¡¶Î¬ËûÃü¡·ÖðÈÕÇå¾²¼òѶ20190312

Ðû²¼Ê±¼ä 2019-03-12
1¡¢StackStormÐÂÎó²î£¨CVE-2019-9580£©£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂXSS¹¥»÷

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Çå¾²Ñо¿Ö°Ô±Barak TawilyÔÚ¿ªÔ´×Ô¶¯»¯Æ½Ì¨StackStormÖз¢Ã÷Ò»¸öÑÏÖØÎó²î£¬£¬£¬£¬£¬£¬¸ÃÎó²î£¨CVE-2019-9580£©¿Éµ¼ÖÂXSS¡£¡£¡£Æ¾Ö¤TawilyµÄÐÎò£¬£¬£¬£¬£¬£¬¸ÃÎó²îÓëStackStorm REST APIδ׼ȷ´¦Öóͷ£CORS£¨¿çÔ´×ÊÔ´¹²Ïí£©µÄ±êÍ·ÓйØ£¬£¬£¬£¬£¬£¬¿Éµ¼ÖÂÕë¶ÔStackStorm APIµÄXSS¹¥»÷¡£¡£¡£StackStorm¿ª·¢ÍŶÓÔÚа汾2.9.3ºÍ2.10.3ÖÐÐÞ¸´ÁËÕâ¸öÎó²î£¬£¬£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ì¾ÙÐиüС£¡£¡£

   

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/03/stackstorm-security-vulnerability.html

2¡¢MoxaÐÞ¸´EDSºÍIKS¹¤Òµ½»Á÷»úÖеĶà¸öÇå¾²Îó²î

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Positive TechnologiesÑо¿ÍŶӷ¢Ã÷MoxaµÄEDS-405A¡¢EDS-408AºÍEDS-510A¹¤Òµ½»Á÷»ú±£´æ5¸öÎó²î£¬£¬£¬£¬£¬£¬Îó²î¹æÄ£°üÀ¨Ã÷ÎÄ´æ´¢ÃÜÂë¡¢»á»°ID¿ÉÕ¹Íû¡¢Ãô¸ÐÊý¾ÝȱÉÙ¼ÓÃÜ¡¢È±·¦±©Á¦¹¥»÷·À»¤»úÖÆÒÔ¼°¿Éµ¼ÖÂDoSµÄÒ»¸öÎó²î¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬Moxa IKS-G6824A¹¤Òµ½»Á÷»úÖб£´æ7¸öÎó²î£¬£¬£¬£¬£¬£¬°üÀ¨¿Éµ¼ÖÂRCEµÄ»º³åÇøÒç³ö¡¢Ã÷ÎÄ´æ´¢ÃÜÂë¡¢XSS¡¢DoS¡¢CSRF¡¢ÄÚ´æÐ¹Â¶ºÍWeb½çÃæµÄ²»×¼È·»á¼û¿ØÖÆ¡£¡£¡£¸Ã¹©Ó¦ÉÌÒѾ­Ðû²¼ÁËÏà¹ØÐÞ¸´²¹¶¡¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/82269/security/moxa-industrial-switches-flaws.html

3¡¢Check PointÐû²¼2ÔÂÈ«ÇòÍþвָÊý£¬£¬£¬£¬£¬£¬CoinhiveÈÔÈ»ÁìÅÜ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

ƾ֤Check PointÌåÀýµÄ2ÔÂÈ«ÇòÍþвָÊý£¬£¬£¬£¬£¬£¬ËäÈ»CoinhiveÒÑÓÚ3ÔÂ8ÈÕ×èÖ¹ÔËÓª£¬£¬£¬£¬£¬£¬µ«ËüÔÚ2Ô·ÝÈÔÅÅÃû°ñÊס£¡£¡£Ëæ×ÅÃÅÂÞ±Ò¼ÛÇ®µÄϵø£¬£¬£¬£¬£¬£¬CoinhiveµÄÍþвֵҲ´Ó2018Äê10ÔµÄ18%µøÖÁ2019Äê1ÔµÄ12£¥ºÍ2ÔµÄ10%¡£¡£¡£Í¬ÑùÔÚ2Ô·Ý£¬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±¼ì²âµ½Õë¶ÔÈÕ±¾¡¢µÂ¹ú¡¢¼ÓÄôóºÍ°Ä´óÀûÑǵȹú¼ÒµÄGandCrab V5.2·Ö·¢»î¶¯¡£¡£¡£Õâ¸öеıäÖÖÔÙ´ÎʹµÃ֮ǰ°æ±¾µÄ½âÃܹ¤¾ß²»Æð×÷Óᣡ£¡£2Ô·ÝÅÅÃûǰÈýµÄÒÆ¶¯¶ñÒâÈí¼þÊÇLotoor¡¢HiddadºÍTriada¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://blog.checkpoint.com/2019/03/11/february-2019s-most-wanted-malware-coinhive-quits-gandcrab-cryptomining-ransomware/

4¡¢·¸·¨ÍÅ»ïAlarg53ʹÓÃJoomlaкóÃÅ·Ö·¢À¬»øÓʼþ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

Check PointÑо¿ÍŶӷ¢Ã÷°£¼°·¸·¨ÍÅ»ïAlarg53ÕýÔÚʹÓÃJoomlaÖеÄкóÃÅÀ´ÊµÑéÀ¬»øÓʼþ¹¥»÷¡£¡£¡£¹¥»÷ÕßʹÓÃJoomlaµÄÓʼþЧÀÍJmail£¬£¬£¬£¬£¬£¬Í¨¹ýÔÚHTTPÇëÇóÖжÔUser-Agent×Ö¶Î×¢Èë¶ñÒâ´úÂëÀ´ÊµÑé¹¥»÷¡£¡£¡£ÔÚÒÑÍù¼¸ÄêÖУ¬£¬£¬£¬£¬£¬Alarg53ÔøÈëÇÖÁè¼Ý1.5Íò¸öÍøÕ¾£¬£¬£¬£¬£¬£¬Æä¹¥»÷Ä¿µÄº­¸ÇÃÀ¹ú¡¢Ä«Î÷¸ç¡¢ÆÏÌÑÑÀ¡¢Ó¢¹ú¡¢·¨¹ú¡¢Ó¡¶ÈºÍÈÕ±¾µÈ¹ú¼Ò£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶Ô½ðÈÚ»ú¹¹¡¢ÒøÐкÍÕþ¸®»ú¹¹¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://research.checkpoint.com/jmail-breaker-profiting-from-joomlas-mail-service/

5¡¢ÐµÄATM skimmer¹¥»÷£¬£¬£¬£¬£¬£¬¿ÉÐ®ÖÆATMÄÚÖÃÉãÏñÍ·

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

ƾ֤Krebs on SecurityµÄÒ»·Ýб¨¸æ£¬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±Ôڵ¿ËÈøË¹ÖݺÕË¹ÌØÊеÄATMÉÏ·¢Ã÷ÁËеÄskimmer¹¥»÷£¬£¬£¬£¬£¬£¬¹¥»÷Õßͨ¹ýÐ®ÖÆATMÖÐÄÚÖõÄÉãÏñÍ·ÒÔÇÔÈ¡Óû§µÄPINÂë¡£¡£¡£¸Ãskimmer°üÀ¨Ò»¸öÉãÏñÍ·²¿¼þ£¬£¬£¬£¬£¬£¬ÓÃÓÚÁýÕÖÔÚATMÄÚÖõÄÇå¾²ÉãÏñÍ·ÉÏÃæ£¬£¬£¬£¬£¬£¬Óû§ºÜÄÑ´ÓÍⲿ¿´µ½¸Ãskimmer¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/new-atm-skimming-attack-enables-scammers-to-hijack-the-atms-in-built-camera-and-steal-a-users-pin-3d2c4884

6¡¢Ñо¿ÍŶÓÐû²¼¹ØÓÚ¶ñÒâÈí¼þPredator v3.0.7µÄÆÊÎö±¨¸æ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


¿¨°Í˹»ùÑо¿ÍŶӷ¢Ã÷¶ñÒâÈí¼þPredatorµÄбäÖÖv3.0.7¡£¡£¡£PredatorʹÓÃC++±àд£¬£¬£¬£¬£¬£¬ÔÚ¶íÂÞ˹µØÏÂÂÛ̳ÉÏÒÔµÍÁ®µÄ¼ÛÇ®£¨2000¬²¼£¬£¬£¬£¬£¬£¬Ô¼30ÃÀÔª£©¾ÙÐгöÊÛ£¬£¬£¬£¬£¬£¬Ö÷ÒªÓÃÓÚÇÔÈ¡Óû§µÄÊý¾Ý¡£¡£¡£Predator½ÓÄÉÁËһЩ¼òÆÓµÄ´úÂë»ìÏýÊÖÒÕ£¬£¬£¬£¬£¬£¬°üÀ¨XOR¡¢Base64¡¢Ìæ»»¡¢Õ»×Ö·û´®µÈ¡£¡£¡£ÐµıäÖÖ»¹Ìí¼ÓÁ˶ÔEdgeºÍIEä¯ÀÀÆ÷µÄÖ§³Ö¡£¡£¡£Âô¼Òͨ¹ýTelegramÏòÂò¼ÒÌṩ¸üÐÂЧÀÍ¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://securelist.com/a-predatory-tale/89779/

ÉùÃ÷£º±¾×ÊѶÓɼøºÚµ£±£ÍøÎ¬ËûÃüÇ徲С×é·­ÒëºÍÕûÀí