Cisco·¢Ã÷ʹÓÃÓòÃûǰÖÃÊÖÒÕÃé×¼ÃåµéÕþ¸®µÄ¹¥»÷»î¶¯

Ðû²¼Ê±¼ä 2021-11-19

Cisco·¢Ã÷ʹÓÃÓòÃûǰÖÃÊÖÒÕÃé×¼ÃåµéÕþ¸®µÄ¹¥»÷»î¶¯


Cisco·¢Ã÷ʹÓÃÓòÃûǰÖÃÊÖÒÕÃé×¼ÃåµéÕþ¸®µÄ¹¥»÷»î¶¯.png


Cisco TalosÔÚ11ÔÂ16ÈÕÅû¶ÁËʹÓÃеÄÒþ²ØÊÖÒÕÈÆ¹ý¼ì²âµÄ¹¥»÷»î¶¯¡£¡£¡£´Ë´Î»î¶¯×î³õ·¢Ã÷ÓÚ½ñÄê9Ô·ݣ¬£¬ £¬£¬£¬£¬£¬Ê¹ÓÃÁËÒ»ÖÖÃûΪÓòÃûǰÖõÄÊÖÒÕÀ´Òþ²ØC2¡£¡£¡£±ðµÄ£¬£¬ £¬£¬£¬£¬£¬¹¥»÷Õß»¹Ê¹ÓÃÁËÕýµ±µÄ¹¤¾ßCobalt Strik£¬£¬ £¬£¬£¬£¬£¬µ±BeaconÆô¶¯Ê±½«ÎªÍйÜÔÚCloudflareµÄÕýµ±ÓòÌá½»DNSÇëÇ󣬣¬ £¬£¬£¬£¬£¬È»ºóÐ޸ĺóÐøµÄHTTPsÇëÇóÍ·£¬£¬ £¬£¬£¬£¬£¬ÒÔָʾCDN½«Á÷Á¿Öض¨Ïòµ½¹¥»÷Õß¿ØÖƵÄÖ÷»ú¡£¡£¡£»£»£»£»£»î¶¯ÖÐʹÓõÄÕýµ±ÓòÃûΪÃåµéÊý×ÖÐÂÎŵÄmdn[.]gov[.]mm¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://blog.talosintelligence.com/2021/11/attackers-use-domain-fronting-technique.html


ESET·¢Ã÷ÒÔÉ«ÁÐCandiruÕë¶ÔÓ¢¹úºÍÖж«µÄË®¿Ó¹¥»÷


ESET·¢Ã÷ÒÔÉ«ÁÐCandiruÕë¶ÔÓ¢¹úºÍÖж«µÄË®¿Ó¹¥»÷.png


11ÔÂ16ÈÕ£¬£¬ £¬£¬£¬£¬£¬ESETµÄÑо¿Ö°Ô±³ÆÒÔÉ«ÁеÄÌØ¹¤Èí¼þCandiruÓëÕë¶ÔÓ¢¹úºÍÖж«µÄË®¿Ó¹¥»÷ÓйØ¡£¡£¡£CandiruÒÑÓÚ±¾Ô±»ÃÀ¹úÉÌÎñ²¿ÁÐÈë¶ñÒâÍøÂç»î¶¯×éÖ¯Ãûµ¥¡£¡£¡£´Ë´Î»î¶¯´óÖ·ÖΪÁ½²¨£¬£¬ £¬£¬£¬£¬£¬µÚÒ»²¨×îÏÈÓÚ2020Äê3Ô£¬£¬ £¬£¬£¬£¬£¬ÓÚ2020Äê8Ô¿¢Ê£¬£¬ £¬£¬£¬£¬£¬µÚ¶þ²¨¹¥»÷×îÏÈÓÚ2021Äê1ÔÂ×îÏÈ£¬£¬ £¬£¬£¬£¬£¬Ò»Ö±Ò»Á¬µ½2021Äê8ÔÂÉÏÑ®£¬£¬ £¬£¬£¬£¬£¬¹¥»÷ÁËÓ¢¹ú¡¢Ò²ÃÅ¡¢ÒÁÀÊ¡¢ÐðÀûÑÇ¡¢É³Ìذ¢À­²®¡¢Òâ´óÀûºÍÄϷǵȵØÇøµÄ×éÖ¯¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2021/11/israels-candiru-spyware-found-linked-to.html


еĴ¹Âڻð³äTikTokÔ±¹¤ÒÔɾ³ýÕ˺ÅÀ´ÍþвÓû§


еĴ¹Âڻð³äTikTokÔ±¹¤ÒÔɾ³ýÕ˺ÅÀ´ÍþвÓû§.png


Abnormal SecurityÔÚ11ÔÂ17ÈÕ·¢Ã÷Õë¶ÔTikTokÓû§µÄÐÂÒ»ÂÖ´¹Âڻ¡£¡£¡£¹¥»÷Õßð³äTikTokÔ±¹¤£¬£¬ £¬£¬£¬£¬£¬ÖÒÑÔÄ¿µÄÒòÆäÉæÏÓÎ¥·´Æ½Ì¨Ìõ¿î¶ø½«Á¬Ã¦É¾³ýÕÊ»§¡£¡£¡£Ö®ºó£¬£¬ £¬£¬£¬£¬£¬Óû§»á±»Öض¨Ïòµ½Ò»¸öWhatsApp̸ÌìÊÒ£¬£¬ £¬£¬£¬£¬£¬²¢±»ÒªÇóÌá¹©ÖØÖÃÕÊ»§ÃÜÂëËùÐèµÄÓʼþµØµã¡¢µç»°ºÅÂëºÍÒ»´ÎÐÔ´úÂë¡£¡£¡£ÏÖÔÚÉв»ÇåÎú¹¥»÷ÕßµÄÄ¿µÄÊÇʲô£¬£¬ £¬£¬£¬£¬£¬»òÐíÖ¼ÔÚ½ÓÊÜÕË»§»òÀÕË÷¡£¡£¡£´Ë´Î»î¶¯µÄÁ½¸ö·åÖµ»®·ÖÔÚ10ÔÂ2ÈÕºÍ11ÔÂ1ÈÕ£¬£¬ £¬£¬£¬£¬£¬Òò´ËÑо¿Ö°Ô±ÍƲâÏÂÒ»Âֻ¿ÉÄÜ»áÔÚ¼¸Öܺó×îÏÈ¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/tiktok-phishing-threatens-to-delete-influencers-accounts/


ÐÂÀÕË÷ÔËÓªÍÅ»ïMementoʹÓÃvCenterÖеÄRCEÎó²î


ÐÂÀÕË÷ÔËÓªÍÅ»ïMementoʹÓÃvCenterÖеÄRCEÎó²î.png


SophosÓÚ11ÔÂ18ÈÕÅû¶ÁËÀÕË÷ÔËÓªÍÅ»ïMementoµÄл¡£¡£¡£¹¥»÷ÕßʹÓÃÁËVMware vCenter Server WebÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-21971£©£¬£¬ £¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ9.8¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²î»á¼ûTCP/IP¶Ë¿Ú443£¬£¬ £¬£¬£¬£¬£¬²¢ÒÔÖÎÀíԱȨÏÞÖ´ÐÐÏÂÁ£¬ £¬£¬£¬£¬£¬Æä²¹¶¡ÒÑÓÚ2Ô·ÝÐû²¼¡£¡£¡£´Ë´Î»î¶¯×îÏÈÓÚÉϸöÔ£¬£¬ £¬£¬£¬£¬£¬¹¥»÷ÕßÊ×ÏÈʹÓÃvCenterÖеÄÎó²î´ÓÄ¿µÄЧÀÍÆ÷ÇÔÈ¡ÖÎÀíÆ¾Ö¤£¬£¬ £¬£¬£¬£¬£¬È»ºóʹÓÃRDP over SSHºáÏòÒÆ¶¯£¬£¬ £¬£¬£¬£¬£¬²¢Ê×´ÎÔÚ¹¥»÷ÖÐʹÓÃÁËWinRARÀ´Ñ¹ËõÎļþ²¢¶ÔÆä¾ÙÐмÓÃÜ¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/


CISAÐû²¼2021ÄêÍøÂçÇå¾²ÊÂÎñºÍÎó²îµÄÓ¦¼±ÏìÓ¦Ö¸ÄÏ


CISAÐû²¼2021ÄêÍøÂçÇå¾²ÊÂÎñºÍÎó²îµÄÓ¦¼±ÏìÓ¦Ö¸ÄÏ.png


11ÔÂ16ÈÕ£¬£¬ £¬£¬£¬£¬£¬ÃÀ¹úCISAÐû²¼ÁË2021ÄêÍøÂçÇå¾²ÊÂÎñºÍÎó²îµÄÓ¦¼±ÏìÓ¦Ö¸ÄÏ¡£¡£¡£¸ÃÖ¸ÄÏΪÁª°îÎÄÖ°ÐÐÕþ²¿·Ö£¨FCEB£©»ú¹¹ÌṩÁËÓÃÓÚÍýÏëºÍ¿ªÕ¹ÍøÂçÇå¾²ÊÂÎñºÍÎó²îÏìÓ¦»î¶¯µÄ²Ù×÷³ÌÐò£¬£¬ £¬£¬£¬£¬£¬²¢Í¨¹ý¾öÒéÊ÷Ïêϸ˵Ã÷ÎúÊÂÎñºÍÎó²îÏìÓ¦µÄÿ¸ö°ì·¨¡£¡£¡£CISAÃãÀøÒªº¦»ù´¡ÉèÊ©Ïà¹Ø×éÖ¯£¬£¬ £¬£¬£¬£¬£¬ÖÝ¡¢µØ·½µÄÕþ¸®×éÖ¯ÒÔ¼°Ë½Óª×é֯ʹÓøÃÖ¸ÄϾÙÐÐÉó²é£¬£¬ £¬£¬£¬£¬£¬ÒÔ¶ÔÆä×ÔÉíµÄÎó²îºÍÊÂÎñÏìӦʵ¼ù¾ÙÐлù×¼²âÊÔ¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability


KasperskyÐû²¼2022ÄêAPT¹¥»÷ÍþÐ²Ì¬ÊÆµÄÕ¹Íû±¨¸æ


KasperskyÐû²¼2022ÄêAPT¹¥»÷ÍþÐ²Ì¬ÊÆµÄÕ¹Íû±¨¸æ.png


KasperskyÓÚ11ÔÂ17ÈÕÐû²¼ÁË2022ÄêAPT¹¥»÷ÍþÐ²Ì¬ÊÆµÄÕ¹Íû±¨¸æ¡£¡£¡£±¨¸æÖ¸³ö£¬£¬ £¬£¬£¬£¬£¬APT×éÖ¯½«´ÓÆäËû¹¥»÷ÕßÄÇÀﹺÖóõÊ¼ÍøÂç»á¼ûȨÏÞ£»£»£»£»£»¸ü¶à¹ú¼Ò½«Ö´·¨ÆðËß×÷ΪÆäÍøÂçÕ½ÂÔµÄÒ»²¿·Ö£»£»£»£»£»¶ÔÍøÂç×°±¸µÄÕë¶ÔÐÔ¹¥»÷ÔöÌí£»£»£»£»£»5GÎó²î¼´½«·ºÆð£»£»£»£»£»¹¥»÷Õß½«¼ÌÐøÊ¹ÓÃCOVID-19Ö÷Ì⣻£»£»£»£»Òƶ¯×°±¸½«Êܵ½ÆÕ±é¹¥»÷£»£»£»£»£»¹©Ó¦Á´¹¥»÷µÄÊýÄ¿½«ÔöÌí£»£»£»£»£»¼ÌÐøÊ¹ÓÃWFH£»£»£»£»£»METAµØÇø£¬£¬ £¬£¬£¬£¬£¬ÓÈÆäÊÇ·ÇÖÞµÄAPT»î¶¯½«ÔöÌí¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://securelist.com/advanced-threat-predictions-for-2022/104870/