每周威胁情报新闻汇总(181202)

漏洞相关:

  1. linux爆了两个内核漏洞https://lkml.org/lkml/2018/11/20/411、https://lkml.org/lkml/2018/11/20/580
  2. 西门子说他的SIMATIC S7-1500工业自动化控制器大概有20多个漏洞。https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf

APT攻击相关:

  1. BITTERAPT组织使用InPage软件漏洞针对巴基斯坦的攻击及团伙关联分析。https://ti.360.net/blog/articles/analysis-of-targeted-attack-against-pakistan-by-exploiting-inpage-vulnerability-and-related-apt-groups/
  2. DNSpionage Campaign在中东国家黎巴嫩和阿拉伯联合酋长国(阿联酋)的新活动活动,https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
  3. 针对法国国家航空、汽车、化工、银行、软件IP等行业的钓鱼工具。不清楚动机。https://labsblog.f-secure.com/2018/11/26/phishing-campaign-targeting-french-industry/
  4. 在中东活动的APT组织HELIX KITTEN(伊朗)针对航空航天,能源,金融,政府,酒店和电信业务垂直市场,https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november-helix-kitten/
  5. MuddyWater:针对黎巴嫩和阿曼的攻击活动。https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf
  6. 巴西--来自南美洲的金融攻击活动,主要针对西语区金融业。https://www.cybereason.com/blog/brazilian-financial-malware-banking-europe-south-america
  7. CARROTBAT在东南亚地区活动。https://researchcenter.paloaltonetworks.com/2018/11/unit42-the-fractured-block-campaign-carrotbat-malware-used-to-deliver-malware-targeting-southeast-asia/
  8. 针对马拉维国民银行的网络攻击分析报告http://www.antiy.com/response/20181127.html

其他威胁攻击相关

  1. 黑客使用NSA黑客工具来构建僵尸网络https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html
  2. 西门子PLC蠕虫病毒研究https://mp.weixin.qq.com/s?__biz=MzU5Mjc0NjE2Mg==&mid=2247483903&idx=1&sn=c392fc8430d868c6b5b1279b4554d5a4
  3. 供应链攻击:JavaScript公共库event-stream被植入恶意代码预警https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247485796&idx=1&sn=254568c39f9a690b5e245e26f95a0312
  4. 卡巴斯基报告,工控安全威胁预测的。https://securelist.com/ksb-threat-predictions-for-industrial-security-in-2019/88940/。https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/11/26142000/Threat-Predictions-for-Industrial-Security-in-2019.pdf
  5. 谷歌和whiteops对网路犯罪组织 3VE 的追踪分析。给美司法部直接提供证据,下发逮捕令https://www.justice.gov/usao-edny/press-release/file/1114576/download。https://www.justice.gov/usao-edny/pr/two-international-cybercriminal-rings-dismantled-and-eight-defendants-indicted-causing。
  6. AutoIt编译的蠕虫可以利用移动存储介质传输BLADABINDI / njRAT后门,另外RAT都用动态C2l了https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-compiled-worm-affecting-removable-media-delivers-fileless-version-of-bladabindi-njrat-backdoor/
  7. CAD制图工具也被恶意利用了,中国,印度,土耳其和阿联酋还是主要感染国。值得注意。https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
  8. Golden Chickens分两个组织GC01和GC02https://medium.com/@quoscient/golden-chickens-uncovering-a-malware-as-a-service-maas-provider-and-two-new-threat-actors-using-61cf0cb87648

技术分析

  1. 火眼又来科普知识了,使用机器学习进行模糊命令行测试。https://www.fireeye.com/blog/threat-research/2018/11/obfuscated-command-line-detection-using-machine-learning.html
  2. 趋势科技,在土耳其发现了基于PowerShell的新后门,与MuddyWater Tools非常相似https://blog.trendmicro.com/trendlabs-security-intelligence/new-powershell-based-backdoor-found-in-turkey-strikingly-similar-to-muddywater-tools/

数据泄露

  1. 美国邮政服务存在API漏洞,听说泄露了至少6千万用户信息了。https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
  2. 万豪数据泄露:https://answers.kroll.com/

老美起诉

  1. 老美司法部起诉伊朗两人,称这两人创造SamSam勒索软件,勒索数百家企业。https://www.justice.gov/opa/press-release/file/1114741/download
  2. https://www.justice.gov/usao-edny/press-release/file/1114576/download。https://www.justice.gov/usao-edny/pr/two-international-cybercriminal-rings-dismantled-and-eight-defendants-indicted-causing

国际新闻

  1. 中东也门国家被老美搞的稀烂,看看他们的网络格局。https://www.recordedfuture.com/yemen-internet-activity/
  2. 国外眼中一带一路及地缘政治。https://www.recordedfuture.com/making-geopolitics-relevant/
  3. 乌克兰与俄罗斯海军冲突调查:https://www.bellingcat.com/news/uk-and-europe/2018/11/30/investigating-the-kerch-strait-incident/

发表评论

电子邮件地址不会被公开。 必填项已用*标注