaluates weaknesses and potential exposure. An exploit agent executes proof of concept activity. A post-exploitation agent examines impact and potential lateral movement."
        https://www.helpnetsecurity.com/2026/03/02/blacksmithai-open-source-ai-powered-penetration-testing-framework/
        https://github.com/yohannesgk/blacksmith

      Vulnerabilities

      • Google Addresses Actively Exploited Qualcomm Zero-Day In Fresh Batch Of 129 Android Vulnerabilities
        "Google disclosed one actively exploited zero-day vulnerability Monday, warning that the high-severity defect affecting an open-source Qualcomm display component for Android devices “may be under limited, targeted exploitation.” The memory-corruption vulnerability — CVE-2026-21385 — which Google’s Android security team reported to Qualcomm Dec. 18, affects 234 chipsets, Qualcomm said in a security bulletin. Qualcomm said it notified customers of the vulnerability Feb. 2."
        https://cyberscoop.com/android-security-update-march-2026/

      Malware

      • A Fake FileZilla Site Hosts a Malicious Download
        "A trojanized copy of the open-source FTP client FileZilla 3.69.5 is circulating online. The archive contains the legitimate FileZilla application, but with a single malicious DLL added to the folder. When someone downloads this tampered version, extracts it, and launches FileZilla, Windows loads the malicious library first. From that moment on, the malware runs inside what appears to be a normal FileZilla session. Because the infected copy looks and behaves like the real software, victims may not realize anything is wrong. Meanwhile, the malware can access saved FTP credentials, contact its command-and-control server, and potentially remain active on the system. The risk does not stop with the local computer. Stolen credentials could expose the web servers or hosting accounts the user connects to."
        https://www.malwarebytes.com/blog/threat-intel/2026/03/a-fake-filezilla-site-hosts-a-malicious-download
      • Purchase Order Attachment Isn’t a PDF. It’s Phishing For Your Password
        "An attachment named New PO 500PCS.pdf.hTM, posing as a purchase order in PDF form, turned out to be something entirely different: a credential-harvesting web page that quietly sent passwords and IP/location data straight to a Telegram bot controlled by an attacker. Imagine you’re in accounts payable, sales, or operations. Your day is a steady flow of invoices, purchase orders, and approvals. An email like this may look like just another item in your daily queue."
        https://www.malwarebytes.com/blog/threat-intel/2026/03/purchase-order-attachment-isnt-a-pdf-its-phishing-for-your-password
      • US-Israel And Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption As Tehran Retaliates
        "The escalating conflict between the United States, Israel, and Iran has unfolded alongside extensive cyber operations, with reports of widespread internet disruptions, hacking of Iranian sites and apps, and infrastructure interference, while Western entities brace for potential Iranian cyberattacks. The conflict erupted on February 28, when the United States and Israel initiated coordinated airstrikes across Iran, targeting military installations, missile facilities, nuclear sites, and high-level officials, resulting in the deaths of Supreme Leader Ali Khamenei and several other leaders."
        https://www.securityweek.com/us-israel-and-iran-trade-cyberattacks-pro-west-hacks-cause-disruption-as-tehran-retaliates/
        https://therecord.media/iran-cyber-us-command-attack
        https://www.bankinfosecurity.com/iranian-cyber-proxies-active-but-nation-state-hackers-a-30892
        https://www.infosecurity-magazine.com/news/iran-cyber-attacks-global-google/
        https://www.theregister.com/2026/03/02/cyber_warfighters_iran/
      • Inside The Fix: Analysis Of In-The-Wild Exploit Of CVE-2026-21513
        "Microsoft’s February 2026 Patch Tuesday addressed 59 vulnerabilities, including six actively exploited zero-days. CVE-2026-21513 stands out because of its active exploitation, high impact, and ability to bypass browser security boundaries and trigger arbitrary file execution. We used the multi-agent system called PatchDiff-AI to analyze CVE-2026-21513 and its patch. PatchDiff-AI generated a detailed report that reveals insights about the vulnerable component and the attack vector."
        https://www.akamai.com/blog/security-research/2026/feb/inside-the-fix-cve-2026-21513-mshtml-exploit-analysis
        https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html
        https://securityaffairs.com/188782/security/russia-linked-apt28-exploited-mshtml-zero-day-cve-2026-21513-before-patch.html
      • Novel DPRK Stager Using Pastebin And Text Steganography
        "This is a quick one as FAMOUS CHOLLIMA has been keeping me busy this week by testing Google Drive as a stager and my longer write-up on tracking their IP addresses through temporary mailboxes. I just cannot help writing about this one as it’s really fun — it also helps that having a sleeping baby strapped to the chest for three hours makes for idle hands, and you know what they say about idle hands!"
        https://kmsec.uk/blog/dprk-text-steganography/
        https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
      • Situation Report: Middle East Escalation (February 27–1st March, 2026)
        "The report examines the sharp escalation following the 28 February 2026 joint Israel–U.S. strikes on Iran, triggering a hybrid conflict blending kinetic attacks with unprecedented cyber operations. Iran faced near-total internet disruption, while retaliatory missile and cyber activity spread across Israel, the Gulf, and beyond. Over 150 hacktivist incidents were recorded, with global spillover risks to energy, finance, IT, and critical infrastructure sectors"
        https://www.cloudsek.com/blog/middle-east-escalation-israel-iran-us-cyber-war-2026
        https://www.infosecurity-magazine.com/news/middle-east-conflict-surge-global/
      • Dust Specter APT Targets Government Officials In Iraq
        "In January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an Iran-nexus threat actor conducted this operation. ThreatLabz tracks this group internally as Dust Specter. As additional high-confidence indicators become available, ThreatLabz will update our attribution accordingly."
        https://www.zscaler.com/blogs/security-research/dust-specter-apt-targets-government-officials-iraq
      • Alleged India-Linked Espionage Campaign Targeted Pakistan, Bangladesh, Sri Lanka
        "An espionage campaign last year targeted government agencies and critical infrastructure operators in Pakistan, Bangladesh and Sri Lanka, researchers at the cybersecurity firm Arctic Wolf said Monday. The researchers attributed the campaign to an India-nexus threat actor they call SloppyLemming and said it was an expansion of threat activity previously identified by Cloudflare in September 2024."
        https://therecord.media/india-pakistan-cyber-campaign-apt
      • Tracking CyberStrikeAI Usage
        "Team Cymru is continuously monitoring our global netflow visibility to uncover patterns of adversary activity, identify malicious operations, and gain actionable intelligence. In this post, we are diving into CyberStrikeAI, an open-source artificial intelligence (AI) offensive security tool (OST) developed by a China-based developer who we assess has some ties to the Chinese government."
        https://www.team-cymru.com/post/tracking-cyberstrikeai-usage
        https://www.bleepingcomputer.com/news/security/cyberstrikeai-tool-adopted-by-hackers-for-ai-powered-attacks/
      • OAuth Redirection Abuse Enables Phishing And Malware Delivery
        "Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without stealing tokens. Microsoft Defender flagged malicious activity across email, identity, and endpoint signals. Microsoft Entra disabled the observed OAuth applications; however, related OAuth activity persists and requires ongoing monitoring."
        https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/
        https://www.theregister.com/2026/03/03/microsoft_oauth_scams/

      Breaches/Hacks/Leaks

      • Pakistan’s Top News Channels Hacked And Hijacked With Anti-Military Messages
        "Several of Pakistan’s most-watched news channels, including Geo News, ARY News, and Samaa TV, faced a serious security breach on Sunday evening, 1 March 2026. Viewers across the country were left confused when regular programming was suddenly interrupted by unauthorized messages. These disruptions happened shortly after Iftar (the meal served at sunset to break the daily fast during the holy month of Ramadan) and continued into the high-traffic 9 pm news bulletins, which is when these channels usually see their largest global audiences."
        https://hackread.com/pakistan-news-channels-hacked-anti-military-messages/
      • Madison Square Garden Data Breach Confirmed Months After Hacker Attack
        "Madison Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution. In the Oracle EBS hacking campaign, the Cl0p ransomware and extortion group exploited zero-day vulnerabilities to gain access to data stored by more than 100 organizations in the enterprise management software. Madison Square Garden (MSG), the world-famous arena located in New York City, was named by the hackers as a victim of the campaign in November 2025."
        https://www.securityweek.com/madison-square-garden-data-breach-confirmed-months-after-hacker-attack/
      • Cyberattack Briefly Disrupts Russian Internet Regulator And Defense Ministry Websites
        "Russia’s internet regulator and defense ministry said their servers were hit by a large distributed denial-of-service (DDoS) attack that briefly disrupted access to several government websites late last week. The Russian communications watchdog, Roskomnadzor, said in a statement to several local media outlets on Friday that the attack was a “complex multi-vector” operation originating from servers and botnets located mainly in Russia, as well as in the United States, China, the United Kingdom and the Netherlands."
        https://therecord.media/cyberattack-briefly-takes-down-russian-government-websites
      • University Of Hawaiʻi Cancer Center Confirms Data Leak Following Ransomware Attack
        "The University of Hawaiʻi Cancer Center said up to 1.2 million people had information leaked as a result of a ransomware attack on its epidemiology division last year. Hackers accessed records containing Social Security numbers (SSNs) and driver’s license numbers collected from the Hawaiʻi State Department of Transportation as well as City and County of Honolulu voter registration records from 1998, according to a statement released by the organization last week."
        https://therecord.media/university-of-hawaii-ransomware-data-breach

      General News

      • How Threat Intelligence And Multi-Source Data Drive Smarter Vulnerability Prioritization
        "For years, CVSS scores have been the default metric for vulnerability severity. But severity does not equal risk. A CVSS 9.8 vulnerability that is never exploited is less dangerous than a CVSS 6.5 actively used in ransomware campaigns. Yet many organizations still chase the highest scores first, wasting time and leaving real threats exposed. KEV lists help, but they are reactive and often lag behind active exploitation. Attackers move faster than static scoring systems. If your prioritization strategy starts and ends with CVSS, you are playing catch-up."
        https://blog.checkpoint.com/executive-insights/how-threat-intelligence-and-multi-source-data-drive-smarter-vulnerability-prioritization/
      • How ‘silent Probing’ Can Make Your Security Playbook a Liability
        "For years, cyberattacks followed a familiar pattern: reconnaissance, exploitation, persistence, impact. Defenders built their strategies around that cycle, patching vulnerabilities, monitoring indicators, and working to reduce dwell time. But a quieter shift is underway. Today’s most sophisticated adversaries are using AI to study how organizations defend themselves. They run what we call “silent probing campaigns:” long-term, subtle operations designed to map how a team detects threats, escalates issues, and responds under pressure. These campaigns focus on learning the defender’s habits, workflow and decision points so attackers can time and tailor follow-on actions to evade detection. This reframes cyber risk, turning it from a technical problem into a behavioral one."
        https://cyberscoop.com/ai-silent-probing-cyber-risk-behavioral-defense-op-ed/
      • Taming Agentic Browsers: Vulnerability In Chrome Allowed Extensions To Hijack New Gemini Panel
        "We uncovered a High severity security vulnerability CVE-2026-0628 in Google's implementation of the new Gemini feature in Chrome. This vulnerability allows the attacker to tap into the browser environment and access files on the local operating system. Specifically, this vulnerability could have allowed malicious extensions with basic permissions to hijack the new Gemini Live in Chrome browser panel. Such an attack could have led to privilege escalation, enabling actions including:"
        https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
        https://nvd.nist.gov/vuln/detail/CVE-2026-0628
        https://www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking
        https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
        https://www.securityweek.com/vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant/
      • Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat
        "Link11 has published its European Cyber Report 2026, revealing that DDoS attacks reached a new level in 2025 and have become a permanent stress factor for digital infrastructures. The report shows that the number of documented attacks in the Link11 network rose by 75% in 2025, following explosive growth in the previous year (+137%). This establishes DDoS attacks as a permanent structural burden for companies and critical infrastructures in Europe."
        https://hackread.com/link11-releases-european-cyber-report-2026-ddos-attacks-become-a-constant-threat/
      • Your Dependencies Are 278 Days Out Of Date And Your Pipelines Aren’t Protected
        "Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments. Across the environments studied, 87% of organizations run at least one exploitable vulnerability in production services, affecting 40% of those services. This condition points to a persistent accumulation of security debt inside deployed software stacks."
        https://www.helpnetsecurity.com/2026/03/02/devsecops-supply-chain-risk-security-debt/
      • AI Risk Moves Into The Security Budget Spotlight
        "Enterprises are pushing AI deeper into workflows that touch sensitive data across cloud platforms and SaaS apps. The 2026 Thales Data Threat Report, based on a survey of 3,120 respondents in 20 countries, places that shift alongside growing pressure on data protection, identity controls, and cloud security. A dedicated budget for AI security is becoming more common. Thirty percent of respondents report having a dedicated AI security budget, up from 20% in the prior year. Many organizations continue to fund AI initiatives through existing security allocations, which keeps AI risk management closely tied to broader cyber programs."
        https://www.helpnetsecurity.com/2026/03/02/ai-security-spending-budget-2026/
      • Alert: NCSC Advises UK Organisations To Take Action Following Conflict In The Middle East
        "In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture. As a result of the ongoing conflict in the Middle East, there is likely no current significant change in the direct cyber threat from Iran to the UK, however due to the fast-evolving nature of the conflict, this assessment may be subject to change."
        https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-middle-east
        https://www.bleepingcomputer.com/news/security/uk-warns-of-iranian-cyberattack-risks-amid-middle-east-conflict/
        https://securityaffairs.com/188800/apt/middle-east-crisis-prompts-uk-warning-on-potential-iranian-cyber-activity.html
        https://www.theregister.com/2026/03/02/ncsc_security_iran/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 738d3b18-6531-49f1-9465-153a6b348333-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post