每周威胁情报新闻汇总(20181215)

漏洞相关:

  1. CVE-2018-8611,WINDOWS内核级别的漏洞被多个APT组织使用,针对中东和非洲的地区攻击中可见。https://securelist.com/zero-day-in-windows-kernel-transaction-manager-cve-2018-8611/89253/
  2. 接上https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611
  3. 工控安全西门子SINUMERIK控制器漏洞。https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf

APT攻击活动分析:

  1. “黑鸟行动”,韩朝双边,针对韩国安卓APP。http://blog.alyac.co.kr/2035
  2. unit42 apt28 全球活动。https://researchcenter.paloaltonetworks.com/2018/12/unit42-cyberthreats-2019-trends-will-continue-move-upward/
  3. 对俄罗斯石油公司3年的攻击。https://threatvector.cylance.com/en_us/home/poking-the-bear-three-year-campaign-targets-russian-critical-infrastructure.html
  4. 腾讯威胁情报,使用钓鱼lnk针对英国、瑞士金融、贸易公司的定向攻击活动https://s.tencent.com/research/report/608.html
  5. Donot(APT-C-35)组织对在华巴基斯坦商务人士的定向攻击活动分析https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247486169&idx=1&sn=76d490cedd808eab6d4a50a511113fed
  6. 针对英国的Ursnif和'Brexit'恶意软件活动之间的代码重用分析。https://myonlinesecurity.co.uk/large-ursnif-campaign-hitting-uk-using-brexit-as-lure/?utm_source=hs_email&utm_medium=email&utm_content=68221180&_hsenc=p2ANqtz--Tw8LXe7DDoiGLR7u6KGzJXJsDjR-a9t1ri2ATO9TObQRTExnU2a-Ylvo7esVYCX_t3ihNikHSllUebpWfpNvHlyYAJA&_hsmi=68221180
  7. 赛门铁克对MuddyWater的总结分析。https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group。
  8. 赛门铁克对MuddyWater的总结分析PDF文档:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
  9. 麦咖啡对疑似朝鲜的APT组织"神枪手" 分析。https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/
  10. Yoroi安全专家分析了MuddyWater感染链https://blog.yoroi.company/research/dissecting-the-muddywater-infection-chain/
  11. 美联社新闻,伊朗针对美国公民活动,目标挺针对(华盛顿邮报转帖)。https://www.washingtonpost.com/world/europe/ap-exclusive-group-says-iran-hackers-hunt-nuke-workers-us/2018/12/13/28e734c8-fed2-11e8-a17e-162b712e8fc2_story.html?noredirect=on&utm_term=.c6d5d55f1ee4
  12. 伊朗针对美国公民活动技术贴:https://blog.certfa.com/posts/the-return-of-the-charming-kitten/

其他威胁攻击相关

  1. 思科对Shamoon 2和Shamoon 3的跟踪。https://blog.talosintelligence.com/2017/01/shamoon-2.html
  2. UNIT42报告Shamoon3活动(跟震网病毒差不多,不过没证据表明是老美)针对石油和天然气公司的活动https://researchcenter.paloaltonetworks.com/2018/12/shamoon-3-targets-oil-gas-organization/
  3. 赛门铁克对shamoon3的分析https://www.symantec.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail
  4. 新的漏洞利用工具包针对路由器https://blog.trendmicro.com/trendlabs-security-intelligence/new-exploit-kit-novidade-found-targeting-home-and-soho-routers/,受影响的路由包括:A-Link WL54AP3 / WL54AP2(CVE-2008-6823),D-Link DSL-2740R和DIR 905L,Medialink MWN-WAPR300(CVE-2015-5996),Motorola SBG6580,Realtron,Roteador GWR-120,Secutech RiS-11 / RiS-22 / RiS-33(CVE-2018-10080)和TP-Link TL-WR340G / TL-WR340GD和WR1043ND V1(CVE-2013-2645)
  5. EAST发现openssh存在12个后门https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf。https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
  6. 针对MAC系统的恶意软件活动https://blog.malwarebytes.com/threat-analysis/2018/12/mac-malware-combines-empyre-backdoor-and-xmrig-miner/
  7. DanaBot与GootKit木马合作(银行木马),利用受害者邮箱发送钓鱼邮件。https://www.welivesecurity.com/2018/12/06/danabot-evolves-beyond-banking-trojan-new-spam/

信息泄露相关

  1. facebook的API bug 泄露680万用户信息。https://developers.facebook.com/blog/post/2018/12/14/notifying-our-developer-ecosystem-about-a-photo-api-bug/
  2. 巴西1.2亿人员信息泄漏。https://cdn2.hubspot.net/hubfs/3836852/PCOs/InfoArmor_Brazilian%20Exposure%20Report.pdf
  3. 美国内务部对Equifax漏洞及泄漏数据的报告,老美泄漏不少公民信息。https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf

技术分析文章

  1. 火眼技术分析系列,FLARE脚本。https://www.fireeye.com/blog/threat-research/2018/12/automating-objective-c-code-analysis-with-emulation.html
  2. 火眼技术贴,从机器深度学习的角度分析恶意软件。https://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html
  3. ESET报告,针对马来西亚政府的混搭间谍工具包https://www.welivesecurity.com/2018/12/14/malaysian-government-targeted-mash-up-espionage-toolkit/。
  4. LCG工具包:恶意Microsoft Office文档的复杂构建器https://www.proofpoint.com/us/threat-insight/post/lcg-kit-sophisticated-builder-malicious-microsoft-office-documents

值得一看的综合报告

  1. 老美众议院能源和商业委员针对网络安全出了战略报告https://energycommerce.house.gov/wp-content/uploads/2018/12/12.07.18-Cybersecurity-Strategy-Report.pdf
  2. 物联网僵尸网络分析与趋势。https://asert.arbornetworks.com/fast-furious-iot-botnets-regifting-exploits/
  3. 美国内务部对Equifax漏洞及泄漏数据的报告。https://oversight.house.gov/wp-content/uploads/2018/12/Equifax-Report.pdf

发表评论

电子邮件地址不会被公开。 必填项已用*标注