2025年5月2日星期五

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

發佈日期: 2025年05月02日

類別: 惡意程式

惡意軟件警告

現況及相關趨勢

威脅情報顯示,近日多家知名零售商,包括Marks & Spencer(M&S)、Co-op及Harrods,接連遭受疑似「Scattered Spider」組織相關的勒索軟件攻擊,導致業務運營受到嚴重影響 [1][2]。

 

「Scattered Spider」是一個以社交工程為攻擊核心的威脅組織,其常用的手段包括釣魚攻擊、SIM卡交換、多重認證(MFA)疲勞攻擊,以及冒充IT支援人員進行欺詐。攻擊者會利用上述手段竊取企業內部帳戶憑據,進一步橫向滲透至整個網絡。之前的攻擊中,攻擊者發現並竊取高價值數字資產,包括專有程式碼庫、程式碼簽署憑證和原始程式碼。最終,攻擊者部署了DragonForce勒索軟件,對VMware ESXi主機中的虛擬機進行加密。

 

攻擊者的主要目的是加密企業系統、竊取數據以進行勒索,或威脅公開敏感信息。此前的攻擊導致零售商的非接觸式支付、線上訂單及倉庫操作中斷。這些攻擊對零售行業的影響深遠,還可能導致受害者數據洩露及經濟損失。

 

來源:

[1] "Marks & Spencer confirms a cyberattack as customers face delayed orders" BleepingComputer

[2] "Harrods the next UK retailer targeted in a cyberattack" BleepingComputer

HKCERT 建議使用者:

 

  • 實施防網路釣魚的多重身份驗證,提醒使用者識別社交工程攻擊和網絡釣魚。
  • 使用最小權限存取管制並限制未經授權的存取操作。
  • 維護離線和加密備份。
  • 部署電子郵件過濾工具並實施網絡分段。
  • 定期更新軟件和系統並安裝防毒軟件。
  • 制定完善的事故應變計劃。

 

更多資料, 可以訪問 https://www.hkcert.org/tc/publications/fight-ransomware

沒有留言:

Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group

Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group

Release Date: 2 May 2025

Type: Malware

Malware Alert

Current Status and Related Trends

Threat intelligence has revealed that several well-known retailers, including Marks & Spencer (M&S), Co-op, and Harrods, have reportedly been hit by ransomware attacks linked to the "Scattered Spider" group, severely impacting their business operations [1][2].

 

"Scattered Spider" is a threat group that primarily uses social engineering tactics. Their common attack methods involve phishing, SIM swapping, multi-factor authentication (MFA) fatigue attacks, and impersonating IT support staff to carry out fraud. The attackers steal internal account credentials of enterprises and then conduct lateral movements across the entire network. In previous attacks, the attackers used to perform discovery and exfiltrate high-value digital assets including proprietary code repositories, code-signing certificates, and source code. Eventually, the attackers deployed the DragonForce ransomware to encrypt virtual machines on VMware ESXi hosts.

 

The attackers' main objectives are to encrypt corporate systems, steal data for ransom, or threaten to disclose sensitive information. The previous attacks caused disruptions to retailers' contactless payments, online orders, and warehouse operations. These attacks have had a profound impact on the retail industry and may also lead to data breaches and financial losses for victims.

 

Source:

[1] "Marks & Spencer confirms a cyberattack as customers face delayed orders" BleepingComputer

[2] "Harrods the next UK retailer targeted in a cyberattack" BleepingComputer

mickmick.net recommends that users should:

 

  • Implement phishing-resistant MFA and educate users on recognizing social engineering and phishing attempts.
  • Enforce least privilege access policies to limit unauthorized access.
  • Maintain offline and encrypted backups.
  • Deploy email filtering tools and implement network segmentation.
  • Update software and system regularly and install anti-virus.
  • Create robust incident response plan.

 

For further information, can browse https://www.hkcert.org/publications/fight-ransomware.

沒有留言:

RedHat Linux 核心多個漏洞

RedHat Linux 核心多個漏洞

發佈日期: 2025年05月02日

風險: 中度風險

類型: 操作系統 - LINUX

於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發篡改、阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

 

影響

  • 阻斷服務
  • 資料洩露
  • 繞過保安限制
  • 篡改
  • 遠端執行程式碼

受影響之系統或技術

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

RedHat Linux Kernel Multiple Vulnerabilities

RedHat Linux Kernel Multiple Vulnerabilities

Release Date: 2 May 2025

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Impact

  • Denial of Service
  • Information Disclosure
  • Security Restriction Bypass
  • Data Manipulation
  • Remote Code Execution

System / Technologies affected

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

SonicWall 產品多個漏洞

SonicWall 產品多個漏洞

發佈日期: 2025年05月02日

風險: 高度風險

類型: 操作系統 - Network

於 SonicWall Products 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制。

 

注意:

CVE-2023-44221 已被廣泛利用。此漏洞允許具有管理員權限、經過驗證的攻擊者以「nobody」使用者的身份在 SonicWall SMA100 產品中執行任意程式碼。因此,風險等級評為高度風險。

 

影響

  • 遠端執行程式碼
  • 繞過保安限制

受影響之系統或技術

  • SonicWall SMA 100 系列(SMA 200、SMA 210、SMA 400、SMA 410、SMA 500v) 10.2.1.9-57sv 及更早版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

SonicWall Products Multiple Vulnerabilities

SonicWall Products Multiple Vulnerabilities

Release Date: 2 May 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in SonicWall Products. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

CVE-2023-44221 is being exploited in the wild. This vulnerability allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user in SonicWall SMA100 appliances. Hence, the risk level is rated as High Risk.

 

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) 10.2.1.9-57sv and earlier versions.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2025年4月30日星期三

Apache Tomcat 多個漏洞

Apache Tomcat 多個漏洞

發佈日期: 2025年04月30日

風險: 中度風險

類型: 伺服器 - 網站伺服器

於 Apache Tomcat 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制及阻斷服務狀況。

影響

  • 阻斷服務
  • 繞過保安限制

受影響之系統或技術

  • Apache Tomcat 11.0.0-M2 至 11.0.5 版本
  • Apache Tomcat 10.1.10 至 10.1.39 版本
  • Apache Tomcat 9.0.76 至 9.0.102 版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

Apache Tomcat Multiple Vulnerabilities

Apache Tomcat Multiple Vulnerabilities

Release Date: 30 Apr 2025

RISK: Medium Risk

TYPE: Servers - Web Servers

Multiple vulnerabilities were identified in Apache Tomcat. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass and denial of service condition on the targeted system.

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Apache Tomcat version 11.0.0-M2 to 11.0.5
  • Apache Tomcat version 10.1.10 to 10.1.39
  • Apache Tomcat version 9.0.76 to 9.0.102

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

Google Chrome 多個漏洞

Google Chrome 多個漏洞

發佈日期: 2025年04月30日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制及洩露敏感資料。

影響

  • 繞過保安限制
  • 資料洩露

受影響之系統或技術

  • Google Chrome 136.0.7103.59 (Linux) 之前的版本
  • Google Chrome 136.0.7103.48/49 (Mac) 之前的版本
  • Google Chrome 136.0.7103.48/49 (Windows) 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 136.0.7103.59 (Linux) 或之後版本
  • 更新至 136.0.7103.48/49 (Mac) 或之後版本
  • 更新至 136.0.7103.48/49 (Windows) 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Google Chrome Multiple Vulnerabilities

Google Chrome Multiple Vulnerabilities

Release Date: 30 Apr 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass and sensitive information disclosure on the targeted system.

Impact

  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Google Chrome prior to 136.0.7103.59 (Linux)
  • Google Chrome prior to 136.0.7103.48/49 (Mac)
  • Google Chrome prior to 136.0.7103.48/49 (Windows)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 136.0.7103.59 (Linux) or later
  • Update to version 136.0.7103.48/49 (Mac) or later
  • Update to version 136.0.7103.48/49 (Windows) or later

Vulnerability Identifier

Source

Related Link

沒有留言:

Mozilla 產品多個漏洞

Mozilla 產品多個漏洞

發佈日期: 2025年04月30日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發跨網站指令碼、權限提升、遠端執行任意程式碼、繞過保安限制及敏感資料洩露。

 

影響

  • 權限提升
  • 遠端執行程式碼
  • 資料洩露
  • 繞過保安限制
  • 跨網站指令碼

受影響之系統或技術

以下版本之前的版本﹕

 

  • Firefox 138
  • Firefox ESR 115.23
  • Firefox ESR 128.10
  • Thunderbird 138
  • Thunderbird ESR 128.10

解決方案

在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。

更新至版本:

 

  • Firefox 138
  • Firefox ESR 115.23
  • Firefox ESR 128.10
  • Thunderbird 138
  • Thunderbird ESR 128.10

漏洞識別碼

資料來源

相關連結

沒有留言:

Mozilla Products Multiple Vulnerabilities

Mozilla Products Multiple Vulnerabilities

Release Date: 30 Apr 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.

Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure
  • Security Restriction Bypass
  • Cross-Site Scripting

System / Technologies affected

Versions prior to:

 

  • Firefox 138
  • Firefox ESR 115.23
  • Firefox ESR 128.10
  • Thunderbird 138
  • Thunderbird ESR 128.10

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Firefox 138
  • Firefox ESR 115.23
  • Firefox ESR 128.10
  • Thunderbird 138
  • Thunderbird ESR 128.10

Vulnerability Identifier

Source

Related Link

沒有留言:

2025年4月24日星期四

GitLab 多個漏洞

GitLab 多個漏洞

發佈日期: 2025年04月24日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 GitLab 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、跨網站指令碼、洩露敏感資料及繞過保安限制。

影響

  • 阻斷服務
  • 繞過保安限制
  • 資料洩露
  • 跨網站指令碼

受影響之系統或技術

  • GitLab Community Edition (CE) 17.11.1, 17.10.5 及 17.9.7 以前的版本
  • GitLab Enterprise Edition (EE) 17.11.1, 17.10.5 及 17.9.7 以前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

GitLab Multiple Vulnerabilities

GitLab Multiple Vulnerabilities

Release Date: 24 Apr 2025

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, cross-site scripting, sensitive information disclosure and security restriction bypass on the targeted system.

Impact

  • Denial of Service
  • Security Restriction Bypass
  • Information Disclosure
  • Cross-Site Scripting

System / Technologies affected

  • GitLab Community Edition (CE) versions prior to 17.11.1, 17.10.5, and 17.9.7
  • GitLab Enterprise Edition (EE) versions prior to 17.11.1, 17.10.5, and 17.9.7

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

2025年4月23日星期三

Erlang/OTP遠端執行程式碼漏洞

Erlang/OTP遠端執行程式碼漏洞

發佈日期: 2025年04月23日

風險: 高度風險

類型: 伺服器 - 網站伺服器

於 Erlang/OTP 發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。

 

注意:

CVE-2025-32433 的概念驗證碼已被公開。此漏洞允許具有網絡訪問權限的、未經身份驗證的攻擊者在運行 Erlang/OTP SSH 伺服器的主機上進行遠程代碼執行,可能導致整個系統被攻陷。因此風險等級被評為「高度風險」。

 

所有運行修復版本之前的 Erlang/OTP SSH 伺服器的用戶都受到此漏洞的影響。RabbitMQ 在默認情況下不需要 SSH 伺服器來運行,但任何啟用了 OTP SSH 接口並在網絡可訪問端口上運行的 RabbitMQ 實例(或類似基於 Erlang 的服務)都因為此 CVE 而存在漏洞。此外,Apache CouchDB 和之前的 Riak KV 數據庫都是利用 Erlang/OTP 實現的。如果 CouchDB 被設定為允許 Erlang remote shell,則該接口將面臨風險。即使 OTP SSH 未對外暴露,漏洞的存在意味著內部攻擊者或網絡中橫向移動的攻擊者都可能利用它來提升數據庫伺服器上的權限。

影響

  • 遠端執行程式碼

受影響之系統或技術

  • OTP-27.3.2 或以前的版本
  • OTP-26.2.5.10 或以前的版本
  • OTP-25.3.2.19 或以前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝供應商提供的修補程式:

 

  • OTP-27.3.3
  • OTP-26.2.5.11
  • OTP-25.3.2.20

漏洞識別碼

資料來源

相關連結

沒有留言:

Erlang/OTP Remote Code Execution Vulnerability

Erlang/OTP Remote Code Execution Vulnerability

Release Date: 23 Apr 2025

RISK: High Risk

TYPE: Servers - Web Servers

A vulnerability has been identified in Erlang/OTP.  A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

Proof Of Concept exploit code is publicly available for CVE-2025-32433. The vulnerability allows for unauthenticated remote code execution by malicious actors with network access to hosts running an Erlang/OTP SSH server leading to possible full system compromise. Hence, the risk level is rated as High Risk.

 

All users running the Erlang/OTP SSH server prior to the fixed releases are impacted by this vulnerability. By default RabbitMQ doesn’t require an SSH server for operation, but any RabbitMQ instance (or similar Erlang-based service) that has its OTP SSH interface enabled on a network-accessible port is vulnerable due to this CVE. In addition, Apache CouchDB and the former Riak KV database are implemented in Erlang/OTP. if the CouchDB is configured to allow an Erlang remote shell, the interface would be at risk. Even if the OTP SSH isn’t exposed externally, the presence of the vulnerability means an insider or lateral mover in the network could use it to escalate privileges on the Database server.

Impact

  • Remote Code Execution

System / Technologies affected

  • Versions equal or prior to OTP-27.3.2
  • Versions equal or prior to OTP-26.2.5.10
  • Versions equal or prior to OTP-25.3.2.19

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • OTP-27.3.3
  • OTP-26.2.5.11
  • OTP-25.3.2.20

Vulnerability Identifier

Source

Related Link

沒有留言:

2025年4月22日星期二

Microsoft Edge 多個漏洞

Microsoft Edge 多個漏洞

發佈日期: 2025年04月22日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及阻斷服務狀況。

影響

  • 遠端執行程式碼
  • 阻斷服務

受影響之系統或技術

  • Microsoft Edge 135.0.3179.85 之前的版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

安裝軟件供應商提供的修補程式:

  • 更新至 135.0.3179.85 或之後版本

漏洞識別碼

資料來源

相關連結

沒有留言:

Microsoft Edge Multiple Vulnerabilities

Microsoft Edge Multiple Vulnerabilities

Release Date: 22 Apr 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service condition on the targeted system.

 

Impact

  • Remote Code Execution
  • Denial of Service

System / Technologies affected

  • Microsoft Edge version prior to 135.0.3179.85

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 135.0.3179.85 or later

Vulnerability Identifier

Source

Related Link

沒有留言:

思科產品多個漏洞

思科產品多個漏洞

發佈日期: 2025年04月22日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發洩露敏感資料及遠端執行任意程式碼。

影響

  • 遠端執行程式碼
  • 資料洩露

受影響之系統或技術

  • Cisco Webex App 版本 44.6 和  44.7
  • Cisco Secure Network Analytics 版本 7.5.0, 7.5.1 和 7.5.2
  • Cisco Nexus Dashboard 版本 3.2, 3.1 及更早版本

    解決方案

    在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

     

    安裝供應商提供的修補程式:

    漏洞識別碼

    資料來源

    相關連結

    沒有留言:

    Cisco Products Multiple Vulnerabilities

    Cisco Products Multiple Vulnerabilities

    Release Date: 22 Apr 2025

    RISK: Medium Risk

    TYPE: Security software and application - Security Software & Appliance

    Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and remote code execution on the targeted system.

    Impact

    • Remote Code Execution
    • Information Disclosure

    System / Technologies affected

    • Cisco Webex App Release 44.6 and 44.7
    • Cisco Secure Network Analytics Release 7.5.0, 7.5.1 and 7.5.2
    • Cisco Nexus Dashboard Release 3.2, 3.1 and earlier

    Solutions

    Before installation of the software, please visit the vendor web-site for more details.

     

    Apply fixes issued by the vendor:

    Vulnerability Identifier

    Source

    Related Link

    沒有留言:

    F5 產品阻斷服務漏洞

    F5 產品阻斷服務漏洞

    發佈日期: 2025年04月22日

    風險: 高度風險

    類型: 操作系統 - Network

    於 F5 產品發現一個漏洞,遠端攻擊者可利用此漏洞,於目標系統觸發阻斷服務狀況。

     

    注意:

    受影響之系統或技術暫無可修補 CVE-2025-26466的修補程式。 因此,風險等級評為高度風險。

    影響

    • 阻斷服務

    受影響之系統或技術

    • BIG-IP Next (all modules) 版本 20.2.0 - 20.3.0
    • BIG-IP Next Central Manager 版本 20.2.0 - 20.3.0

    解決方案

    臨時處理方法:

    從以下臨時處理方法以減輕攻擊:

     

    針對 BIG-IP Next:

     

    1. 限制 SSH 訪問至受信任的網路和使用者,並在不需要時禁用 f5-debug-sidecar container。

    針對 BIG-IP Next Central Manager:

     

    1. 限制 SSH 訪問至受信任的網路和使用者。

    請瀏覽供應商之網站,以獲得更多詳細資料。

     

    應用供應商提供的臨時處理方法:

    漏洞識別碼

    資料來源

    相關連結

    沒有留言:

    F5 Products Denial of Service Vulnerability

    F5 Products Denial of Service Vulnerability

    Release Date: 22 Apr 2025

    RISK: High Risk

    TYPE: Operating Systems - Networks OS

    A vulnerability was identified in F5 Products, a remote attacker could exploit this vulnerabilities to trigger denial of service on the targeted system.

     

    Note:

    No patch is currently available for  CVE-2025-26466 of the affected products. Hence, the risk level is rated as High Risk.

    Impact

    • Denial of Service

    System / Technologies affected

    • BIG-IP Next (all modules) version 20.2.0 - 20.3.0
    • BIG-IP Next Central Manager version 20.2.0 - 20.3.0

     

    Solutions

    Workaround:

    Mitigate the vulnerability of attacks by following workaround:

     

    For BIG-IP Next:

     

    1. Restrict SSH access to trusted networks and users, and disable the f5-debug-sidecar container if it is not needed

    For BIG-IP Next Central Manager:

     

    1. Restrict SSH access to trusted networks and users

    Please visit the vendor web-site for more details.

     

    Apply workarounds issued by the vendor:

    Vulnerability Identifier

    Source

    Related Link

    沒有留言:

    SonicWall 產品遠端執行程式碼漏洞

    SonicWall 產品遠端執行程式碼漏洞

    發佈日期: 2025年04月22日

    風險: 極高度風險

    類型: 操作系統 - Network

    於 SonicWall 產品發現一個漏洞。遠端攻擊者可利用此漏洞,於目標系統觸發遠端執行任意程式碼。

     

    注意:

    CVE-2021-20035 已被廣泛利用。該漏洞允許攻擊者在某些版本的 SonicWall SMA 100 Series 產品中執行任意程式碼。因此,風險等級評為極高度風險。

     

    影響

    • 遠端執行程式碼

    受影響之系統或技術

    • SonicWall SMA 100 系列(SMA 200、SMA 210、SMA 400、SMA 410、SMA 500v(ESX、KVM、AWS、Azure))9.0.0.10-28sv 及更早版本
    • SonicWall SMA 100 系列(SMA 200、SMA 210、SMA 400、SMA 410、SMA 500v(ESX、KVM、AWS、Azure))10.2.0.7-34sv 及更早版本
    • SonicWall SMA 100 系列(SMA 200、SMA 210、SMA 400、SMA 410、SMA 500v(ESX、KVM、AWS、Azure))10.2.1.0-17sv 及更早版本

    解決方案

    在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

     

    安裝供應商提供的修補程式:

    漏洞識別碼

    資料來源

    相關連結

    沒有留言:

    SonicWall Products Remote Code Execution Vulnerability

    SonicWall Products Remote Code Execution Vulnerability

    Release Date: 22 Apr 2025

    RISK: Extremely High Risk

    TYPE: Operating Systems - Networks OS

    A vulnerability was identified in SonicWall Products.  A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

     

    Note:

    Exploit in the wild has been detected for CVE-2021-20035 that allows remote code execution in certain versions of the SonicWall SMA 100 Series Products. Hence, the risk level is rated as Extremely High Risk.

     

    Impact

    • Remote Code Execution

    System / Technologies affected

    • SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v (ESX, KVM, AWS, Azure)) 9.0.0.10-28sv and earlier

    • SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v (ESX, KVM, AWS, Azure)) 10.2.0.7-34sv and earlier

    • SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v (ESX, KVM, AWS, Azure)) 10.2.1.0-17sv and earlier

    Solutions

    Before installation of the software, please visit the vendor web-site for more details.

     

    Apply fixes issued by the vendor:

    Vulnerability Identifier

    Source

    Related Link

    沒有留言:

    ChromeOS 多個漏洞

    ChromeOS 多個漏洞

    發佈日期: 2025年04月22日

    風險: 中度風險

    類型: 操作系統 - 其他操作系統

    於 ChromeOS 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發繞過保安限制、仿冒、權限提升及阻斷服務狀況。

    影響

    • 繞過保安限制
    • 阻斷服務
    • 仿冒
    • 權限提升

    受影響之系統或技術

    • 16209.50.0 之前的 ChromeOS 版本(瀏覽器版本 135.0.7049.104)

    解決方案

    在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

     

    安裝供應商提供的修補程式,詳情請參閱以下連結:

    漏洞識別碼

    資料來源

    相關連結

    沒有留言:

    ChromeOS Multiple Vulnerabilities

    ChromeOS Multiple Vulnerabilities

    Release Date: 22 Apr 2025

    RISK: Medium Risk

    TYPE: Operating Systems - Others OS

    Multiple vulnerabilities were identified in ChromeOS. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, spoofing, elevation of privilege and denial of service condition on the targeted system.

    Impact

    • Security Restriction Bypass
    • Denial of Service
    • Spoofing
    • Elevation of Privilege

    System / Technologies affected

    • ChromeOS version 16209.50.0 (Browser version 135.0.7049.104)

    Solutions

    Before installation of the software, please visit the vendor web-site for more details.

     

    Apply fixes issued by the vendor. For detail, please refer to the link below:

    Vulnerability Identifier

    Source

    Related Link

    沒有留言:

    2025年4月17日星期四

    蘋果產品多個漏洞

    蘋果產品多個漏洞

    發佈日期: 2025年04月17日

    風險: 高度風險

    類型: 操作系統 - 流動裝置及操作系統

    於蘋果產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制。

     

    注意:

    此漏洞 CVE-2025-31200 正被利用作零星攻擊。遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行任意程式碼。因此風險等級被評為「高度風險」。

    影響

    • 遠端執行程式碼
    • 繞過保安限制

    受影響之系統或技術

    • macOS Sequoia 15.4.1 以前的版本
    • tvOS 18.4.1 以前的版本
    • visionOS 2.4.1 以前的版本
    • iOS 18.4.1 以前的版本
    • iPadOS 18.4.1 以前的版本

    解決方案

    在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

    安裝供應商提供的修補程式:

     

    • macOS Sequoia 15.4.1
    • tvOS 18.4.1
    • visionOS 2.4.1
    • iOS 18.4.1
    • iPadOS 18.4.1

    漏洞識別碼

    資料來源

    相關連結

    沒有留言:

    Apple Products Multiple Vulnerabilities

    Apple Products Multiple Vulnerabilities

    Release Date: 17 Apr 2025

    RISK: High Risk

    TYPE: Operating Systems - Mobile & Apps

    Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

     

    Note:

    The vulnerability CVE-2025-31200 is being used in scattered exploit. A remote attacker could exploit this vulnerability to trigger remote code execution. Hence the risk level is rated to High Risk.

     

     

    Impact

    • Remote Code Execution
    • Security Restriction Bypass

    System / Technologies affected

    • Versions prior to macOS Sequoia 15.4.1
    • Versions prior to tvOS 18.4.1
    • Versions prior to visionOS 2.4.1
    • Versions prior to iOS 18.4.1
    • Versions prior to iPadOS 18.4.1

    Solutions

    Before installation of the software, please visit the vendor web-site for more details.

    Apply fixes issued by the vendor:

     

    • macOS Sequoia 15.4.1
    • tvOS 18.4.1
    • visionOS 2.4.1
    • iOS 18.4.1
    • iPadOS 18.4.1

    Vulnerability Identifier

    Source

    Related Link

    沒有留言:
    訂閱: 文章 (Atom)

    惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

    惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標 發佈日期: 2025年05月02日 類別: ...

    • Ubuntu Linux 核心多個漏洞
      Ubuntu Linux 核心多個漏洞 發佈日期: 2025年03月03日 風險: 中度風險 類型: 操作系統 - LINUX 於 Ubuntu...
    • Debian Linux 內核多個漏洞
      Debian Linux 內核多個漏洞 發佈日期: 2025年04月14日 風險: 中度風險 類型: 操作系統 - LINUX 於 Debian...