Cisco·¢Ã÷ʹÓÃÓòÃûǰÖÃÊÖÒÕÃé×¼ÃåµéÕþ¸®µÄ¹¥»÷»î¶¯
Ðû²¼Ê±¼ä 2021-11-19Cisco·¢Ã÷ʹÓÃÓòÃûǰÖÃÊÖÒÕÃé×¼ÃåµéÕþ¸®µÄ¹¥»÷»î¶¯
Cisco TalosÔÚ11ÔÂ16ÈÕÅû¶ÁËʹÓÃеÄÒþ²ØÊÖÒÕÈÆ¹ý¼ì²âµÄ¹¥»÷»î¶¯¡£¡£¡£´Ë´Î»î¶¯×î³õ·¢Ã÷ÓÚ½ñÄê9Ô·ݣ¬£¬£¬£¬£¬£¬£¬Ê¹ÓÃÁËÒ»ÖÖÃûΪÓòÃûǰÖõÄÊÖÒÕÀ´Òþ²ØC2¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß»¹Ê¹ÓÃÁËÕýµ±µÄ¹¤¾ßCobalt Strik£¬£¬£¬£¬£¬£¬£¬µ±BeaconÆô¶¯Ê±½«ÎªÍйÜÔÚCloudflareµÄÕýµ±ÓòÌá½»DNSÇëÇ󣬣¬£¬£¬£¬£¬£¬È»ºóÐ޸ĺóÐøµÄHTTPsÇëÇóÍ·£¬£¬£¬£¬£¬£¬£¬ÒÔָʾCDN½«Á÷Á¿Öض¨Ïòµ½¹¥»÷Õß¿ØÖƵÄÖ÷»ú¡£¡£¡£»£»£»£»£»î¶¯ÖÐʹÓõÄÕýµ±ÓòÃûΪÃåµéÊý×ÖÐÂÎŵÄmdn[.]gov[.]mm¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html
ESET·¢Ã÷ÒÔÉ«ÁÐCandiruÕë¶ÔÓ¢¹úºÍÖж«µÄË®¿Ó¹¥»÷
11ÔÂ16ÈÕ£¬£¬£¬£¬£¬£¬£¬ESETµÄÑо¿Ö°Ô±³ÆÒÔÉ«ÁеÄÌØ¹¤Èí¼þCandiruÓëÕë¶ÔÓ¢¹úºÍÖж«µÄË®¿Ó¹¥»÷Óйء£¡£¡£CandiruÒÑÓÚ±¾Ô±»ÃÀ¹úÉÌÎñ²¿ÁÐÈë¶ñÒâÍøÂç»î¶¯×éÖ¯Ãûµ¥¡£¡£¡£´Ë´Î»î¶¯´óÖ·ÖΪÁ½²¨£¬£¬£¬£¬£¬£¬£¬µÚÒ»²¨×îÏÈÓÚ2020Äê3Ô£¬£¬£¬£¬£¬£¬£¬ÓÚ2020Äê8Ô¿¢Ê£¬£¬£¬£¬£¬£¬£¬µÚ¶þ²¨¹¥»÷×îÏÈÓÚ2021Äê1ÔÂ×îÏÈ£¬£¬£¬£¬£¬£¬£¬Ò»Ö±Ò»Á¬µ½2021Äê8ÔÂÉÏÑ®£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÁËÓ¢¹ú¡¢Ò²ÃÅ¡¢ÒÁÀÊ¡¢ÐðÀûÑÇ¡¢É³Ìذ¢À²®¡¢Òâ´óÀûºÍÄϷǵȵØÇøµÄ×éÖ¯¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html
еĴ¹Âڻð³äTikTokÔ±¹¤ÒÔɾ³ýÕ˺ÅÀ´ÍþвÓû§
Abnormal SecurityÔÚ11ÔÂ17ÈÕ·¢Ã÷Õë¶ÔTikTokÓû§µÄÐÂÒ»ÂÖ´¹Âڻ¡£¡£¡£¹¥»÷Õßð³äTikTokÔ±¹¤£¬£¬£¬£¬£¬£¬£¬ÖÒÑÔÄ¿µÄÒòÆäÉæÏÓÎ¥·´Æ½Ì¨Ìõ¿î¶ø½«Á¬Ã¦É¾³ýÕÊ»§¡£¡£¡£Ö®ºó£¬£¬£¬£¬£¬£¬£¬Óû§»á±»Öض¨Ïòµ½Ò»¸öWhatsApp̸ÌìÊÒ£¬£¬£¬£¬£¬£¬£¬²¢±»ÒªÇóÌá¹©ÖØÖÃÕÊ»§ÃÜÂëËùÐèµÄÓʼþµØµã¡¢µç»°ºÅÂëºÍÒ»´ÎÐÔ´úÂë¡£¡£¡£ÏÖÔÚÉв»ÇåÎú¹¥»÷ÕßµÄÄ¿µÄÊÇʲô£¬£¬£¬£¬£¬£¬£¬»òÐíÖ¼ÔÚ½ÓÊÜÕË»§»òÀÕË÷¡£¡£¡£´Ë´Î»î¶¯µÄÁ½¸ö·åÖµ»®·ÖÔÚ10ÔÂ2ÈÕºÍ11ÔÂ1ÈÕ£¬£¬£¬£¬£¬£¬£¬Òò´ËÑо¿Ö°Ô±ÍƲâÏÂÒ»Âֻ¿ÉÄÜ»áÔÚ¼¸Öܺó×îÏÈ¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/tiktok-phishing-threatens-to-delete-influencers-accounts/
ÐÂÀÕË÷ÔËÓªÍÅ»ïMementoʹÓÃvCenterÖеÄRCEÎó²î
SophosÓÚ11ÔÂ18ÈÕÅû¶ÁËÀÕË÷ÔËÓªÍÅ»ïMementoµÄл¡£¡£¡£¹¥»÷ÕßʹÓÃÁËVMware vCenter Server WebÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-21971£©£¬£¬£¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ9.8¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²î»á¼ûTCP/IP¶Ë¿Ú443£¬£¬£¬£¬£¬£¬£¬²¢ÒÔÖÎÀíԱȨÏÞÖ´ÐÐÏÂÁ£¬£¬£¬£¬£¬£¬Æä²¹¶¡ÒÑÓÚ2Ô·ÝÐû²¼¡£¡£¡£´Ë´Î»î¶¯×îÏÈÓÚÉϸöÔ£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÊ×ÏÈʹÓÃvCenterÖеÄÎó²î´ÓÄ¿µÄЧÀÍÆ÷ÇÔÈ¡ÖÎÀíÆ¾Ö¤£¬£¬£¬£¬£¬£¬£¬È»ºóʹÓÃRDP over SSHºáÏòÒÆ¶¯£¬£¬£¬£¬£¬£¬£¬²¢Ê×´ÎÔÚ¹¥»÷ÖÐʹÓÃÁËWinRARÀ´Ñ¹ËõÎļþ²¢¶ÔÆä¾ÙÐмÓÃÜ¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/
CISAÐû²¼2021ÄêÍøÂçÇå¾²ÊÂÎñºÍÎó²îµÄÓ¦¼±ÏìÓ¦Ö¸ÄÏ
11ÔÂ16ÈÕ£¬£¬£¬£¬£¬£¬£¬ÃÀ¹úCISAÐû²¼ÁË2021ÄêÍøÂçÇå¾²ÊÂÎñºÍÎó²îµÄÓ¦¼±ÏìÓ¦Ö¸ÄÏ¡£¡£¡£¸ÃÖ¸ÄÏΪÁª°îÎÄÖ°ÐÐÕþ²¿·Ö£¨FCEB£©»ú¹¹ÌṩÁËÓÃÓÚÍýÏëºÍ¿ªÕ¹ÍøÂçÇå¾²ÊÂÎñºÍÎó²îÏìÓ¦»î¶¯µÄ²Ù×÷³ÌÐò£¬£¬£¬£¬£¬£¬£¬²¢Í¨¹ý¾öÒéÊ÷Ïêϸ˵Ã÷ÎúÊÂÎñºÍÎó²îÏìÓ¦µÄÿ¸ö°ì·¨¡£¡£¡£CISAÃãÀøÒªº¦»ù´¡ÉèÊ©Ïà¹Ø×éÖ¯£¬£¬£¬£¬£¬£¬£¬ÖÝ¡¢µØ·½µÄÕþ¸®×éÖ¯ÒÔ¼°Ë½Óª×é֯ʹÓøÃÖ¸ÄϾÙÐÐÉó²é£¬£¬£¬£¬£¬£¬£¬ÒÔ¶ÔÆä×ÔÉíµÄÎó²îºÍÊÂÎñÏìӦʵ¼ù¾ÙÐлù×¼²âÊÔ¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability
KasperskyÐû²¼2022ÄêAPT¹¥»÷ÍþÐ²Ì¬ÊÆµÄÕ¹Íû±¨¸æ
KasperskyÓÚ11ÔÂ17ÈÕÐû²¼ÁË2022ÄêAPT¹¥»÷ÍþÐ²Ì¬ÊÆµÄÕ¹Íû±¨¸æ¡£¡£¡£±¨¸æÖ¸³ö£¬£¬£¬£¬£¬£¬£¬APT×éÖ¯½«´ÓÆäËû¹¥»÷ÕßÄÇÀﹺÖóõÊ¼ÍøÂç»á¼ûȨÏÞ£»£»£»£»£»¸ü¶à¹ú¼Ò½«Ö´·¨ÆðËß×÷ΪÆäÍøÂçÕ½ÂÔµÄÒ»²¿·Ö£»£»£»£»£»¶ÔÍøÂç×°±¸µÄÕë¶ÔÐÔ¹¥»÷ÔöÌí£»£»£»£»£»5GÎó²î¼´½«·ºÆð£»£»£»£»£»¹¥»÷Õß½«¼ÌÐøÊ¹ÓÃCOVID-19Ö÷Ì⣻£»£»£»£»Òƶ¯×°±¸½«Êܵ½ÆÕ±é¹¥»÷£»£»£»£»£»¹©Ó¦Á´¹¥»÷µÄÊýÄ¿½«ÔöÌí£»£»£»£»£»¼ÌÐøÊ¹ÓÃWFH£»£»£»£»£»METAµØÇø£¬£¬£¬£¬£¬£¬£¬ÓÈÆäÊÇ·ÇÖÞµÄAPT»î¶¯½«ÔöÌí¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securelist.com/advanced-threat-predictions-for-2022/104870/