Wordfence·¢Ã÷Õë¶Ô160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷

Ðû²¼Ê±¼ä 2021-12-14
ÎÖ¶ûÎÖ¹«Ë¾Ôâµ½SnatchµÄÀÕË÷¹¥»÷µ¼ÖÂÑз¢Êý¾Ýй¶


ÎÖ¶ûÎÖ¹«Ë¾Ôâµ½SnatchµÄÀÕË÷¹¥»÷µ¼ÖÂÑз¢Êý¾Ýй¶.png


12ÔÂ10ÈÕ£¬£¬£¬£¬£¬£¬ÈðµäÆû³µÖÆÔìÉÌÎÖ¶ûÎÖ³ÆÆäЧÀÍÆ÷Ôâµ½ÀÕË÷¹¥»÷£¬£¬£¬£¬£¬£¬²¿·ÖÑз¢Êý¾ÝÒѾ­Ð¹Â¶¡£¡£¡£¡£¡£ÎÖ¶ûÎÖÌåÏÖ£¬£¬£¬£¬£¬£¬ÏÖÔÚÕýÔÚ¶Ô´ËÊÂÕö¿ªÊӲ죬£¬£¬£¬£¬£¬¿Í»§µÄСÎÒ˽¼ÒÊý¾Ý²¢²»»áÊܵ½Ó°Ï죬£¬£¬£¬£¬£¬µ«¹«Ë¾µÄÔËÓª¿ÉÄÜÊܵ½Ó°Ïì¡£¡£¡£¡£¡£ËäÈ»¸Ã¹«Ë¾ÉÐδ͸¶Óйش˴ÎÊÂÎñµÄÆäËüϸ½Ú£¬£¬£¬£¬£¬£¬µ«ÀÕË÷ÔËÓªÍÅ»ïSnatchÒÑÓÚ11ÔÂ30ÈÕ½«¸Ã¹«Ë¾Ìí¼Óµ½ÆäÊý¾ÝÐ¹Â¶ÍøÕ¾µÄĿ¼ÖУ¬£¬£¬£¬£¬£¬²¢¹ûÕæÁ˱»µÁÎļþµÄ½ØÍ¼ºÍ35.9 MBµÄÊý¾Ý¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/volvo-cars-discloses-security-breach-leading-to-randd-data-theft/


Wordfence·¢Ã÷Õë¶Ô160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷


Wordfence·¢Ã÷Õë¶Ô160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷.png


WordfenceÔÚ12ÔÂ9ÈÕ¹ûÕæÁ˽üÆÚÕë¶ÔÁè¼Ý160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷»î¶¯¡£¡£¡£¡£¡£ÕâЩ¹¥»÷Ö÷ÒªÕë¶Ô4¸ö²å¼þ£¨PublishPress CapabilitiesºÍKiwi Social PluginµÈ£©ºÍ15¸öEpsilon¿ò¼ÜÖ÷Ì⣨ShapelyºÍNatureMag LiteµÈ£©¡£¡£¡£¡£¡£Í¨¹ýÆôÓÃusers_can_registerÑ¡Ï£¬£¬£¬£¬£¬²¢½«default_roleÑ¡ÏîÉèÖÃΪÖÎÀíÔ±£¬£¬£¬£¬£¬£¬¹¥»÷Õ߾ͿÉÒÔ×¢²áΪÖÎÀíÔ±²¢½ÓÊܸÃÍøÕ¾¡£¡£¡£¡£¡£Ñо¿Ö°Ô±½¨ÒéÓû§Á¬Ã¦¸üÐÂÊÜÓ°Ïì²å¼þ£¬£¬£¬£¬£¬£¬ÆäÖÐNatureMag LiteûÓпÉÓò¹¶¡£¬£¬£¬£¬£¬£¬ÐèÒªÁ¬Ã¦Ð¶ÔØ¡£¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/125469/hacking/wordpress-sites-under-attack.html


Frontier Softwareй¶Լ8Íò¸ö°Ä´óÀûÑǹ«ÃñµÄÐÅÏ¢


Frontier Softwareй¶Լ8Íò¸ö°Ä´óÀûÑǹ«ÃñµÄÐÅÏ¢.png


ÄϰĴóÀûÑÇÖÝÕþ¸®ÔÚ12ÔÂ10ÈÕÐû²¼Í¨¸æ£¬£¬£¬£¬£¬£¬³ÆÆäÔ¼8Íò¸öÔ±¹¤µÄÐÅÏ¢ÒѾ­Ð¹Â¶¡£¡£¡£¡£¡£´Ë´Îй¶ÊÂÎñµÄÔµ¹ÊÔ­ÓÉÊÇн×ÊÈí¼þ¹«Ë¾Frontier SoftwareÓÚ11ÔÂ13ÈÕÔâµ½ÀÕË÷¹¥»÷£¬£¬£¬£¬£¬£¬¸Ã»î¶¯¿ÉÄÜÓëContiÓйØ¡£¡£¡£¡£¡£11ÔÂ16ÈÕ£¬£¬£¬£¬£¬£¬ContiÔøÔÚÆäÍøÕ¾ÁгöÁËFrontier Software£¬£¬£¬£¬£¬£¬¿ÉÊÇÏÖÔÚ¸ÃÁбíÒѱ»É¾³ý£¬£¬£¬£¬£¬£¬Õâ¿ÉÄÜÒâζ×Å̸ÅÐÒѾ­¿¢Ê¡£¡£¡£¡£¡£¸ÃÖÝΨһûÓÐÊܵ½Ó°ÏìµÄ¹«¹²×éÖ¯ÊǽÌÓý²¿£¬£¬£¬£¬£¬£¬ÓÉÓÚËü²»Ê¹ÓÃFrontierµÄ²úÆ·¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/


Cofense·¢Ã÷Õë¶ÔµÂ¹ú½ðÈÚÐÐÒµµÄÐÂÒ»ÂÖ´¹Âڻ


Cofense·¢Ã÷Õë¶ÔµÂ¹ú½ðÈÚÐÐÒµµÄÐÂÒ»ÂÖ´¹Âڻ.png


12ÔÂ9ÈÕ£¬£¬£¬£¬£¬£¬Cofense·¢Ã÷ÔÚÒÑÍù¼¸ÖÜÖУ¬£¬£¬£¬£¬£¬Ê¹ÓöþάÂëÕë¶ÔµÂ¹ú½ðÈÚÐÐÒµµÄÐÂÒ»ÂÖ´¹Âڻ¡£¡£¡£¡£¡£´Ë´Î»î¶¯Ê¹ÓõÄÓʼþÖв¢Ã»ÓÐÃ÷ÎÄURL£¬£¬£¬£¬£¬£¬¶øÊÇͨ¹ýQRÂ뽫Óû§Öض¨Ïòµ½´¹ÂÚÍøÕ¾£¬£¬£¬£¬£¬£¬ÒÔÈÆ¹ýÇå¾²Èí¼þµÄ¼ì²â¡£¡£¡£¡£¡£ÓÉÓÚQRÂëµÄÄ¿µÄÊÇÒÆ¶¯Óû§£¬£¬£¬£¬£¬£¬ÕâЩÓû§ºÜÉÙÊܵ½Çå¾²¹¤¾ßµÄ±£» £»£»£»¤£¬£¬£¬£¬£¬£¬ÕâÌá¸ßÁ˹¥»÷µÄÓÐÓÃÐÔ¡£¡£¡£¡£¡£¹¥»÷Àֳɺ󣬣¬£¬£¬£¬£¬±ã»áÇÔȡĿµÄµÄÒøÐеص㡢´úÂë¡¢Óû§ÃûºÍPINµÈÐÅÏ¢£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔµÄÁ½¸ö½ðÈÚ»ú¹¹ÊÇSparkasseºÍVolksbanken Raiffeisenbanken¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://cofense.com/blog/german-users-targeted-in-digital-bank-heist-phishing-campaigns/


Ñо¿ÍŶӷ¢Ã÷ʹÓÃLog4ShellÎó²î·Ö·¢¶à¸ö¶ñÒâÈí¼þµÄ»î¶¯


Ñо¿ÍŶӷ¢Ã÷ʹÓÃLog4ShellÎó²î·Ö·¢¶à¸ö¶ñÒâÈí¼þµÄ»î¶¯.png


12ÔÂ12ÈÕ£¬£¬£¬£¬£¬£¬Ñо¿ÍŶӷ¢Ã÷ʹÓÃApache Log4jÖеÄÎó²îLog4Shell·Ö·¢¶àÖÖ¶ñÒâÈí¼þµÄ»î¶¯¡£¡£¡£¡£¡£Log4ShellÓÚÉÏÖÜÎå¹ûÕæ£¬£¬£¬£¬£¬£¬ApacheÔÚ²»¾ÃÖ®ºóÐû²¼ÁËLog4j 2.15.0À´ÐÞ¸´¸ÃÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îÒ»¾­Ðû²¼£¬£¬£¬£¬£¬£¬¾ÍÓÐÐí¶à¹¥»÷ÕßʹÓÃÆä×°ÖÃÖÖÖÖ¿ó¹¤Èí¼þ£¬£¬£¬£¬£¬£¬ÀýÈçºóÃÅKinsingºÍ½©Ê¬ÍøÂçcryptomining±³ºóµÄ¹¥»÷Õß¡£¡£¡£¡£¡£» £»£»£ÉÐÓй¥»÷ÕßʹÓøÃÎó²îÔÚÄ¿µÄ×°±¸ÉÏ×°ÖöñÒâÈí¼þMiraiºÍMuhstik¡£¡£¡£¡£¡£³ýÁË×°ÖöñÒâÈí¼þÖ®Í⣬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±»¹·¢Ã÷ÁËÕë¶Ô¸ÃÎó²îµÄ´ó¹æÄ£É¨Ãè»î¶¯¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/


Î÷²¿Êý¾ÝÐû²¼¸üÐÂÐÞ¸´SanDisk SecureAccessÖÐÎó²î


Î÷²¿Êý¾ÝÐû²¼¸üÐÂÐÞ¸´SanDisk SecureAccessÖÐÎó²î.png


Western DigitalÔÚÉÏÖÜÈýÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´SanDisk SecureAccessÖеÄÎó²îCVE-2021-36750¡£¡£¡£¡£¡£SanDisk SecureAccess£¨ÏÖÔÚ¸üÃûΪSanDisk PrivateAccess£©ÓÃÀ´ÔÚSanDisk USBÉÁ´æÇý¶¯Æ÷ÉÏ´æ´¢ºÍ±£» £»£»£»¤Ö÷ÒªÎļþ£¬£¬£¬£¬£¬£¬ÆäʹÓÃÁ˵¥Ïò¼ÓÃÜhashºÍ¿ÉÕ¹Íûsalt£¬£¬£¬£¬£¬£¬ÕâʹÆäÈÝÒ×Ôâµ½×ֵ乥»÷£» £»£»£»»¹Ê¹ÓÃÁËÅÌËãÁ¿È±·¦µÄhash£¬£¬£¬£¬£¬£¬Ê¹Óû§ÃÜÂëÒ×±»±©Á¦ÆÆ½â¡£¡£¡£¡£¡£¹«Ë¾³ÆÕâЩÎÊÌâÒѾ­Í¨¹ýʹÓÃPBKDF2-SHA256ºÍËæ»úsaltÐÞ¸´£¬£¬£¬£¬£¬£¬½¨ÒéÓû§Á¬Ã¦¸üС£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/125530/security/western-digital-sandisk-secureaccess-flaws.html