Cisco¼ì²âµ½½©Ê¬ÍøÂçPrometeiÒÑѬȾÁè¼Ý1Íò¸öϵͳ

Ðû²¼Ê±¼ä 2023-03-14

1¡¢Cisco¼ì²âµ½½©Ê¬ÍøÂçPrometeiÒÑѬȾÁè¼Ý1Íò¸öϵͳ


CiscoÔÚ3ÔÂ9ÈÕ³ÆÆä¼ì²âµ½Ð°汾µÄ½©Ê¬ÍøÂçPrometeiµÄ¹¥»÷»î¶¯¡£¡£¡£¡£¡£PrometeiÓÚ2016ÄêÊ״ηºÆð£¬£¬£¬£¬£¬ £¬×Ô2022Äê11ÔÂÒÔÀ´£¬£¬£¬£¬£¬ £¬¸Ãа汾ÒÑѬȾȫÇò¹æÄ£ÄÚµÄ10000¶à¸öϵͳ£¬£¬£¬£¬£¬ £¬Éæ¼°155¸ö¹ú¼Ò/µØÇø¡£¡£¡£¡£¡£¸Ã½©Ê¬ÍøÂçµÄÔËÓªÖ°Ô±¸üÐÂÁËÖ´ÐÐÁ´µÄijЩ×ÓÄ£¿£¿ £¿£¿£¿£¿é£¬£¬£¬£¬£¬ £¬ÒÔ×Ô¶¯»¯Á÷³Ì²¢ÌôÈÆ¹ýÖ¤ÆÊÎöÒªÁì¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬ £¬ËüÉÐÓÐÐí¶àÐµĹ¦Ð§£¬£¬£¬£¬£¬ £¬°üÀ¨Ìæ»»µÄC2ÓòÌìÉúËã·¨(DGA)£¬£¬£¬£¬£¬ £¬×ÔÎÒ¸üлúÖÆ£¬£¬£¬£¬£¬ £¬ÒÔ¼°Apache WebserverµÄÀ¦°ó°æ±¾ºÍ×°Öõ½Ä¿µÄÖ÷»úÉϵÄWeb shell¡£¡£¡£¡£¡£


https://blog.talosintelligence.com/prometei-botnet-improves/


2¡¢ÓÎÏ·¿ª·¢ÉÌGSC Game WorldµÄϵͳ±»ºÚ²¿·ÖÊý¾Ýй¶


¾Ý3ÔÂ13ÈÕ±¨µÀ£¬£¬£¬£¬£¬ £¬Ç±ÐÐÕß2£ºÇжûŵ±´ÀûÖ®ÐÄ£¨Stalker 2£©ÓÎÏ·µÄ¿ª·¢ÉÌGSC Game World͸¶ÆäϵͳÒѱ»ÈëÇÖ£¬£¬£¬£¬£¬ £¬ºÚ¿Í¿ÉÒÔÔÚ¹¥»÷ʱ´úÇÔÈ¡ÓÎÏ·×ʲú¡£¡£¡£¡£¡£¸Ã¹«Ë¾ÌåÏÖ£¬£¬£¬£¬£¬ £¬ÆäÔ±¹¤µÄÕûÌåͼÏñ´¦Öóͷ£Ó¦ÓóÌÐòÕÊ»§Ôâµ½¹¥»÷£¬£¬£¬£¬£¬ £¬ÕâÖ»ÊÇËüÔÚÒÑÍùÒ»ÄêÖÐÔâµ½µÄÖڶ๥»÷Ö®Ò»¡£¡£¡£¡£¡£ºÚ¿ÍÔÚ¶íÂÞ˹É罻ýÌåÆ½Ì¨VK³ÆÒÑÇÔÈ¡ÁË´ó×ÚSTALKER 2ËØ²Ä£¬£¬£¬£¬£¬ £¬°üÀ¨Õû¸ö¹ÊÊÂÇé½Ú¡¢¹ý³¡¶¯»­ÐÎò¡¢¿´·¨ÒÕÊõºÍµØÍ¼µÈ¡£¡£¡£¡£¡£²¢ÍþвÈôÊÇÓÎÏ·¿ª·¢ÉÌÔÚ3ÔÂ15ÈÕ֮ǰ²»¸Ä±äÆä¶Ô¶íÂÞ˹ºÍ°×¶íÂÞË¹Íæ¼ÒµÄ̬¶È£¬£¬£¬£¬£¬ £¬ËûÃǽ«Ð¹Â¶ÇÔÈ¡µÄÊýÊ®GBÊý¾Ý¡£¡£¡£¡£¡£


https://www.bleepingcomputer.com/news/security/stalker-2-game-developer-hacked-by-russian-hacktivists-data-stolen/


3¡¢BlackbaudÒòÎóµ¼ÐÔÅû¶2020ÄêµÄÀÕË÷¹¥»÷±»·£¿£¿ £¿£¿£¿£¿î300ÍòÃÀÔª


ýÌå3ÔÂ10ÈÕ±¨µÀ³Æ£¬£¬£¬£¬£¬ £¬ÔÆÅÌË㹩ӦÉÌBlackbaudÒòÎóµ¼ÐÔÅû¶2020ÄêµÄÀÕË÷¹¥»÷ÊÂÎñ£¬£¬£¬£¬£¬ £¬±»ÃÀ¹ú֤ȯÉúÒâίԱ»á(SEC)·£¿£¿ £¿£¿£¿£¿î300ÍòÃÀÔª¡£¡£¡£¡£¡£¸Ã¹«Ë¾ÔÚ2020Äê7ÔÂÌåÏÖ£¬£¬£¬£¬£¬ £¬Îôʱ5ÔµÄÀÕË÷¹¥»÷ÎÞ·¨»á¼û¾èÔùÕßÒøÐÐÕË»§ÏêϸÐÅÏ¢»òÉç»áÇå¾²ºÅÂë¡£¡£¡£¡£¡£È»¶øBlackbaudÊÖÒÕÖ°Ô±ºÜ¿ìÏàʶµ½¹¥»÷ÕßÒѾ­»á¼û²¢ÇÔÈ¡ÁËÕâЩÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£ÓÉÓÚ¹«Ë¾È±·¦Êʵ±µÄÅû¶¿ØÖƺͳÌÐò£¬£¬£¬£¬£¬ £¬ËûÃÇδÄÜÏòÖÎÀí²ã±¨¸æ¡£¡£¡£¡£¡£Õâµ¼ÖÂBlackbaudÌá½»µÄSEC±¨¸æÖÐûÓаüÀ¨ÓйØÎ¥¹æË®Æ½µÄÖ÷ÒªÐÅÏ¢¡£¡£¡£¡£¡£ 


https://www.securityweek.com/blackbaud-fined-3m-for-misleading-disclosures-about-2020-ransomware-attack/


4¡¢Ö´·¨²¿·Ö²é·âNetwire RATµÄ»ù´¡ÉèÊ©²¢¾Ð²¶ÆäÔËÓªÖ°Ô±


¾ÝýÌå3ÔÂ9ÈÕ±¨µÀ£¬£¬£¬£¬£¬ £¬Ò»Ïî¹ú¼ÊÖ´·¨Ðж¯²é·âÁËNetwire RATµÄ»ù´¡ÉèÊ©£¬£¬£¬£¬£¬ £¬²¢¾Ð²¶ÆäÔËÓªÖ°Ô±¡£¡£¡£¡£¡£NetWireÊÇÒ»ÖÖÔ¶³Ì»á¼ûľÂí£¬£¬£¬£¬£¬ £¬×Ô2014ÄêÒÔÀ´Ò»Ö±ÊÇÖÖÖÖ¶ñÒâ¹¥»÷»î¶¯µÄÊ×Ñ¡¹¤¾ß¡£¡£¡£¡£¡£×÷Ϊ´Ë´ÎÐж¯µÄÒ»²¿·Ö£¬£¬£¬£¬£¬ £¬FBI²é·âÁËÓÃÓÚÍÆ¹ã¸ÃЧÀ͵Äworldwiredlabs.comÓò£¬£¬£¬£¬£¬ £¬ÈðÊ¿¾¯·½²é·âÁËÍйܸÃÍøÕ¾µÄЧÀÍÆ÷¡£¡£¡£¡£¡£Ò»ÃûÒÉËÆÊÇNetWireÍøÕ¾ÖÎÀíÔ±µÄ¿ËÂÞµØÑǹúÃñÔÚ¿ËÂÞµØÑDZ»²¶£¬£¬£¬£¬£¬ £¬²¢½«±»µØ·½Õþ¸®¸®ÆðËß¡£¡£¡£¡£¡£


https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/


5¡¢ZOLL MedicalÔâµ½¹¥»÷Áè¼Ý100Íò»¼ÕßµÄPHIÐÅϢй¶


ýÌå3ÔÂ11Èճƣ¬£¬£¬£¬£¬ £¬ZOLL MedicalÕýÔÚ֪ͨ1004443¸ö»¼Õߣ¬£¬£¬£¬£¬ £¬ËûÃǵÄPHIÐÅÏ¢¿ÉÄÜÔÚ×î½üµÄÒ»´ÎÇå¾²ÊÂÎñÖÐй¶¡£¡£¡£¡£¡£Æ¾Ö¤ZOLLµÄ֪ͨ£¬£¬£¬£¬£¬ £¬¸Ã¹«Ë¾µÄÇå¾²ÍŶÓÔÚ1ÔÂ28ÈÕÊ×´ÎÔÚÆäÄÚÍøÉϼì²âµ½Òì³£»£»£»£»£»î¶¯¡£¡£¡£¡£¡£ËûÃÇѸËÙ×ö³ö·´Ó¦£¬£¬£¬£¬£¬ £¬»º½â²¢ÊÓ²ìÁËÕâÒ»ÊÂÎñ¡£¡£¡£¡£¡£ÊÓ²ìÅú×¢£¬£¬£¬£¬£¬ £¬PHI¿ÉÄÜÔÚ2023Äê2ÔÂ2ÈÕǰºóÊܵ½Ó°Ïì¡£¡£¡£¡£¡£Ð¹Â¶ÐÅÏ¢Éæ¼°ÐÕÃû¡¢µØµãºÍÉç»áÇå¾²ºÅÂëµÈ¡£¡£¡£¡£¡£ZOLL½«ÎªÊÜÓ°ÏìµÄСÎÒ˽¼ÒÌṩ24¸öÔµÄExperian IdentityWorksSMʹÓÃȨÏÞ¡£¡£¡£¡£¡£


https://www.databreaches.net/zoll-medical-notifying-1004443-patients-of-data-breach-hipaa/


6¡¢SentinelLabsÐû²¼ÀÕË÷Èí¼þIceFireµÄLinux°æ±¾µÄ±¨¸æ


3ÔÂ9ÈÕ£¬£¬£¬£¬£¬ £¬SentinelLabsÐû²¼Á˹ØÓÚÀÕË÷Èí¼þIceFireµÄÆÊÎö±¨¸æ¡£¡£¡£¡£¡£×î½ü¼¸ÖÜ£¬£¬£¬£¬£¬ £¬SentinelLabs·¢Ã÷еÄLinux°æ±¾IceFire±»ÓÃÓÚÕë¶Ô¶à¸öýÌåºÍÓéÀÖÐÐÒµµÄ×éÖ¯µÄ¹¥»÷»î¶¯ÖС£¡£¡£¡£¡£¹¥»÷ÕßʹÓÃÁËIBM Aspera FaspexÎļþ¹²ÏíÈí¼þÖеķ´ÐòÁл¯Îó²î£¨CVE-2022-47986£©À´×°ÖÃÀÕË÷Èí¼þ¡£¡£¡£¡£¡£Ö´ÐÐʱ£¬£¬£¬£¬£¬ £¬IceFire»á¼ÓÃÜÎļþ£¬£¬£¬£¬£¬ £¬½«À©Õ¹Ãû.ifire¸½¼Óµ½ÎļþÃû£¬£¬£¬£¬£¬ £¬È»ºóͨ¹ýɾ³ý×ÔÉíºÍ¶þ½øÖÆÎļþÀ´ÑÚÊÎÆä×Ù¼£¡£¡£¡£¡£¡£


https://www.sentinelone.com/labs/icefire-ransomware-returns-now-targeting-linux-enterprise-networks/