¡¾Êý¾Ýй¶¡¿¼ÓÄô󺽿չ«Ë¾ÔâºÚ¿ÍÈëÇÖ£¬£¬£¬£¬£¬Ô¼2ÍòÃûÓû§µÄÐÅÏ¢ÒÉй¶
8ÔÂ22ÈÕÖÁ24ÈÕʱ´ú£¬£¬£¬£¬£¬¼ÓÄô󺽿չ«Ë¾·¢Ã÷Òì³£µÄµÇ¼»î¶¯£¬£¬£¬£¬£¬ÎªÁ˱£»£»£»£»¤Óû§µÄÊý¾Ý£¬£¬£¬£¬£¬¸Ã¹«Ë¾Ëø¶¨ÁËËùÓÐ170ÍòÒÆ¶¯appÓû§µÄÕË»§¡£¡£¡£¡£¡£29ÈÕ£¬£¬£¬£¬£¬¸Ã¹«Ë¾Í¨ÖªÔ¼2ÍòÃûÓû§£¬£¬£¬£¬£¬³ÆÆäСÎÒ˽¼Ò×ÊÁÏ¿ÉÄÜÔ⵽δÊÚȨµÄ»á¼û¡£¡£¡£¡£¡£ÕâЩ×ÊÁÏÖÁÉÙ°üÀ¨ÐÕÃû¡¢µç×ÓÓʼþµØµãºÍµç»°ºÅÂ룬£¬£¬£¬£¬Ò²¿ÉÄܰüÀ¨ÐԱ𡢳öÉúÈÕÆÚ¡¢¹ú¼®¡¢»¤ÕÕºÅÂëµÈÐÅÏ¢¡£¡£¡£¡£¡£ÔÚÒ»·Ý¹ØÓÚ¸ÃÊÂÎñµÄÉùÃ÷Öиù«Ë¾ÌåÏÖÓû§µÄÒøÐп¨Êý¾ÝÒÔ¼°aircanada.comÕÊ»§²»ÊÜÓ°Ïì¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/air-canada-mobile-app-users-affected-by-data-breach/
¡¾ÆÊÎö±¨¸æ¡¿¿¨°Í˹»ùʵÑéÊÒÐû²¼¹ØÓÚ½©Ê¬ÍøÂçÏÂÔØÎļþµÄͳ¼ÆÆÊÎö
¿¨°Í˹»ùʵÑéÊÒÐû²¼ÁË2017ÄêϰëÄêºÍ2018ÄêÉϰëÄêµÄ½©Ê¬ÍøÂç»î¶¯µÄÆÊÎöЧ¹û£¬£¬£¬£¬£¬Ö÷Òª·¢Ã÷°üÀ¨£ºËæ×ÅÍøÂç·¸·¨·Ö×Ó×îÏȽ«½©Ê¬ÍøÂçÊÓΪ¶ñÒâÍÚ¿óµÄ¹¤¾ß£¬£¬£¬£¬£¬¶ñÒâ¿ó¹¤ÔÚ½©Ê¬ÍøÂçÏÂÔØÎļþÖеıÈÀýÕýÔÚÔöÌí£»£»£»£»ºóÃżÌÐøÕ¼Óн©Ê¬ÍøÂçÏÂÔØÎļþµÄ´ó²¿·Ö£»£»£»£»dropperµÄÊýĿҲÔÚÔöÌí£»£»£»£»2018ÄêÒøÐÐľÂíµÄ±ÈÀýÓÐËùϽµ£»£»£»£»½©Ê¬ÍøÂçÔ½À´Ô½¶àµØÆ¾Ö¤¿Í»§µÄÐèÇó¾ÙÐÐ×âÁÞ£¬£¬£¬£¬£¬Ðí¶àÇéÐÎÏÂÄÑÒÔÈ·¶¨½©Ê¬ÍøÂçµÄרְÊÂÇé¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://securelist.com/what-are-botnets-downloading/87658/
¡¾ÍþвÇ鱨¡¿Ç÷ÊÆ¿Æ¼¼·¢Ã÷ÓëBahamut¡¢ConfuciusºÍPatchworkÓйصÄAPT×éÖ¯Urpage
Ç÷ÊÆ¿Æ¼¼Í¨Ì«¹ýÎöÐµĹ¥»÷×éÖ¯UrpageÓëAPT×éÖ¯Confucius¡¢PatchworkÒÔ¼°BahamutµÄÏàËÆÖ®´¦£¬£¬£¬£¬£¬ÉîÈë̽ÌÖÁËÍøÂç¹¥»÷Ö®¼ä¿ÉÄܱ£´æµÄÁªÏµ¡£¡£¡£¡£¡£UrpageÖ÷ÒªÕë¶ÔÎÚ¶û¶¼ÓïºÍ°¢À²®ÓïµÄÎÄ×Ö´¦Öóͷ£Æ÷InPage£¬£¬£¬£¬£¬ÆäʹÓÃÁËÓëConfuciusºÍPatchworkÏàͬµÄDelphiºóÃÅ×é¼þ£¬£¬£¬£¬£¬²¢Ê¹ÓÃÁËÓëBahamutÀàËÆµÄ¶ñÒâÈí¼þ¡£¡£¡£¡£¡£Ðí¶àÏàËÆÖ®´¦ºÍÁªÏµÅú×¢£¬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÒ»¸ö¼òµ¥µÄÊÕ·ÑÍŶӽ«Æä¹¤¾ßºÍЧÀͳöÊÛ¸ø¾ßÓвî±ðÄ¿µÄºÍÄ¿µÄµÄÆäËü×éÖ¯¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://blog.trendmicro.com/trendlabs-security-intelligence/the-urpage-connection-to-bahamut-confucius-and-patchwork/
¡¾ÍþвÇ鱨¡¿Ñо¿Ö°Ô±·¢Ã÷7339¸öMagentoÔÚÏßÊÐËÁѬȾ¶ñÒâÈí¼þMagentoCore
ºÉÀ¼Çå¾²Ñо¿Ö°Ô±Willem de Groot·¢Ã÷¶ñÒâÈí¼þMagentoCoreÔÚÒÑÍùÁù¸öÔÂÄÚѬȾÁË7339¸öMagentoÔÚÏßÊÐËÁ¡£¡£¡£¡£¡£MagentoCoreÊÇÒ»¸öskimmer¾ç±¾£¬£¬£¬£¬£¬Í¨³£¹ÒÔØÔÚÊÐËÁµÄ¸¶¿îÒ³Ãæ²¢ÇÔÈ¡Óû§µÄÖ§¸¶¿¨ÐÅÏ¢¡£¡£¡£¡£¡£¸Ã¾ç±¾´Ómagentocore.netÓòÃû¼ÓÔØ£¬£¬£¬£¬£¬Æ½¾ùÌìÌìѬȾ50µ½60¼ÒÔÚÏßÊÐËÁ¡£¡£¡£¡£¡£Groot»¹³ÆÏÖÔÚËùÓеÄMagentoÊÐËÁÖÐÓÐ4.2£¥Ñ¬È¾ÁËÒ»ÖÖ»ò¶àÖÖ¶ñÒâ¾ç±¾¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/magentocore-malware-found-on-7-339-magento-stores/
¡¾Îó²î²¹¶¡¡¿4ÄêǰÅû¶µÄÎó²îMisfortune CookieÈÔÔÚÓ°Ï첿·ÖÒ½ÁÆ×°±¸
CyberMDXÑо¿Ö°Ô±·¢Ã÷¸ßͨ×Ó¹«Ë¾CapsuleµÄDatacatptorÖÕ¶ËЧÀÍÆ÷£¨DTS£©²úÆ·ÈÔÈ»Ò×ÊÜMisfortune CookieÎó²îµÄÓ°Ïì¡£¡£¡£¡£¡£DTS×÷ΪҽÁÆ×°±¸Íø¹Ø£¬£¬£¬£¬£¬ÓÃÓÚ½«¼à»¤ÒÇ¡¢ºôÎüÆ÷¡¢Âé×íϵͳºÍÊäÒº±ÃµÈ×°±¸ÅþÁ¬µ½Ò½ÔºµÄÍøÂç¡£¡£¡£¡£¡£¸ÃÎó²îÓÚ2014ÄêÓÉCheck PointÅû¶£¬£¬£¬£¬£¬±£´æÓÚAllegroSoftµÄRomPager×é¼þÖУ¬£¬£¬£¬£¬¿ÉÄܵ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£ICS-CERTÕë¶Ô¸ÃÎó²î£¨CVE-2014-9222£©Ðû²¼ÁËÖÒÑÔ£¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSµÃ·ÖΪ9.8¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/4-year-old-misfortune-cookie-rears-its-head-in-medical-gateway-device/
¡¾Îó²î²¹¶¡¡¿Ê©ÄÍµÂµçÆøÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ÐÞ¸´¶à¿î²úÆ·ÖеÄÇå¾²Îó²î
Ê©ÄÍµÂµçÆøÐÞ¸´ÆäµçÔ´ÖÎÀíϵͳPowerLogic PM5560¼°¿É±à³ÌÂß¼¿ØÖÆÆ÷Modicon M221ÖеĶà¸öÇå¾²Îó²î¡£¡£¡£¡£¡£¹Ì¼þ°æ±¾2.5.4֮ǰµÄPowerLogic PM5560±£´æ¿çÕ¾¾ç±¾Îó²î£¨CVE-2018-7795£©£¬£¬£¬£¬£¬¿Éµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£¡£¡£¡£¡£¹Ì¼þ°æ±¾V1.6.2.0֮ǰµÄModicon M221±£´æ¶à¸öÎó²î£¬£¬£¬£¬£¬°üÀ¨¿ÉÔÊÐíδ¾ÊÚȨµÄÓû§ÖØ·ÅÈÏÖ¤ÐòÁеÄÎó²î£¨CVE-2018-7790£©¡¢¿ÉÔÊÐíδ¾ÊÚȨµÄÓû§ÁýÕÖÔÃÜÂëµÄÎó²î£¨CVE-2018-7791£©ÒÔ¼°¿ÉÔÊÐíδ¾ÊÚȨµÄÓû§Ê¹Óòʺç±íÆÆ½âÃÜÂëµÄÎó²î£¨CVE-2018-7792£©¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£ºhttps://threatpost.com/high-severity-flaws-patched-in-schneider-electric-products/137034/