NCSA Webboard
    • ล่าสุด
    • แท็ก
    • ฮิต
      • ติดต่อสำนักงาน
    • ลงทะเบียน
    • เข้าสู่ระบบ
    1. หน้าแรก
    2. NCSA_THAICERT
    • รายละเอียด
    • ติดตาม 0
    • คนติดตาม 2
    • กระทู้ 1,351
    • กระทู้ 1,352
    • ดีที่สุด 0
    • Controversial 0
    • กลุ่ม 2

    NCSA_THAICERT

    @NCSA_THAICERT

    1
    ชื่อเสียง
    41
    ดูข้อมูลส่วนตัว
    1.4k
    กระทู้
    2
    คนติดตาม
    0
    ติดตาม
    เข้าร่วม ออนไลน์ล่าสุด
    เว็บไซต์ www.ncsa.or.th/?fbclid=IwAR0BqJEC-CJzBs98rlBxUbZkNBgp1g814xdDNNaKnHTrxfqZhPD--ksY68I

    NCSA_THAICERT เลิกติดตาม ติดตาม
    Global Moderator administrators

    Latest posts made by NCSA_THAICERT

    • Cyber Threat Intelligence 16 July 2025

      Industrial Sector

      • Hitachi Energy Asset Suite
        "Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to the target equipment, perform remote code executions, or escalate privileges."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-01
      • LITEON IC48A And IC80A EV Chargers
        "Successful exploitation of this vulnerability could allow an attacker to access sensitive information when accessing the Liteon EV chargers."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-03
      • ABB RMC-100
        "Successful exploitation of these vulnerabilities could allow an attacker to gain unauthenticated access to the MQTT configuration data, cause a denial-of-service condition on the MQTT configuration web server (REST interface), or decrypt encrypted MQTT broker credentials."
        https://www.cisa.gov/news-events/ics-advisories/icsa-25-196-02

      Vulnerabilities

      • Preventing Zero-Click AI Threats: Insights From EchoLeak
        "EchoLeak (CVE-2025-32711) is a newly identified vulnerability in Microsoft 365 Copilot, made more nefarious by its zero-click nature, meaning it requires no user interaction to succeed. It demonstrates how helpful systems can open the door to entirely new forms of attack— no malware, no phishing required—just the unquestioning obedience of an AI agent. This new threat has even been classified by the team behind the disclosure as a new form of large language model (LLM) exploitation called “Scope Violation.” In this entry, we break down these new terms and risks—and how Trend Micro can help users stay ahead, equipped and aware of these tactics, especially when AI assistants aren’t."
        https://www.trendmicro.com/en_us/research/25/g/preventing-zero-click-ai-threats-insights-from-echoleak.html

      Malware

      • Fake Android Money Transfer App Targeting Bengali-Speaking Users
        "McAfee’s Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly Bangladeshi people living abroad. The app poses as popular financial services like TapTap Send and AlimaPay. It is distributed through phishing sites and FacebookFacekbook pages, and the app steals users’ personal and financial information. The campaign remains highly active, with the command-and-control (C2) server operational and connected to multiple evolving domains. While the attack techniques are not new, the campaign’s cultural targeting and sustained activity reflect how cybercriminals continue to adapt their strategies to reach specific communities. McAfee Mobile Security already detects this threat as Android/FakeApp. For more information, visit McAfee Mobile Security."
        https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
      • Contagious Interview Campaign Escalates With 67 Malicious Npm Packages And New Malware Loader
        "The Socket Threat Research Team has uncovered a new North Korean software supply chain attack involving a previously unreported malware loader we call XORIndex. This activity is an expansion of the campaign we reported in June 2025, which deployed the HexEval Loader. In this latest wave, the North Korean threat actors behind the Contagious Interview operation infiltrated the npm ecosystem with 67 malicious packages, collectively downloaded more than 17,000 times. 27 of these packages remain live on the npm registry. We have submitted takedown requests to the npm security team and petitioned for the suspension of the associated accounts."
        https://socket.dev/blog/contagious-interview-campaign-escalates-67-malicious-npm-packages
        https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html
        https://www.bleepingcomputer.com/news/security/north-korean-xorindex-malware-hidden-in-67-malicious-npm-packages/
        https://www.infosecurity-magazine.com/news/north-korean-contagious-interview/
        https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.html
      • Konfety Returns: Classic Mobile Threat With New Evasion Techniques
        "As part of our ongoing mission to identify emerging threats to mobile security, our zLabs team has been actively tracking a new, sophisticated variant of a well-known malware previously reported by Human. This Android-targeted malware, named Konfety, employs an “evil-twin” method to conduct fraudulent activities. Notably, two distinct variants of this application share the same Package Name, a tactic designed to enhance its evasiveness and impact:"
        https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
        https://www.bleepingcomputer.com/news/security/android-malware-konfety-uses-malformed-apks-to-evade-detection/
        https://securityaffairs.com/179969/malware/android-malware-konfety-evolves-with-zip-manipulation-and-dynamic-loading.html
      • Unmasking AsyncRAT: Navigating The Labyrinth Of Forks
        "AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants. While its capabilities are not that impressive on their own, it is the open-source nature of AsyncRAT that has truly amplified its impact. This blogpost provides an overview and analysis of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved."
        https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/
        https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html
        https://www.darkreading.com/remote-workforce/async-rat-labyrinth-forks
        https://cyberscoop.com/asyncrat-malware-variants-eset/
        https://www.helpnetsecurity.com/2025/07/15/asyncrat-forks-eset-research/
      • SVG Smuggling – Image Embedded JavaScript Redirect Attacks
        "Threat actors are increasingly leveraging Scalable Vector Graphics (SVG) files as a delivery vector for JavaScript-based redirect attacks. SVGs, commonly treated as harmless image formats, can contain embedded script elements. In these campaigns, adversaries embed obfuscated JavaScript within SVG files to initiate browser redirects at runtime. The final redirect destinations are attacker-controlled infrastructure, with appended Base64-encoded strings used for victim tracking or correlation, while the payload is carefully structured for evasive purposes. The phishing themes vary between “ToDoList”, “Missed Call” and “Payment” related topics."
        https://www.ontinue.com/resource/blog-svg-smuggling/
        https://hackread.com/attackers-hide-javascript-svg-images-malicious-sites/
        https://www.infosecurity-magazine.com/news/hackers-svg-files-javascript/
        https://www.securityweek.com/threat-actors-use-svg-smuggling-for-browser-native-redirection/
      • GLOBAL GROUP: Emerging Ransomware-As-a-Service, Supporting AI Driven Negotiation And Mobile Control Panel For Their Affiliates
        "On June 2, 2025, EclecticIQ analysts observed the emergence of GLOBAL GROUP, a new Ransomware-as-a-Service (RaaS) brand promoted on the Ramp4u forum by the threat actor known as “$$$”. The same actor controls the Black Lock RaaS [1] and previously managed Mamona [2] ransomware operations. GLOBAL GROUP targets a wide range of sectors across the United States and Europe. EclecticIQ assesses with medium confidence that GLOBAL GROUP was likely established as a rebranding of the BlackLock RaaS operation. This rebranding aims to rebuild trust and expand the affiliate network by giving 80% of extorted ransom money to affiliates."
        https://blog.eclecticiq.com/global-group-emerging-ransomware-as-a-service
        https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html
      • Octalyn Stealer Unmasked
        "The Octalyn Forensic Toolkit, publicly hosted on GitHub, presents itself as a research-oriented tool for digital forensics and red teaming. It consists of a C++-based payload module supported by a Delphi-based builder interface, which simplifies payload generation and allows even low-skilled actors to produce fully functional binaries with minimal effort. The builder requires only a Telegram bot token and chat ID to configure a payload capable of real-time data exfiltration via Telegram."
        https://www.cyfirma.com/research/octalyn-stealer-unmasked/
      • Malicious Telegram APK Campaign Advisory
        "Over the past month, the team at PreCrime™ Labs, the threat research division at BforeAI, has identified a large malicious campaign of 607 domains actively distributing application files (“APKs”), claiming to be Telegram Messenger. These domains, linked to a large-scale phishing and malware campaign, were registered through the Gname registrar, and are primarily hosted in the Chinese language."
        https://bfore.ai/report/malicious-telegram-apk-campaign-advisory/
        https://www.darkreading.com/cyberattacks-data-breaches/telegram-app-chinese-users-android-data
        https://hackread.com/fake-telegram-apps-domains-android-malware-attack/

      Breaches/Hacks/Leaks

      • Seychelles Commercial Bank Confirms Customer Data Breach
        "A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world's smallest countries, notified customers of a hack, but said only personal information - not money - was stolen. The archipelago nation in the Indian Ocean, located northeast of Madagascar, sports 98,000 inhabitants, ranks as the richest country in Africa and has a reputation for being a tax haven."
        https://www.bankinfosecurity.com/seychelles-commercial-bank-confirms-customer-data-breach-a-28972
      • Data Breach At Debt Settlement Firm Impacts 160,000 People
        "Pennsylvania-based debt settlement company Next Level Finance Partners (dba Century Support Services) has disclosed a data breach impacting a significant number of individuals. The company has started sending out data security incident notifications informing impacted individuals that its systems were hacked in November 2024. An investigation launched in response to the cyberattack revealed in late May that the files potentially accessed or taken by the hackers stored personal information."
        https://www.securityweek.com/data-breach-at-debt-settlement-firm-impacts-160000-people/
      • Ransomware Group Claims Attack On Belk
        "The DragonForce ransomware gang has claimed responsibility for a disruptive cyberattack on US department store chain Belk. The incident was identified on May 8 and prompted Belk to disconnect affected systems, restrict network access, reset passwords, and rebuild impacted systems, which disrupted the chain’s online and physical operations for several days. The company’s online store is still offline at the time of publication. Belk’s investigation into the attack determined that hackers had access to its network between May 7 and May 11, and that they exfiltrated certain documents, including files containing personal information."
        https://www.securityweek.com/ransomware-group-claims-attack-on-belk/
        https://securityaffairs.com/179958/data-breach/belk-hit-by-may-cyberattack-dragonforce-stole-150gb-of-data.html

      General News

      • June 2025 Threat Trend Report On Ransomware
        "This report provides statistics on the number of new ransomware samples and affected systems, and affected companies that were collected in June 2025, as well as major ransomware issues in and out of Korea. Below is a summary of the information. The statistics on the number of ransomware samples and affected systems were based on the detection names given by AhnLab. Additionally, the statistics on affected companies by ransomware were based on the time when the information was collected from the Dedicated Leak Sites (DLS) of the ransomware group, which are PR sites or pages for ransomware, in the ATIP infrastructure."
        https://asec.ahnlab.com/en/89032/
      • June 2025 APT Attack Trends Report (South Korea)
        "AhnLab is monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified in June 2025, as well as the features of each type."
        https://asec.ahnlab.com/en/89028/
      • Stop Settling For Check-The-Box Cybersecurity Policies
        "After every breach, people ask: How did this happen if there were cybersecurity policies in place? The truth is, just having them doesn’t stop attacks. They only work if people know them and follow them when it matters. That’s where things often break down. Policies fail when they don’t match how work gets done, get outdated, or focus too much on rules instead of real risks. When security rules are full of legal jargon or written for everyone in the same way, employees have a hard time knowing what they mean or how to follow them."
        https://www.helpnetsecurity.com/2025/07/15/stop-settling-for-check-the-box-cybersecurity-policies/
      • Abacus Market Conducts Likely Exit Scam Amid Increasingly Unstable Western Darknet Marketplace Landscape
        "In early July, 2025, Abacus Market, the largest Bitcoin-enabled Western darknet marketplace (DNM), went offline, rendering all internet-facing infrastructure, including its clearnet mirror, inaccessible. TRM Labs assesses that the marketplace’s operators have likely conducted an exit scam, shutting down operations and disappearing with users’ funds. However, law enforcement may also have covertly seized the marketplace. Abacus’s exit follows the June 16, 2025 law enforcement seizure of Archetyp Market, marking the latest in a series of shutdowns in the Western DNM ecosystem."
        https://www.trmlabs.com/resources/blog/abacus-market-conducts-likely-exit-scam-amid-increasingly-unstable-western-darknet-marketplace-landscape
        https://www.bleepingcomputer.com/news/security/abacus-dark-web-drug-market-goes-offline-in-suspected-exit-scam/
        https://www.infosecurity-magazine.com/news/abacus-market-shutters-exit-scam/
      • Police Disrupt “Diskstation” Ransomware Gang Attacking NAS Devices
        "An international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses. The law enforcement operation codenamed 'Operation Elicius' was coordinated by Europol and also involved police forces in France and Romania. Diskstation is a ransomware operation that targets Synology Network-Attached Storage (NAS) devices, which are commonly used by companies for centralized file storage and sharing, data backup and recovery, and general content hosting."
        https://www.bleepingcomputer.com/news/security/police-disrupt-diskstation-ransomware-gang-attacking-nas-devices/
      • Former U.S. Soldier Pleads Guilty To Hacking And Extortion Scheme Involving Telecommunications Companies
        "A former Army soldier, who was most recently stationed in Texas, pleaded guilty today to conspiring to hack into telecommunications companies’ databases, access sensitive records, and extort the telecommunications companies by threatening to release the stolen data unless ransoms were paid. According to court documents, between April 2023 and Dec. 18, 2024, Cameron John Wagenius, 21, used online accounts associated with the nickname “kiberphant0m” and conspired with others to defraud at least 10 victim organizations by obtaining login credentials for the organizations’ protected computer networks. The conspirators obtained these credentials using a hacking tool that they called SSH Brute, among other means."
        https://www.justice.gov/opa/pr/former-us-soldier-pleads-guilty-hacking-and-extortion-scheme-involving-telecommunications
        https://cyberscoop.com/cameron-wagenius-att-snowflake-guilty-plea/
        https://www.theregister.com/2025/07/15/solider_hacking_guilty/
      • How Criminal Networks Exploit Insider Vulnerabilities
        "When you hear "insider threat," what comes to mind? A rogue employee stealing files before quitting? Think bigger. The reality is far more alarming. Today's insider threats aren't lone wolves acting out of spite — they're pawns in the hands of sophisticated, organized criminal networks. These groups don't just exploit vulnerabilities in your systems; they exploit your people, turning trusted team members into unwitting accomplices or deliberate collaborators in their schemes. This is the current reality security leaders must face. Criminal networks are embedding operatives, coercing employees, and using cutting-edge tactics to infiltrate organizations from the inside."
        https://www.darkreading.com/vulnerabilities-threats/criminal-networks-exploit-insider-vulnerabilities
      • Lessons Learned From McDonald's Big AI Flub
        "McDonald's experienced a major security incident in June that resulted in the exposure of data belonging to approximately 64 million job applicants. Earlier this month, security researchers Ian Carroll and Sam Curry detailed how they found major flaws within McDonald's hiring platform, McHire. The platform features an AI chatbot named Olivia, created by the company Paradox.ai."
        https://www.darkreading.com/application-security/lessons-learned-mcdonalds-ai-flub
      • Inorganic DNA: How Nanoparticles Could Be The Future Of Anti-Counterfeiting Tech
        "For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the threats. Now, Italian startup Particular Materials is taking a radically different approach: tagging physical goods at the molecular level using engineered nanomaterials."
        https://www.helpnetsecurity.com/2025/07/15/inorganic-dna-nanoparticles-anti-counterfeiting-tech/
      • Securing Vehicles As They Become Platforms For Code And Data
        "In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet management cybersecurity. He points to growing risks like API breaches, tampering with onboard diagnostics, and over-the-air update attacks, and explains how a layered zero-trust model and practical use of AI help tackle them. Knoblauch also shares how predictive analytics and real-time data are driving proactive security and safety across both digital and physical fleet assets."
        https://www.helpnetsecurity.com/2025/07/15/robert-knoblauch-element-fleet-management-operations-security/
      • SaaS Security Adoption Grows Amid Rising Breach Rates
        "A new report has revealed a striking gap between how secure organizations believe their SaaS environments are and the reality of recent incidents. While 91% of teams expressed confidence in their SaaS data protection, 75% said they experienced a SaaS-related security incident in the past year, marking a 44-point increase over 2024. The AppOmni study, based on input from 803 IT and security professionals worldwide, found that confidence often stems from trust in SaaS providers rather than internal validation. “Confidence must be earned, not assumed,” the report warns, pointing to a growing need for proactive configuration management and real-time monitoring."
        https://www.infosecurity-magazine.com/news/saas-security-adoption-grows/
      • Hyper-Volumetric DDoS Attacks Skyrocket: Cloudflare’s 2025 Q2 DDoS Threat Report
        "Welcome to the 22nd edition of the Cloudflare DDoS Threat Report. Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the second quarter of 2025. To view previous reports, visit www.ddosreport.com. June was the busiest month for DDoS attacks in 2025 Q2, accounting for nearly 38% of all observed activity. One notable target was an independent Eastern European news outlet protected by Cloudflare, which reported being attacked following its coverage of a local Pride parade during LGBTQ Pride Month."
        https://blog.cloudflare.com/ddos-threat-report-for-2025-q2/
        https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html
        https://www.securityweek.com/ddos-attacks-blocked-by-cloudflare-in-2025-already-surpass-2024-total/
      • Fake Websites Are Wreaking Phishing Havoc
        "Phishing attacks involving fake Web sites that impersonate well-known brands are now occurring at a level of scale that once seemed unimaginable. Cybersecurity researchers at NordVPN earlier this month revealed they have been able to identify more than 120,000 malicious websites impersonating Amazon, that were set up in the last two months. In total, security researchers have seen 92,000 phishing sites with an Amazon name, with 21,000 fake Amazon websites attempting to install malware. Another 11,000 sites were selling fake goods."
        https://blog.barracuda.com/2025/07/15/fake-websites-are-wreaking-phishing-havoc
      • A Summer Of Security: Empowering Cyber Defenders With AI
        "AI provides an unprecedented opportunity for building a new era of American innovation. We can use these new tools to grow the U.S. economy, create jobs, accelerate scientific advances and give the advantage back to security defenders. And when it comes to security opportunities — we’re thrilled to be driving progress in three key areas ahead of the summer’s biggest cybersecurity conferences like Black Hat USA and DEF CON 33: agentic capabilities, next-gen security model and platform advances, and public-private partnerships focused on putting these tools to work."
        https://blog.google/technology/safety-security/cybersecurity-updates-summer-2025/
        https://therecord.media/google-big-sleep-ai-tool-found-bug
      • NSA: Volt Typhoon Was ‘not Successful’ At Persisting In Critical Infrastructure
        "Senior cybersecurity officials at the National Security Agency and FBI said the agencies have been successful in addressing some of the Chinese cyber campaigns targeting critical infrastructure in the U.S. During the International Conference on Cyber Security at Fordham University in New York City on Tuesday, experts spoke at length about Beijing’s so-called Typhoon campaigns — which have involved Chinese government and private sector groups launching attacks on U.S. government agencies and companies."
        https://therecord.media/china-typhoon-hackers-nsa-fbi-response

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) 12746812-9d65-413f-abfc-0d3335b2de44-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ช่องโหว่ด้านความมั่นคงปลอดภัยหลายรายการในผลิตภัณฑ์ Alcatel-Lucent OmniAccess Stellar

      เมื่อวันที่ 16 กรกฎาคม 2568 Cyber Security Agency of Singapore (CSA) รายงานเกี่ยวกับ Alcatel-Lucentที่เผยแพร่การอัปเดตด้านความมั่นคงปลอดภัยเพื่อแก้ไขช่องโหว่หลายรายการในผลิตภัณฑ์ OmniAccess Stellar แนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบดำเนินการอัปเดตเป็นเวอร์ชันล่าสุดโดยทันที

      ซึ่ง Alcatel-Lucent ได้ออกการอัปเดตด้านความมั่นคงปลอดภัยเพื่อแก้ไขช่องโหว่หลายรายการ ได้แก่ CVE-2025-52687, CVE-2025-52688, CVE-2025-52689 และ CVE-2025-52690 ซึ่งพบในผลิตภัณฑ์ OmniAccess Stellar

      ผลกระทบ

      • CVE-2025-52687: หากถูกโจมตีสำเร็จ ผู้โจมตีที่มีสิทธิ์เป็นผู้ดูแลระบบของอุปกรณ์สามารถฝังโค้ด JavaScript อันตรายลงในข้อมูลการรับส่งทางเว็บ ซึ่งอาจนำไปสู่การเข้ายึดเซสชันผู้ใช้ หรือทำให้เกิดการโจมตีแบบปฏิเสธการให้บริการ (DoS)

      • CVE-2025-52688: หากถูกโจมตีสำเร็จ ผู้โจมตีสามารถสั่งการคำสั่งในระดับ root บนอุปกรณ์ ซึ่งอาจส่งผลให้ข้อมูลรั่วไหล ความถูกต้องสมบูรณ์ของข้อมูลถูกบิดเบือน ความพร้อมใช้งานถูกกระทบ และผู้โจมตีสามารถควบคุมอุปกรณ์ได้อย่างสมบูรณ์ ช่องโหว่นี้มีคะแนน CVSSv3.1 เท่ากับ 9.8 จาก 10

      • CVE-2025-52689: หากถูกโจมตีสำเร็จ ผู้ไม่ประสงค์ดีที่ไม่ได้รับการยืนยันตัวตนอาจปลอมคำขอเข้าสู่ระบบเพื่อให้ได้มาซึ่ง session ID ที่มีสิทธิ์ระดับผู้ดูแลระบบ ซึ่งอาจนำไปสู่การเปลี่ยนแปลงการทำงานของอุปกรณ์ ช่องโหว่นี้มีคะแนน CVSSv3.1 เท่ากับ 9.8 จาก 10

      • CVE-2025-52690: หากถูกโจมตีสำเร็จ ผู้โจมตีสามารถสั่งรันคำสั่งใดๆ ในระดับ root ซึ่งอาจทำให้ข้อมูลรั่วไหล ความถูกต้องสมบูรณ์ของข้อมูลถูกกระทบ ความพร้อมใช้งานถูกลดทอน และผู้โจมตีสามารถควบคุมอุปกรณ์ได้อย่างสมบูรณ์

      ผลิตภัณฑ์ที่ได้รับผลกระทบ
      ช่องโหว่ดังกล่าวส่งผลกระทบต่อผลิตภัณฑ์ Alcatel-Lucent OmniAccess Stellar รุ่นต่อไปนี้

      • AP1100 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1200 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1300 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1400 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1500 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า

      แนวทางการแก้ไข
      แนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบติดต่อพันธมิตรทางธุรกิจ (Business Partner) โดยทันทีเพื่อดำเนินการอัปเดตเป็นเวอร์ชันล่าสุด

      อ้างอิง
      https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand cc9719fa-1943-4968-b582-7e3e223c1f8d-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ช่องโหว่ด้านความมั่นคงปลอดภัยหลายรายการในผลิตภัณฑ์ Alcatel-Lucent OmniAccess Stellar

      เมื่อวันที่ 16 กรกฎาคม 2568 Cyber Security Agency of Singapore (CSA) รายงานเกี่ยวกับ Alcatel-Lucentที่เผยแพร่การอัปเดตด้านความมั่นคงปลอดภัยเพื่อแก้ไขช่องโหว่หลายรายการในผลิตภัณฑ์ OmniAccess Stellar แนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบดำเนินการอัปเดตเป็นเวอร์ชันล่าสุดโดยทันที

      ซึ่ง Alcatel-Lucent ได้ออกการอัปเดตด้านความมั่นคงปลอดภัยเพื่อแก้ไขช่องโหว่หลายรายการ ได้แก่ CVE-2025-52687, CVE-2025-52688, CVE-2025-52689 และ CVE-2025-52690 ซึ่งพบในผลิตภัณฑ์ OmniAccess Stellar

      ผลกระทบ

      • CVE-2025-52687: หากถูกโจมตีสำเร็จ ผู้โจมตีที่มีสิทธิ์เป็นผู้ดูแลระบบของอุปกรณ์สามารถฝังโค้ด JavaScript อันตรายลงในข้อมูลการรับส่งทางเว็บ ซึ่งอาจนำไปสู่การเข้ายึดเซสชันผู้ใช้ หรือทำให้เกิดการโจมตีแบบปฏิเสธการให้บริการ (DoS)

      • CVE-2025-52688: หากถูกโจมตีสำเร็จ ผู้โจมตีสามารถสั่งการคำสั่งในระดับ root บนอุปกรณ์ ซึ่งอาจส่งผลให้ข้อมูลรั่วไหล ความถูกต้องสมบูรณ์ของข้อมูลถูกบิดเบือน ความพร้อมใช้งานถูกกระทบ และผู้โจมตีสามารถควบคุมอุปกรณ์ได้อย่างสมบูรณ์ ช่องโหว่นี้มีคะแนน CVSSv3.1 เท่ากับ 9.8 จาก 10

      • CVE-2025-52689: หากถูกโจมตีสำเร็จ ผู้ไม่ประสงค์ดีที่ไม่ได้รับการยืนยันตัวตนอาจปลอมคำขอเข้าสู่ระบบเพื่อให้ได้มาซึ่ง session ID ที่มีสิทธิ์ระดับผู้ดูแลระบบ ซึ่งอาจนำไปสู่การเปลี่ยนแปลงการทำงานของอุปกรณ์ ช่องโหว่นี้มีคะแนน CVSSv3.1 เท่ากับ 9.8 จาก 10

      • CVE-2025-52690: หากถูกโจมตีสำเร็จ ผู้โจมตีสามารถสั่งรันคำสั่งใดๆ ในระดับ root ซึ่งอาจทำให้ข้อมูลรั่วไหล ความถูกต้องสมบูรณ์ของข้อมูลถูกกระทบ ความพร้อมใช้งานถูกลดทอน และผู้โจมตีสามารถควบคุมอุปกรณ์ได้อย่างสมบูรณ์

      ผลิตภัณฑ์ที่ได้รับผลกระทบ
      ช่องโหว่ดังกล่าวส่งผลกระทบต่อผลิตภัณฑ์ Alcatel-Lucent OmniAccess Stellar รุ่นต่อไปนี้

      • AP1100 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1200 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1300 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1400 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า
      • AP1500 AWOS เวอร์ชัน 5.0.2 GA และก่อนหน้า

      แนวทางการแก้ไข
      แนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบติดต่อพันธมิตรทางธุรกิจ (Business Partner) โดยทันทีเพื่อดำเนินการอัปเดตเป็นเวอร์ชันล่าสุด

      อ้างอิง
      https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand cc9719fa-1943-4968-b582-7e3e223c1f8d-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • CISA เตือนช่องโหว่ในระบบเบรกท้ายขบวนรถไฟ เสี่ยงถูกรบกวนจากระยะไกลด้วยวิทยุราคา 500 ดอลลาร์

      f23ec09d-9f36-4a1b-a5f2-f30b0dc6d98c-image.png

      CISA เตือนช่องโหว่ในระบบเบรกท้ายขบวนรถไฟ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand ef06dac1-9981-4d27-aaf9-5f634ee7dfc8-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • พบช่องโหว่ eSIM บนการ์ด eUICC ของ Kigen ทำให้อุปกรณ์ IoT หลายพันล้านเครื่องเสี่ยงต่อการโจมตีที่เป็นอันตราย

      fbd65368-3b5f-4e6b-ab1e-0d4148549c46-image.png

      พบช่องโหว่ eSIM บนการ์ด eUICC ของ Kigen ทำให้อุปกรณ์ Io.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 56509570-d546-4535-9944-c20aa9b5ac5b-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Cyber Threat Intelligence 15 July 2025

      Financial Sector

      • New MITRE Framework Takes Aim At Crypto Threats
        "MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial ecosystems, including cryptocurrency platforms. Modeled after the MITRE ATT&CK framework, AADAPT offers developers, policymakers, and financial institutions a structured approach to identifying, analyzing, and mitigating threats tied to digital asset payment technologies."
        https://www.helpnetsecurity.com/2025/07/14/mitre-aadapt-adversarial-actions-in-digital-asset-payment-technologies/

      Healthcare Sector

      • FAPI 2.0: How The OpenID Foundation Is Enabling Scalable Interoperability In Global Healthcare
        "In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards. Hodges also explains how conformance testing and strategic partnerships help maintain security and interoperability across sectors."
        https://www.helpnetsecurity.com/2025/07/14/gail-hodges-openid-foundation-fapi-2-0/

      New Tooling

      • Pqcscan: Open-Source Post-Quantum Cryptography Scanner
        "pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files into an HTML report that opens in a web browser. “I created pqcscan because we see all the big ones rolling out PQC algorithms in production,” Vincent Berg, CTO at Anvil Secure and the creator of the tool, told Help Net Security."
        https://www.helpnetsecurity.com/2025/07/14/pqcscan-open-source-post-quantum-cryptography-scanner/
        https://github.com/anvilsecure/pqcscan

      Vulnerabilities

      • CISA Adds One Known Exploited Vulnerability To Catalog
        "CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
        CVE-2025-47812 Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability"
        https://www.cisa.gov/news-events/alerts/2025/07/14/cisa-adds-one-known-exploited-vulnerability-catalog
        https://therecord.media/exploited-file-transfer-bug-cisa
      • SMM Callout Vulnerabilities Identified In Gigabyte UEFI Firmware Modules
        "System Management Mode (SMM) callout vulnerabilities have been identified in UEFI modules present in Gigabyte firmware. An attacker could exploit one or more of these vulnerabilities to elevate privileges and execute arbitrary code in the SMM environment of a UEFI-supported processor. While AMI (the original firmware supplier) has indicated that these vulnerabilities were previously addressed, they have resurfaced in Gigabyte firmware and are now being publicly disclosed."
        https://kb.cert.org/vuls/id/746790
        https://www.bleepingcomputer.com/news/security/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot/
        https://www.securityweek.com/flaws-in-gigabyte-firmware-allow-security-bypass-backdoor-deployment/

      Malware

      • KongTuke FileFix Leads To New Interlock RAT Variant
        "Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware, a shift from the previously identified JavaScript-based Interlock RAT (aka NodeSnake), uses PHP and is being used in a widespread campaign. Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters. The campaign begins with compromised websites injected with a single-line script hidden in the page’s HTML, often unbeknownst to site owners or visitors."
        https://thedfirreport.com/2025/07/14/kongtuke-filefix-leads-to-new-interlock-rat-variant/
        https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html
        https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/
        https://www.darkreading.com/threat-intelligence/web-inject-campaign-interlock-rat-variant
        https://www.infosecurity-magazine.com/news/interlock-ransomware-new-rat/
        https://www.securityweek.com/new-interlock-rat-variant-distributed-via-filefix-attacks/
        https://securityaffairs.com/179919/cyber-crime/interlock-ransomware-group-deploys-new-php-based-rat-via-filefix.html
      • Forensic Journey: Breaking Down The UserAssist Artifact Structure
        "As members of the Global Emergency Response Team (GERT), we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and track adversarial activities, and reveal malware samples. However, UserAssist has not been extensively examined, leaving knowledge gaps regarding its data interpretation, logging conditions and triggers, among other things. This article provides an in-depth analysis of the UserAssist artifact, clarifying any ambiguity in its data representation. We’ll discuss the creation and updating of artifact workflow, the UEME_CTLSESSION value structure and its role in logging the UserAssist data. We’ll also introduce the UserAssist data structure that was previously unknown."
        https://securelist.com/userassist-artifact-forensic-value-for-incident-response/116911/
      • Russia-Linked Group Spoofing European Journalists To Spread Disinformation
        "A Kremlin-linked disinformation group has been impersonating real journalists and publishing fake articles on spoofed news websites to spread false narratives in France, Armenia, Germany, Moldova and Norway, researchers have found. The campaign was attributed to Storm-1516, a Russian threat actor active since at least 2023 that has previously sought to discredit Ukraine and sow discord in Europe. The group’s past operations have also targeted elections in Germany, Georgia and the United States."
        https://therecord.media/russia-group-spoofing-journalists-disinfo
      • Behind The Clouds: Attackers Targeting Governments In Southeast Asia Implement Novel Covert C2 Communication
        "Since late 2024, Unit 42 researchers have been tracking a cluster of suspicious activity as CL-STA-1020, targeting governmental entities in Southeast Asia. The threat actors behind this cluster of activity have been collecting sensitive information from government agencies, including information about recent tariffs and trade disputes. This campaign is particularly noteworthy due to its novel tradecraft. The threat actors have developed a previously undocumented Windows backdoor, which we named HazyBeacon."
        https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/
      • Actionable Threat Hunting With GTI (II) - Analyzing a Massive Phishing Campaign
        "Welcome back to our series on Actionable Threat Hunting with Google Threat Intelligence! This time, we're going to talk about a huge phishing scam that's just happened in the last few months. It's connected to Booking, which is one of the most popular websites for booking hotels. Our main goal here is to show you how just one email we got helped us figure out how big this scam really was. We also found some interesting files that seem connected to Telegram messages the threat actors used. And don't worry, we'll share some of our code from Google Colab so you can try this yourself!"
        https://www.googlecloudcommunity.com/gc/Community-Blog/Actionable-threat-hunting-with-GTI-II-Analyzing-a-massive/ba-p/923129

      Breaches/Hacks/Leaks

      • Louis Vuitton UK Latest Retailer Hit By Data Breach
        "The British outpost of luxury brand giant LVMH has become the latest UK retailer to suffer a serious security breach, after it began notifying customers that their personal data may have been compromised. Louis Vuitton UK said it became aware of the breach on July 2, according to screenshots of the customer notification shared on X (formerly Twitter). Personally identifiable information (PII) including first and second name, gender, country, phone number, email and postal address, date of birth, purchases and preference data may have been compromised, the firm said."
        https://www.infosecurity-magazine.com/news/louis-vuitton-uk-retailer-data/
        https://hackread.com/louis-vuitton-uk-cyberattack-3-lvmh-breach-3-months/
        https://www.securityweek.com/louis-vuitton-data-breach-hits-customers-in-several-countries/
        https://securityaffairs.com/179908/data-breach/global-louis-vuitton-data-breach-impacts-uk-south-korea-and-turkey.html

      General News

      • Why Your Microsoft 365 Setup Might Be More Vulnerable Than You Think
        "60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. Risks can come from any direction, whether it’s the complexity of managing multiple tenants, the explosion of Entra apps with broad permissions, or inconsistent enforcement of security controls like MFA."
        https://www.helpnetsecurity.com/2025/07/14/microsoft-365-attack-surface/
      • Ransomware Drops, But Don’t Relax Yet
        "WatchGuard has released its latest Internet Security Report, covering malware, network, and endpoint threats spotted by its Threat Lab in the first quarter of 2025. The report shows a 171% jump in unique malware detections compared to the previous quarter, the highest number the Threat Lab has seen so far. Along with that, there was a large rise in zero-day malware, pointing to a growing trend in threats designed to slip past traditional security tools that depend on known patterns."
        https://www.helpnetsecurity.com/2025/07/14/q1-2025-malware-trends/
      • Legal Gaps In AI Are a Business Risk, Not Just a Compliance Issue
        "A new report from Zendesk outlines a growing problem for companies rolling out AI tools: many aren’t ready to manage the risks. The AI Trust Report 2025 finds that while AI is moving into customer service and support, only 23% of companies feel highly prepared to govern it. The report highlights concerns ranging from data privacy to model bias. But the core challenge is trust: when customers don’t understand or feel comfortable with how AI is used, they’re less likely to engage. And when companies don’t have frameworks in place, they expose themselves to legal, reputational, and operational fallout."
        https://www.helpnetsecurity.com/2025/07/14/ai-governance-risks-legal-security-teams/
      • CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives In Noida Call Center
        "India's Central Bureau of Investigation (CBI) has announced that it has taken steps to dismantle what it said was a transnational cybercrime syndicate that carried out "sophisticated" tech support scams targeting citizens of Australia and the United Kingdom. The fraudulent scheme is estimated to have led to losses worth more than £390,000 ($525,000) in the United Kingdom alone."
        https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html
        https://www.infosecurity-magazine.com/news/indian-police-tech-support-scam/
      • June 2025 Infostealer Trend Report
        "This report provides statistics, trends, and case information on Infostealer malware including the distribution volume, distribution methods, and disguises based on the data collected and analyzed in June 2025. The following is a summary of the report."
        https://asec.ahnlab.com/en/89033/
      • Securing Against Phishing Beyond Email
        "Phishing is no longer just an email problem. Reports state that 40% of phishing campaigns now span channels beyond email, hitting collaboration tools like Slack and Teams, plus SMS, and social media platforms. Voice phishing (“vishing”) in particular is on the rise: 30% of surveyed organizations reported at least one instance of attackers using spoofed or AI-cloned calls to steal credentials in the past year. QR-code phishing (“quishing”) has also surged, growing 25% year-over-year as threat actors embed malicious codes in posters, invoices, and product packaging to redirect victims to fake login pages or malware downloads."
        https://www.tripwire.com/state-of-security/securing-against-phishing-beyond-email
      • Military Veterans May Be What Cybersecurity Is Looking For
        "As the cybersecurity shortage becomes more evident with demand for roles increasing, those at MyComputerCareer believe they have found the solution: utilizing veterans' talent and setting them up on cybersecurity and IT certification journeys. Each year, the ISC2 Cybersecurity Workforce Study looks at the cybersecurity field and assesses its workforce to understand concerns of professionals, the economic landscape, and the composition of the talent and skills base. In their review last year, researchers there found that talent shortages and skills gaps in the field are growing, thanks to uncertain economic conditions that have impacted the workforce."
        https://www.darkreading.com/remote-workforce/military-veterans-cybersecurity
      • The Dark Side Of Global Power Shifts & Demographic Decline
        "The digital shadows are growing longer, and the threats within them are multiplying. As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable. And healthcare is directly in the crosshairs. A convergence of geopolitical tension, economic desperation, and demographic collapse is fueling this cyber surge. The United States' resurgence as an economic, political, and energy superpower is reshaping the global order. Its retreat from Bretton Woods­–era global trade commitments has left many nations destabilized and searching for alternative levers of influence."
        https://www.darkreading.com/vulnerabilities-threats/dark-side-global-power-shifts-demographic-decline
      • A Practitioner-Focused DevSecOps Assessment Approach
        "Success in a DevSecOps enterprise hinges on delivering value to the end user, not simply completing intermediate steps along the way. Organizations and programs often struggle to achieve this due to a variety of factors, such as a lack of clear ownership and accountability for the capability to deliver software, functional siloes as opposed to integrated teams and processes, lack of effective tools for teams to use, and a lack of effective resources for team members to leverage to quickly get up to speed and boost productivity."
        https://insights.sei.cmu.edu/blog/a-practitioner-focused-devsecops-assessment-approach/
      • The Unusual Suspect: Git Repos
        "While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems. Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping code, developers may inadvertently leave behind API keys, tokens, or passwords in configuration files and code files, effectively handing attackers the keys to the kingdom."
        https://thehackernews.com/2025/07/the-unusual-suspect-git-repos.html
      • Patch, Track, Repeat
        "Welcome to this week’s edition of the Threat Source newsletter. We’ve made it halfway through 2025 already! It’s been a while since I last wrote about CVEs and how free support for Windows 10 will end on October 14, 2025, leaving you with no more security fixes. While the CVE system remains the global standard for vulnerability reporting, recent developments have sparked concerns within the community about its long-term stability. Currently, the program operates solely as a U.S. government-funded initiative. Following the last-minute funding extension, we’re now seeing competing ideas and projects emerging. Whether it’s the CVE Foundation working to transition from a single funding stream to a diversified and stable model, ENISA’s EUVD, or the Global CVE Allocation System (GCVE), the landscape is changing."
        https://blog.talosintelligence.com/patch-track-repeat/

      อ้างอิง
      Electronic Transactions Development Agency(ETDA) fafffd6f-5977-4ba3-9b64-c8ec70f742b0-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ช่องโหว่ร้ายแรงที่ส่งผลกระทบต่อเครื่องพิมพ์หลายรุ่น

      เมื่อวันที่ 14 กรกฎาคม 2568 Cyber Security Agency of Singapore (CSA) รายงานเกี่ยวกับผู้ผลิตเครื่องพิมพ์ ได้แก่ Brother, Konica Minolta และ Toshiba ได้ออกอัปเดตด้านความมั่นคงปลอดภัย เพื่อแก้ไขช่องโหว่ร้ายแรงที่ส่งผลกระทบต่อเครื่องพิมพ์หลากหลายรุ่น บริษัทผู้ผลิตเครื่องพิมพ์เหล่านี้ ได้ออกแพตช์อัปเดตด้านความปลอดภัย เพื่อแก้ไขช่องโหว่หมายเลข CVE-2024-51978 ซึ่งส่งผลกระทบต่อเครื่องพิมพ์หลายรุ่น โดยช่องโหว่ดังกล่าวมีคะแนน CVSS : 9.8 ซึ่งจัดอยู่ในระดับร้ายแรง (Critical)

      ผลกระทบ
      หากผู้ไม่ประสงค์ดีสามารถเจาะช่องโหว่ดังกล่าวได้สำเร็จ จะสามารถ ข้ามขั้นตอนการยืนยันตัวตน และ สร้างรหัสผ่านผู้ดูแลระบบเริ่มต้น (default admin password) ได้ โดยอาศัยเพียง หมายเลขประจำเครื่อง (Serial Number) ของอุปกรณ์เป้าหมายเท่านั้น แม้จะไม่ผ่านการรับรองยืนยันตัวตน

      ผลิตภัณฑ์ที่ได้รับผลกระทบ
      ช่องโหว่นี้ส่งผลกระทบต่อเครื่องพิมพ์หลากหลายรุ่นจากผู้ผลิตดังต่อไปนี้:

      • Brother: https://support.brother.com/g/b/faqend.aspx?c=us&lang=en&prod=group2&faqid=faq00100846_000

      • Konica Minolta : https://www.konicaminolta.com/global-en/security/advisory/pdf/km-2025-0001.pdf

      • Toshiba Tec Corporation : https://www.toshibatec.com/information/20250625_02.html

      ผู้ใช้งานควรตรวจสอบรายการรุ่นและเวอร์ชันเฟิร์มแวร์ที่ได้รับผลกระทบจากเอกสารคำแนะนำข้างต้น

      แนวทางสำหรับการป้องกันและลดความเสี่ยง

      • ผู้ใช้งานและผู้ดูแลระบบของเครื่องพิมพ์ที่ได้รับผลกระทบควร เปลี่ยนรหัสผ่านเริ่มต้น (default password) ของอุปกรณ์โดยทันที
      • ดำเนินการ อัปเดตเฟิร์มแวร์เป็นเวอร์ชันล่าสุด ตามที่ผู้ผลิตแนะนำโดยเร็วที่สุด
      • แนะนำให้ผู้ดูแลระบบ จำกัดการเข้าถึงอินเทอร์เฟซสำหรับผู้ดูแลระบบ โดยเฉพาะในกรณีที่ใช้งานผ่าน โปรโตคอลที่ไม่ปลอดภัยหรือเครือข่ายภายนอก

      อ้างอิง
      https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-071/

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 1aeae3d4-d315-4593-a344-107cd871daf5-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ช่องโหว่ใน Wing FTP Server ถูกนำไปใช้โจมตีทันทีหลังจากมีการเปิดเผยรายละเอียดทางเทคนิค

      1b14c00a-cdff-4623-99a7-f32799348a3b-image.png

      ช่องโหว่ใน Wing FTP Server ถูกนำไปใช้โจมตีทันทีหลัง.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 619c51a1-660b-49fa-b5ba-ee68782c1771-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • ระวังภัย ขบวนการแฝงตัวเพื่อสมัครงานไอทีจากเกาหลีเหนือบุกบริษัททั่วโลก

      80b443b6-93d5-4213-8c12-aa03106d85c5-image.png

      ระวังภัย ขบวนการแฝงตัวเพื่อสมัครงานไอทีจ.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand bca44c86-e6d7-4971-b4c1-664c0dedd20a-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT
    • Fortinet แพตช์ช่องโหว่ CVE-2025-25257 บน FortiWeb เสี่ยงถูกโจมตีแบบ SQL Injection

      ca507731-52cd-4411-9973-2546c7707e43-image.png

      Fortinet แพตช์ช่องโหว่ CVE-2025-25257 บน FortiWeb เสี่ยงถูกโจมต.png

      สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 390f4243-7161-4c63-b033-8d1087d02b19-image.png

      โพสต์ใน Cyber Security News
      NCSA_THAICERTN
      NCSA_THAICERT