NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 17 March 2026

    Cyber Security News
    1
    1
    30
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Industrial Sector

        • Siemens RUGGEDCOM APE1808 Devices
          "Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version."
          https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-02
      • Siemens SIMATIC
        "SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-04
      • Siemens SIDIS Prime
        "SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-03
      • Trane Tracer SC, Tracer SC+, And Tracer Concierge
        "Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-01
      • Siemens Heliox EV Chargers
        "Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-05
      • Inductive Automation Ignition Software
        "Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running."
        https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-06
      • Beyond CVSS: OT Security Looks For Its Risk Methodology
        "A mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology - a place where ordinary assumptions about risk don't apply. OT have long argued that CVSS is an inadequate measure for their purposes. In November 2023, the Forum of Incident Response and Security Teams, which maintains CVSS, sought to address those complaints with a new version, CVSS 4.0. But a growing number of OT security experts believe it's becoming clear that CVSS can't be "fixed" - even putting aside issues such as the administrative burden required to implement CVSS 4.0 in the OT world."
        https://www.bankinfosecurity.com/beyond-cvss-ot-security-looks-for-its-risk-methodology-a-31038
      • What Smart Factories Keep Getting Wrong About Cybersecurity
        "In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go unpatched and become entry points for attackers. Legacy infrastructure is frequently overlooked as organizations move to cloud and SaaS platforms, leaving outdated systems exposed. Employees remain a persistent weak point, not because of negligence, but because human nature can be exploited through social engineering and phishing. Rydman also addresses the ongoing tension between production uptime and security requirements, and how organizations can find the right risk threshold by keeping stakeholders informed, investing in training, and building a security-aware company culture."
        https://www.helpnetsecurity.com/2026/03/16/troy-rydman-packsize-smart-factory-cybersecurity-risks/

      New Tooling

      • VulHunt: Open-Source Vulnerability Detection Framework
        "Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously, working across disassembly, an intermediate representation layer, and decompiled code. Targets include POSIX executables and UEFI firmware modules."
        https://www.helpnetsecurity.com/2026/03/16/vulhunt-open-source-vulnerability-detection-framework/
        https://github.com/vulhunt-re/vulhunt

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability"
        https://www.cisa.gov/news-events/alerts/2026/03/16/cisa-adds-one-known-exploited-vulnerability-catalog
        https://www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/
        https://securityaffairs.com/189530/security/u-s-cisa-adds-a-flaw-in-wing-ftp-server-to-its-known-exploited-vulnerabilities-catalog.html
      • Pwning AI Code Interpreters In AWS Bedrock AgentCore
        "During research into AI code execution environments, BeyondTrust Phantom Labs™ discovered that AWS Bedrock AgentCore Interpreter’s Sandbox network mode does not fully block outbound communication. AWS originally advertised Sandbox mode as providing “complete isolation with no external access.” However, Phantom Labs discovered that public DNS queries remain allowed. This behavior can enable threat actors to establish command-and-control channels and data exfiltration over DNS in certain scenarios, bypassing the expected network isolation controls. Specifically, the Code Interpreter can query A and AAAA DNS records."
        https://www.beyondtrust.com/blog/entry/aws-bedrock-agentcore-sandbox-breakout
        https://www.infosecurity-magazine.com/news/security-flaw-aws-bedrock/
        https://hackread.com/data-leak-risk-in-aws-bedrock-ai-code-interpreter/

      Malware
      LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools To Steal Sensitive Data
      "The Cofense Phishing Defense Center (PDC) has recently identified a unique phishing campaign utilizing the software as a service (SaaS) LiveChat - a customer service software featuring live messaging and AI to provide a line of support for businesses. Unlike typical refund scams or credential phish, this campaign engages victims through a real-time chat interface, impersonating well-known brands in order to harvest sensitive data such as account credentials, credit card details, multi-factor authentication (MFA) codes, and other personally identifiable information (PII)."
      https://cofense.com/blog/livechat-abuse-how-phishers-are-exploiting-saas-support-tools-to-steal-sensitive-data
      https://www.darkreading.com/threat-intelligence/attackers-livechat-phish-credit-card-personal-data
      https://hackread.com/phishing-scam-livechat-pose-as-amazon-paypal/

      • AI-Assisted Phishing Campaign Exploits Browser Permissions To Capture Victim Data
        "Cyble Research & Intelligence Labs (CRIL) has identified a widespread, highly active social engineering campaign hosted primarily on edgeone.app infrastructure. The initial access vectors are diverse — ranging from “ID Scanner,” and “Telegram ID Freezing,” to “Health Fund AI”—to trick users into granting browser-level hardware permissions such as camera and microphone access under the pretext of verification or service recovery."
        https://cyble.com/blog/ai-assisted-phishing-campaign/
      • Malware-As-A-Service Redefined: Why XWorm Is Outpacing Every Other RAT In The Underground Malware Market
        "In the evolving landscape of cybercrime, threat actors are constantly pursuing the "perfect" weapon: malware that is lightweight, modular, and—most importantly—stealthy. The underground market eagerly adopts any tool that balances high functionality with low detection rates. XWorm has emerged as the premier example of this shift. Following the significant disruption caused by XWorm v6.X, the community is now grappling with the even more potent Version 7.x. In this blog, we will see how attackers have tried to target a Taiwan-based network security company. This analysis dissects the active XWorm v7.1 kill chain, explores the market trends fueling its growth, and exposes the Telegram channels where this sophisticated RAT is sold as a high-tier commodity."
        https://www.trellix.com/blogs/research/malware-as-a-service-redefined-xworm-rat/
        https://hackread.com/xworm-7-1-remcos-rat-windows-tools-evade-detection/
        • Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
          "In February-March 2026, Bitdefender Labs identified and mapped a sprawling global scam infrastructure and scalable disinformation-for-profit network that uses trusted news brands, real personalities, fabricated media narratives, emotional hooks, and advanced evasion techniques to drive victims into investment fraud funnels. On February 9-March 5, 2026, we analyzed 310 malvertising campaigns distributed through paid advertising on Meta platforms."
          https://www.bitdefender.com/en-us/blog/labs/global-investment-scam-network-using-meta-ads
          https://www.helpnetsecurity.com/2026/03/16/facebook-ads-investment-fraud-campaigns/
      • The Rise Of Fake Shipment Tracking Scams In MEA
        "Every day, billions of people rely on postal and courier services to deliver everything from handwritten letters to high value online orders. These services form the backbone of the global marketplace, especially in the age of e-commerce. According to the 2024 Universal Postal Union’s State of the Postal Sector report , postal services now serve a population of 7.3 billion people, and without them, a country’s GDP could drop by a median of 7%. And according to Statista, about 161 billion parcels were shipped worldwide in 2022 alone. Some of the top countries driving this volume include:"
        https://www.group-ib.com/blog/mea-shipment-tracking-scam/
        https://www.infosecurity-magazine.com/news/global-surge-fake-shipment/
      • Hacked Sites Deliver Vidar Infostealer To Windows Users
        "In recent years, ClickFix and fake CAPTCHA techniques have become a popular way for cybercriminals to distribute malware. Instead of exploiting a technical vulnerability, these attacks rely on convincing people to run malicious commands themselves. Our researchers have recently detected a campaign that ultimately delivers the Vidar infostealer, using several different infection chains."
        https://www.malwarebytes.com/blog/threat-intel/2026/03/hacked-sites-deliver-vidar-infostealer-to-windows-users
      • Free Real Estate: GoPix, The Banking Trojan Living Off Your Memory
        "GoPix is an advanced persistent threat targeting Brazilian financial institutions’ customers and cryptocurrency users. It represents an evolved threat targeting internet banking users through memory-only implants and obfuscated PowerShell scripts. It evolved from the RAT and Automated Transfer System (ATS) threats that were used in other malware campaigns into a unique threat never seen before. Operating as a LOLBin (Living-off-the-Land Binary), GoPix exemplifies a sophisticated approach that integrates malvertising vectors via platforms such as Google Ads to compromise prominent financial institutions’ customers."
        https://securelist.com/gopix-banking-trojan/119173/
      • DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging For Stealth Espionage
        "Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware family known as PLUGGYAPE. The attack activity "employs various judicial and charity themed lures to deploy a JavaScript‑based backdoor that runs through the Edge browser," the cybersecurity company said. Codenamed DRILLAPP, the malware is capable of uploading and downloading files, leveraging the microphone, and capturing images through the webcam by taking advantage of the web browser's features."
        https://thehackernews.com/2026/03/drillapp-backdoor-targets-ukraine.html
        https://therecord.media/russia-ukraine-cyber-espionage-group
        https://securityaffairs.com/189519/malware/russia-linked-apt-uses-drillapp-backdoor-to-spy-on-ukrainian-targets.html
      • Former Germany’s Foreign Intelligence VP Hit In Signal Account Takeover Campaign
        "A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President Arndt Freytag von Loringhoven. The official reported being contacted by someone posing as Signal support and asked for his PIN. This incident highlights a broader cyber espionage campaign against sensitive individuals in security agencies and political positions. “He is far from the only prominent victim of the global wave of attacks against user accounts at Signal and WhatsApp. According to SPIEGEL, high-ranking German politicians have reported themselves to the authorities as victims, and active officials in security agencies have also been attacked.” reads the report published by SPIEGEL."
        https://securityaffairs.com/189509/intelligence/former-germanys-foreign-intelligence-vp-hit-in-signal-account-takeover-campaign.html
      • European Security Vendor Targeted By Hackers Fronting As Cisco Domain
        "On March 13, 2026, the threat intelligence team at Outpost24, Specops’ parent company, discovered a sophisticated multi-chain redirect phishing campaign fronting as Cisco, a global network equipment provider. The attack is quite complex, leveraging several trusted services as well as compromised legitimate infrastructure to conceal the final phishing destination. Several stages redirect victims through legitimate or previously reputable domains, reducing the likelihood that security scanners or reputation-based filtering will block the link."
        https://specopssoft.com/blog/phishing-campaign-cisco/
        https://www.securityweek.com/security-firm-executive-targeted-in-sophisticated-phishing-attack/
      • ForceMemo: Hundreds Of GitHub Python Repos Compromised Via Account Takeover And Force-Push
        "The StepSecurity threat intelligence team has discovered an ongoing campaign in which an attacker is compromising hundreds of GitHub accounts and injecting identical malware into hundreds of Python repositories. The earliest injections date to March 8, 2026, and the campaign is still active with new repos continuing to be compromised. The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py. Anyone who runs pip install from a compromised repo or clones and executes the code will trigger the malware."
        https://www.stepsecurity.io/blog/forcememo-hundreds-of-github-python-repos-compromised-via-account-takeover-and-force-push
        https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html
        https://www.securityweek.com/forcememo-python-repositories-compromised-in-glassworm-aftermath/
      • Sandworm: Russia's Global Infrastructure Wrecking Crew
        "Sandworm is a threat group attributed to the Russian Federation (Russia) General Staff Main Intelligence Directorate (GRU). The group operates as a unit within the Russian military and was identified in 2014 while using BlackEnergy malware and a Windows zero‑day (CVE‑2014‑4114) to conduct spear phishing and reconnaissance operations. It wasn’t until December of the following year that the group showed how truly dangerous it was at the time."
        https://blog.barracuda.com/2026/03/16/sandworm--russia-s-global-infrastructure-wrecking-crew
      • Evil Evolution: ClickFix And MacOS Infostealers
        "As we noted in December 2025, ClickFix is an increasingly common social engineering technique, which threat actors use to trick users into installing malicious software on their devices. Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running unknown and obfuscated terminal commands. It’s also worth noting that, unlike most modern phishing techniques, phishing-resistant authentication (e.g., FIDO2) is not an effective defence against ClickFix attacks."
        https://www.sophos.com/en-us/blog/evil-evolution-clickfix-and-macos-infostealers
        https://thehackernews.com/2026/03/clickfix-campaigns-spread-macsync-macos.html
      • Cyberattack Disrupts Parking Payments In Russian City
        "The Russian city of Perm has restored its parking payment system after a cyberattack last week knocked the service offline and temporarily made parking free for several days. City authorities confirmed Monday that the system is now fully operational and that all payment methods are working normally. The disruption was caused by a large-scale distributed denial-of-service (DDoS) attack that overwhelmed the city’s automated parking payment infrastructure, according to local officials."
        https://therecord.media/cyberattack-russia-parking-system
      • Web Shells, Tunnels, And Ransomware: Dissecting a Warlock Attack
        "We have identified new tactics, techniques, and procedures (TTPs) used by the Warlock ransomware group (tracked by TrendAI™ as Water Manaul). In our previous article, we detailed how Warlock exploited unpatched Microsoft SharePoint servers to deploy LockBit-derived ransomware with the .x2anylock extension, using Cloudflare tunnels for command and control (C&C) and Rclone for data exfiltration. Warlock’s method of initial access to victim networks has remained consistent; however, it has added new techniques to enhance its persistence, lateral movement, and defense evasion. These new observations include the usage of TightVNC (a remote access tool) to maintain persistent control, abuse of new open-source tools to conduct C&C communications, and a persistent Bring Your Own Vulnerable Driver (BYOVD) technique that leverages a vulnerability in the NSec driver.."
        https://www.trendmicro.com/en_us/research/26/c/dissecting-a-warlock-attack.html
      • Boggy Serpens Threat Assessment
        "We have been tracking ongoing cyberespionage campaigns by the threat group Boggy Serpens, also known as MuddyWater. Attributed to the Iranian Ministry of Intelligence and Security (MOIS), the group consistently targets diplomatic and critical infrastructure – including energy, maritime and finance – across the Middle East and other strategic targets around the world. We provide a comprehensive threat assessment of Boggy Serpens’ activities over the last year. Our analysis reveals a highly adaptable threat actor that has refined its operational strategy to focus on trusted relationship compromises and multi-wave targeting of key strategic organizations."
        https://unit42.paloaltonetworks.com/boggy-serpens-threat-assessment/

      Breaches/Hacks/Leaks

      • UK’s Companies House Confirms Security Flaw Exposed Business Data
        "Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. Dan Neidle, founder of the non-profit Tax Policy Associates, reported the vulnerability to the U.K. corporate register on Friday after Ghost Mail's John Hewitt (who discovered the flaw) didn't receive a reply. "All that was required was to log in to Companies House using your own details and access your own company's dashboard. Then opt to "file for another company" and enter the company number for any one of the five million companies registered with Companies House," said Neidle."
        https://www.bleepingcomputer.com/news/security/uks-companies-house-confirms-security-flaw-exposed-business-data/
        https://taxpolicy.org.uk/2026/03/13/companies-house-security-vulnerability-directors-addresses/
        https://www.infosecurity-magazine.com/news/companies-house-glitch-exposes/
        https://www.theregister.com/2026/03/16/companies_house_breach/
        https://www.bankinfosecurity.com/uk-agency-exposed-corporate-executive-data-a-31033
        https://hackread.com/companies-house-webfiling-flaw-director-details/
      • Stryker Attack Wiped Tens Of Thousands Of Devices, No Malware Needed
        "Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. The organization says in an update on Sunday that all its medical devices are safe to use but electronic ordering systems remain offline, and customers must place orders manually through sales representatives. Stryker emphasizes that the incident was not a ransomware attack and that the threat actor did not deploy any malware on its systems."
        https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
        https://therecord.media/stryker-cyberattack-impact-iran
      • Oracle EBS Hack: Only 4 Corporate Giants Still Silent On Potential Impact
        "Several global giants listed as victims of the recent hacking campaign targeting Oracle E-Business Suite (EBS) customers have remained mum on the impact of the cybersecurity incident. The Cl0p ransomware and extortion group has taken credit for the EBS hacking campaign, which involved exploiting zero-day vulnerabilities to access data stored by organizations in Oracle’s enterprise management software. The compromised data was then leveraged for extortion. While Cl0p serves as the public-facing extortion brand for the campaign, the cybersecurity community believes the operation may have been driven by a cluster of threat actors, most notably FIN11."
        https://www.securityweek.com/oracle-ebs-hack-only-4-corporate-giants-still-silent-on-potential-impact/
      • Robotics Surgical Biz Intuitive Discloses Phishing Attack
        "Robotics-assisted surgical tech firm Intuitive said that unauthorized intruders gained access to some of its internal IT business applications after stealing an employee's credentials during a phishing attack. Intuitive's statement on the cybersecurity incident doesn't indicate when the attack occurred or when the company discovered it. The Register has reached out to Intuitive about these and other questions, and we will update this story as soon as we receive any response. Stolen data includes some customer business and contact information, along with Intuitive employee and corporate data, according to the statement."
        https://www.theregister.com/2026/03/16/robotics_surgical_biz_intuitive_discloses/

      General News

      • Attackers Are Exploiting AI Faster Than Defenders Can Keep Up, New Report Warns
        "Cybersecurity is entering “a new phase” as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyberattacks and other threats, according to a new report released Monday. The report, authored by federal contractor Booz Allen Hamilton, concludes that threat actors have adopted AI more quickly than governments and private companies have adopted it for cyber defense. It points to multiple incidents over the past two years, like attacks carried out with the help of Anthropic’s Claude, that show both cybercriminals and state-sponsored hacking groups are moving and scaling faster than ever before."
        https://cyberscoop.com/booz-allen-report-ai-helps-attackers-move-faster-than-current-defenses/
        https://www.boozallen.com/expertise/cybersecurity/threat-report-when-cyberattacks-happen-at-ai-speed.html
      • Inside Olympic Cybersecurity: Lessons From Paris 2024 To Milan Cortina 2026
        "The Olympics are a global spectacle, uniting nations through the thrill of competition and the celebration of human achievement. During this year's Winter Olympic and Paralympic Games we watched Alysa Liu reclaim figure skating, a sport she once left behind, landing in first place. The US women's and men's ice hockey teams took gold, ending a 46-year Olympic drought for the latter. Lucas Pinheiro Braathen won gold in the men's giant slalom, bringing home the first Winter Olympics medal for Brazil. And on the seventh day of the Paralympic Winter Games, host country Italy surpassed its previous high score of 13 medals, bumping their tally up to 14."
        https://www.darkreading.com/threat-intelligence/olympic-cybersecurity-paris-2024-milan-2026
      • Certificate Lifespans Are Shrinking And Most Organizations Aren’t Ready
        "The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates, which reignited the debate and ultimately forced the CA/Browser Forum to set a formal schedule. The timeline that came out of those discussions moves certificate validity from one year down to 200 days, then 100, then 47 over a roughly three-year span. That schedule puts pressure on organizations to overhaul both their purchasing models and their operational processes for managing certificates."
        https://www.helpnetsecurity.com/2026/03/16/globalsign-tls-certificate-lifecycle-management/
      • Fortify Your Network Security From Emerging Geopolitical Cyberthreats
        "Since the start of the 2026 conflict in the Middle East on February 28, 2026, Akamai has observed a 245% increase in cybercrime targeting critical businesses and institutions in North America, Europe, and parts of Asia-Pacific. Handala, a hacktivist group that is reported to have links to Iran’s intelligence agencies, has claimed responsibility for a data-wiping attack against Stryker, a global medical technology company headquartered in Kalamazoo, Michigan. Geopolitically motivated hacktivists are using proxy services in countries like Russia and China as a source for billions of designed-for-abuse connection attempts."
        https://www.akamai.com/blog/security/fortify-network-security-emerging-geopolitical-cyberthreats
        https://www.theregister.com/2026/03/16/cybercrime_iran_war_245_percent_rise/
      • INTERPOL Report Warns Of Increasingly Sophisticated Global Financial Fraud Threat
        "Financial fraud is now one of the world’s most severe and rapidly evolving transnational crimes, with significant economic and human consequences. The 2026 INTERPOL Global Financial Fraud Threat Assessment warns that with increased global criminal collaboration, fraud is no longer a peripheral threat, it is at the centre of polycriminality, intersecting with organized crime, human trafficking and cybercrime."
        https://www.interpol.int/News-and-Events/News/2026/INTERPOL-report-warns-of-increasingly-sophisticated-global-financial-fraud-threat
        https://www.interpol.int/content/download/24291/file/INTERPOL Global Financial Fraud Threat Assessment 2026.pdf
        https://www.theregister.com/2026/03/16/interpol_ai_fraud/
      • Iranian Cyber Threat Evolution: From MBR Wipers To Identity Weaponization
        "Recent cyberattacks attributed to Iranian threat actors extend beyond typical network disruption. Rather than an isolated incident of sabotage, this type of attack sits within a broader context defined by Iran's reliance on asymmetric retaliation and historical proxy doctrine. Iran-aligned threat actors increasingly leverage cyberspace as a strategic equalizer. For the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), cyber operations provide a low-cost, high-impact mechanism for retaliation without crossing any geographical boundaries. In this environment, global organizations face increased cyber risk, as traditional malware deployment intersects with novel identity abuse. The shift from custom-built wiper malware to native administrative abuse removes a critical detection guardrail that historically protected enterprise networks."
        https://unit42.paloaltonetworks.com/evolution-of-iran-cyber-threats/
      • The Ransomware Economy Is Shifting Toward Straight-Up Data Extortion
        "Ransomware remains a scourge that shows some signs of relenting, but incident responders and threat hunters are busier than ever as more financially-motivated attackers lean exclusively on data theft for extortion. Attacks that only involve data theft for extortion may not be more prevalent than traditional ransomware when attackers encrypt systems, but momentum is moving in that direction, Genevieve Stark, head of cybercrime intelligence at Google Threat Intelligence Group, told CyberScoop."
        https://cyberscoop.com/google-threat-intelligence-group-ransomware-report-2026/

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 42ee35b4-329f-45e4-b90a-2d6a90007e9d-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post