Aggregator

HackerNews 编译，转载请注明出处： 奢侈品牌卡地亚向客户发出警告称，其系统遭入侵后发生数据泄露事件，导致客户个人信息外泄。 卡地亚在今日发送并由收件人于社交媒体分享的通知函中披露，黑客入侵其系统并窃取了少量客户信息。“特此告知您，未经授权方曾短暂访问我方系统并获取了少量客户信息，”卡地亚在数据泄露通知中声明，“我们已控制事态，并进一步强化了系统及数据的防护措施。” 据该公司透露，泄露信息包括客户姓名、电子邮箱地址及居住国家。卡地亚强调，此次泄露不涉及密码、信用卡号或银行账户详情等敏感数据。但公司警告失窃数据可能被用于定向攻击，建议客户对未经请求的可疑通信保持警惕。“鉴于数据性质，建议您警惕任何未经请求的通信及其他可疑信函，”通知补充道。 卡地亚表示已就事件通报执法部门，并正与外部网络安全公司合作处理漏洞。BleepingComputer曾联系卡地亚询问事件发生时间及受影响人数等细节，但截至发稿未获回复。 时尚品牌接连遇袭 此次事件发生前，近月已有多家时尚品牌披露类似安全事故： 五月，迪奥（Dior）在系统遭威胁分子入侵后坦承数据泄露，客户联系方式、购买记录及消费偏好被窃 同月，阿迪达斯（Adidas）因某第三方服务商系统失陷导致数据泄露，攻击者获取联系方式但未触及支付信息或账户凭证 上周，维多利亚的秘密（Victoria’s Secret）因持续安全事件下线官网并暂停部分门店服务，与卡地亚、迪奥及阿迪达斯相同，该品牌已联合网络安全专家启动调查。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

HackerNews 编译，转载请注明出处： 美国MainStreet银行披露其合作供应商遭网络攻击，导致约5%客户敏感信息泄露。该行在提交美国证交会（SEC）的文件中表示，3月获知供应商系统被入侵后，立即终止了全部合作。4月下旬完成事件范围审查，未回应具体受害人数及信息类型的质询。 这家总部位于弗吉尼亚的银行在华盛顿特区设有55,000台ATM机及分支机构。调查确认银行自身系统未受入侵，未发生异常交易，客户账户资金安全无虞。银行已于5月26日通知监管机构及客户，并为受害人建立可疑活动监测系统。 银行声明该事件未产生重大运营影响。最新财报显示存款约19亿美元，净利润250万美元——而2024年该行曾亏损998万美元。 此次披露正值美国五大银行协会联合致函SEC要求废除网络安全事件强制披露规定之际。该2023年生效的规章遭国会与银行业持续抨击，被指增加合规风险成本、未能产生有效投资决策信息，反而“阻碍资本形成机制”。银行协会表示行业担忧已成现实：注册企业被迫在调查未完成时公开事件，导致市场获得无效信息，且黑客已将披露要求武器化——2023年阿尔法维勒索团伙就以此要挟金融软件公司MeridianLink，此类威胁正持续增多。 主要争议点聚焦于事件“重大性”判断标准：当前32份披露文件中仅9份在初报中确认重大影响，补充报告后总量也仅11份。协会指出标准混乱加剧市场不确定性，违背监管初衷。金融机构目前实际需遵守至少10项保密报告要求。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Cybersecurity company SentinelOne has released a comprehensive root cause analysis revealing that a software flaw in an infrastructure control system caused the global service disruption that affected customers worldwide on May 29, 2025. The outage, which lasted approximately 20 hours, was fully restored by May 30 at 10:00 UTC, preventing customers from accessing the SentinelOne […]

The post SentinelOne Global Service Outage Root Cause Revealed appeared first on Cyber Security News.

HackerNews 编译，转载请注明出处： 美国非营利医疗集团Covenant Health遭遇网络攻击，其运营的三家医院紧急关闭所有系统以控制安全事件影响。圣玛丽医疗系统公告称：“当前系统临时故障影响部分电话及病历系统，医疗服务仍在继续，但部分科室候诊时间可能延长”。新罕布什尔州圣约瑟夫医院则通知：“5月27日门诊实验室服务临时调整，仅主院区可接收持纸质检验单的患者”。 这家天主教背景的区域医疗集团在新英格兰地区运营多家医院、养老院及辅助生活机构。2025年5月26日爆发的网络攻击使其旗下医院、诊所全面断网，目前尚不确定是否涉及数据窃取或勒索软件。院方已聘请顶级网络安全专家介入调查，核心医疗服务仍维持运转，但部分系统及检验科室受到影响。 除圣约瑟夫医院外，缅因州两家医疗机构同样遭波及，院方建议患者按原计划就诊。“发现网络异常后，我们立即切断了所有医疗机构的数据系统访问权限，”集团发言人表示，“正全力保障正常医疗服务，患者可照常赴约，如有疑问请咨询主治医生办公室”。截至发稿，尚无勒索组织宣称对事件负责。 2025年美国医疗系统频遭网络攻击：3月RansomHouse团伙宣称窃取芝加哥洛雷托医院1.5TB敏感数据；4月Interlock勒索组织攻击肾脏透析巨头DaVita并泄露数据。据记录，2024年全美医疗机构遭遇98起勒索攻击，涉及1.17亿条记录，典型案例如Change Healthcare（1亿条）、波士顿儿童健康医生集团（90.9万条）等数据泄露事件。医院遭遇攻击后往往被迫启用纸质化应急流程。       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-5389. The attack may be launched remotely. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-5390. It is possible to initiate the attack remotely. There is no exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Information Server 11.7. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information. This vulnerability is uniquely identified as CVE-2025-1499. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. This vulnerability was named CVE-2025-5385. The attack can be initiated remotely. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-5386. The attack may be initiated remotely. There is no exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-5387. It is possible to launch the attack remotely. There is no exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-5388. The attack can be launched remotely. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5378. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument CMCCAdmin/useradmin/CUAdmin leads to hard-coded credentials. This vulnerability was named CVE-2025-5379. The attack can be initiated remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/ of the component Image File Upload. The manipulation of the argument File leads to path traversal. The identification of this vulnerability is CVE-2025-5380. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. This vulnerability is traded as CVE-2025-5381. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. This vulnerability is handled as CVE-2025-5383. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5384. It is possible to initiate the attack remotely. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

HackerNews 编译，转载请注明出处： 若企业主、关键基础设施实体员工或政府部门/机构人员遭遇勒索软件攻击并支付赎金，须依法向澳大利亚当局报告。 年营业额达300万澳元及以上的组织，须在支付赎金后72小时内向澳大利亚信号局（ASD）报告勒索软件或网络勒索付款情况，关键基础设施相关组织同样适用此规定。报告须包含企业及联系人信息、网络安全事件全部已知细节：事件发现时间、被利用漏洞、勒索软件变种或恶意软件类型、攻击责任方、企业自身或第三方中介支付的具体金额，以及与威胁行为者的所有通信记录。 若未支付赎金则无强制报告义务。例如仅收到勒索要求但拒绝付款时，无需上报事件。 ASD强调，无论网络安全事件是否源自境外或影响海外实体，均不影响报告义务。“若受影响的报告企业（直接或间接受害）收到勒索要求并选择付款，必须提交报告”，ASD在常见问题解答（FAQ）中明确说明。 强制付款报告制度已于5月30日（周五）生效。2025年底前的初始阶段将重点开展合规宣传而非立即处罚。逾期72小时未提交赎金报告的企业将面临19,800澳元罚款。 澳大利亚成为全球首个推行强制赎金报告制度的国家。此举早有预兆——去年该国政府实体、关键基础设施和企业持续遭受国家背景黑客组织的攻击。ASD在年度网络威胁报告中指出：“这些行为体为实现国家目标开展网络行动，包括间谍活动、恶意影响、干涉胁迫，以及预置网络破坏能力。”       消息来源： cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文