΢ÈíÐû²¼2023Äê1Ô·ÝÇå¾²¸üÐÂ×ܼÆÐÞ¸´98¸öÎó²î
Ðû²¼Ê±¼ä 2023-01-111¡¢Î¢ÈíÐû²¼2023Äê1Ô·ÝÇå¾²¸üÐÂ×ܼÆÐÞ¸´98¸öÎó²î
1ÔÂ10ÈÕ£¬£¬£¬£¬£¬£¬£¬Î¢ÈíÐû²¼2023Äê1Ô·ݵÄÖܶþ²¹¶¡£¡£¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬£¬×ܼÆÐÞ¸´ÁË98¸öÎó²î¡£¡£¡£¡£¡£¡£¡£ÆäÖаüÀ¨Òѱ»Æð¾¢Ê¹ÓõÄWindows¸ß¼¶ÍâµØÀú³ÌŲÓÃ(ALPC)ȨÏÞÌáÉýÎó²î£¨CVE-2023-21674£©¡£¡£¡£¡£¡£¡£¡£Î¢ÈíÌåÏÖÕâÊÇÒ»¸öɳºÐÌÓÒÝÎó²î£¬£¬£¬£¬£¬£¬£¬ÀÖ³ÉʹÓôËÎó²î¿É»ñµÃSYSTEMȨÏÞ£¬£¬£¬£¬£¬£¬£¬ÏÖÔÚÉв»ÇåÎú¹¥»÷ÕßÔõÑùÓôËÎó²î¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬£¬»¹ÐÞ¸´ÁËÒ»¸öÒѹûÕæÅû¶µÄWindows SMB Witness ServiceÌáȨÎó²î£¨CVE-2023-21549£©¡£¡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2023-patch-tuesday-fixes-98-flaws-1-zero-day/
2¡¢Èû¶ûάÑÇ³ÆÆäÄÚÕþ²¿ÍøÕ¾ºÍ»ù´¡ÉèÊ©Ôâµ½¶à´ÎDDoS¹¥»÷
¾ÝýÌå1ÔÂ9ÈÕ±¨µÀ£¬£¬£¬£¬£¬£¬£¬Èû¶ûάÑÇÕþ¸®³ÆÆäÄÚÕþ²¿µÄÍøÕ¾ºÍIT»ù´¡ÉèÊ©Ôâµ½Á˶à´Î´ó¹æÄ£DDoS¹¥»÷¡£¡£¡£¡£¡£¡£¡£Èû¶ûάÑÇÊ׸®±´¶û¸ñÀ³µÂÌåÏÖ£¬£¬£¬£¬£¬£¬£¬Æù½ñΪֹËûÃÇÒѾµÖÓùÁËÎå´ÎÕë¶ÔÆäIT»ù´¡ÉèÊ©µÄ´óÐ͹¥»÷¡£¡£¡£¡£¡£¡£¡£¸Ã¹úÕþ¸®Ôö²¹µÀ£¬£¬£¬£¬£¬£¬£¬ÔöÇ¿µÄÇå¾²ÐÒéÒѱ»¼¤»î£¬£¬£¬£¬£¬£¬£¬Õâ¿ÉÄܻᵼÖÂÊÂÇéËÙÂʱäÂý£¬£¬£¬£¬£¬£¬£¬Ä³Ð©Ð§ÀÍÎÞÒâ»áÖÐÖ¹£¬£¬£¬£¬£¬£¬£¬µ«ÕâЩ¶¼ÊÇΪÁ˱£»£»£»£»¤ÄÚÕþ²¿µÄÊý¾Ý¡£¡£¡£¡£¡£¡£¡£ÏÖÔÚ£¬£¬£¬£¬£¬£¬£¬ÉÐÎÞºÚ¿ÍÍÅ»ïÉù³Æ¶Ô´Ë´Î¹¥»÷ÈÏÕæ¡£¡£¡£¡£¡£¡£¡£
https://therecord.media/serbian-government-reports-massive-ddos-attack-amid-heightened-tensions-in-balkans/
3¡¢Ñо¿Ö°Ô±ÑÝʾÔõÑùʹÓÃText-to-SQLÄ£×ÓÌìÉú¶ñÒâ´úÂë
¾Ý1ÔÂ9ÈÕ±¨µÀ£¬£¬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±ÑÝʾÁËÔõÑùʹÓÃText-to-SQLÄ£×ÓÌìÉú¶ñÒâ´úÂ룬£¬£¬£¬£¬£¬£¬¿ÉÓÃÀ´ÍøÂçÃô¸ÐÐÅÏ¢²¢ÌᳫDoS¹¥»÷¡£¡£¡£¡£¡£¡£¡£ÎªÁ˸üºÃµØÓëÓû§½»»¥£¬£¬£¬£¬£¬£¬£¬´ó×ÚµÄÊý¾Ý¿âÓ¦ÓóÌÐò½ÓÄÉAIÊÖÒÕ£¬£¬£¬£¬£¬£¬£¬½«ÈËÀàÎÊÌâת»¯ÎªSQLÅÌÎÊ£¨¼´Text-to-SQL£©¡£¡£¡£¡£¡£¡£¡£Ñо¿·¢Ã÷£¬£¬£¬£¬£¬£¬£¬ÌØÖƵÄpayload¿É±»ÎäÆ÷»¯ÒÔÔËÐжñÒâSQLÅÌÎÊ£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÓÃÀ´Ð޸ĺó¶ËÊý¾Ý¿â²¢¶ÔЧÀÍÆ÷¾ÙÐÐDoS¹¥»÷¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬£¬ÓÐÐí¶àÒªÁì¿ÉÒÔͨ¹ýʹѵÁ·Ñù±¾Öж¾À´ÔÚ»ùÓÚԤѵÁ·ÓïÑÔÄ£×Ó(PLM)µÄ¿ò¼ÜÖÐÖ²ÈëºóÃÅ£¬£¬£¬£¬£¬£¬£¬ÀýÈç¾ÙÐе¥´ÊÌæ»»µÈ¡£¡£¡£¡£¡£¡£¡£
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html
4¡¢Î¢ÈíÅû¶Kinsing½üÆÚʹÓõÄÈëÇÖKubernetesµÄÒªÁì
΢ÈíÔÚ1ÔÂ5ÈÕÅû¶ÁËKinsing½üÆÚʹÓõÄÈëÇÖKubernetesÇéÐεijõʼ»á¼ûÊÖÒÕ¡£¡£¡£¡£¡£¡£¡£KinsingÊÇÒ»ÖÖLinux¶ñÒâÈí¼þ£¬£¬£¬£¬£¬£¬£¬Õë¶ÔÈÝÆ÷»¯ÇéÐξÙÐмÓÃÜÍÚ¾ò¡£¡£¡£¡£¡£¡£¡£ËüʹÓõĵÚÒ»ÖÖÒªÁìÊÇʹÓÃÒ×±»¹¥»÷µÄ¾µÏñ£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß»áѰÕÒÆäÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²îÀ´·Ö·¢Æäpayload£¬£¬£¬£¬£¬£¬£¬±»Ê¹ÓõÄÓ¦ÓóÌÐò°üÀ¨PHPUnit¡¢Liferay¡¢WebLogicºÍWordpressµÈ¡£¡£¡£¡£¡£¡£¡£ÁíÒ»ÖÖÒªÁìÊÇʹÓÃÉèÖùýʧµÄPostgreSQLЧÀÍÆ÷£¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔʹÓöàÖÖ¹ýʧÉèÖÃÀ´»ñµÃPostgresЧÀÍÆ÷µÄ»á¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/initial-access-techniques-in-kubernetes-environments-used-by/ba-p/3697975
5¡¢SAIFÈ¥Äê10ÔµÄÊý¾ÝÎ¥¹æ¿ÉÄÜ»áй¶¿Í»§µÄÒ½ÁÆÐÅÏ¢
ýÌå1ÔÂ9Èճƣ¬£¬£¬£¬£¬£¬£¬¶íÀÕ¸ÔÖݵŤÉËÅâ³¥°ü¹Ü¹«Ë¾SAIF Corp.ÔÚ10Ô·ݱ¬·¢ÁËÒ»´ÎÊý¾ÝÎ¥¹æ£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜ»áй¶±£µ¥³ÖÓÐÈËÒÔ¼°¹¤ÉËÅâ³¥Ë÷ÅâÈ˵ÄÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£SAIFÚ¹Ê͵À£¬£¬£¬£¬£¬£¬£¬10ÔÂ24ÈÕδ¾ÊÚȨµÄСÎÒ˽¼ÒÄܹ»»á¼ûºÍ»ñÈ¡ÆäÍøÂçÖеÄÎļþ¡£¡£¡£¡£¡£¡£¡£ÆÊÎö·¢Ã÷´ó²¿·Ö±»»á¼ûµÄÊý¾ÝÀ´×Ô2003ÄêÖ®Ç°ÍøÂçµÄÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬Éæ¼°Éç»á°ü¹ÜºÅÂë¡¢²ÆÎñÕʺÅÒÔ¼°Ò½ÁÆÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬£¬2022Äê9ÔÂ24ÈÕÖÁ10ÔÂ25ÈÕÊÕµ½ÁËSAIF¹ØÓÚË÷ÅâµÄÊéÃæÍ¨Ñ¶µÄË÷ÅâÈË£¬£¬£¬£¬£¬£¬£¬ÆäÐÅÏ¢Ò²¿ÉÄܱ»Ð¹Â¶¡£¡£¡£¡£¡£¡£¡£SAIFÒÑÓÚ12ÔÂ8ÈÕ½«´ËÊÂ֪ͨ¿Í»§£¬£¬£¬£¬£¬£¬£¬ÉÐδÅû¶¿ÉÄÜÊÜÓ°ÏìµÄÈËÊý¡£¡£¡£¡£¡£¡£¡£
https://www.databreaches.net/oregon-workers-compensation-claimants-and-policyholders-may-have-had-their-personal-information-hacked/
6¡¢Check PointÐû²¼¹ØÓÚ2022ÄêÍøÂç¹¥»÷Ç÷ÊÆµÄÆÊÎö±¨¸æ
Check PointÔÚ1ÔÂ5ÈÕÐû²¼Á˹ØÓÚ2022ÄêÍøÂç¹¥»÷Ç÷ÊÆµÄÆÊÎö±¨¸æ¡£¡£¡£¡£¡£¡£¡£±¨¸æÖ¸³ö£¬£¬£¬£¬£¬£¬£¬Óë2021ÄêÏà±È£¬£¬£¬£¬£¬£¬£¬2022ÄêÈ«ÇòÍøÂç¹¥»÷ÔöÌíÁË38%¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÊýÄ¿ÔÚµÚËÄÐò¶ÈµÖ´ïÀúʷиߣ¬£¬£¬£¬£¬£¬£¬Æ½¾ùÿ¸ö×é֯ÿÖÜÔâµ½1168´Î¹¥»÷¡£¡£¡£¡£¡£¡£¡£2022ÄêÔâµ½¹¥»÷×î¶àµÄÈý´óÐÐÒµÊǽÌÓýÑо¿¡¢Õþ¸®ºÍÒ½ÁƱ£½¡ÐÐÒµ¡£¡£¡£¡£¡£¡£¡£·ÇÖ޵Ĺ¥»÷ÊýÄ¿×î¶à£¬£¬£¬£¬£¬£¬£¬Ã¿¸ö×é֯ÿÖÜÆ½¾ùÔâµ½1875´Î¹¥»÷£¬£¬£¬£¬£¬£¬£¬Æä´ÎÊÇÑÇÌ«µØÇø£¨1691´Î£©¡£¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬£¬ÀÕË÷Èí¼þÉú̬ϵͳÕýÔÚ¼ÌÐøÉú³¤ºÍ׳´ó£¬£¬£¬£¬£¬£¬£¬ÐγÉÁׯüС¸üÎÞаµÄ¹¥»÷ÍŻ£¬£¬£¬£¬£¬£¬Ö¼ÔÚÈÆ¹ýÖ´·¨Ðж¯¡£¡£¡£¡£¡£¡£¡£
https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/