สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับรายงานแคมเปญไซเบอร์ที่เกิดขึ้นอย่างต่อเนื่อง โดยกำหนดเป้าหมายไปที่ซอฟต์แวร์ Cisco IOS XE ที่เชื่อมต่อผ่านอินเทอร์เน็ตและไม่ได้รับการแก้ไข ซึ่งเกี่ยวข้องกับผู้ให้บริการโทรคมนาคมทั่วโลก

มีรายงานเกี่ยวกับแคมเปญไซเบอร์ที่มุ่งเป้าไปที่ช่องโหว่หมายเลข CVE-2023-20198 และ CVE-2023-20273 ในซอฟต์แวร์ Cisco Internetworking Operating System eXtended Edition (IOS XE) ที่เชื่อมต่อกับอินเทอร์เน็ตที่ไม่ได้รับการแก้ไขซึ่งเกี่ยวข้องกับผู้ให้บริการโทรคมนาคมทั่วโลก CVE-2023-20198 มีคะแนน Common Vulnerability Scoring System (CVSSv3.1) อยู่ที่ 10 คะแนน

จุดอ่อนที่พบได้คือ

• CVE-2023-20198: ช่องโหว่การยกระดับสิทธิ์ในฟีเจอร์อินเทอร์เฟซผู้ใช้บนเว็บ (UI) ของ Cisco IOS XE ซึ่งช่วยให้ผู้โจมตีจากระยะไกลที่ไม่ผ่านการตรวจรับรองสามารถสร้างบัญชีที่มีสิทธิ์การดูแลระบบเต็มรูปแบบได้ (ระดับสิทธิ์ 15)

• CVE-2023-20273: ช่องโหว่การเพิ่มสิทธิ์ซึ่งช่วยให้ผู้โจมตีสามารถดำเนินการคำสั่งตามอำเภอใจด้วยสิทธิ์รูทได้

ทั้ง CVE-2023-20198 และ CVE-2023-20273 สามารถเชื่อมโยงเข้าด้วยกันเพื่อใช้ประโยชน์จากฟีเจอร์ UI บนเว็บใน Cisco IOS XE สำหรับการเข้าถึงเบื้องต้นก่อนที่จะใช้ประโยชน์จากช่องโหว่การยกระดับสิทธิ์เพื่อรับสิทธิ์รูท มีรายงานว่าผู้โจมตีสร้างอุโมงค์ Generic Routing Encapsulation (GRE) บนเราเตอร์ Cisco ที่ถูกบุกรุกเพื่อห่อหุ้มโปรโตคอลเครือข่ายผ่านเครือข่าย IP

ช่องโหว่เหล่านี้จะส่งผลต่อซอฟต์แวร์ Cisco IOS XE หากเปิดใช้งานฟีเจอร์ Web UI ฟีเจอร์ Web UI จะเปิดใช้งานได้ผ่านคำสั่งip http serverหรือip http secure-server

ขอแนะนำให้ผู้ใช้งานและผู้ดูแลระบบของผลิตภัณฑ์ที่ได้รับผลกระทบอัปเดตเป็นเวอร์ชันล่าสุดทันที สำหรับคำแนะนำโดยละเอียด โปรดดูคำแนะนำอย่างเป็นทางการของ Cisco: https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html

หากไม่สามารถทำการอัปเดตทันทีได้ ผู้ดูแลระบบควรปิดใช้งานฟีเจอร์เซิร์ฟเวอร์ HTTP จนกว่าจะอัปเกรดอุปกรณ์ที่ได้รับผลกระทบได้ ผู้ดูแลระบบสามารถปิดใช้งานฟีเจอร์เซิร์ฟเวอร์ HTTP ได้โดยใช้ คำสั่ง no ip http serverหรือno ip http secure-serverในโหมดการกำหนดค่าทั่วไป หากใช้งานทั้งเซิร์ฟเวอร์ HTTP และเซิร์ฟเวอร์ HTTP Secure จำเป็นต้องใช้คำสั่งทั้งสองคำสั่งเพื่อปิดใช้งานฟีเจอร์เซิร์ฟเวอร์ HTTP เพื่อจำกัดการเปิดเผยต่อช่องโหว่เหล่านี้ ผู้ดูแลระบบควรอนุญาตให้เข้าถึงเซิร์ฟเวอร์ HTTP จากเครือข่ายที่เชื่อถือได้เท่านั้น ตัวอย่างต่อไปนี้แสดงวิธีอนุญาตให้เข้าถึงเซิร์ฟเวอร์ HTTP จากระยะไกลจากเครือข่าย 192.168.0.0/24 ที่เชื่อถือได้

ขอแนะนำให้ผู้ดูแลระบบตรวจสอบปริมาณการรับส่งข้อมูลเครือข่ายของตนเพื่อหาสัญญาณของการรับส่งข้อมูล GRE tunneling ที่เป็นอันตรายภายในเครือข่าย

• ปริมาณการรับส่งข้อมูลที่ไม่คาดคิดจากที่อยู่ IP ที่ผิดปกติ
• เพย์โหลดและโปรโตคอลที่ไม่ธรรมดา เช่น RDP หรือ SMB
• ปริมาณข้อมูลสูงในบันทึกอาจบ่งชี้ถึงการขโมยข้อมูลที่อาจเกิดขึ้นได้

การวิเคราะห์ปริมาณการรับส่งข้อมูล GRE ใน Wireshark
1.กรองการรับส่งข้อมูล GRE: ใช้ตัวกรองการแสดงผล GRE
2.วิเคราะห์ GRE Header: ฟิลด์หลักได้แก่ ประเภทโปรโตคอล (เช่น 0x0800 สำหรับ IPv4, 0x86DD สำหรับ IPv6) และแฟล็ก/ตัวเลือก
3.ตรวจสอบเพย์โหลดที่หุ้มไว้: ขยายส่วน “โปรโตคอลที่หุ้มไว้” เพื่อตรวจสอบแพ็กเก็ตภายใน
4.ระบุจุดสิ้นสุดของอุโมงค์: ตรวจสอบที่อยู่ต้นทางและปลายทางของส่วนหัว IP ภายนอก
5ตรวจสอบย้อนกลับกับ NetFlow: ตรวจสอบการรับส่งข้อมูลด้วยโปรโตคอล IP 47 และจับคู่ที่อยู่ภายนอก

อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-017

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Industrial Sector

• What Is The Board's Role In Cyber-Risk Management In OT Environments?
  "Boards of directors play an important role in managing the strategic risks faced by their organizations, particularly in sectors with high-risk operational technology (OT) environments such as energy, transportation, manufacturing, and production. Each of these industries relies heavily on OT — the hardware and software that controls physical processes and devices — to maintain safe, reliable operations, making them particularly concerned about cyberattacks. However, understanding and managing cyber-risks in OT systems can be challenging for boards, often due to the cyber-physical nature of OT and its integration with information technology (IT)."
  https://www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments

New Tooling

• Kunai: Open-Source Threat Hunting Tool For Linux
  "Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes a more advanced approach by correlating events on the host and providing enriched insights. This means fewer but more meaningful events, reducing noise and the strain on log ingestion while delivering deeper visibility into system activity,” Quentin Jerome, the creator of Kunai, told Help Net Security."
  https://www.helpnetsecurity.com/2025/02/19/kunai-open-source-threat-hunting-tool-for-linux/
  https://github.com/kunai-project/kunai
• Free Diagram Tool Aids Management Of Complex ICS/OT Cybersecurity Decisions
  "Admeritia has announced the availability of a new tool designed to help organizations manage complex cybersecurity decisions related to industrial control systems (ICS) and other operational technology (OT). The newly launched tool, named Cyber Decision Diagrams (CDD), is available for free as a web-based application. The tool allows users to create simple diagrams that can enable them to more easily communicate cybersecurity thoughts and decisions."
  https://www.securityweek.com/free-diagram-tool-aids-management-of-complex-ics-ot-cybersecurity-decisions/
  https://cyber-decision-diagrams.com/
• Check Out This Free Automated Tool That Hunts For Exposed AWS Secrets In Public Repos
  "A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released. Before you say anything, yes, we're pretty sure similar programs and services are out there, but hey, where's the harm in highlighting today the fact that this sort of software is easily available? Security engineer Anmol Singh Yadav built AWS-Key-Hunter after he found more than 100 exposed AWS access keys, some with high privileges, in public repositories, "just waiting to be exploited," as he wrote in a blog about the discovery and the custom-built tool."
  https://www.theregister.com/2025/02/19/automated_tool_scans_public_repos/
  https://medium.com/@IamLucif3r/how-i-found-100-exposed-aws-keys-in-public-git-repos-b475c9089764
  https://github.com/IamLucif3r/AWS-Key-Hunter

Vulnerabilities

• Creative SVG File Upload To Local File Inclusion Vulnerability Affecting 90,000 Sites Patched In Jupiter X Core WordPress Plugin
  "On January 6th, 2025, we received a submission for an SVG Upload to Local File Inclusion vulnerability in Jupiter X Core, a WordPress plugin with more than 90,000 active installations. This vulnerability makes it possible for an authenticated attacker, with contributor privileges or higher, to upload SVG files to a vulnerable site with malicious content and then include it, and achieve remote code execution."
  https://www.wordfence.com/blog/2025/02/creative-svg-file-upload-to-local-file-inclusion-vulnerability-affecting-90000-sites-patched-in-jupiter-x-core-wordpress-plugin/
  https://www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/
• Chrome 133, Firefox 135 Updates Patch High-Severity Vulnerabilities
  "Google and Mozilla on Tuesday announced fresh security updates for Chrome 133 and Firefox 135 to address high-severity memory safety vulnerabilities in the popular browsers. The latest Chrome update is rolling out to Windows, macOS, and Linux with patches for two high- and one medium-severity flaw, all reported by external researchers. The first is CVE-2025-0999, a heap buffer overflow issue in the V8 JavaScript engine that could be exploited to achieve remote code execution. Google says it handed out an $11,000 bug bounty reward for this bug."
  https://www.securityweek.com/chrome-133-firefox-135-updates-patch-high-severity-vulnerabilities/
• Multiple Vulnerabilities Discovered In NVIDIA CUDA Toolkit
  "This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. We have coordinated with NVIDIA, and the company has released an update in February 2025 to address these issues."
  https://unit42.paloaltonetworks.com/nvidia-cuda-toolkit-vulnerabilities/

Malware

• Palo Alto Networks Tags New Firewall Bug As Exploited In Attacks
  "Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls. A day later, network threat intel firm GreyNoise reported that threat actors had begun actively exploiting the flaws, with attempts coming from two IP addresses."
  https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/
  https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
  https://www.greynoise.io/blog/greynoise-observes-active-exploitation-of-pan-os-authentication-bypass-vulnerability-cve-2025-0108
  https://www.securityweek.com/palo-alto-networks-confirms-exploitation-of-firewall-vulnerability/
  https://www.theregister.com/2025/02/19/palo_alto_firewall_attack/
  https://www.helpnetsecurity.com/2025/02/19/palo-alto-networks-firewalls-cve-2025-0108-cve-2024-9474-cve-2025-0111/
• ACRStealer Infostealer Exploiting Google Docs As C2
  "AhnLab SEcurity intelligence Center (ASEC) monitors the Infostealer malware disguised as illegal programs such as cracks and keygens being distributed, and publishes related trends and changes through the Ahnlab TIP and ASEC Blog posts. While the majority of the malware distributed in this manner has been the LummaC2 Infostealer, the ACRStealer Infostealer has seen an increase in distribution."
  https://asec.ahnlab.com/en/86390/
• Rhadamanthys Infostealer Being Distributed Through MSC Extension
  "AhnLab SEcurity intelligence Center (ASEC) has confirmed that Rhadamanthys Infostealer is being distributed as a file with the MSC extension. The MSC extension is an XML-based format that is executed by the Microsoft Management Console (MMC), and it can register and execute various tasks such as script code and command execution, and program execution."
  https://asec.ahnlab.com/en/86391/
• CISA And Partners Release Advisory On Ghost (Cring) Ransomware
  "Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations. Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services. These malicious ransomware actors are known to use publicly available code to exploit Common Vulnerabilities and Exposures (CVEs) where available patches have not been applied to gain access to internet facing servers. The known CVEs are CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207."
  https://www.cisa.gov/news-events/alerts/2025/02/19/cisa-and-partners-release-advisory-ghost-cring-ransomware
  https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a
  https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ghost-ransomware-breached-orgs-in-70-countries/
  https://therecord.media/ghost-cring-ransomware-activity-fbi-cisa-alert
• Signals Of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
  "Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war."
  https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
  https://www.bleepingcomputer.com/news/security/russian-phishing-campaigns-exploit-signals-device-linking-feature/
  https://www.darkreading.com/mobile-security/russian-groups-target-signal-messenger-in-spy-campaign
  https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html
  https://therecord.media/russian-state-hackers-spy-on-ukraine-military-signal
  https://www.bankinfosecurity.com/ukrainian-signal-users-fall-to-russian-social-engineering-a-27550
  https://cyberscoop.com/russia-threat-groups-target-ukraine-signal/
  https://hackread.com/hackers-trick-users-link-device-steal-signal-messages/
  https://www.infosecurity-magazine.com/news/russian-hackers-signal-spy/
  https://www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/
• Invisible Obfuscation Technique Used In PAC Attack
  "While investigating a sophisticated phishing attack1 targeting affiliates of a major American political action committee (PAC) in early January 2025, Juniper Threat Labs observed a new JavaScript obfuscation technique. This technique was first described by a security researcher on X back in October 2024, highlighting the speed with which offensive security research can be incorporated into real-world attacks. In this post, we’ll describe this technique and provide some short code snippets that defenders can use while reverse-engineering attacks."
  https://blogs.juniper.net/en-us/threat-research/invisible-obfuscation-technique-used-in-pac-attack
  https://www.bleepingcomputer.com/news/security/phishing-attack-hides-javascript-using-invisible-unicode-trick/
• How Democratizing Threat Hunting Is Changing Mobile Security
  "In December, we published our groundbreaking investigation into mobile device threats. The public didn't just read the report—they took action, scanning over 18,000 unique devices through iVerify, revealing 11 new Pegasus detections. These latest detections reveal a clear pattern that demands attention. The availability of thousands of new scans for analysis from the business community demonstrates that Pegasus is not just a civil society problem. The victims of these new detections are mostly business executives, who have access to future business dealings, financial data, and influential professional networks."
  https://iverify.io/blog/how-democratizing-threat-hunting-is-changing-mobile-security
  https://therecord.media/pegasus-spyware-infections-iverify
• XELERA Ransomware Campaign: Fake Food Corporation Of India Job Offers Targeting Tech Aspirants
  "Seqrite Labs APT-Team has recently discovered multiple campaigns involving fake Job Descriptions related to requirements at Food Corporations of India (FCI). These are targeted towards individuals aiming for various technical job positions at FCI with a variant of ransomware known as Xelera. In this case, the malware is written in Python and packed using PyInstaller which executes on the target machine."
  https://www.seqrite.com/blog/xelera-ransomware-fake-fci-job-offers/
• Lumma Stealer Chronicles: PDF-Themed Campaign Using Compromised Educational Institutions' Infrastructure
  "The Lumma Stealer malware campaign is exploiting compromised educational institutions to distribute malicious LNK files disguised as PDFs, targeting industries like finance, healthcare, technology, and media. Once executed, these files initiate a stealthy multi-stage infection process, allowing cybercriminals to steal passwords, browser data, and cryptocurrency wallets. With sophisticated evasion techniques, including using Steam profiles for command-and-control operations, this malware-as-a-service (MaaS) threat highlights the urgent need for robust cybersecurity defenses. Stay vigilant against deceptive phishing tactics to protect sensitive information from cyber exploitation."
  https://www.cloudsek.com/blog/lumma-stealer-chronicles-pdf-themed-campaign-using-compromised-educational-institutions-infrastructure

Breaches/Hacks/Leaks

• Australian Fertility Services Giant Genea Hit By Security Breach
  "Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems. Genea issued a statement on Wednesday, saying it's "urgently investigating a cyber incident" after detecting "suspicious activity" on its network."
  https://www.bleepingcomputer.com/news/security/australian-fertility-services-giant-genea-hit-by-security-breach/
  https://www.infosecurity-magazine.com/news/australian-ivf-data-breach-cyber/

General News

• Cyber Hygiene Habits That Many Still Ignore
  "Cybersecurity advice is everywhere. We’re constantly reminded to update our passwords, enable two-factor authentication, and avoid clicking suspicious links. Yet, beneath these practical steps lie deeper cyber hygiene habits that, despite their importance, are frequently overlooked. These underlying mindsets and systemic behaviors shape the security landscape."
  https://www.helpnetsecurity.com/2025/02/19/cyber-hygiene-habits/
• Salt Typhoon Telecom Breach Remarkable For Its ‘indiscriminate’ Targeting, FBI Official Says
  "One of the most notable elements of the monumental hack of major telecommunications companies is just how “indiscriminate” it was in its pursuit of data, a top FBI official said Wednesday. The FBI has been investigating the breach, which it has blamed on Chinese government hackers commonly known as Salt Typhoon. “What we found particularly remarkable in our investigation is the gigantic and seemingly indiscriminate collection of call records and data about American people, like your friends, your family, people in your community,” Cynthia Kaiser, deputy assistant director in the bureau’s cyber division, said at the 2025 Zero Trust Summit, presented by CyberScoop."
  https://cyberscoop.com/salt-typhoon-telecom-breach-remarkable-for-its-indiscriminate-targeting-fbi-official-says/
• Edge Device Vulnerabilities Fueled Attack Sprees In 2024
  "Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo Alto Networks. Cybersecurity vendors shipped products that ultimately accounted for and became the initial access vector for the majority of the most significant attack campaigns last year, the report shows."
  https://cyberscoop.com/edge-device-vulnerabilities-fuel-attack-sprees/
  https://darktrace.com/resources/annual-threat-report-2024
• Java Security: If You Ain’t Cheatin,’ You Ain’t Tryin’
  "Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we use to stop attackers. Meanwhile, attackers have no such constraints."
  https://cyberscoop.com/java-applications-security-op-ed/
• ASIO Boss Warns Australian Critical Infrastructure Systems "routinely" Mapped
  "Australian critical infrastructure networks are being “routinely” targeted and “almost certainly” mapped by the cyber units of a single nation state, according to the boss of the country’s spy agency. Giving an annual threat speech, ASIO’s director-general of security Mike Burgess warned that foreign regimes are actively “pre-positioning cyber access vectors they can exploit in the future”."
  https://www.itnews.com.au/news/asio-boss-warns-australian-critical-infrastructure-systems-routinely-mapped-615140
  https://www.infosecurity-magazine.com/news/spies-eye-aukus-nuclear-submarine/
  https://therecord.media/australia-asio-report-foreign-intelligence-murder-plots
• Macs Targeted By Infostealers In New Era Of Cyberthreats
  "The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of “infostealers,” which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners. And in 2024, one malicious program in particular is responsible for the lion’s share of infostealer activity—racking up 70% of known infostealer detections on Mac."
  https://www.malwarebytes.com/blog/apple/2025/02/macs-targeted-by-info-stealers-in-new-era-of-cyberthreats
  https://www.threatdown.com/dl-state-of-malware-2025/
• Spam And Phishing In 2024
  "27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam. 18% of all spam emails were sent from Russia. Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments. Our Anti-Phishing system thwarted 893,216,170 attempts to follow phishing links. Chat Protection in Kaspersky mobile solutions prevented more than 60,000 redirects via phishing links from Telegram"
  https://securelist.com/spam-and-phishing-report-2024/115536/
• How Hackers Manipulate Agentic AI With Prompt Engineering
  "The era of “agentic” artificial intelligence has arrived, and businesses can no longer afford to overlook its transformative potential. AI agents operate independently, making decisions and taking actions based on their programming. Gartner predicts that by 2028, 15% of day-to-day business decisions will be made completely autonomously by AI agents."
  https://www.securityweek.com/how-hackers-manipulate-agentic-ai-with-prompt-engineering/
• CISO Conversations: Kevin Winter At Deloitte And Richard Marcus At AuditBoard
  "Deloitte is one of the largest professional services firms in the world, providing services in audit, consulting, financial advisory, risk management, and tax. AuditBoard is a compliance and risk management firm that agreed a $3 billion acquisition by private equity firm Hg in May 2024. Kevin Winter (Global CISO at Deloitte) and Richard Marcus (CISO at AuditBoard) are top CISOs for these major global firms."
  https://www.securityweek.com/ciso-conversations-kevin-winter-at-deloitte-and-richard-marcus-at-auditboard/

อ้างอิง
Electronic Transactions Development Agency(ETDA)

เมื่อวันที่ 18 กุมภาพันธ์ 2568 Cybersecurity and Infrastructure Security Agency (CISA) ได้มีการเผยแพร่การเพิ่มช่องโหว่ใหม่ 2 รายการในแค็ตตาล็อก ช่องโหว่อาจเป็นที่รู้จักของกลุ่มแฮกเกอร์ ซึ่งการเพิ่มนี้ขึ้นอยู่กับข้อมูลของการแสวงหาผลประโยชน์จากการโจมตีช่องโหว่ดังกล่าวนั้นได้ ช่องโหว่เหล่านี้เป็นการโจมตีบ่อยครั้งสำหรับผู้ที่ไม่ประสงค์ดีด้านภัยคุกคามทางไซเบอร์และก่อให้เกิดความเสี่ยงที่สำคัญต่อองค์กรนั้นได้ มีรายละเอียดดังนี้

CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability
การหลีกเลี่ยงการตรวจสอบสิทธิ์ในซอฟต์แวร์ PAN-OS ของ Palo Alto Networks ช่วยให้ผู้โจมตีที่ไม่ได้รับการรับรองซึ่งมีสิทธิ์เข้าถึงเครือข่ายไปยังอินเทอร์เฟซเว็บการจัดการสามารถหลีกเลี่ยงการรับรองความถูกต้องซึ่งจำเป็นสำหรับอินเทอร์เฟซเว็บการจัดการของ PAN-OS และเรียกใช้สคริปต์ PHP บางตัวได้ แม้ว่าการเรียกใช้สคริปต์ PHP เหล่านี้จะไม่เปิดใช้งานการเรียกใช้โค้ดจากระยะไกล แต่ก็อาจส่งผลเสียต่อความสมบูรณ์และความลับของ PAN-OS คุณสามารถลดความเสี่ยงของปัญหานี้ได้อย่างมากโดยจำกัดการเข้าถึงอินเทอร์เฟซเว็บการจัดการให้เฉพาะที่อยู่ IP ภายในที่เชื่อถือได้เท่านั้น

CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
ช่องโหว่การตรวจสอบสิทธิ์ที่ไม่เหมาะสมในกลไกการตรวจสอบสิทธิ์ SSLVPN ทำให้ผู้โจมตีจากระยะไกลสามารถหลีกเลี่ยงการตรวจสอบสิทธิ์ได้

อ้างอิง
https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand

Vulnerabilities

• Juniper Patches Critical Auth Bypass In Session Smart Routers
  "Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. The security flaw (tracked as CVE-2025-21589) was found during internal product security testing, and it also affects Session Smart Conductor and WAN Assurance Managed Routers. "An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control of the device," the American networking infrastructure company said in an out-of-cycle security advisory released last week."
  https://www.bleepingcomputer.com/news/security/juniper-patches-critical-auth-bypass-in-session-smart-routers/
  <https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-* Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US
  https://thehackernews.com/2025/02/juniper-session-smart-routers.html
  https://securityaffairs.com/174365/security/juniper-networks-fixed-a-critical-flaw-in-session-smart-routers.html
  https://www.securityweek.com/critical-vulnerability-patched-in-juniper-session-smart-router/
• Qualys TRU Discovers Two Vulnerabilities In OpenSSH: CVE-2025-26465 & CVE-2025-26466
  "The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and server, enabling a pre-authentication denial-of-service attack."
  https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
  https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/
  https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html
  https://www.bankinfosecurity.com/proof-of-concept-exploits-published-for-2-new-openssh-bugs-a-27544
  https://hackread.com/critical-openssh-flaws-expose-users-mitm-dos-attacks/
  https://www.infosecurity-magazine.com/news/openssh-flaws-expose-systems/
  https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
• CISA Adds Two Known Exploited Vulnerabilities To Catalog
  "CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
  CVE-2025-0108 Palo Alto PAN-OS Authentication Bypass Vulnerability
  CVE-2024-53704 SonicWall SonicOS SSLVPN Improper Authentication Vulnerability"
  https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog

Malware

• Magento Credit Card Stealer Disguised In An Tag
  "Recently, we had a client come to us concerned that their website was infected with credit card stealing malware, often referred to as MageCart. Their website was running on Magento, a popular eCommerce content management system that skilled attackers often target to steal as many credit card numbers as possible. The goal of attackers who are targeting platforms like Magento, WooCommerce, PrestaShop and others is to remain undetected as long as possible, and the malware they inject into sites is often more complex than the more commonly found pieces of malware impacting other sites."
  https://blog.sucuri.net/2025/02/magento-credit-card-stealer-disguised-in-an-tag.html
  https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html
• StaryDobry Ruins New Year’s Eve, Delivering Miner Instead Of Presents
  "On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwide—including in Russia, Brazil, Germany, Belarus and Kazakhstan—by spreading trojanized versions of popular games via torrent sites."
  https://securelist.com/starydobry-campaign-spreads-xmrig-miner-via-torrents/115509/
  https://www.bleepingcomputer.com/news/security/cracked-garrys-mod-beamngdrive-games-infect-gamers-with-miners/
• Amazon Phish Hunts For Security Answers And Payment Information
  "With today's dynamic and continuously evolving cyber environment, numerous services and platforms have emerged to enhance convenience for thousands of users in their daily lives. A great example is Amazon Prime which offers access to streaming services, a dependable shopping platform, and gaming content. However, users must subscribe to the service and pay a fee to enjoy these benefits."
  https://cofense.com/blog/amazon-phish-hunts-for-security-answers-and-payment-information
• Winnti APT41 Targets Japanese Firms In RevivalStone Cyber Espionage Campaign
  "The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41 cyber espionage group, by Cybereason under the name Operation CuckooBees, and by Symantec as Blackfly."
  https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html
  https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers
  https://securityaffairs.com/174353/apt/china-linked-apt-group-winnti-targets-japanese-orgs.html
• FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant
  "FortiGuard Labs leveraged the advanced capabilities of FortiSandbox v5.0 (FSAv5) to detect a new variant of the Snake Keylogger (also known as 404 Keylogger). This malware, identified as AutoIt/Injector.GTY!tr, has been responsible for over 280 million blocked infection attempts, highlighting its extensive reach across regions. The majority of these detections have been concentrated in China, Turkey, Indonesia, Taiwan, and Spain, suggesting a significant impact in these areas. This high volume of detections underscores the malware’s ongoing global threat and its potential to affect organizations and users worldwide. The recent surge in activity also highlights the continuous evolution of keylogger malware and the need for advanced detection mechanisms."
  https://www.fortinet.com/blog/threat-research/fortisandbox-detects-evolving-snake-keylogger-variant
  https://hackread.com/snake-keylogger-variant-windows-data-telegram-bots/
  https://www.infosecurity-magazine.com/news/snake-keylogger-targets-windows/
  https://www.theregister.com/2025/02/18/new_snake_keylogger_infects_windows/
• Infostealing Malware Infections In The U.S. Military & Defense Sector: A Cybersecurity Disaster In The Making
  "For years, the U.S. military and its defense contractors have been considered the gold standard of security — equipped with multi-billion-dollar budgets, classified intelligence networks, and the world’s most advanced cybersecurity measures. Yet, Global Infostealing Malware Data from Hudson Rock reveals an unsettling reality:"
  https://www.infostealers.com/article/infostealing-malware-infections-in-the-u-s-military-defense-sector-a-cybersecurity-disaster-in-the-making/
  https://hackread.com/infostealers-breach-us-security-military-fbi-hit/
• Threat Spotlight: Inside The World’s Fastest Rising Ransomware Operator — BlackLock
  "First observed in March 2024, “BlackLock” (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tactic—encrypting data while stealing sensitive information—to pressure victims with the threat of public exposure. Its ransomware is built to target Windows, VMWare ESXi, and Linux environments, though the Linux variant offers fewer features than its Windows counterpart."
  https://www.reliaquest.com/blog/threat-spotlight-inside-the-worlds-fastest-rising-ransomware-operator-blacklock/
  https://www.infosecurity-magazine.com/news/blacklock-2025s-most-prolific/
  https://www.helpnetsecurity.com/2025/02/18/blacklock-ransomware-what-to-expect-how-to-fight-it/
• An Update On Fake Updates: Two New Actors, And New Mac Malware
  "The malicious website injects threat landscape is incredibly dynamic with multiple threat actors leveraging this malware delivery method. Typically, an attack chain will consist of three parts: the malicious injects served to website visitors, which are often malicious JavaScript scripts; a traffic distribution service (TDS) responsible for determining what user gets which payload based on a variety of filtering options; and the ultimate payload that is downloaded by the script. Sometimes each part of the attack chain is managed by the same threat actor, but frequently the different parts of the chain may be managed by different threat actors."
  https://www.proofpoint.com/us/blog/threat-insight/update-fake-updates-two-new-actors-and-new-mac-malware
  https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html
  https://www.infosecurity-magazine.com/news/proofpoint-frigidstealer-new-mac/
• No, You’re Not Fired – But Beware Of Job Termination Scams
  "Most of us are in a job or looking for one. Or both. That’s largely why employment and work-from-home scams are so popular among cybercriminals. They typically lure the user by offering amazing job or casual employment opportunities. But in reality, all the scammers usually want is your personal and financial information. In some cases, victims may even end up unwittingly receiving and re-shipping stolen goods, or allowing their bank accounts to be used for money laundering."
  https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/
• Unraveling The Many Stages And Techniques Used By RedCurl/EarthKapre APT
  "Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes. We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team."
  https://www.esentire.com/blog/unraveling-the-many-stages-and-techniques-used-by-redcurl-earthkapre-apt

Breaches/Hacks/Leaks

• Venture Capital Giant Insight Partners Hit By Cyberattack
  "New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack. The company manages over $90 billion in regulatory assets and has invested in over 800 software and technology startups and companies worldwide during its 30 years of activity. In a statement released Tuesday, the firm said some of its information systems were breached on January 16 through "a sophisticated social engineering attack.""
  https://www.bleepingcomputer.com/news/security/venture-capital-giant-insight-partners-hit-by-cyberattack/
• 1.6 Million Clinical Research Records With PII And Patient Medical Info Exposed In Data Breach
  "Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about a non-password-protected database that contained over 1.6 million records belonging to DM Clinical Research — a Texas-based network of clinical trial sites that partners with pharmaceutical companies and medical organizations to conduct research studies and surveys."
  https://www.websiteplanet.com/news/dmclinicalresearch-report-breach/
  https://www.bankinfosecurity.com/clinical-trial-database-exposes-16m-records-to-web-a-27546
• Ecuador's Legislature Says Hackers Attempted To Access Confidential Information
  "Ecuador's legislature, the National Assembly, reported that it suffered two cyberattacks on Monday aimed at disrupting its systems and accessing sensitive data. The assembly said in a statement that it was able to quickly “identify and counteract the situation” but did not provide further details about the impact of the incident or the threat actor behind it. “We are alerting citizens and public institutions that these attacks attempt to breach confidential information,” the assembly said, adding that it would “take all necessary measures to protect it.”"
  https://therecord.media/ecuador-national-assembly-cyberattack
• Lee Enterprises Newspaper Disruptions Caused By Ransomware Attack
  "Newspaper publishing giant Lee Enterprises has confirmed that a ransomware attack is behind ongoing disruptions impacting the group's operations for over two weeks. As a local news provider and one of the largest newspaper groups in the United States, Lee publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. Its newspapers have a daily circulation of over 1.2 million, and digital editions reach more than 44 million unique visitors. In a Friday filing with the U.S. Securities and Exchange Commission (SEC), the media giant said the attack triggered a systems outage on February 3. "Preliminary investigations indicate that threat actors unlawfully accessed the Company’s network, encrypted critical applications, and exfiltrated certain files," Lee said."
  https://www.bleepingcomputer.com/news/security/lee-enterprises-newspaper-disruptions-caused-by-ransomware-attack/
  https://therecord.media/cyberattack-lee-enterprises-news-media
  https://www.theregister.com/2025/02/18/us_newspaper_publisher_exercises_linguistic/

General News

• The Risks Of Autonomous AI In Machine-To-Machine Interactions
  "In this Help Net Security, Oded Hareven, CEO of Akeyless Security, discusses how enterprises should adapt their cybersecurity strategies to address the growing need for machine-to-machine (M2M) security. According to Hareven, machine identities must be secured and governed similarly to human identities, focusing on automation and policy-as-code."
  https://www.helpnetsecurity.com/2025/02/18/oded-hareven-akeyless-security-machine-to-machine-m2m-security/
• Indian Authorities Seize Loot From Collapsed BitConnect Crypto Scam
  "Indian authorities seize loot from BitConnect crypto-Ponzi scheme Devices containing crypto wallets tracked online, then in the real world India’s Directorate of Enforcement has found and seized over $200 million of loot it says are the proceeds of the BitConnect crypto-fraud scheme. BitConnect claimed it developed a bot capable of detecting and exploiting volatile cryptocurrency prices in ways that delivered investors monthly returns of 40 percent. To get those (spoiler alert) too-good-to-be-true returns, investors were asked to sign up for a “lending program” that required them to send cryptocurrency to BitConnect, which would run its amazing investo-bot and deliver astronomical returns."
  https://www.theregister.com/2025/02/18/india_bitconnect_seizures/
• 6 Considerations For 2025 Cybersecurity Investment Decisions
  "Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of cybersecurity budget growth between 2021 and 2022, this growth has slowed in the last few years, meaning that cybersecurity leaders need to carefully consider how their purchases improve their current security and compliance posture."
  https://www.helpnetsecurity.com/2025/02/18/2025-cybersecurity-investments-decisions/
• Cybercriminals Shift Focus To Social Media As Attacks Reach Historic Highs
  "A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The risk of encountering a threat climbed to 27.7% in Q4, with social engineering attacks accounting for 86% of all blocked threats. This underscores the increasingly sophisticated psychological tactics cybercriminals are using to deceive victims."
  https://www.helpnetsecurity.com/2025/02/18/cybercriminals-social-media-attacks/
• Hard Drives Containing Sensitive Medical Data Found In Flea Market
  "Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had gone bankrupt. Under Dutch law, storage media with medical data must be professionally erased with certification. The normal procedure is to have them destroyed by a professional company, but that costs money and by selling the hard drives off the company would have brought in a small amount of cash."
  https://www.malwarebytes.com/blog/news/2025/02/hard-drives-containing-sensitive-medical-data-found-in-flea-market

อ้างอิง
Electronic Transactions Development Agency(ETDA)

New Tooling

• Orbit: Open-Source Nuclei Security Scanning And Automation Platform
  "Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation."
  https://www.helpnetsecurity.com/2025/02/17/orbit-open-source-security-scanning-tool-nuclei/
  https://github.com/orbitscanner/orbit

Vulnerabilities

• Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)
  "During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks."
  https://www.rapid7.com/blog/post/2025/02/14/xerox-versalink-c7025-multifunction-printer-pass-back-attack-vulnerabilities-fixed/
  https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/

Malware

• Microsoft Spots XCSSET MacOS Malware Variant Used For Crypto Theft
  "A new variant of the XCSSET macOS modular malware has emerged in attacks that target users' sensitive information, including digital wallets and data from the legitimate Notes app. The malware is typically distributed through infected Xcode projects. It has been around for at least five years and each update represents a milestone in XCSSET's development. The current improvements are the first ones observed since 2022. Microsoft's Threat Intelligence team identified the latest variant in limited attacks and says that compared to past XCSSET variants, the new one features enhanced code obfuscation, better persistence, and new infection strategies."
  https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/
  https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html
  https://www.infosecurity-magazine.com/news/new-xcsset-macos-malware-variant/
  https://www.helpnetsecurity.com/2025/02/17/the-xcsset-info-stealing-malware-is-back-targeting-macos-users-and-devs/
  https://www.theregister.com/2025/02/17/macos_xcsset_malware_returns/
• Telegram Abused As C2 Channel For New Golang Backdoor
  "As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram as its command and control (C2) channel."
  https://www.netskope.com/blog/telegram-abused-as-c2-channel-for-new-golang-backdoor
  https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html
  https://securityaffairs.com/174306/malware/golang-based-backdoor-uses-telegram-for-c2.html
  https://hackread.com/hackers-exploit-telegram-api-spread-golang-backdoor/
  https://www.infosecurity-magazine.com/news/telegram-c2-channel-golang-malware/
• Pro-Russia Collective NoName057(16) Launched a New Wave Of DDoS Attacks On Italian Sites
  "The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and the ports of Taranto and Trieste. The attacks had a minor impact on the targets, the Italian National Cybersecurity Agency (ACN) promptly operated to support the impacted organizations and neutralize the attacks in an early stage. The group relied on well-known techniques that the Italian government can mitigate. The attacks are the response to President Mattarella’s statements, whom they labeled a “Russophobe,” regarding Russia and the Third Reich."
  https://securityaffairs.com/174294/hacktivism/noname05716-launched-ddos-attacks-on-italian-sites.html
  https://www.infosecurity-magazine.com/news/noname05716-hit-italian-banks/
• Earth Preta Mixes Legitimate And Malicious Components To Sidestep Detection
  "Trend Micro’s Threat Hunting team has come across a new technique employed by Earth Preta, also known as Mustang Panda. Earth Preta's attacks have been known to focus on the Asia-Pacific region: More recently, one campaign used a variant of the DOPLUGS malware to target Taiwan, Vietnam, Malaysia, among other countries. The group, which favors phishing in their campaigns and tends to target government entities, has had over 200 victims since 2022."
  https://www.trendmicro.com/en_us/research/25/b/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html

Breaches/Hacks/Leaks

• Fintech Giant Finastra Notifies Victims Of October Data Breach
  "Financial technology giant Finastra is notifying victims of a data breach after their personal information was stolen by unknown attackers who first breached its systems in October 2024. London-based Finastra provides financial services software applications to more than 8,100 financial institutions across 130 countries, including 45 of the world's top 50 banks. As the company warned in breach notification letters sent to those impacted by the breach, the security incident was first detected on November 7 after Finastra identified malicious activity on some of its systems."
  https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-notifies-victims-of-october-data-breach/
• Ransomware Attack Affects Michigan Casinos And Tribal Health Centers
  "On February 15, the RansomHub ransomware group claimed responsibility for an attack on the Sault Ste. Marie Tribe of Chippewa Indians. RansomHub claims to have “temporarily locked” the tribe’s infrastructure and to have acquired 119 GB of files (501, 211 files). The affected systems reportedly include casinos, convenience stores, government buildings, and telecommunications services, but also health centers in Sault Ste. Marie, St. Ignace, Manistique, Munising, Escanaba, and Hessel, as well as traditional medicine program facilities."
  https://databreaches.net/2025/02/17/ransomware-attack-affects-michigan-casinos-and-tribal-health-centers/

General News

• Trends Report On Phishing Emails In January 2025
  "This report provides statistics, trends, and case details on the distribution volume and attachment threats of phishing emails collected and analyzed in January 2025. The following is a part of the statistics and cases included in the original report."
  https://asec.ahnlab.com/en/86345/
• How CISOs Can Balance Security And Business Agility In The Cloud
  "In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating cloud-native security solutions and mitigating misconfigurations at scale."
  https://www.helpnetsecurity.com/2025/02/17/natalia-belaya-cloudera-enterprise-cloud-security/
• Is Russia Reining-In Ransomware-Wielding Criminals?
  "To be a ransomware hacker and Russian historically has been a blissful experience. So long as you avoided targets inside the Kremlin sphere of influence and possibly did the odd job for intelligence agencies, law enforcement mostly left you alone. It's a long-standing understanding that Russian President Vladimir Putin shows signs of reevaluating as a calculated move ahead of talks with the United States aimed at resolving Russia's stalemated war of conquest against Ukraine."
  https://www.bankinfosecurity.com/blogs/russia-reining-in-ransomware-wielding-criminals-p-3815
• Advanced Ransomware Evasion Techniques In 2025
  "Ransomware has become more than a threat—it's a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn't an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead."
  https://www.tripwire.com/state-of-security/advanced-ransomware-evasion-techniques
• Two Estonian Nationals Plead Guilty In $577M Cryptocurrency Fraud Scheme
  "Two Estonian nationals pleaded guilty yesterday for their operation of a massive, multi-faceted cryptocurrency Ponzi scheme that victimized hundreds of thousands of people from across the world, including in the United States. As part of the defendants’ guilty pleas, they agreed to forfeit assets valued over $400 million obtained during the conspiracy."
  https://www.justice.gov/opa/pr/two-estonian-nationals-plead-guilty-577m-cryptocurrency-fraud-scheme
  https://hackread.com/hashflare-fraud-two-estonians-running-crypto-scam/
  https://www.infosecurity-magazine.com/news/estonian-duo-guilty-577m-crypto/
  https://www.helpnetsecurity.com/2025/02/17/two-estonians-plead-guilty-in-577m-cryptocurrency-ponzi-scheme/

อ้างอิง
Electronic Transactions Development Agency(ETDA)

สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand