Wordfence·¢Ã÷Õë¶Ô160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷
Ðû²¼Ê±¼ä 2021-12-1412ÔÂ10ÈÕ£¬£¬£¬£¬£¬£¬ÈðµäÆû³µÖÆÔìÉÌÎÖ¶ûÎÖ³ÆÆäЧÀÍÆ÷Ôâµ½ÀÕË÷¹¥»÷£¬£¬£¬£¬£¬£¬²¿·ÖÑз¢Êý¾ÝÒѾй¶¡£¡£¡£¡£¡£ÎÖ¶ûÎÖÌåÏÖ£¬£¬£¬£¬£¬£¬ÏÖÔÚÕýÔÚ¶Ô´ËÊÂÕö¿ªÊӲ죬£¬£¬£¬£¬£¬¿Í»§µÄСÎÒ˽¼ÒÊý¾Ý²¢²»»áÊܵ½Ó°Ï죬£¬£¬£¬£¬£¬µ«¹«Ë¾µÄÔËÓª¿ÉÄÜÊܵ½Ó°Ïì¡£¡£¡£¡£¡£ËäÈ»¸Ã¹«Ë¾ÉÐδ͸¶Óйش˴ÎÊÂÎñµÄÆäËüϸ½Ú£¬£¬£¬£¬£¬£¬µ«ÀÕË÷ÔËÓªÍÅ»ïSnatchÒÑÓÚ11ÔÂ30ÈÕ½«¸Ã¹«Ë¾Ìí¼Óµ½ÆäÊý¾ÝÐ¹Â¶ÍøÕ¾µÄĿ¼ÖУ¬£¬£¬£¬£¬£¬²¢¹ûÕæÁ˱»µÁÎļþµÄ½ØÍ¼ºÍ35.9 MBµÄÊý¾Ý¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/volvo-cars-discloses-security-breach-leading-to-randd-data-theft/
Wordfence·¢Ã÷Õë¶Ô160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷
WordfenceÔÚ12ÔÂ9ÈÕ¹ûÕæÁ˽üÆÚÕë¶ÔÁè¼Ý160Íò¸öWordPressÍøÕ¾µÄ´ó¹æÄ£¹¥»÷»î¶¯¡£¡£¡£¡£¡£ÕâЩ¹¥»÷Ö÷ÒªÕë¶Ô4¸ö²å¼þ£¨PublishPress CapabilitiesºÍKiwi Social PluginµÈ£©ºÍ15¸öEpsilon¿ò¼ÜÖ÷Ì⣨ShapelyºÍNatureMag LiteµÈ£©¡£¡£¡£¡£¡£Í¨¹ýÆôÓÃusers_can_registerÑ¡Ï£¬£¬£¬£¬£¬²¢½«default_roleÑ¡ÏîÉèÖÃΪÖÎÀíÔ±£¬£¬£¬£¬£¬£¬¹¥»÷Õ߾ͿÉÒÔ×¢²áΪÖÎÀíÔ±²¢½ÓÊܸÃÍøÕ¾¡£¡£¡£¡£¡£Ñо¿Ö°Ô±½¨ÒéÓû§Á¬Ã¦¸üÐÂÊÜÓ°Ïì²å¼þ£¬£¬£¬£¬£¬£¬ÆäÖÐNatureMag LiteûÓпÉÓò¹¶¡£¬£¬£¬£¬£¬£¬ÐèÒªÁ¬Ã¦Ð¶ÔØ¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/125469/hacking/wordpress-sites-under-attack.html
Frontier Softwareй¶Լ8Íò¸ö°Ä´óÀûÑǹ«ÃñµÄÐÅÏ¢
ÄϰĴóÀûÑÇÖÝÕþ¸®ÔÚ12ÔÂ10ÈÕÐû²¼Í¨¸æ£¬£¬£¬£¬£¬£¬³ÆÆäÔ¼8Íò¸öÔ±¹¤µÄÐÅÏ¢ÒѾй¶¡£¡£¡£¡£¡£´Ë´Îй¶ÊÂÎñµÄÔµ¹ÊÔÓÉÊÇн×ÊÈí¼þ¹«Ë¾Frontier SoftwareÓÚ11ÔÂ13ÈÕÔâµ½ÀÕË÷¹¥»÷£¬£¬£¬£¬£¬£¬¸Ã»î¶¯¿ÉÄÜÓëContiÓйء£¡£¡£¡£¡£11ÔÂ16ÈÕ£¬£¬£¬£¬£¬£¬ContiÔøÔÚÆäÍøÕ¾ÁгöÁËFrontier Software£¬£¬£¬£¬£¬£¬¿ÉÊÇÏÖÔÚ¸ÃÁбíÒѱ»É¾³ý£¬£¬£¬£¬£¬£¬Õâ¿ÉÄÜÒâζ×Å̸ÅÐÒѾ¿¢Ê¡£¡£¡£¡£¡£¸ÃÖÝΨһûÓÐÊܵ½Ó°ÏìµÄ¹«¹²×éÖ¯ÊǽÌÓý²¿£¬£¬£¬£¬£¬£¬ÓÉÓÚËü²»Ê¹ÓÃFrontierµÄ²úÆ·¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/
Cofense·¢Ã÷Õë¶ÔµÂ¹ú½ðÈÚÐÐÒµµÄÐÂÒ»ÂÖ´¹Âڻ
12ÔÂ9ÈÕ£¬£¬£¬£¬£¬£¬Cofense·¢Ã÷ÔÚÒÑÍù¼¸ÖÜÖУ¬£¬£¬£¬£¬£¬Ê¹ÓöþάÂëÕë¶ÔµÂ¹ú½ðÈÚÐÐÒµµÄÐÂÒ»ÂÖ´¹Âڻ¡£¡£¡£¡£¡£´Ë´Î»î¶¯Ê¹ÓõÄÓʼþÖв¢Ã»ÓÐÃ÷ÎÄURL£¬£¬£¬£¬£¬£¬¶øÊÇͨ¹ýQRÂ뽫Óû§Öض¨Ïòµ½´¹ÂÚÍøÕ¾£¬£¬£¬£¬£¬£¬ÒÔÈÆ¹ýÇå¾²Èí¼þµÄ¼ì²â¡£¡£¡£¡£¡£ÓÉÓÚQRÂëµÄÄ¿µÄÊÇÒÆ¶¯Óû§£¬£¬£¬£¬£¬£¬ÕâЩÓû§ºÜÉÙÊܵ½Çå¾²¹¤¾ßµÄ±£»£»£»£»¤£¬£¬£¬£¬£¬£¬ÕâÌá¸ßÁ˹¥»÷µÄÓÐÓÃÐÔ¡£¡£¡£¡£¡£¹¥»÷Àֳɺ󣬣¬£¬£¬£¬£¬±ã»áÇÔȡĿµÄµÄÒøÐеص㡢´úÂë¡¢Óû§ÃûºÍPINµÈÐÅÏ¢£¬£¬£¬£¬£¬£¬Ö÷ÒªÕë¶ÔµÄÁ½¸ö½ðÈÚ»ú¹¹ÊÇSparkasseºÍVolksbanken Raiffeisenbanken¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://cofense.com/blog/german-users-targeted-in-digital-bank-heist-phishing-campaigns/
Ñо¿ÍŶӷ¢Ã÷ʹÓÃLog4ShellÎó²î·Ö·¢¶à¸ö¶ñÒâÈí¼þµÄ»î¶¯
12ÔÂ12ÈÕ£¬£¬£¬£¬£¬£¬Ñо¿ÍŶӷ¢Ã÷ʹÓÃApache Log4jÖеÄÎó²îLog4Shell·Ö·¢¶àÖÖ¶ñÒâÈí¼þµÄ»î¶¯¡£¡£¡£¡£¡£Log4ShellÓÚÉÏÖÜÎå¹ûÕæ£¬£¬£¬£¬£¬£¬ApacheÔÚ²»¾ÃÖ®ºóÐû²¼ÁËLog4j 2.15.0À´ÐÞ¸´¸ÃÎó²î¡£¡£¡£¡£¡£¸ÃÎó²îÒ»¾Ðû²¼£¬£¬£¬£¬£¬£¬¾ÍÓÐÐí¶à¹¥»÷ÕßʹÓÃÆä×°ÖÃÖÖÖÖ¿ó¹¤Èí¼þ£¬£¬£¬£¬£¬£¬ÀýÈçºóÃÅKinsingºÍ½©Ê¬ÍøÂçcryptomining±³ºóµÄ¹¥»÷Õß¡£¡£¡£¡£¡£»£»£»£ÉÐÓй¥»÷ÕßʹÓøÃÎó²îÔÚÄ¿µÄ×°±¸ÉÏ×°ÖöñÒâÈí¼þMiraiºÍMuhstik¡£¡£¡£¡£¡£³ýÁË×°ÖöñÒâÈí¼þÖ®Í⣬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±»¹·¢Ã÷ÁËÕë¶Ô¸ÃÎó²îµÄ´ó¹æÄ£É¨Ãè»î¶¯¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/
Î÷²¿Êý¾ÝÐû²¼¸üÐÂÐÞ¸´SanDisk SecureAccessÖÐÎó²î
Western DigitalÔÚÉÏÖÜÈýÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´SanDisk SecureAccessÖеÄÎó²îCVE-2021-36750¡£¡£¡£¡£¡£SanDisk SecureAccess£¨ÏÖÔÚ¸üÃûΪSanDisk PrivateAccess£©ÓÃÀ´ÔÚSanDisk USBÉÁ´æÇý¶¯Æ÷ÉÏ´æ´¢ºÍ±£»£»£»£»¤Ö÷ÒªÎļþ£¬£¬£¬£¬£¬£¬ÆäʹÓÃÁ˵¥Ïò¼ÓÃÜhashºÍ¿ÉÕ¹Íûsalt£¬£¬£¬£¬£¬£¬ÕâʹÆäÈÝÒ×Ôâµ½×ֵ乥»÷£»£»£»£»»¹Ê¹ÓÃÁËÅÌËãÁ¿È±·¦µÄhash£¬£¬£¬£¬£¬£¬Ê¹Óû§ÃÜÂëÒ×±»±©Á¦ÆÆ½â¡£¡£¡£¡£¡£¹«Ë¾³ÆÕâЩÎÊÌâÒѾͨ¹ýʹÓÃPBKDF2-SHA256ºÍËæ»úsaltÐÞ¸´£¬£¬£¬£¬£¬£¬½¨ÒéÓû§Á¬Ã¦¸üС£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/125530/security/western-digital-sandisk-secureaccess-flaws.html