CorsairÈ·ÈÏÊÇK100¼üÅ̹̼þÖеÄBugµ¼ÖÂ×Ô¶¯´ò×Ö
Ðû²¼Ê±¼ä 2022-12-23
¾ÝýÌå12ÔÂ21ÈÕ±¨µÀ£¬£¬£¬£¬CorsairÒÑÈ·ÈÏÆäK100¼üÅ̹̼þÖеÄÒ»¸öBug£¬£¬£¬£¬µ¼ÖÂÏÈǰÊäÈëµÄÎı¾ÔÚ¼¸Ììºó×Ô¶¯ÊäÈëµ½Ó¦ÓóÌÐòÖУ¬£¬£¬£¬¶ø²»ÊǶñÒâÈí¼þµÄÔµ¹ÊÔÓÉ¡£¡£¡£¡£¡£¡£¡£Õâ¸öÎÊÌâÓÚ2022Äê8ÔÂÊ×´ÎÔÚCorsairÂÛ̳ÉÏÅû¶£¬£¬£¬£¬Óû§µ£ÐÄÊÇijÖÖÐÎʽµÄ¼üÅ̼ͼ³ÌÐò»ò¶ñÒâÈí¼þµ¼Öµġ£¡£¡£¡£¡£¡£¡£¾ÝϤ£¬£¬£¬£¬¸ÃÎÊÌâÔ´ÓÚºê¼Í¼¹¦Ð§ÖеÄÎó²î£¬£¬£¬£¬µ¼ÖÂËü¹ýʧµØ·¿ª²¢×îÏȼͼ»÷¼üºÍÊó±êÒÆ¶¯¡£¡£¡£¡£¡£¡£¡£ÕâЩºê³ÌÐòËæºó±»´¥·¢£¬£¬£¬£¬µ¼ÖÂÔÙ´ÎÊäÈëÉúÑĵÄÎı¾¡£¡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/corsair-keyboard-bug-makes-it-type-on-its-own-no-malware-involved/
2¡¢Comcast XfinityÓû§µÄÕÊ»§Ôâµ½2FAÈÆ¹ý¹¥»÷
ýÌå12ÔÂ22Èճƣ¬£¬£¬£¬Comcast XfinityµÄÓû§Í¸Â¶ËûÃǵÄÕÊ»§Ôâµ½ÁËË«ÒòËØÉí·ÝÑéÖ¤ÈÆ¹ý¹¥»÷¡£¡£¡£¡£¡£¡£¡£´Ó12ÔÂ19ÈÕ×îÏÈ£¬£¬£¬£¬Ðí¶àXfinityÓʼþÓû§ÊÕµ½ËûÃǵÄÕÊ»§ÐÅÏ¢ÒѸü¸ÄµÄ֪ͨ¡£¡£¡£¡£¡£¡£¡£¿ÉÊÇ£¬£¬£¬£¬µ±ÊµÑé»á¼ûÕâЩÕÊ»§Ê±£¬£¬£¬£¬ÓÉÓÚÃÜÂëÒѱ»¸ü¸ÄÎÞ·¨µÇ¼¡£¡£¡£¡£¡£¡£¡£ÔÚÖØÐ»ñµÃ¶ÔÕÊ»§µÄ»á¼ûȨÏ޺󣬣¬£¬£¬Óû§·¢Ã÷ÆäÔâµ½Á˹¥»÷£¬£¬£¬£¬Ò»´ÎÐÔ@yopmail.comÓòÃûÉϵĸ¨Öúµç×ÓÓʼþ±»Ìí¼Óµ½ËûÃǵÄ×ÊÁÏÖС£¡£¡£¡£¡£¡£¡£Ñо¿Ö°Ô±³Æ£¬£¬£¬£¬ºÚ¿Í¿ÉÄÜÊÇͨ¹ýƾ֤Ìî³ä¹¥»÷À´»ñµÃµÇ¼ƾ֤£¬£¬£¬£¬Ò»µ©½øÈëÕË»§²¢±»ÌáÐÑÊäÈë2FA´úÂ룬£¬£¬£¬ËûÃǾÍʹÓÃ˽ÏÂÈö²¥µÄXfinityÍøÕ¾µÄOTPÅÔ·£¬£¬£¬£¬À´Î±ÔìÀֳɵÄ2FAÑéÖ¤ÇëÇ󡣡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/comcast-xfinity-accounts-hacked-in-widespread-2fa-bypass-attacks/
3¡¢Ð¬ÀàÁãÊÛÉÌEccoЧÀÍÆ÷ÉèÖùýʧй¶Áè¼Ý60GBÊý¾Ý
CyberNewsÔÚ12ÔÂ21ÈÕ±¨µÀ³Æ£¬£¬£¬£¬Ð¬ÀàÖÆÔìÉ̺ÍÁãÊÛÉÌEccoÁè¼Ý60GBÊý¾ÝÒѾй¶¡£¡£¡£¡£¡£¡£¡£ÆäÖаüÀ¨Êý°ÙÍòµÄÎļþ£¬£¬£¬£¬Éæ¼°ÏúÊÛ¡¢ÓªÏú¡¢ÈÕÖ¾¼Í¼ºÍϵͳÐÅÏ¢£¬£¬£¬£¬ÈκÎÓÐȨ»á¼ûµÄÈ˶¼¿ÉÒÔÉó²é¡¢±à¼¡¢¸´ÖƺÍÇÔÈ¡»òɾ³ýÊý¾Ý¡£¡£¡£¡£¡£¡£¡£Ö»¹Ü̻¶µÄЧÀÍÆ÷Êܵ½HTTPÉí·ÝÑéÖ¤µÄ±£»£»£»¤£¬£¬£¬£¬µ«ÆäÉèÖùýʧ²¢ÔÊÐíËùÓÐAPIÇëÇóͨ¹ý¡£¡£¡£¡£¡£¡£¡£ÀúÊ·Êý¾ÝÅú×¢£¬£¬£¬£¬×Ô2021Äê6ÔÂ4ÈÕÆð£¬£¬£¬£¬¸ÃÊý¾Ý¿â¿ÉÒÔ±»»á¼ûÖÁÉÙ506Ìì¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬£¬¸ÃÎÊÌâÒѱ»½â¾ö¡£¡£¡£¡£¡£¡£¡£
https://cybernews.com/security/ecco-leaks-sensitive-data-for-months/
4¡¢Ä¾ÂíGodFatherÕë¶Ô400¶à¼ÒÒøÐкͼÓÃÜÇ®±ÒÉúÒâËù
12ÔÂ21ÈÕ£¬£¬£¬£¬Group IBÅû¶ÁËAndroidÒøÐÐľÂíGodFatherµÄ¹¥»÷»î¶¯¡£¡£¡£¡£¡£¡£¡£Æù½ñΪֹ£¬£¬£¬£¬ËüÒѹ¥»÷È«Çò16¸ö¹ú¼Ò/µØÇøµÄ400¶à¸öÄ¿µÄ£¬£¬£¬£¬Éæ¼°ÒøÐÐÓ¦ÓóÌÐò¡¢¼ÓÃÜÇ®±ÒÇ®°üºÍ¼ÓÃÜÇ®±ÒÉúÒâËù¡£¡£¡£¡£¡£¡£¡£GodFatherÓÚ2021Äê6ÔÂÊ״α»¼ì²âµ½£¬£¬£¬£¬ÆÊÎöÅú×¢ËüÊÇAnubisµÄ¼ÌÈÎÕß¡£¡£¡£¡£¡£¡£¡£Æä»î¶¯ÔÚ2022Äê6Ô·Ý×èÖ¹£¬£¬£¬£¬ÓÖÔÚÄê9ÔÂÔٴηºÆð£¬£¬£¬£¬ÏÖÔÚWebSocket¹¦Ð§ÂÔÓÐת±ä¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬Ëüͨ¹ý½âÃÜʹÓÃBlowfishÃÜÂë±àÂëµÄTelegram channelÐÎòÀ´¼ìË÷ÆäC2ЧÀÍÆ÷µØµã¡£¡£¡£¡£¡£¡£¡£
https://blog.group-ib.com/godfather-trojan
5¡¢¼ÓÄôó¶ù¿ÆÒ½ÔºSickKidsÔâµ½¹¥»÷µ¼Ö¶à¸öϵͳ崻ú
¾Ý12ÔÂ21ÈÕ±¨µÀ£¬£¬£¬£¬Î»ÓÚ¼ÓÄôó¶àÂ×¶àµÄ¶ù¿ÆÒ½ÔºSickKidsÔâµ½¹¥»÷£¬£¬£¬£¬¶à¸öϵͳ崻ú¡£¡£¡£¡£¡£¡£¡£SickKidsÓÚ2022Äê12ÔÂ20ÈÕת´ïÁ˸ÃÊÂÎñ£¬£¬£¬£¬²¢Í¸Â¶´ÓÃÀ¹ú¶«²¿Ê±¼ä12ÔÂ18ÈÕÐÇÆÚÈÕÍíÉÏ9µã30ÍÑÀëʼ£¬£¬£¬£¬Æäϵͳ·ºÆð¹ÊÕÏ¡£¡£¡£¡£¡£¡£¡£Ò½ÔºÌåÏÖСÎÒ˽¼ÒÐÅÏ¢²¢Î´Êܵ½Ó°Ï죬£¬£¬£¬µ«ÆäÍøÕ¾ËÆºõÈÔ´¦ÓÚÀëÏß״̬¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬£¬¸ÃÊÂÎñµÄÐÔ×Ӻ͹æÄ£ÈÔÔÚÊÓ²ìÖУ¬£¬£¬£¬SickKidsûÓÐ͸¶¹ØÓÚÊÂÎñÔµ¹ÊÔÓɵÄÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£
https://www.infosecurity-magazine.com/news/cyber-incident-failure-children/
6¡¢Î¢ÈíÐû²¼¹ØÓÚ½©Ê¬ÍøÂçZerobotй¦Ð§µÄÆÊÎö±¨¸æ
΢ÈíÔÚ12ÔÂ21ÈÕÐû²¼Á˹ØÓÚ×îа汾µÄ¶ñÒâÈí¼þZerobot 1.1µÄÆÊÎö±¨¸æ¡£¡£¡£¡£¡£¡£¡£ZerobotÖÁÉÙ´Ó11ÔÂ×îÏȾÍÔÚÆð¾¢¿ª·¢£¬£¬£¬£¬ÔöÌíÁËÐÂÄ£¿£¿£¿éºÍ¹¦Ð§£¬£¬£¬£¬ÒÔÀ©Õ¹¹¥»÷ǰÑÔ²¢Ê¹Æä¸üÈÝÒ×ѬȾÐÂ×°±¸¡£¡£¡£¡£¡£¡£¡£×Ô12Ô³õÒÔÀ´£¬£¬£¬£¬ËüµÄ¿ª·¢Ö°Ô±ÒѾɾ³ýÁËÕë¶ÔphpMyAdminЧÀÍÆ÷¡¢Dasan GPON·ÓÉÆ÷ºÍD-Link DSL-2750BÎÞÏß·ÓÉÆ÷µÄÄ£¿£¿£¿é¡£¡£¡£¡£¡£¡£¡£²¢Ìí¼ÓÁËеÄÎó²î£¬£¬£¬£¬Ê¹ÆäÄܹ»Õë¶Ô7ÖÖÐÂÐÍ×°±¸ºÍÈí¼þ£¬£¬£¬£¬°üÀ¨Apache£¨CVE-2021-42013£©ºÍApache SparkЧÀÍÆ÷£¨CVE-2022-33891£©¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬Ð±äÌå¾ßÓÐ7ÖÖеÄDDoS¹¦Ð§£¬£¬£¬£¬°üÀ¨TCP_XMAS¹¥»÷¡£¡£¡£¡£¡£¡£¡£
https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/