2025年5月2日星期五

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

發佈日期: 2025年05月02日

類別: 惡意程式

惡意軟件警告

現況及相關趨勢

威脅情報顯示,近日多家知名零售商,包括Marks & Spencer(M&S)、Co-op及Harrods,接連遭受疑似「Scattered Spider」組織相關的勒索軟件攻擊,導致業務運營受到嚴重影響 [1][2]。

 

「Scattered Spider」是一個以社交工程為攻擊核心的威脅組織,其常用的手段包括釣魚攻擊、SIM卡交換、多重認證(MFA)疲勞攻擊,以及冒充IT支援人員進行欺詐。攻擊者會利用上述手段竊取企業內部帳戶憑據,進一步橫向滲透至整個網絡。之前的攻擊中,攻擊者發現並竊取高價值數字資產,包括專有程式碼庫、程式碼簽署憑證和原始程式碼。最終,攻擊者部署了DragonForce勒索軟件,對VMware ESXi主機中的虛擬機進行加密。

 

攻擊者的主要目的是加密企業系統、竊取數據以進行勒索,或威脅公開敏感信息。此前的攻擊導致零售商的非接觸式支付、線上訂單及倉庫操作中斷。這些攻擊對零售行業的影響深遠,還可能導致受害者數據洩露及經濟損失。

 

來源:

[1] "Marks & Spencer confirms a cyberattack as customers face delayed orders" BleepingComputer

[2] "Harrods the next UK retailer targeted in a cyberattack" BleepingComputer

HKCERT 建議使用者:

 

  • 實施防網路釣魚的多重身份驗證,提醒使用者識別社交工程攻擊和網絡釣魚。
  • 使用最小權限存取管制並限制未經授權的存取操作。
  • 維護離線和加密備份。
  • 部署電子郵件過濾工具並實施網絡分段。
  • 定期更新軟件和系統並安裝防毒軟件。
  • 制定完善的事故應變計劃。

 

更多資料, 可以訪問 https://www.hkcert.org/tc/publications/fight-ransomware

沒有留言:

Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group

Malware Alert - Retailers Targeted by Ransomware Attacks from Scattered Spider Threat Actor Group

Release Date: 2 May 2025

Type: Malware

Malware Alert

Current Status and Related Trends

Threat intelligence has revealed that several well-known retailers, including Marks & Spencer (M&S), Co-op, and Harrods, have reportedly been hit by ransomware attacks linked to the "Scattered Spider" group, severely impacting their business operations [1][2].

 

"Scattered Spider" is a threat group that primarily uses social engineering tactics. Their common attack methods involve phishing, SIM swapping, multi-factor authentication (MFA) fatigue attacks, and impersonating IT support staff to carry out fraud. The attackers steal internal account credentials of enterprises and then conduct lateral movements across the entire network. In previous attacks, the attackers used to perform discovery and exfiltrate high-value digital assets including proprietary code repositories, code-signing certificates, and source code. Eventually, the attackers deployed the DragonForce ransomware to encrypt virtual machines on VMware ESXi hosts.

 

The attackers' main objectives are to encrypt corporate systems, steal data for ransom, or threaten to disclose sensitive information. The previous attacks caused disruptions to retailers' contactless payments, online orders, and warehouse operations. These attacks have had a profound impact on the retail industry and may also lead to data breaches and financial losses for victims.

 

Source:

[1] "Marks & Spencer confirms a cyberattack as customers face delayed orders" BleepingComputer

[2] "Harrods the next UK retailer targeted in a cyberattack" BleepingComputer

mickmick.net recommends that users should:

 

  • Implement phishing-resistant MFA and educate users on recognizing social engineering and phishing attempts.
  • Enforce least privilege access policies to limit unauthorized access.
  • Maintain offline and encrypted backups.
  • Deploy email filtering tools and implement network segmentation.
  • Update software and system regularly and install anti-virus.
  • Create robust incident response plan.

 

For further information, can browse https://www.hkcert.org/publications/fight-ransomware.

沒有留言:

RedHat Linux 核心多個漏洞

RedHat Linux 核心多個漏洞

發佈日期: 2025年05月02日

風險: 中度風險

類型: 操作系統 - LINUX

於 RedHat Linux核心發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發篡改、阻斷服務狀況、遠端執行任意程式碼、洩露敏感資料及繞過保安限制。

 

影響

  • 阻斷服務
  • 資料洩露
  • 繞過保安限制
  • 篡改
  • 遠端執行程式碼

受影響之系統或技術

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

RedHat Linux Kernel Multiple Vulnerabilities

RedHat Linux Kernel Multiple Vulnerabilities

Release Date: 2 May 2025

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in RedHat Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

Impact

  • Denial of Service
  • Information Disclosure
  • Security Restriction Bypass
  • Data Manipulation
  • Remote Code Execution

System / Technologies affected

  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat OpenShift Container Platform 4.14 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.14 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.18 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.14 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 8 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.18 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.14 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.18 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.14 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.18 for RHEL 9 ppc64le

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:

SonicWall 產品多個漏洞

SonicWall 產品多個漏洞

發佈日期: 2025年05月02日

風險: 高度風險

類型: 操作系統 - Network

於 SonicWall Products 發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制。

 

注意:

CVE-2023-44221 已被廣泛利用。此漏洞允許具有管理員權限、經過驗證的攻擊者以「nobody」使用者的身份在 SonicWall SMA100 產品中執行任意程式碼。因此,風險等級評為高度風險。

 

影響

  • 遠端執行程式碼
  • 繞過保安限制

受影響之系統或技術

  • SonicWall SMA 100 系列(SMA 200、SMA 210、SMA 400、SMA 410、SMA 500v) 10.2.1.9-57sv 及更早版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

 

安裝供應商提供的修補程式:

漏洞識別碼

資料來源

相關連結

沒有留言:

SonicWall Products Multiple Vulnerabilities

SonicWall Products Multiple Vulnerabilities

Release Date: 2 May 2025

RISK: High Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in SonicWall Products. A remote attacker could exploit these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

CVE-2023-44221 is being exploited in the wild. This vulnerability allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user in SonicWall SMA100 appliances. Hence, the risk level is rated as High Risk.

 

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • SonicWall SMA 100 Series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) 10.2.1.9-57sv and earlier versions.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

沒有留言:
訂閱: 文章 (Atom)

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標

惡意軟件警報 - 零售商成為 Scattered Spider 黑客組織勒索軟件攻擊的目標 發佈日期: 2025年05月02日 類別: ...

  • Ubuntu Linux 核心多個漏洞
    Ubuntu Linux 核心多個漏洞 發佈日期: 2025年03月03日 風險: 中度風險 類型: 操作系統 - LINUX 於 Ubuntu...
  • Debian Linux 內核多個漏洞
    Debian Linux 內核多個漏洞 發佈日期: 2025年04月14日 風險: 中度風險 類型: 操作系統 - LINUX 於 Debian...