RISK: Medium Risk
TYPE: Operating Systems - Others OS
A vulnerability has been identified in ChromeOS. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor. For detail, please refer to the link below:
風險: 中度風險
類型: 保安軟件及應用設備 - 保安軟件及應用設備
於思科產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and security restriction bypass on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況及遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit these vulnerabilities to trigger remote code execution on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - 流動裝置及操作系統
於蘋果產品發現一個漏洞,遠端攻擊者可利用這個漏洞,於目標系統觸發遠端執行任意程式碼。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Mobile & Apps
A vulnerability was identified in Apple Product. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 高度風險
類型: 操作系統 - Network
於 F5 產品發現一個漏洞。遠端攻擊者可利用這漏洞,於目標系統觸發阻斷服務狀況。
注意:
受影響之系統或技術暫無可修補 CVE-2023-4408 的修補程式。
BIG-IP (all modules)
BIG-IQ Centralized Management
請先瀏覽供應商之網站,以獲得更多詳細資料。。
應用供應商提供的臨時處理方法:
臨時處理方法:
從以下臨時處理方法以減少攻擊:
RISK: High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in F5 Products. A remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.
Note:
No patch is currently available for CVE-2023-4408 of the affected products.
BIG-IP (all modules)
BIG-IQ Centralized Management
Please visit the vendor web-site for more details.
Apply workarounds issued by the vendor:
Workaround:
Reduce the vulnerability of attacks by following workaround:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Microsoft Edge 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼、資料洩露、仿冒、阻斷服務及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, information disclosure, spoofing, denial of service and security restriction bypass on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Firefox. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and denial of service on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝軟件供應商提供的修補程式:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 用戶端 - 瀏覽器
於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、彷冒、遠端執行任意程式碼、洩露敏感資料、資料篡改及繞過保安限制。
以下版本之前的版本﹕
在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。
更新至版本:
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.
Versions prior to:
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
類別: 惡意程式
威脅情報顯示,利用雲端資源和針對公司的惡意軟件攻擊日益增加。
世界最大的IT服務提供商之一Fujitsu報告稱,其系統遭到惡意軟體感染,導致數據外洩和客戶數據被盜。該惡意軟件攻擊通過一種未經證實的方法感染工作電腦,該公司目前正在調查事件以確定影響程度。[1]
此外,發現了一個新的惡意軟體攻擊活動,利用假的 Google Sites 頁面和 HTML 藏匿來分發一種商業惡意軟件 AZORult。該惡意軟件旨在用以盜竊資訊,該活動已被發現針對多個受害者。該惡意軟件附載於一個外部網站上的單獨 JSON 文件中,而該網站亦使用非正統的 HTML 藏匿技術。[2]
此外,一個名為 DEEP#GOSU 的惡意軟件活動利用 PowerShell 和 VBScript 惡意軟件來感染 Windows 系統並收集敏感資訊。最值得注意的是它利用 Dropbox 或 Google Docs 等合法服務進行命令和控制 (C2),從而允許黑客在未被檢測到的情況下在常規網路流量中進行攻擊。[3]
這些事件突顯了利用雲端資源和針對公司的惡意軟件攻擊日益增加。機構實施更多的網絡保安措施以防範此類攻擊至關重要,包括定期軟件更新、員工培訓和網絡分割。
來源:
[1] DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
[2] Hackers exploited Windows SmartScreen flaw to drop DarkGate malware
[3] New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
Type: Malware
Threat intelligence indicates an increasing trend of malware attacks using cloud resources and targeting companies.
Fujitsu, one of the world's largest IT service providers, has reported that its systems were infected with malware, which resulted in a data breach and customer data theft. The malware attack infected work computers through an unconfirmed method, and the company is currently investigating the incident to determine the extent of the damage. [1]
In addition, a new malware campaign has been discovered that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult. The malware is designed to facilitate information theft, and the campaign has been found to target multiple victims. The malicious payload is embedded in a separate JSON file hosted on an external website, which uses an unorthodox HTML smuggling technique. [2]
Moreover, a malware campaign named DEEP#GOSU was employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. A notable aspect of the infection procedure is that it leverages legitimate services such as Dropbox or Google Docs for command-and-control (C2), thus allowing the threat actor to blend undetected into regular network traffic. [3]
These incidents highlight the increasing trend of malware attacks using cloud resources and targeting companies. It is crucial for organizations to implement robust cybersecurity measures to protect against such attacks, including regular software updates, employee training, and network segmentation.
Sources:
[1] Fujitsu found malware on IT systems, confirms data breach
[2] Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
[3] New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
RISK: Medium Risk
TYPE: Servers - Other Servers
Multiple vulnerabilities were identified in PaperCut. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, elevation of privilege, remote code execution, sensitive information disclosure and spoofing on the targeted system.
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
風險: 中度風險
類型: 操作系統 - LINUX
於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼、洩露敏感資料及資料篡改。
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
安裝供應商提供的修補程式:
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
類別: 惡意程式
最近,勒索軟件黑客組織使用釣魚電子郵件和假冒的軟體安裝程式等策略來誘騙受害者[1]。與此同時,有研究人員亦發現了與DarkGate惡意軟體相關的新一波攻擊[2]。黑客發送帶有PDF附件的釣魚電子郵件,受害者打開並點擊PDF附件中的鏈接後,會將用戶重新導向到一個惡意的網絡快捷方式文件,該文件可以利用CVE-2024-21412繞過安全檢查並自動安裝假冒的軟體程式[2]。
DarkGate惡意軟體是一種木馬病毒程式(RAT),允許遠端攻擊者入侵受害者的系統,於目標系統觸發訊息洩露和遠端執行任意程式碼。黑客還可操控它來下載和安裝其他更多的惡意軟體[2]。 此外,亦有報告顯示,另一個Windows SmartScreen的安全漏洞(CVE-2023-36025)也被利用來傳播其他惡意軟體,如Phemedrone Stealer和Mispadu等[1]。此漏洞如同CVE-2024-21412一樣,也可被遠端攻擊者利用於目標系統繞過安全限制。
來源:
[1] DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
[2] Hackers exploited Windows SmartScreen flaw to drop DarkGate malware
mickmick.net 建議使用者:
Type: Malware
Threat intelligence indicates an increasing trend of malware attacks exploiting critical vulnerabilities, CVE-2024-21412 in Microsoft Windows SmartScreen to deliver DarkGate malware.
Recently, ransomware gangs have been employing various tactics to trap and deceive victims, including phishing email and fake software installers[1]. Meanwhile, a new wave of attacks related to DarkGate malware has been discovered in mid-January 2024[2]. The attack begins with victims clicking on a link embedded with a PDF attachment sent via a phishing email. The link therefore redirects users to a malicious .URL internet shortcut file that exploits CVE-2024-21412 which bypass security checks and automatically install fake software installers[2].
DarkGate malware is a remote access trojan (RAT) that allows attackes to compromise victim systems to perform information disclosure and remote code execution. It can also fetch additional payloads to distribute more malware on victim's system[2]. Moreover, there are reports showing that another security flaw, CVE-2023-36025 in Windows SmartScreen has been employed to deliver other malware like Phemedrone Stealer and Mispadu etc[1]. Exploiting this vulnurability also allows attackers to bypass security restriction.
Sources:
[1] DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
[2] Hackers exploited Windows SmartScreen flaw to drop DarkGate malware
mickmick.net recommends that users should:
