¡¶Î¬ËûÃü¡·ÖðÈÕÇå¾²¼òѶ20190214

Ðû²¼Ê±¼ä 2019-02-14
1¡¢Linux Snapd±£´æDirty_SockÎó²î£¬ £¬£¬£¬£¬£¬£¬¿É»ñÈ¡rootȨÏÞ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

Çå¾²Ñо¿Ô±Chris Moberly·¢Ã÷Canonical snapdÊØ»¤Àú³ÌµÄREST APIÖб£´æÐÂÎó²îDirty_Sock£¬ £¬£¬£¬£¬£¬£¬¸ÃÎó²î¿ÉÔÊÐí¹¥»÷ÕßÔÚLinuxϵͳÉÏ»ñµÃrootȨÏÞ¡£¡£¡£¡£¸ÃÎó²î»áÓ°Ïìµ½ÈκÎʹÓÃsnapdµÄLinuxϵͳ£¬ £¬£¬£¬£¬£¬£¬µ«Îó²îʹÓÿÉÄÜ»áÓÐËù²î±ð¡£¡£¡£¡£CanonicalÒÑÔÚа汾Snapd 2.37.1ÖÐÐÞ¸´ÁË´ËÎó²î£¬ £¬£¬£¬£¬£¬£¬½¨ÒéÖÎÀíÔ±¾¡¿ì×°ÖøüС£¡£¡£¡£

  

 Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/

2¡¢AdobeÐû²¼2ÔÂÇå¾²¸üУ¬ £¬£¬£¬£¬£¬£¬ÐÞ¸´44¸ö¸ßΣÎó²î

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

AdobeÐû²¼2ÔÂÇå¾²¸üУ¬ £¬£¬£¬£¬£¬£¬¹²ÐÞ¸´44¸ö¸ßΣÎó²î¡£¡£¡£¡£½ÏΪÑÏÖØµÄÎó²î°üÀ¨Flash PlayerÖеÄÔ½½ç¶ÁÎó²î£¨CVE-2019-7090£¬ £¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÐÅϢй¶£©¡¢ColdFusionÖеķ´ÐòÁл¯Îó²î£¨CVE-2019-7091£¬ £¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂí§Òâ´úÂëÖ´ÐУ©ºÍxssÎó²î£¨CVE-2019-7092£¬ £¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÐÅϢй¶£©ÒÔ¼°Cloud DesktopÖеÄDLLÐ®ÖÆÎó²î£¨CVE-2019-7093£¬ £¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÌáȨ£©¡£¡£¡£¡£½¨ÒéÓû§¾¡¿ì¸üС£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/adobes-massive-patch-update-fixes-critical-acrobat-reader-bugs/

3¡¢Ñо¿Ö°Ô±ÑÝʾÔõÑùÔÚIntel SGXÖÐÖ²Èë¶ñÒâÈí¼þ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

Ñо¿Ö°Ô±ÑÝʾÔõÑùÔÚIntel SGXÖÐÒþ²Ø¶ñÒâ´úÂë¡£¡£¡£¡£Intel SGXÊÇSkylake´¦Öóͷ£Æ÷ÖÐÒýÈëµÄй¦Ð§£¬ £¬£¬£¬£¬£¬£¬Ö¼ÔÚ±£»£»£»¤Èí¼þµÄ´úÂëºÍÏà¹ØÊý¾Ý£¬ £¬£¬£¬£¬£¬£¬È·±£ÆäÉñÃØÐÔºÍÍêÕûÐÔ¡£¡£¡£¡£Ñо¿Ö°Ô±ÌåÏÖËûÃǵÄPoCʹÓÃÁËTSXºÍASLRµÈ£¬ £¬£¬£¬£¬£¬£¬²¢Ö¸³öÍêÕûµÄÎó²îʹÓÃÀú³ÌºÄʱ20.8Ãë¡£¡£¡£¡£Õë¶Ô´ËÀ๥»÷µÄ»º½â²½·¥¿ÉÄÜÔÚδÀ´¼¸´úÓ¢ÌØ¶ûCPUÖÐʵÑé¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/02/intel-sgx-malware-hacking.html

4¡¢AstarothľÂíбäÌ壬 £¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶Ô°ÍÎ÷ºÍÅ·ÖÞ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

CybereasonµÄNocturnusÑо¿ÍŶӷ¢Ã÷AstarothľÂíµÄбäÌ壬 £¬£¬£¬£¬£¬£¬¸Ã±äÌåÖ÷ÒªÕë¶Ô°ÍÎ÷ºÍÅ·ÖÞ£¬ £¬£¬£¬£¬£¬£¬²¢Í¨¹ýÀ¬»øÓʼþ·Ö·¢¡£¡£¡£¡£Æäpayload»áÌìÉú¶ñÒâµÄwmic.exeÀú³Ì£¬ £¬£¬£¬£¬£¬£¬²¢ÏòC2ЧÀÍÆ÷·¢ËÍÄ¿µÄÅÌËã»úµÄÏà¹ØÐÅÏ¢¡£¡£¡£¡£¸ÃľÂí»¹»áÔÚAvast·À²¡¶¾Èí¼þµÄaswrundll.exeÔËÐÐʱDLLÖÐ×¢Èë¶ñÒâÄ£¿£¿£¿é£¬ £¬£¬£¬£¬£¬£¬²¢Ê¹ÓÃËüÀ´ÍøÂçϵͳÐÅÏ¢ºÍ¼ÓÔØÌØÁíÍâÄ£¿£¿£¿é¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/

5¡¢ÒøÐÐľÂíTrickBotбäÌ壬 £¬£¬£¬£¬£¬£¬¿ÉÇÔÈ¡RDP¡¢VNCºÍPuTTYƾ֤

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

Ç÷ÊÆ¿Æ¼¼µÄÑо¿Ö°Ô±·¢Ã÷ÒøÐÐľÂíTrickbotµÄÒ»¸öбäÌ壬 £¬£¬£¬£¬£¬£¬¸Ã±äÌåΪÃÜÂëÇÔȡģ¿£¿£¿éÐÂÔöÁËÈý¸ö¹¦Ð§£¬ £¬£¬£¬£¬£¬£¬Ö¼ÔÚÇÔÈ¡Óû§µÄRDP¡¢VNCºÍPuTTYƾ֤¡£¡£¡£¡£¸Ã±äÌåÊÇ»ùÓÚ2018Äê11Ôµİ汾£¬ £¬£¬£¬£¬£¬£¬Í¨¹ýÒÔ˰ÊÕ¼¤ÀøÍ¨ÖªÎªÖ÷ÌâµÄÀ¬»øÓʼþ¾ÙÐÐÈö²¥£¬ £¬£¬£¬£¬£¬£¬Æä¶ñÒ⸽¼þΪXLSMÃûÌõÄexcelÎļþ¡£¡£¡£¡£TrickBot×Ô2016Äê10Ô·ºÆðÒÔÀ´£¬ £¬£¬£¬£¬£¬£¬Ò»Ö±ÔÚÒ»Ö±¾ÙÐиüС£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/

6¡¢AZORultľÂíй¥»÷»î¶¯£¬ £¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔÒâ´óÀû

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

Cybaze-Yori ZLAB·¢Ã÷AZORultľÂíµÄй¥»÷»î¶¯£¬ £¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔÒâ´óÀû¡£¡£¡£¡£¸ÃľÂíбäÌåͨ¹ýαװ³ÉDHL¿ìµÝ֪ͨµÄÓʼþ¾ÙÐÐÈö²¥£¬ £¬£¬£¬£¬£¬£¬µ±Óû§·­¿ª¶ñÒâµÄѹËõÎĵµ¸½¼þºó£¬ £¬£¬£¬£¬£¬£¬¾Í»áÏÂÔØ²¢ÔËÐиÃľÂí¡£¡£¡£¡£¸ÃľÂí¿ÉÒÔÇÔÈ¡Webä¯ÀÀÆ÷ÒÔ¼°Óʼþ¿Í»§¶ËÖÐÉúÑĵÄÕË»§ºÍƾ֤£¬ £¬£¬£¬£¬£¬£¬²¢¿ÉÒÔ×°ÖÃÆäËüµÄpayload¡£¡£¡£¡£ÆäC2ЧÀÍÆ÷Ϊgoogodsgld[.]comºÍdriverconnectsearch[.]info¡£¡£¡£¡£¸Ã±äÌåµÄÐÐΪÀàËÆÓÚBrushloader¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/specially-crafted-dhl-express-courier-emails-leveraged-to-distribute-a-variant-of-azorult-trojan-f9ea2931


ÉùÃ÷£º±¾×ÊѶÓɼøºÚµ£±£ÍøÎ¬ËûÃüÇ徲С×é·­ÒëºÍÕûÀí