每周威胁情报新闻汇总(20190106)

漏洞相关

  1. Skype漏洞绕过手机解锁。https://www.theregister.co.uk/2019/01/03/android_skype_app_unlock/。youtube链接:https://www.youtube.com/watch?v=FqlZ81mEHJE
  2. 日本工控产品漏洞。https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf。https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02。https://ics-cert.us-cert.gov/advisories/ICSA-19-003-02
  3. windows 0day允许文件覆盖pci.sys,带POC。https://www.bleepingcomputer.com/news/security/windows-zero-day-bug-allows-overwriting-files-with-arbitrary-data/
  4. 思科发布CleanMyMac X中存在多个权限提升漏洞。https://blog.talosintelligence.com/2019/01/vulnerability-spotlight-CleanMyMac-X.html
  5. ADOBE补了两个新洞。一个是CVE-2018-16011另一个是CVE-2018-19725。https://helpx.adobe.com/security/products/acrobat/apsb19-02.html

APT攻击活动

  1. 360发布“黄金鼠APT-C-27 移动攻击活动披露” https://mp.weixin.qq.com/s?__biz=MzU5MjEzOTM3NA==&mid=2247485859&idx=2&sn=6dcd588e0c31dbddf64be4d3a09412c1
  2. 腾讯发布“疑似Gorgon组织使用Azorult远控木马针对中国外贸行业的定向攻击活动”https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247487851&idx=1&sn=f32a944f43338132b7c1682922cd93ad
  3. ESRC发布的Konni APT活动,韩朝双边。http://blog.alyac.co.kr/2061

其他攻击威胁活动

  1. Roma225针对意大利汽车行业攻击。https://blog.yoroi.company/research/the-enigmatic-roma225-campaign/
  2. 银行木马恶意软件Emotet传播活动。https://www.welivesecurity.com/2018/12/28/analysis-latest-emotet-propagation-campaign/
  3. 利用ms17-010传播的NRSMiner再次升级,主要活跃于越南范围。https://labsblog.f-secure.com/2019/01/03/nrsminer-updates-to-newer-version/
  4. 隐藏在Google Play中的ANDROIDOS_MOBSTSPY安卓恶意软件感染196个国家。https://blog.trendmicro.com/trendlabs-security-intelligence/spyware-disguises-as-android-applications-on-google-play/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed:+Anti-MalwareBlog+(Trendlabs+Security+Intelligence+Blog)
  5. 弱口令爆破SQL Server服务器,暗云、Mykings、Mirai多个病毒家族结伴来袭https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247487734&idx=1&sn=b178e806fd46a8f27aa72aeda12e27a4

信息泄露相关

  1. “脱北者”997人信息泄露http://www.koreatimes.co.kr/www/nation/2018/12/251_261106.html
  2. BlankMediaGames被入侵,大约泄露700万用户数据https://blog.dehashed.com/town-of-salem-blankmediagames-hacked/
  3. 澳大利亚数字健康局发布17到18年澳洲信息泄露事件报告。https://www.digitalhealth.gov.au/about-the-agency/publications/reports/annual-report/Annual_Report_Australian_Digital_Health_Agency_2017-2018_Online.pdf
  4. 创宇盾网站安全舆情监测平台发现,某Twitter账户发布了一条关于超过2亿份简历数据泄露的推文。https://mp.weixin.qq.com/s/bSpmt0iFpNvr4CKedU2fTw

技术分析

  1. 剖析Danabot Paylaod。https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
  2. 剖析MuddyWater供给链。https://blog.yoroi.company/research/dissecting-the-muddywater-infection-chain/
  3. APT34 OILRIGTHREEDOLLARSMACRO.DOC分析。https://marcusedmondson.com/2018/12/29/apt34-oilrigthreedollarsmacro-doc-analysis/

新闻报告

  1. 腾讯安全2018年高级持续性威胁(APT)研究报告https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247487808&idx=1&sn=96e5b150b16c97813fd6744a2f620af4
  2. 全球高级持续性威胁(APT)2018年总结报告https://ti.360.net/uploads/2019/01/02/56e5630023fe905b2a8f511e24d9b84a.pdf
  3. 亚马逊私有云与RSANetWitness平台合体。https://community.rsa.com/community/products/netwitness/blog/2019/01/03/amazon-vpc-flow-netwitness-integration
  4. https://www.virustotal.com/en/file/a5a9a21a279aaaa3192b64f717c6e3bc033dccb2a7df145c543ab2a777194428/analysis/美网军司令部的样本

 

发表评论

电子邮件地址不会被公开。 必填项已用*标注