¡¶Î¬ËûÃü¡·ÖðÈÕÇå¾²¼òѶ20190320
Ðû²¼Ê±¼ä 2019-03-20
±¾ÖÜÒ»£¨3ÔÂ18ÈÕ£©Íí¼äŲÍþÂÁÒµ¾ÞÍ·Norsk HydroÔâµ½´ó¹æÄ£ÍøÂç¹¥»÷£¬£¬£¬£¬¼¸¼Ò¹¤³§±»ÔÝʱ¹Ø±Õ¡£¡£¡£¡£¡£¡£ÔÚÐÂÎÅÐû²¼»áÉÏ£¬£¬£¬£¬Norsk HydroÊ×ϯ²ÆÎñ¹ÙEivind Kallevik͸¶¸Ã¹«Ë¾Ôâµ½½ÏеÄÀÕË÷Èí¼þLockerGogaµÄ¹¥»÷£¬£¬£¬£¬ÆäÉú²ú¼°ÔËÓª¾ùÊܵ½Ó°Ïì¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾±»ÆÈÔÚŲÍþ¡¢¿¨Ëþ¶ûºÍ°ÍÎ÷µÈ¹ú¼ÒÇл»ÖÁÈ˹¤²Ù×÷£¬£¬£¬£¬ÒÔ»Ö¸´ÆäÔËÓª»î¶¯¡£¡£¡£¡£¡£¡£Kallevik»¹ÌåÏָù«Ë¾ÒѾÄܹ»´¦Öóͷ£ËùÓпͻ§µÄ¶©µ¥²¢½»¸¶£¬£¬£¬£¬µ«Î´À´µÄ¶©µ¥¿ÉÄÜ»áÊܵ½Ó°Ï죬£¬£¬£¬ÓÉÓÚ¹«Ë¾ÍøÂçÈÔδ»Ö¸´¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/lockergoga-ransomware-sends-norsk-hydro-into-manual-mode/2¡¢Libssh2Ðû²¼Çå¾²¸üУ¬£¬£¬£¬¹²ÐÞ¸´9¸öÇå¾²Îó²î
±¾ÖÜÒ»libssh2Ðû²¼Ð°汾1.8.1£¬£¬£¬£¬¹²ÐÞ¸´9¸öÇå¾²Îó²î£¬£¬£¬£¬°üÀ¨Ô½½çдÎó²î£¨CVE-2019-3855~CVE-2019-3857¼°CVE-2019-3863£©ºÍÔ½½ç¶ÁÎó²î£¨CVE-2019-3858~CVE-2019-3862£©¡£¡£¡£¡£¡£¡£ÕâЩÎó²îÓ°ÏìÁËLibssh2 1.8.1֮ǰµÄËùÓа汾£¬£¬£¬£¬ÈôÊDZ»Ê¹Óÿɵ¼ÖÂí§Òâ´úÂëÖ´Ðм°¾Ü¾øÐ§À͵ÈÑÏÖØÐ§¹û£¬£¬£¬£¬½¨ÒéÓû§¾¡¿ì¾ÙÐиüС£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2019/03/libssh2-vulnerabilities.html3¡¢89£¥µÄÅ·ÃËÕþ¸®ÍøÕ¾±£´æµÚÈý·½¹ã¸æ¸ú×پ籾

µ¤Âóä¯ÀÀÆ÷ÆÊÎö¹«Ë¾CookiebotÔÚ25¸öÅ·Ã˳ÉÔ±¹úµÄÕþ¸®¹ÙÍøÉÏ·¢Ã÷¹ã¸æ¸ú×پ籾£¬£¬£¬£¬Õâ»òÐíÕ¼×ܹ²28¸ö³ÉÔ±¹úµÄ89%£¬£¬£¬£¬Ö»Óе¹ú¡¢Î÷°àÑÀºÍºÉÀ¼µÄÕþ¸®ÍøÕ¾Ã»ÓÐÉÌÒµ¹ã¸æ¸ú×ÙÆ÷¡£¡£¡£¡£¡£¡£·¨¹úÕþ¸®ÍøÕ¾ÉÏµÄ¹ã¸æ¸ú×ÙÆ÷×î¶à£¬£¬£¬£¬ÓÐ52¼Ò²î±ðµÄ¹«Ë¾ÔÚ¸ú×ÙÓû§µÄÐÐΪ¡£¡£¡£¡£¡£¡£ÕâЩ¹ã¸æ¸ú×ÙÆ÷Ö÷ÒªÊÇÔÚµÚÈý·½²å¼þµÄ×ÊÖúÏÂÉøÍ¸½øÕþ¸®ÍøÕ¾£¬£¬£¬£¬ÀýÈçÊÓÆµ²¥·ÅÆ÷²å¼þ¡¢ÍøÕ¾ÆÊÎö¼°Í¼±í²å¼þµÈ¡£¡£¡£¡£¡£¡£ÕâÏÔȻΥ·´ÁËÅ·Ã˵ÄÊý¾Ý±£»£»£»¤¹æÔòGDPR¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/89-percent-of-eu-government-sites-infiltrated-by-ad-tracking-scripts/4¡¢Ñо¿ÍŶӷ¢Ã÷Á½¸öÕë¶ÔNetflixºÍAMEXµÄ´ó¹æÄ£´¹ÂÚ¹¥»÷
Office 365ÍþвÑо¿ÍŶӷ¢Ã÷Á½¸öÕë¶ÔNetflixºÍAMEX£¨ÃÀ¹úÔËͨ£©µÄ´ó¹æÄ£ÍøÂç´¹Âڻ£¬£¬£¬£¬Õë¶ÔNetflix¿Í»§¶ËµÄ´¹Âڻ½«Êܺ¦ÕßÖØ¶¨Ïòµ½Ò»¸öÐéαµÄÏÂÔØ±íµ¥£¬£¬£¬£¬¸Ã±íµ¥»áÍøÂçÓû§µÄÐÅÓÿ¨ÐÅÏ¢£¨°üÀ¨¿¨ºÅ¡¢µ½ÆÚÈÕÆÚ¡¢PINÂëºÍÇå¾²Â룩ºÍÕ˵¥ÐÅÏ¢£¨°üÀ¨ÐÕÃû¡¢ÓÊÏ䵨µã¡¢SSN¡¢×¡Ö·¡¢µç»°ºÅÂëºÍ³öÉúÈÕÆÚ£©¡£¡£¡£¡£¡£¡£Õë¶ÔAMEXÓû§µÄ´¹ÂڻÔò»áÍøÂçСÎÒ˽¼ÒÐÅÏ¢ºÍÐÅÓÿ¨ÐÅÏ¢£¬£¬£¬£¬ÒÔ¼°Óû§IDºÍÃÜÂë¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/netflix-and-amex-customers-actively-targeted-by-phishing-campaigns/5¡¢ÐÂSextortion´¹ÂÚÓʼþ£¬£¬£¬£¬Î±×°³ÉCIA¾ÙÐÐÚ²Æ
ÉÏÖÜÄ©·ºÆðÁËÒ»¸öеÄsextortion´¹Âڻ£¬£¬£¬£¬¸Ã´¹ÂÚÓʼþαװ³ÉCIAµÄ¹ú¼ÊÖ´·¨ÊӲ죬£¬£¬£¬Éù³ÆÊܺ¦ÕßÒò¼ÓÈë·Ö·¢ºÍ´æ´¢¶ùͯɫÇéÄÚÈݱ»ÊӲ죬£¬£¬£¬³ý·ÇÖ§¸¶¼ÛÖµ1ÍòÃÀÔªµÄ±ÈÌØ±Ò£¬£¬£¬£¬²»È»½«ÔÚ2019Äê4ÔÂ8ÈÕ±»¾Ð²¶¡£¡£¡£¡£¡£¡£ÕâЩµç×ÓÓʼþµÄ·¢Ë͵صã°üÀ¨cia¡¢govºÍmlµÈÎı¾£¬£¬£¬£¬Ê¹Æä¿´ËÆÀ´×ÔÓÚÕþ¸®ÓòÃûµÄÓÊÏä¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/new-sextortion-email-uses-cia-investigation-as-scare-tactic/6¡¢ÐÂÀÕË÷Èí¼þJNEC.a£¬£¬£¬£¬Ê¹ÓÃWinRAR AceÎó²î¾ÙÐÐÈö²¥
Ñо¿Ö°Ô±·¢Ã÷Ò»¸öеÄÀÕË÷Èí¼þJNEC.aʹÓÃ×î½ü±¨¸æµÄWinRAR´úÂëÖ´ÐÐÎó²î¾ÙÐÐÈö²¥¡£¡£¡£¡£¡£¡£JNEC.a»á¼ÓÃÜÅÌËã»úÉϵÄÊý¾Ý£¬£¬£¬£¬²¢ÔÚÎļþºó¸½¼Ó.JnecÀ©Õ¹Ãû£¬£¬£¬£¬Æä½âÃÜÃÜÔ¿µÄ¼ÛÇ®ÊÇ0.05±ÈÌØ±Ò£¨Ô¼200ÃÀÔª£©¡£¡£¡£¡£¡£¡£JNEC.aÊÇÓÃ.NET±àдµÄ£¬£¬£¬£¬Î±×°³ÉGoogleUpdate.exe°²ÅÅÔÚWindows StartupÎļþ¼ÐÖУ¬£¬£¬£¬ÒÔÔÚÅÌËã»úÆô¶¯Ê±×Ô¶¯Æô¶¯¡£¡£¡£¡£¡£¡£Æ¾Ö¤Michael GillespieµÄÆÊÎö£¬£¬£¬£¬¸ÃÀÕË÷Èí¼þ±£´æbug£¬£¬£¬£¬×ÝÈ»ÊÇ¿ª·¢Õß×Ô¼ºÒ²ÎÞ·¨½âÃܸÃÀÕË÷Èí¼þ¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/jneca-ransomware-spread-by-winrar-ace-exploit/ÉùÃ÷£º±¾×ÊѶÓɼøºÚµ£±£ÍøÎ¬ËûÃüÇ徲С×é·ÒëºÍÕûÀí