Å·ÖÞÍøÂçÇå¾²¾ÖÐû²¼º£Ê²¿·ÖÍøÂçÇå¾²Ö¸ÄÏ£»£»£»ÒøÐÐľÂíGinpбäÖÖ½è¼ø¶ñÒâÈí¼þAnubisµÄ´úÂë

Ðû²¼Ê±¼ä 2019-12-02

1.Å·ÖÞÍøÂçÇå¾²¾ÖÐû²¼º£Ê²¿·ÖÍøÂçÇå¾²Ö¸ÄÏ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Å·ÖÞÍøÂçÇå¾²¾Ö£¨ENISA£©ÒÔ¡¶¿Ú°¶ÍøÂçÇå¾²-º£Ê²¿·ÖÍøÂçÇ徲ʵ¼ù¡·ÎªÌâÐû²¼Á˺£Ê²¿·ÖÍøÂçÇå¾²Ö¸ÄÏ£¬£¬£¬£¬£¬£¬Îª¿Ú°¶Éú̬ϵͳÓÈÆäÊǿڰ¶Õþ¸®ºÍÂëÍ·ÔËÓªÉÌÖеÄCIOºÍCISOÖÆ¶©ÍøÂçÇå¾²Õ½ÂÔÌṩָµ¼ºÍ×ÊÖú¡£¡£¡£¸ÃÖ¸ÄÏÁгöÁ˿ڰ¶ÉúÌ¬ÏµÍ³ÃæÁÙµÄÖ÷ÒªÍþв£¬£¬£¬£¬£¬£¬²¢ÐÎòÁË¿ÉÄܶԿڰ¶Éú̬ϵͳÔì³ÉÓ°ÏìµÄÒªº¦ÍøÂç¹¥»÷³¡¾°¡£¡£¡£¸ÃÖ¸ÄÏΪÖն˱£»£»£»¤ºÍÉúÃüÖÜÆÚÖÎÀí¡¢Îó²îÖÎÀí¡¢ÈËÁ¦×ÊÔ´Çå¾²¡¢¹©Ó¦Á´ÖÎÀíµÈÉè¼ÆÁËÇå¾²²½·¥¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector/


2.Ñо¿±¨¸æÏÔʾ½ü60%µÄ¶ñÒâ¹ã¸æÀ´×ÔÈý¸ö¹ã¸æÉÌ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


ÔÚConfiantµÄ2019ÄêµÚÈý¼¾¶ÈÐèÇóÖÊÁ¿±¨¸æÖУ¬£¬£¬£¬£¬£¬¸Ã¹«Ë¾ÆÊÎöÁË2019Äê1ÔÂ1ÈÕµ½9ÔÂ20ÈÕÖ®¼äµÄ1200ÒÚ´Î¹ã¸æÕ¹Ê¾£¬£¬£¬£¬£¬£¬ÒÔ¶ÔÖÖÖÖ¶ñÒâ¹ã¸æ»î¶¯¾ÙÐÐϸ·Ö¡£¡£¡£ÔÚÓÉConfiant¼à¿ØµÄ75¸öSSP£¨¹ã¸æÉÌ£©ÖУ¬£¬£¬£¬£¬£¬Áè¼Ý60%µÄ¶ñÒâ¹ã¸æÀ´×ÔÆäÖÐÈý¸ö£¬£¬£¬£¬£¬£¬»®·ÖΪSSP-H¡¢SSP-IºÍSSP-D£¬£¬£¬£¬£¬£¬ÆäÖÐÒ»¸öSSPÉõÖÁÕ¼µ½ÁË30%ÒÔÉÏ¡£¡£¡£ÔÚ2019ÄêµÚÈý¼¾¶È£¬£¬£¬£¬£¬£¬Ëĸö·¸·¨ÍÅ»ïÈÏÕæ·Ö·¢´ó´ó¶¼¶ñÒâ¹ã¸æ£¬£¬£¬£¬£¬£¬°üÀ¨Scamclub¡¢eGobbler¡¢RunPMKºÍZirconium¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/almost-60-percent-of-malicious-ads-come-from-three-ad-providers/


3.SMA W2ÖÇÄÜÊÖ±í̻¶5000¶à¶ùͯµÄλÖÃÐÅÏ¢


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


ƾ֤AV-TESTµÄÎïÁªÍø²âÊÔ²¿·ÖÐû²¼µÄÒ»·Ý±¨¸æ£¬£¬£¬£¬£¬£¬SMA W2¶ùͯÖÇÄÜÊÖ±í±£´æ¶à¸öÎó²î£¬£¬£¬£¬£¬£¬µ¼ÖÂ5000¶àÃû¶ùͯµÄλÖÃÐÅϢ̻¶¡£¡£¡£Ê×ÏÈÆäWeb APIЧÀÍÆ÷ûÓÐÑéÖ¤Éí·ÝÑéÖ¤ÁîÅÆµÄÓÐÓÃÐÔ£¬£¬£¬£¬£¬£¬µ¼Ö¹¥»÷Õß¿ÉÒÔÅþÁ¬µ½¸ÃWeb API£¬£¬£¬£¬£¬£¬ä¯ÀÀËùÓÐÓû§µÄIP²¢ÍøÂç¶ùͯ¼°ÆäâïÊѵÄÊý¾Ý¡£¡£¡£Ñо¿Ö°Ô±Äܹ»Ê¶±ð³ö5000¶àÃû¶ùͯºÍ10000¶àÃû¼Ò³¤µÄÕË»§£¬£¬£¬£¬£¬£¬´ó´ó¶¼¶ùͯλÓÚÅ·ÖÞ£¬£¬£¬£¬£¬£¬°üÀ¨ºÉÀ¼¡¢²¨À¼¡¢ÍÁ¶úÆä¡¢µÂ¹ú¡¢Î÷°àÑÀºÍ±ÈÀûʱµÈ¹ú¼Ò¡£¡£¡£¹¥»÷Õß»¹¿ÉÒÔͨ¹ýÐÞ¸ÄÖ÷ÉèÖÃÎļþÖеÄÓû§IDÀ´Ç¿ÖÆÓë¶ùͯÖÇÄÜÊÖ±íÅä¶Ô£¬£¬£¬£¬£¬£¬ÕâÒ»²Ù×÷ÎÞÐ踸ÕË»§µÄÓÊÏ䵨µãºÍÃÜÂë¡£¡£¡£Åä¶Ôºó£¬£¬£¬£¬£¬£¬¹¥»÷Õ߾ͿÉÒÔ¸ú×Ù¶ùͯλÖò¢²¦´òÓïÒôµç»°¡£¡£¡£µÂ¹ú·ÖÏúÉÌPearlÒÑÔÚ½Óµ½±¨¸æºóϼÜÁ˸ÃÖÇÄÜÊÖ±í¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/cheap-kids-smartwatch-exposes-the-location-of-5000-children/


4.ÒøÐÐľÂíGinpбäÖÖ½è¼ø¶ñÒâÈí¼þAnubisµÄ´úÂë


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


ThreatFabricÇ徲ר¼Ò·¢Ã÷AndroidÒøÐÐľÂíGinpµÄ×îбäÖÖ¿ÉÇÔÈ¡µÇ¼ƾ֤ºÍÐÅÓÿ¨Êý¾Ý¡£¡£¡£Ñо¿Ö°Ô±ÒÔΪGinp×Ô6Ô·ÝÒÔÀ´Ò»Ö±»îÔ¾£¬£¬£¬£¬£¬£¬¸Ã¶ñÒâÈí¼þÒѾÙÐÐÁËÎå´ÎÖØ´ó¸üУ¬£¬£¬£¬£¬£¬ÆäÖÐ×î½üµÄ¸üÐÂ½è¼øÁËÒøÐÐľÂíAnubisµÄ´úÂë¡£¡£¡£¸Ã±äÌå²»ÔÙÕë¶ÔÉç½»APP£¬£¬£¬£¬£¬£¬¶øÊÇÕë¶ÔÒøÐУ¬£¬£¬£¬£¬£¬Ö÷ÒªÊÇÎ÷°àÑÀÒøÐС£¡£¡£ÆäÄ¿µÄÁбí°üÀ¨7¼Ò²î±ðµÄÒøÐУ¬£¬£¬£¬£¬£¬°üÀ¨Caixa¡¢Bankinter¡¢Bankia¡¢BBVA¡¢EVO Banco¡¢KutxabankºÍSantander¡£¡£¡£Ñо¿Ö°Ô±ÒÔΪ¸Ã¶ñÒâÈí¼þµÄ×÷ÕßÕýÔÚ½«ÆäÓªÒµÀ©Õ¹ÖÁÆäËü¹ú¼Ò¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/94533/cyber-crime/ginp-android-trojan-anubis.html


5.CStealer¿ÉÇÔÈ¡Chromeƾ֤²¢·¢ËÍÖÁÔ¶³ÌMongoDB


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


ÐÂWindowsľÂíCStealer¿ÉÇÔÈ¡ÉúÑÄÔڹȸèChromeÃÜÂëÖÎÀíÆ÷ÖеĵǼƾ֤¡£¡£¡£Æ¾Ö¤MalwareHunterTeamµÄÆÊÎö£¬£¬£¬£¬£¬£¬¸Ã¶ñÒâÈí¼þûÓн«ÇÔÈ¡µÄÃÜÂë±àÒë³ÉÎļþ²¢·¢ËÍÖÁ¹¥»÷Õß¿ØÖƵÄC2ЧÀÍÆ÷£¬£¬£¬£¬£¬£¬¶øÊÇÖ±½ÓÅþÁ¬µ½Ô¶³ÌMongoDBÊý¾Ý¿â²¢Ê¹ÓÃËüÀ´´æ´¢ÇÔÈ¡µÄƾ֤¡£¡£¡£Îª´Ë£¬£¬£¬£¬£¬£¬¸Ã¶ñÒâÈí¼þÓ²±àÂëÁËMongoDBµÄƾ֤£¬£¬£¬£¬£¬£¬²¢Ê¹ÓÃMongoDB CÇý¶¯³ÌÐò×÷Ϊ¿Í»§¶Ë¿âÅþÁ¬µ½Ô¶³ÌÊý¾Ý¿â¡£¡£¡£ÕâʹµÃÈκÎÈ˶¼¿ÉÒÔͨ¹ý¸ÃÓ²±àÂëµÄƾ֤»á¼û±»µÁµÄÓû§ÃÜÂë¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/


6.TrueDialogÒâÍâй¶Êý°ÙÍòÌõ¿Í»§¶ÌÐżÍ¼


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Çå¾²Ñо¿Ö°Ô±Noam RotemºÍRan Locar·¢Ã÷Ò»¸ö°üÀ¨Êý°ÙÍòÌõ¶ÌÐżÍ¼µÄ̻¶Êý¾Ý¿â£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¿âÊôÓÚTrueDialog£¬£¬£¬£¬£¬£¬ÆäÖд󲿷ֶÌÐÅÊÇÓÉÆóÒµ·¢Ë͸øËüÃǵÄDZÔÚ¿Í»§µÄ¡£¡£¡£TrueDialogÊǵ¿ËÈøË¹ÖݰÂ˹͡ÊеÄÒ»¼ÒΪÆóÒµºÍ¸ßµÈ½ÌÓý»ú¹¹ÌṩÉÌÓöÌÐÅЧÀ͵Ĺ«Ë¾£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¿â´æ´¢Á˿ͻ§·¢Ë͵ĶÌÐÅ£¬£¬£¬£¬£¬£¬µ«ÓÉÓÚδÉèÃÜÂ룬£¬£¬£¬£¬£¬Ê¹µÃ»¥ÁªÍøÉϵÄÈκÎÈ˶¼¿ÉÉó²éÊý¾Ý¡£¡£¡£²¿·Ö¼Í¼°üÀ¨Óйشóѧ²ÆÎñÓ¦ÓóÌÐòµÄÐÅÏ¢¡¢ÆóÒµµÄÕÛ¿ÛÂëÓªÏúÐÅÏ¢¡¢ÔÚÏßÒ½ÁÆÐ§À͵ÄÑéÖ¤Âë¡¢FacebookºÍGoogleÕÊ»§µÄÍøÕ¾ÃÜÂëÖØÖú͵Ǽ´úÂëÉõÖÁTrueDialog¿Í»§µÄÓû§ÃûºÍÃÜÂëµÈ¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://techcrunch.com/2019/12/01/millions-sms-messages-exposed/