NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ

    Cyber Threat Intelligence 22 June 2026

    Cyber Security News
    1
    1
    15
    โหลดโพสเพิ่มเติม
    • เก่าสุดไปยังใหม่สุด
    • ใหม่สุดไปยังเก่าสุด
    • Most Votes
    ตอบ
    • ตอบโดยตั้งกระทู้ใหม่
    เข้าสู่ระบบเพื่อตอบกลับ
    Topic นี้ถูกลบไปแล้ว เฉพาะผู้ใช้งานที่มีสิทธิ์ในการจัดการ Topic เท่านั้นที่จะมีสิทธิ์ในการเข้าชม
    • NCSA_THAICERTN
      NCSA_THAICERT
      แก้ไขล่าสุดโดย

      Financial Sector

      • Security Issues In The Korean & Global Financial Sector In May 2026
        "In Attack Stage 1 targeting the financial sector in May 2026, phishing had the highest score at 2.3. This is the highest figure since December 2025, indicating that Initial Breach attempts are increasingly centered on phishing. In Attack Stage 2, Dropper/Downloader had the highest rate at 1.4, while the backdoor also increased to 1.0 from 0.5 the previous month."
        https://asec.ahnlab.com/en/94179/

      Industrial Sector
      Experts Warn Of 'Mismatch' In US Response To OT Hacking
      "A cyberattack of any significant scale against operational technology in America's vital infrastructure and services would almost immediately overwhelm the online and offline resources available to responders, experts said this week. "We have a very large mismatch between expected capacity, expected demand, and current capacity," said Josh Corman, executive in residence for public safety and resilience at the Institute for Security and Technology."
      https://www.bankinfosecurity.com/experts-warn-mismatch-in-us-response-to-ot-hacking-a-32026

      Vulnerabilities

      • Unpatchable 'usbliter8' Exploit Breaks Apple A12 And A13 SecureROM Boot Chain
        "Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use."
        https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html
        https://ps.tc/pages/blog-usbliter8.html
        https://www.theregister.com/security/2026/06/19/researchers-drop-checkm8-style-bootrom-exploit-for-a12-and-a13-iphones/5259028
      • AutoJack: How a Single Page Can RCE The Host Running Your AI Agent
        "Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a browsing agent to reach a local Model Context Protocol (MCP) WebSocket and spawn arbitrary processes on the host. The technique, which we call AutoJack, jacks the agent into becoming the attacker’s last-mile delivery vehicle by crossing the localhost trust boundary that many developer tools rely on."
        https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/
        https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html

      Malware

      • People, Process, Personas: Nisos Exposes The Human Risk In DPRK Employment Fraud Schemes
        "Nisos assesses with high confidence that a Democratic People’s Republic of Korea (DPRK) state-sponsored cell conducted industrial-scale employment fraud against US companies, submitting more than 170,000 job applications that yielded 76 employment offers across 22 operatives between December 2024 and September 2025, utilizing appropriated identities, AI-driven interview assistance, and US-based facilitators to infiltrate UScompanies primarily in the technology sector."
        https://nisos.com/research/dprk-employment-fraud-operation/
        https://www.bankinfosecurity.com/north-korean-workers-try-try-try-again-a-32033
      • Amazon Prime Day 2026: Bargains Begin June 23 — And So Do The Scams
        "When Amazon Prime Day returns on June 23–26, 2026, more than 25 countries will take part in one of the largest shopping windows of the year. Spanning millions of products and generating billions of dollars in transactions in just 96 hours, the event is as lucrative for cyber criminals as it is anticipated by consumers. Major retail moments bring together the three ingredients’ attackers exploit most: a globally trusted brand, time-limited urgency, and massive purchase intent at scale. The result is predictable — phishing emails, fake websites, fraudulent offers, smishing campaigns, and account takeover attempts impersonating Amazon all surge during this period. What stands out in 2026 is the scale of the infrastructure Check Point Research (CPR) has already observed in the months leading up to the event."
        https://blog.checkpoint.com/research/amazon-prime-day-2026-bargains-begin-june-23-and-so-do-the-scams/
      • FIFA World Cup 2026: Hackers Target Football Fans With Fake Tickets Sites
        "With the FIFA World Cup 2026 matches in full swing, cybercriminals are targeting fans with various scams to capitalize on the tournament’s popularity, security researchers warn. Multiple scam networks have been discovered by security firms so far. These networks are designed to steal funds and personal details from people looking for tickets, hotels, and betting options."
        https://hackread.com/fifa-world-cup-2026-hackers-football-fake-tickets-sites/
      • Supply-Chain Malware Is Evolving And Starting To Spread Like a Worm
        "For years, most supply-chain attacks depended on a single point of compromise. An attacker would gain access to a vendor or library and insert malicious code into a trusted update. From there, the attack would spread only as far as that distribution channel allowed. That model has changed. Emerging threats like Shai-Hulud show how attackers are moving toward self-propagating supply-chain attacks that spread through developer ecosystems without continuous attacker control. Instead of maintaining access to one source, the malware turns each new compromised environment into another distribution point."
        https://blog.barracuda.com/2026/06/18/supply-chain-malware-worm-shai-hulud
      • 1.16 Billion Attacks: How The FortiBleed Crew Broke FortiGate
        "FortiBleed is not just a leak, it is an operation. A multi-operator crew has been running industrial-scale credential harvesting against Fortinet FortiGate SSL VPN appliances worldwide. The numbers are not subtle: 1.16 billion login attempts against 320,777 FortiGate targets, 2.1 billion more against 163,650 MSSQL servers, intercepted hashes cracked on a 45-GPU cluster, and live VPN sessions hijacked to pivot straight into Active Directory. This is the attack chain, the infrastructure behind it, and what it means for defenders."
        https://ransomnews.com/fortibleed-fortigate-bruteforce-operation/
        https://securityaffairs.com/193931/hacking/fortibleed-exposes-global-credential-spraying-operation.html

      Breaches/Hacks/Leaks

      • Texas Govt Data Breach Exposes Over 3 Million Driver’s Licenses
        "The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. The Texas Cyber Command discovered the intrusion and launched an investigation to determine the extent and impact of the unauthorized access. The state authority found that Social Security Numbers (SSNs), dates of birth, or any financial information, such as credit cards, have not been impacted."
        https://www.bleepingcomputer.com/news/security/texas-govt-data-breach-exposes-over-3-million-drivers-licenses/
        https://www.theregister.com/security/2026/06/19/texas-gov-vendor-breach-exposes-data-of-3m-hunters-anglers/5258815
      • ShinyHunters Threatens To Leak Amazon One Medical Records
        "Amazon bought One Medical for $3.9 billion in 2023 in its bid to bring transformational healthcare experiences to patients through a network of onsite and virtual primary care services. It serves employees of more than 8,500 U.S. clients. Now, prolific digital extortion gang ShinyHunters is threatening to dump 8.8 terabytes of data it allegedly stole from Amazon's One Medical business unit."
        https://www.bankinfosecurity.com/shinyhunters-threatens-to-leak-amazon-one-medical-records-a-32027
      • Leak Exposes Members Of Peter Thiel’s Secretive ‘Dialog’ Society
        "A trove of internal records from a secret society for powerful figures in US politics, finance, and tech was left exposed online, WIRED has confirmed, naming participants in its events and revealing sensitive personal details they were assured would stay private. The group, called Dialog, is a private, invitation-only organization cofounded in 2006 by the billionaire tech investor Peter Thiel. It convenes US officials, foreign government figures, and Silicon Valley executives at off-the-record annual retreats. Dialog has spent two decades declining to disclose its members."
        https://www.wired.com/story/leak-exposes-members-of-peter-thiels-secretive-dialog-society/
        https://securityaffairs.com/193880/intelligence/peter-thiel-secret-society-leak-creates-a-perfect-target-list-for-espionage-influence-operations-and-blackmail.html
      • 24 Billion Records, Including Usernames And Passwords, Exposed In Colossal Data Leak: What Does That Mean For You?
        "Cybernews researchers discovered an exposed database containing 24 billion records, including usernames, email addresses, plaintext passwords, and login URLs. The data appears to come from infostealer malware logs, records stolen from infected devices and collected from Telegram channels, breach compilations, and other sources."
        https://cybernews.com/security/24-billion-credentials-data-leak/
        https://securityaffairs.com/193864/security/24-billion-stolen-credentials-exposed-in-massive-data-leak.html

      General News

      • May 2026 Threat Trend Report On Ransomware
        "This report summarizes the quantity of new ransomware samples collected during the month of May 2026, the number of affected systems, statistics on targeted businesses, and major Korean & Global ransomware issues. Statistics on samples and affected systems are based on AhnLab’s detection names, while statistics on targeted businesses are aggregated based on the time when publicly available information from ransomware groups’ DLS (Dedicated Leaks Sites, ransomware PR sites or PR pages) was collected via the ATIP (AhnLab Threat Intelligence Platform) infrastructure."
        https://asec.ahnlab.com/en/94185/
      • CISA Urges Hardening Fortinet Devices After Reports Of Credential Exposure
        "CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways."
        https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposure
        https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/
        https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html
        https://www.securityweek.com/fortibleed-86000-fortinet-device-credentials-compromised/
        https://securityaffairs.com/193902/hacking/cisa-warns-of-active-exploitation-following-fortibleed-leak.html
      • Stressors, AI Forcing Changes To Cybersecurity Teams
        "Chief information security officers (CISOs) are faced with overwhelming workloads, the need to keep up with the changes wrought by AI, and fears of liability if they get something wrong — causing some to leave the industry. More than two-thirds of cybersecurity and IT professionals (68%) consider their job more difficult today than two years ago, with more than half saying that the complexity and workload have both increased (55%), and that cyberthreats have become more overwhelming (52%); that's according to a survey-based report published by the Information Systems Security Association (ISSA) International and analyst firm Omdia."
        https://www.darkreading.com/cybersecurity-operations/stressors-ai-changes-cybersecurity-teams
      • Analysis Of Reported Credential Compromise Of FortiGate Devices
        "Fortinet is aware of reports of malicious cyber actors targeting Fortinet devices in a credential-harvesting campaign referred to as FortiBleed. Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents (FG-IR-26-060, FG-IR-25-647) and employing brute-force techniques (as described in a March blog, “Attacks at the Speed of AI”) against devices with weak password hygiene and no multi-factor authentication (MFA). Fortinet provided detailed guidance at the time of these advisories and we continue to strongly encourage all customers to ensure these remediation steps have been completed."
        https://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devices
      • Companies Are Discarding The Logs They Need To Catch a Breach
        "Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation. Many also limit how long they retain the logs they do keep. That choice carries a security cost of its own."
        https://www.helpnetsecurity.com/2026/06/19/report-log-management-security-risk/
      • Asia-Pacific Scam Networks Generate Nearly $40 Billion a Year
        "Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of all crimes recorded nationally, according to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report. Rapid digital adoption has expanded the region’s digital footprint and increased exposure to cyber threats. Criminal groups target businesses, governments, and individuals through online fraud, ransomware, phishing campaigns, and credential theft."
        https://www.helpnetsecurity.com/2026/06/19/interpol-asia-cybercrime-trends-report/
      • Confidence Lacks In Threat Detection Across Non-Email Channels Like Slack And Teams
        "Cybersecurity leaders are increasingly concerned about their ability to detect threats as attackers shift beyond email to collaboration platforms such as Slack and Microsoft Teams. According to new research from KnowBe4, many organizations lack confidence in their visibility across these non-email channels, despite their growing use in cyber-attacks. An in-person survey of 169 cybersecurity professionals, conducted at Infosecurity Europe 2026, found that 50% said their organization lacks strong confidence in detecting threats across messaging and social platforms."
        https://www.infosecurity-magazine.com/news/threat-detection-across-nonemail/
      • Forget Data Leakage: Shadow AI's Real Threat Is Access Control
        "The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn't fit the problem anymore."
        https://thehackernews.com/2026/06/forget-data-leakage-shadow-ais-real.html

      อ้างอิง
      Electronic Transactions Development Agency (ETDA) 9a80fdad-26ee-482e-83f6-1b894334ae6d-image.png

      1 การตอบกลับ คำตอบล่าสุด ตอบ คำอ้างอิง 0
      • First post
        Last post