Aggregator

HackerNews 编译，转载请注明出处： 英国生鲜物流企业Peter Green Chilled近期遭遇勒索软件攻击，部分系统遭加密。该公司为乐购（Tesco）、奥乐齐（Aldi）等零售巨头提供冷链运输服务，此次事件距离玛莎百货（Marks & Spencer）重大网络攻击尚不足一月。BBC报道称，攻击者于周三加密企业数据并扰乱运营，公司内部邮件证实正在处理勒索软件事件。 网络安全研究员Aras Nazarovas指出，此类攻击可使物流企业陷入服务瘫痪，导致合作超市特定商品短期缺货。ISACA全球战略官Chris Dimitriadis强调，网络罪犯正将目标转向供应链环节——配送中断、库存损耗与财务损失将引发连锁反应。 近期英国零售业频现安全危机，除玛莎百货外，哈罗德百货（Harrods）、合作社集团（Co-op）相继遭入侵。据路透社数据，玛莎百货因攻击已损失超6000万英镑（约8000万美元）利润，市值蒸发逾10亿英镑。调查显示，攻击者通过第三方服务商塔塔咨询（TCS）两名员工的凭证侵入系统，黑客组织Scattered Spider被怀疑参与作案。该团伙以钓鱼技术著称，2023年曾伪装IT支持人员攻陷拉斯维加斯美高梅度假村与凯撒娱乐集团。 尽管Scattered Spider作案手法老练，执法机构已展开全球缉捕。2023年，涉嫌参与美高梅攻击的22岁英国公民Tyler Robert Buchanan在西班牙落网。同年11月，美国起诉包括Ahmed Hossam Eldin Elbadawy在内的五名该组织成员。安全专家警示，供应链环节的数字化依赖度攀升，物流企业需强化第三方供应商的凭证管理及零信任架构部署。       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： Thales《2025年数据威胁报告》显示，面对生成式AI（GenAI）带来的安全风险，73%的企业正在通过新增预算或重新分配资源的方式采购AI专用安全工具。其中，超三分之二的企业选择云服务商提供的解决方案，60%依赖传统安全厂商，约半数尝试新兴初创公司的产品。AI安全已成为企业第二大安全投入重点，仅次于云安全。 近70%的IT与安全从业者认为，快速迭代的生成式AI生态系统（涵盖新型基础设施、SaaS服务与自主代理）是采用该技术的首要安全顾虑。此外，64%担忧数据完整性，57%质疑结果可信度。尽管存在风险，仍有三分之一企业处于GenAI技术的”集成”或”转型”阶段。 报告指出，45%的受访企业曾遭遇数据泄露，较2024年的49%略有下降。自2021年（56%）以来，受泄密影响的企业比例呈逐步下降趋势。过去12个月内发生泄露的企业占比为14%，与上年持平。值得注意的是，未通过合规审计的企业中有78%曾遭遇数据泄露，而通过审计的企业该比例仅为21%。恶意软件、钓鱼攻击与勒索软件仍是年度三大主要攻击类型。 近60%的企业采用生物识别技术，47%部署无密码认证（如通行密钥），这类技术能有效防范钓鱼攻击与凭证填充等账户劫持行为。研究覆盖全球20个国家、15个行业的3000余名IT与安全专家。 451 Research首席分析师Eric Hanselman评论称：“生成式AI的快速演进迫使企业加速布局，但往往以牺牲谨慎为代价。许多企业在尚未完全理解应用架构的情况下仓促部署，加之集成GenAI能力的SaaS工具激增，多重因素叠加放大了复杂性与风险。”       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 网络安全公司Netacea最新研究显示，大西洋两岸近半数消费者曾遭遇社交媒体平台推送的零售欺诈广告，这些广告以“退款技巧”为幌子诱导用户参与诈骗。该公司对英美2000余名消费者展开调查，发现欺诈行为正通过主流社交媒体的高曝光广告逐渐“去罪化”。 地下犯罪产业阳光化 报告指出，以往仅存于暗网“欺诈即服务”论坛的犯罪指南，如今公然现身TikTok等平台。Netacea威胁服务副总裁Matthew Gracey-McMinn分析称：“犯罪组织利用社交媒体近乎无限的‘干净账户’资源（即未被风控系统标记的可信账户），通过诱导千禧一代‘轻松赚钱’，实际上将其培养成实施恶意活动的‘数字骡子’。” 触目惊心的数据 45%受访者承认收到过零售欺诈指南广告，58%接触过伪装成网红内容的退款骗局 16%认为零售欺诈属于“无受害者犯罪”，58%认为零售商应自行承担欺诈损失且不会影响经营 23%曾产生欺诈冲动，15%表示在特定条件下会尝试更严重的欺诈行为，34%认为单笔100英镑以内的欺诈可以接受 社交裂变式传播 18%受访者表示看到过网红推广欺诈手段，而通过亲友（37%）、同事（21%）、同学（9%）接触相关信息的比例高达82%。常见欺诈手法包括：谎称未收到货物骗取退款/补发、调包退货、盗用支付信息购物、使用非法获取的礼品卡或账户余额消费、雇佣专业“退单服务商”等。 内部腐败风险攀升 18%受访者承认认识从事内部欺诈的人员（其中12%在零售企业工作，6%在物流服务商任职）。这与Ravelin上周发布的报告相呼应——零售商普遍认为普通消费者带来的威胁已不亚于职业欺诈团伙。 Netacea警告称，欺诈行为的文化接受度正在发生危险转变：“我们每天监控暗网市场的职业罪犯，但如今零售欺诈技术已从阴影走向公开——它们在朋友间传播，在网络平台大肆推广。令人震惊的是，相当部分公众不仅看得见这些行为，甚至认为其可以接受。”       消息来源： infosecurity-magazine； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

FIs Must Invest in AI-Fueled Behavioral Biometrics to Go Beyond Static Credentials
Scammers are increasingly turning to account takeover fraud, as financial institutions ramp up their defenses. Instead of luring victims into making authorized transactions, cybercriminals are bypassing them altogether, hijacking their digital identities and draining accounts from within.

Homeland Security Secretary Says Trump Budget Strengthens Cybersecurity
Senate Democrats Tuesday pushed Homeland Security Secretary Kristi Noem on the Trump administration's cuts to the cybersecurity component of the U.S. federal department she leads. Noem told senators the U.S. Cybersecurity and Infrastructure Agency will "continue to fulfill" its statutory obligations.

Scattered Spider Stole Tata Consulting Services Employee Login Details for Hack
British retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Georgia Court Allows Claims of Fraud, Trespass Over Falcon Software Update
Delta can proceed with its lawsuit against CrowdStrike over a July 2024 update that allegedly bypassed Microsoft safeguards and crashed thousands of systems. The judge found that Delta sufficiently alleged fraud, computer trespass and gross negligence, allowing key claims to move forward.

HackerNews 编译，转载请注明出处： 斯里兰卡、孟加拉国与巴基斯坦的高级别政府机构近期成为APT组织SideWinder新一轮攻击的重点目标。 研究人员发现，攻击者采用鱼叉式钓鱼邮件结合地理围栏技术，确保仅特定国家的目标会收到恶意载荷。攻击链通过诱饵文档激活感染流程，最终部署名为StealerBot的恶意软件，该作案手法与此前披露的SideWinder活动特征一致。 此次攻击瞄准南亚多国关键部门，包括孟加拉国电信监管委员会、国防部与财政部，巴基斯坦本土技术发展局，以及斯里兰卡外债管理局、国防部与中央银行。攻击者利用微软Office中历史悠久的远程代码执行漏洞（CVE-2017-0199与CVE-2017-11882）作为初始攻击媒介，部署具备持久化访问能力的恶意程序。 恶意文档被打开时触发CVE-2017-0199漏洞，通过DLL侧载技术释放后续载荷安装StealerBot。攻击者采用地理围栏技术增强隐蔽性：若受害者IP地址不符合预设国家范围，系统仅返回空白RTF文件作为诱饵。实际恶意RTF文件利用公式编辑器漏洞CVE-2017-11882触发内存破坏，执行基于shellcode的加载器运行StealerBot。 StealerBot是基于.NET开发的模块化植入程序，能够投放额外恶意组件、启动反向shell，并从受控主机窃取屏幕截图、键盘记录、密码、文件等敏感数据。分析指出，该组织展现出持续的活跃度与精准控制能力——恶意载荷仅在限定时间内分发给经过严格筛选的目标，反映出其组织架构的延续性与攻击意图的持久性。 攻击活动中，SideWinder延续了其标志性战术：频繁更新工具集以规避安全检测，通常在安全解决方案识别其工具后5小时内生成新变种。若遭遇行为检测，则迅速调整持久化维持与组件加载技术，并修改恶意文件路径及名称。尽管主要依赖旧版Office漏洞实施攻击，但其对目标选择的高度精准性与攻击流程的严密控制，仍使其成为南亚地区最具威胁的APT组织之一。       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as problematic, has been found in Exiv2 0.27.2. This issue affects the function Exiv2::getULong of the file types.cpp. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2019-17402. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component curl. The manipulation leads to insufficient verification of data authenticity. The identification of this vulnerability is CVE-2021-22947. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in cURL up to 7.78.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component TLS Policy Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2021-22947. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Microsoft Windows up to Server 2022. It has been rated as critical. Affected by this issue is some unknown functionality of the component Open Source Curl. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2021-22947. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Oracle Commerce Guided Search 11.3.2. It has been classified as critical. Affected is an unknown function of the component Framework/Experience Manager. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2021-22946. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Essbase 21.3. Affected is an unknown function of the component Build. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2021-22946. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Cockpit up to 259. Affected is an unknown function of the component SSSD. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2021-3698. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cockpit. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is known as CVE-2021-3660. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in TYPO3 up to 10.4.49/11.5.43/12.4.30/13.4.11. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unverified ownership. This vulnerability was named CVE-2025-47940. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TYPO3 up to 12.4.30/13.4.11. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to authentication bypass using alternate channel. The identification of this vulnerability is CVE-2025-47941. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR and FortiCamera. This vulnerability affects unknown code of the component Hash Cookie Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-32756. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.