¡¶Î¬ËûÃü¡·ÖðÈÕÇå¾²¼òѶ20190214
Ðû²¼Ê±¼ä 2019-02-14
Çå¾²Ñо¿Ô±Chris Moberly·¢Ã÷Canonical snapdÊØ»¤Àú³ÌµÄREST APIÖб£´æÐÂÎó²îDirty_Sock£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²î¿ÉÔÊÐí¹¥»÷ÕßÔÚLinuxϵͳÉÏ»ñµÃrootȨÏÞ¡£¡£¡£¡£¸ÃÎó²î»áÓ°Ïìµ½ÈκÎʹÓÃsnapdµÄLinuxϵͳ£¬£¬£¬£¬£¬£¬£¬µ«Îó²îʹÓÿÉÄÜ»áÓÐËù²î±ð¡£¡£¡£¡£CanonicalÒÑÔÚа汾Snapd 2.37.1ÖÐÐÞ¸´ÁË´ËÎó²î£¬£¬£¬£¬£¬£¬£¬½¨ÒéÖÎÀíÔ±¾¡¿ì×°ÖøüС£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/2¡¢AdobeÐû²¼2ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬£¬£¬ÐÞ¸´44¸ö¸ßΣÎó²î

AdobeÐû²¼2ÔÂÇå¾²¸üУ¬£¬£¬£¬£¬£¬£¬¹²ÐÞ¸´44¸ö¸ßΣÎó²î¡£¡£¡£¡£½ÏΪÑÏÖØµÄÎó²î°üÀ¨Flash PlayerÖеÄÔ½½ç¶ÁÎó²î£¨CVE-2019-7090£¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÐÅϢй¶£©¡¢ColdFusionÖеķ´ÐòÁл¯Îó²î£¨CVE-2019-7091£¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐУ©ºÍxssÎó²î£¨CVE-2019-7092£¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÐÅϢй¶£©ÒÔ¼°Cloud DesktopÖеÄDLLÐ®ÖÆÎó²î£¨CVE-2019-7093£¬£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÌáȨ£©¡£¡£¡£¡£½¨ÒéÓû§¾¡¿ì¸üС£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/adobes-massive-patch-update-fixes-critical-acrobat-reader-bugs/3¡¢Ñо¿Ö°Ô±ÑÝʾÔõÑùÔÚIntel SGXÖÐÖ²Èë¶ñÒâÈí¼þ

Ñо¿Ö°Ô±ÑÝʾÔõÑùÔÚIntel SGXÖÐÒþ²Ø¶ñÒâ´úÂë¡£¡£¡£¡£Intel SGXÊÇSkylake´¦Öóͷ£Æ÷ÖÐÒýÈëµÄй¦Ð§£¬£¬£¬£¬£¬£¬£¬Ö¼ÔÚ±£»£»£»¤Èí¼þµÄ´úÂëºÍÏà¹ØÊý¾Ý£¬£¬£¬£¬£¬£¬£¬È·±£ÆäÉñÃØÐÔºÍÍêÕûÐÔ¡£¡£¡£¡£Ñо¿Ö°Ô±ÌåÏÖËûÃǵÄPoCʹÓÃÁËTSXºÍASLRµÈ£¬£¬£¬£¬£¬£¬£¬²¢Ö¸³öÍêÕûµÄÎó²îʹÓÃÀú³ÌºÄʱ20.8Ãë¡£¡£¡£¡£Õë¶Ô´ËÀ๥»÷µÄ»º½â²½·¥¿ÉÄÜÔÚδÀ´¼¸´úÓ¢ÌØ¶ûCPUÖÐʵÑé¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2019/02/intel-sgx-malware-hacking.html4¡¢AstarothľÂíбäÌ壬£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶Ô°ÍÎ÷ºÍÅ·ÖÞ

CybereasonµÄNocturnusÑо¿ÍŶӷ¢Ã÷AstarothľÂíµÄбäÌ壬£¬£¬£¬£¬£¬£¬¸Ã±äÌåÖ÷ÒªÕë¶Ô°ÍÎ÷ºÍÅ·ÖÞ£¬£¬£¬£¬£¬£¬£¬²¢Í¨¹ýÀ¬»øÓʼþ·Ö·¢¡£¡£¡£¡£Æäpayload»áÌìÉú¶ñÒâµÄwmic.exeÀú³Ì£¬£¬£¬£¬£¬£¬£¬²¢ÏòC2ЧÀÍÆ÷·¢ËÍÄ¿µÄÅÌËã»úµÄÏà¹ØÐÅÏ¢¡£¡£¡£¡£¸ÃľÂí»¹»áÔÚAvast·À²¡¶¾Èí¼þµÄaswrundll.exeÔËÐÐʱDLLÖÐ×¢Èë¶ñÒâÄ£¿£¿£¿é£¬£¬£¬£¬£¬£¬£¬²¢Ê¹ÓÃËüÀ´ÍøÂçϵͳÐÅÏ¢ºÍ¼ÓÔØÌØÁíÍâÄ£¿£¿£¿é¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/5¡¢ÒøÐÐľÂíTrickBotбäÌ壬£¬£¬£¬£¬£¬£¬¿ÉÇÔÈ¡RDP¡¢VNCºÍPuTTYƾ֤

Ç÷ÊÆ¿Æ¼¼µÄÑо¿Ö°Ô±·¢Ã÷ÒøÐÐľÂíTrickbotµÄÒ»¸öбäÌ壬£¬£¬£¬£¬£¬£¬¸Ã±äÌåΪÃÜÂëÇÔȡģ¿£¿£¿éÐÂÔöÁËÈý¸ö¹¦Ð§£¬£¬£¬£¬£¬£¬£¬Ö¼ÔÚÇÔÈ¡Óû§µÄRDP¡¢VNCºÍPuTTYƾ֤¡£¡£¡£¡£¸Ã±äÌåÊÇ»ùÓÚ2018Äê11Ôµİ汾£¬£¬£¬£¬£¬£¬£¬Í¨¹ýÒÔ˰ÊÕ¼¤ÀøÍ¨ÖªÎªÖ÷ÌâµÄÀ¬»øÓʼþ¾ÙÐÐÈö²¥£¬£¬£¬£¬£¬£¬£¬Æä¶ñÒ⸽¼þΪXLSMÃûÌõÄexcelÎļþ¡£¡£¡£¡£TrickBot×Ô2016Äê10Ô·ºÆðÒÔÀ´£¬£¬£¬£¬£¬£¬£¬Ò»Ö±ÔÚÒ»Ö±¾ÙÐиüС£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/6¡¢AZORultľÂíй¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔÒâ´óÀû

Cybaze-Yori ZLAB·¢Ã÷AZORultľÂíµÄй¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔÒâ´óÀû¡£¡£¡£¡£¸ÃľÂíбäÌåͨ¹ýαװ³ÉDHL¿ìµÝ֪ͨµÄÓʼþ¾ÙÐÐÈö²¥£¬£¬£¬£¬£¬£¬£¬µ±Óû§·¿ª¶ñÒâµÄѹËõÎĵµ¸½¼þºó£¬£¬£¬£¬£¬£¬£¬¾Í»áÏÂÔØ²¢ÔËÐиÃľÂí¡£¡£¡£¡£¸ÃľÂí¿ÉÒÔÇÔÈ¡Webä¯ÀÀÆ÷ÒÔ¼°Óʼþ¿Í»§¶ËÖÐÉúÑĵÄÕË»§ºÍƾ֤£¬£¬£¬£¬£¬£¬£¬²¢¿ÉÒÔ×°ÖÃÆäËüµÄpayload¡£¡£¡£¡£ÆäC2ЧÀÍÆ÷Ϊgoogodsgld[.]comºÍdriverconnectsearch[.]info¡£¡£¡£¡£¸Ã±äÌåµÄÐÐΪÀàËÆÓÚBrushloader¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://cyware.com/news/specially-crafted-dhl-express-courier-emails-leveraged-to-distribute-a-variant-of-azorult-trojan-f9ea2931ÉùÃ÷£º±¾×ÊѶÓɼøºÚµ£±£ÍøÎ¬ËûÃüÇ徲С×é·ÒëºÍÕûÀí