每周威胁情报新闻汇总(20181209)

漏洞相关:

  1. 工业物联网M2M通讯协议的漏洞。https://blog.trendmicro.com/trendlabs-security-intelligence/machine-to-machine-m2m-technology-design-issues-and-implementation-vulnerabilities/。https://documents.trendmicro.com/assets/white_papers/wp-the-fragility-of-industrial-IoTs-data-backbone.pdf?v1
  2. 思科安全团队爆出一个漏洞Netgate pfSense system_advanced_misc.php powerd_normal_mode命令注入漏洞https://blog.talosintelligence.com/2018/12/Netgate-pfsense-command-injection-vulns.html
  3. 国产工控系统SDS1202X-E显示器被爆存在后门,https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-siglent-technologies-sds-1202x-e-digital-oscilloscope/
  4. 知名高清视频会议系统 Zoom 被披露高危漏洞利用过程及漏洞概念验证代码(PoC)。攻击者可以在同网段或远程,通过构造恶意 UDP 数据包,针对使用 Zoom 桌面版本(包括 MacOS、Linux、Windows)的用户进行远程控制等攻击https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d、https://github.com/tenable/poc/tree/master/Zoom
  5. forcepoint内存安全https://www.forcepoint.com/sites/default/files/resources/files/report-web-assembly-memory-safety-en.pdf

APT攻击相关:

  1. 针对俄罗斯医疗机构的攻击。“毒针行动”,主要用的是adobe 0day漏洞cve-2018-15982。http://blogs.360.cn/post/PoisonNeedles_CVE-2018-15982.html
  2. Flash 0day + Hacking Team远控:利用最新Flash 0day漏洞的攻击活动与关联分析https://ti.360.net/blog/articles/flash-0day-hacking-team-rat-activities-of-exploiting-latest-flash-0day-vulnerability-and-correlation-analysis/
  3. 来自朝鲜的APT组织活动,针对学术界的。https://asert.arbornetworks.com/stolen-pencil-campaign-targets-academia/
  4. 乌克兰安全局发现了来自俄罗斯情报机构的攻击。https://ssu.gov.ua/ua/news/1/category/2/view/5487#.wWXt7P7P.dpbs
  5. APT28针对北约国防和军事机构的攻击https://www.emanueledelucia.net/apt28-targeting-military-institutions/

其他威胁攻击相关

  1. ESET出品,基于openssh的恶意软件活动https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
  2. RISKIQ做的Group 11(Magecart组织)攻击在线零售业的指征与分析。https://www.riskiq.com/blog/labs/magecart-vision-direct/
  3. 针对美国零售业TA505攻击活动。https://www.proofpoint.com/us/threat-insight/post/ta505-targets-us-retail-industry-personalized-attachments
  4. ESET发现利用IOS应用程序通过Touch ID功能窃取用户资金。https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
  5. proofpoint监测到节日假期的攻击频发。https://www.proofpoint.com/us/threat-insight/post/thanksgiving-christmas-cybercriminals-cash-range-threats-over-holidays
  6. Kelihos和ZOMBIE SPIDER(两个恶意软件)活动分析,被crowdstrike关联到了俄罗斯。https://www.crowdstrike.com/blog/farewell-to-kelihos-and-zombie-spider/
  7. Sextortion与勒索软件https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
  8. DarkVishnya:银行通过直接连接本地网络进行攻击https://securelist.com/darkvishnya/89169/
  9. 新的偷钱KoffeyMaker工具包,链接ATM的工具。https://securelist.com/koffeymaker-notebook-vs-atm/89161/

值得一看的综合报告

  1. 卡巴斯基安全公告,今年几个重点APT攻击事件,包括Olympic Destroyer、operation-parliament、Energetic Bear、Sofacy、APT27、Turla、MuddyWater等值得一看。https://securelist.com/kaspersky-security-bulletin-2018-top-security-stories/89118/

国际新闻

  1. 美国司法部起诉中国能源公司,还涉及澳门“赌王”,赌王作为中间人https://www.justice.gov/opa/pr/former-head-organization-backed-chinese-energy-conglomerate-convicted-international-bribery
  2. 路透社说万豪的泄露是中国黑客搞的。https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D。

发表评论

电子邮件地址不会被公开。 必填项已用*标注