每周威胁情报新闻汇总(181117)

漏洞相关:

针对中东攻击使用的0day(CV2-20188589)分析:https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/

APT攻击相关:

  1. 360出品,非常好的帖子,Darkhotel组织http://blogs.360.cn/post/VBScript_vul_CH.html
  2. 印度新闻站点造谣帖子http://zeenews.india.com/india/chinas-secret-military-unit-may-target-sensitive-indian-defence-installations-alerts-intelligence-agency-2153883.html
  3. 疑似某国模仿APT28攻击英国https://www.recordedfuture.com/chinese-threat-actor-tempperiscope
  4. OlympicDestroyer活动https://research.checkpoint.com/new-strain-of-olympic-destroyer-droppers/
  5. 新的APT组织white company针对巴基斯坦空军攻击:https://threatvector.cylance.com/en_us/home/the-white-company-inside-the-operation-shaheen-espionage-campaign.html
  6. 11月Lazarus Group使用韩国和美国服务器进行APT攻击http://blog.alyac.co.kr/1978
  7. 疑似“Group 123”APT团伙利用HWP软件未公开漏洞的定向攻击分析https://mp.weixin.qq.com/s/X8Iz26L1k5ibdqv3lKFHKg

威胁情报分析相关:

  1. 黑产组织MAGECART https://www.riskiq.com/research/inside-magecart/
  2. 黑产组织MAGECART https://community.riskiq.com/projects/44bd58f7-d24c-7092-7db4-0271bd4fc6c6
  3. 另一个MAGECART https://www.zdnet.com/article/card-skimming-malware-removed-from-infowars-online-store/
  4. INDRIK SPIDER活动https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/
  5. JOKAA(RR)行动 https://mymalwareparty.blogspot.com/2018/11/operation-jokaarr.html
  6. TA55最新活动https://www.proofpoint.com/us/threat-insight/post/trat-new-modular-rat-appears-multiple-email-campaign
  7. Unit42对OilRig分析(中东伊朗活动)https://researchcenter.paloaltonetworks.com/2018/11/unit42-analyzing-oilrigs-ops-tempo-testing-weaponization-delivery/
  8. 赛门铁克分享了用于破解银行的朝鲜Lazarus FastCash木马的详细信息https://www.symantec.com/blogs/threat-intelligence/fastcash-lazarus-atm-malware
  9. APT28 Lojax分析https://blog.yoroi.company/research/hunting-for-sofacy-lojax-double-agent-analysis/

其他威胁攻击相关:

  1. BGP泄露造成谷歌断网等https://blog.thousandeyes.com/internet-vulnerability-takes-down-google/
  2. 渗透无国界,看FSB如何渗透国际签证系统https://www.bellingcat.com/news/uk-and-europe/2018/11/16/spies-without-borders-fsb-infiltrated-international-visa-system/
  3. 勒索软件演变https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/sophoslabs-2019-threat-report.pdf
  4. 恶意挖矿软件WebCobra分析https://securingtomorrow.mcafee.com/mcafee-labs/webcobra-malware-uses-victims-computers-to-mine-cryptocurrency/

其他报告:

  1. 老美内部成熟度模型 https://www.dni.gov/files/NCSC/documents/nittf/20181024_NITTF_MaturityFramework_web.pdf
  2. 老美内部调查,对国外安全产品采购https://www.uscc.gov/Annual_Reports/2018-annual-report
  3. 美联邦政府问责局(GAO)对美国人事管理办公室OPM提出了80项改进安全的建议https://www.gao.gov/assets/700/695368.pdf
  4. 溯源分析https://cyberthreatintelligenceblog.wordpress.com/2018/11/16/c0ld-case-from-aerospace-to-chinas-interests/

发表评论

电子邮件地址不会被公开。 必填项已用*标注