Cisco¼ì²âµ½½©Ê¬ÍøÂçPrometeiÒÑѬȾÁè¼Ý1Íò¸öϵͳ
Ðû²¼Ê±¼ä 2023-03-141¡¢Cisco¼ì²âµ½½©Ê¬ÍøÂçPrometeiÒÑѬȾÁè¼Ý1Íò¸öϵͳ
CiscoÔÚ3ÔÂ9ÈÕ³ÆÆä¼ì²âµ½Ð°汾µÄ½©Ê¬ÍøÂçPrometeiµÄ¹¥»÷»î¶¯¡£¡£¡£¡£¡£PrometeiÓÚ2016ÄêÊ״ηºÆð£¬£¬£¬£¬£¬£¬×Ô2022Äê11ÔÂÒÔÀ´£¬£¬£¬£¬£¬£¬¸Ãа汾ÒÑѬȾȫÇò¹æÄ£ÄÚµÄ10000¶à¸öϵͳ£¬£¬£¬£¬£¬£¬Éæ¼°155¸ö¹ú¼Ò/µØÇø¡£¡£¡£¡£¡£¸Ã½©Ê¬ÍøÂçµÄÔËÓªÖ°Ô±¸üÐÂÁËÖ´ÐÐÁ´µÄijЩ×ÓÄ£¿£¿£¿£¿£¿£¿é£¬£¬£¬£¬£¬£¬ÒÔ×Ô¶¯»¯Á÷³Ì²¢ÌôÈÆ¹ýÖ¤ÆÊÎöÒªÁì¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬ËüÉÐÓÐÐí¶àÐµĹ¦Ð§£¬£¬£¬£¬£¬£¬°üÀ¨Ìæ»»µÄC2ÓòÌìÉúËã·¨(DGA)£¬£¬£¬£¬£¬£¬×ÔÎÒ¸üлúÖÆ£¬£¬£¬£¬£¬£¬ÒÔ¼°Apache WebserverµÄÀ¦°ó°æ±¾ºÍ×°Öõ½Ä¿µÄÖ÷»úÉϵÄWeb shell¡£¡£¡£¡£¡£
https://blog.talosintelligence.com/prometei-botnet-improves/
2¡¢ÓÎÏ·¿ª·¢ÉÌGSC Game WorldµÄϵͳ±»ºÚ²¿·ÖÊý¾Ýй¶
¾Ý3ÔÂ13ÈÕ±¨µÀ£¬£¬£¬£¬£¬£¬Ç±ÐÐÕß2£ºÇжûŵ±´ÀûÖ®ÐÄ£¨Stalker 2£©ÓÎÏ·µÄ¿ª·¢ÉÌGSC Game World͸¶ÆäϵͳÒѱ»ÈëÇÖ£¬£¬£¬£¬£¬£¬ºÚ¿Í¿ÉÒÔÔÚ¹¥»÷ʱ´úÇÔÈ¡ÓÎÏ·×ʲú¡£¡£¡£¡£¡£¸Ã¹«Ë¾ÌåÏÖ£¬£¬£¬£¬£¬£¬ÆäÔ±¹¤µÄÕûÌåͼÏñ´¦Öóͷ£Ó¦ÓóÌÐòÕÊ»§Ôâµ½¹¥»÷£¬£¬£¬£¬£¬£¬ÕâÖ»ÊÇËüÔÚÒÑÍùÒ»ÄêÖÐÔâµ½µÄÖڶ๥»÷Ö®Ò»¡£¡£¡£¡£¡£ºÚ¿ÍÔÚ¶íÂÞ˹É罻ýÌåÆ½Ì¨VK³ÆÒÑÇÔÈ¡ÁË´ó×ÚSTALKER 2ËØ²Ä£¬£¬£¬£¬£¬£¬°üÀ¨Õû¸ö¹ÊÊÂÇé½Ú¡¢¹ý³¡¶¯»ÐÎò¡¢¿´·¨ÒÕÊõºÍµØÍ¼µÈ¡£¡£¡£¡£¡£²¢ÍþвÈôÊÇÓÎÏ·¿ª·¢ÉÌÔÚ3ÔÂ15ÈÕ֮ǰ²»¸Ä±äÆä¶Ô¶íÂÞ˹ºÍ°×¶íÂÞË¹Íæ¼ÒµÄ̬¶È£¬£¬£¬£¬£¬£¬ËûÃǽ«Ð¹Â¶ÇÔÈ¡µÄÊýÊ®GBÊý¾Ý¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/stalker-2-game-developer-hacked-by-russian-hacktivists-data-stolen/
3¡¢BlackbaudÒòÎóµ¼ÐÔÅû¶2020ÄêµÄÀÕË÷¹¥»÷±»·£¿£¿£¿£¿£¿£¿î300ÍòÃÀÔª
ýÌå3ÔÂ10ÈÕ±¨µÀ³Æ£¬£¬£¬£¬£¬£¬ÔÆÅÌË㹩ӦÉÌBlackbaudÒòÎóµ¼ÐÔÅû¶2020ÄêµÄÀÕË÷¹¥»÷ÊÂÎñ£¬£¬£¬£¬£¬£¬±»ÃÀ¹ú֤ȯÉúÒâίԱ»á(SEC)·£¿£¿£¿£¿£¿£¿î300ÍòÃÀÔª¡£¡£¡£¡£¡£¸Ã¹«Ë¾ÔÚ2020Äê7ÔÂÌåÏÖ£¬£¬£¬£¬£¬£¬Îôʱ5ÔµÄÀÕË÷¹¥»÷ÎÞ·¨»á¼û¾èÔùÕßÒøÐÐÕË»§ÏêϸÐÅÏ¢»òÉç»áÇå¾²ºÅÂë¡£¡£¡£¡£¡£È»¶øBlackbaudÊÖÒÕÖ°Ô±ºÜ¿ìÏàʶµ½¹¥»÷ÕßÒѾ»á¼û²¢ÇÔÈ¡ÁËÕâЩÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£ÓÉÓÚ¹«Ë¾È±·¦Êʵ±µÄÅû¶¿ØÖƺͳÌÐò£¬£¬£¬£¬£¬£¬ËûÃÇδÄÜÏòÖÎÀí²ã±¨¸æ¡£¡£¡£¡£¡£Õâµ¼ÖÂBlackbaudÌá½»µÄSEC±¨¸æÖÐûÓаüÀ¨ÓйØÎ¥¹æË®Æ½µÄÖ÷ÒªÐÅÏ¢¡£¡£¡£¡£¡£
https://www.securityweek.com/blackbaud-fined-3m-for-misleading-disclosures-about-2020-ransomware-attack/
4¡¢Ö´·¨²¿·Ö²é·âNetwire RATµÄ»ù´¡ÉèÊ©²¢¾Ð²¶ÆäÔËÓªÖ°Ô±
¾ÝýÌå3ÔÂ9ÈÕ±¨µÀ£¬£¬£¬£¬£¬£¬Ò»Ïî¹ú¼ÊÖ´·¨Ðж¯²é·âÁËNetwire RATµÄ»ù´¡ÉèÊ©£¬£¬£¬£¬£¬£¬²¢¾Ð²¶ÆäÔËÓªÖ°Ô±¡£¡£¡£¡£¡£NetWireÊÇÒ»ÖÖÔ¶³Ì»á¼ûľÂí£¬£¬£¬£¬£¬£¬×Ô2014ÄêÒÔÀ´Ò»Ö±ÊÇÖÖÖÖ¶ñÒâ¹¥»÷»î¶¯µÄÊ×Ñ¡¹¤¾ß¡£¡£¡£¡£¡£×÷Ϊ´Ë´ÎÐж¯µÄÒ»²¿·Ö£¬£¬£¬£¬£¬£¬FBI²é·âÁËÓÃÓÚÍÆ¹ã¸ÃЧÀ͵Äworldwiredlabs.comÓò£¬£¬£¬£¬£¬£¬ÈðÊ¿¾¯·½²é·âÁËÍйܸÃÍøÕ¾µÄЧÀÍÆ÷¡£¡£¡£¡£¡£Ò»ÃûÒÉËÆÊÇNetWireÍøÕ¾ÖÎÀíÔ±µÄ¿ËÂÞµØÑǹúÃñÔÚ¿ËÂÞµØÑDZ»²¶£¬£¬£¬£¬£¬£¬²¢½«±»µØ·½Õþ¸®¸®ÆðËß¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/police-seize-netwire-rat-malware-infrastructure-arrest-admin/
5¡¢ZOLL MedicalÔâµ½¹¥»÷Áè¼Ý100Íò»¼ÕßµÄPHIÐÅϢй¶
ýÌå3ÔÂ11Èճƣ¬£¬£¬£¬£¬£¬ZOLL MedicalÕýÔÚ֪ͨ1004443¸ö»¼Õߣ¬£¬£¬£¬£¬£¬ËûÃǵÄPHIÐÅÏ¢¿ÉÄÜÔÚ×î½üµÄÒ»´ÎÇå¾²ÊÂÎñÖÐй¶¡£¡£¡£¡£¡£Æ¾Ö¤ZOLLµÄ֪ͨ£¬£¬£¬£¬£¬£¬¸Ã¹«Ë¾µÄÇå¾²ÍŶÓÔÚ1ÔÂ28ÈÕÊ×´ÎÔÚÆäÄÚÍøÉϼì²âµ½Òì³£»£»£»£»£»î¶¯¡£¡£¡£¡£¡£ËûÃÇѸËÙ×ö³ö·´Ó¦£¬£¬£¬£¬£¬£¬»º½â²¢ÊÓ²ìÁËÕâÒ»ÊÂÎñ¡£¡£¡£¡£¡£ÊÓ²ìÅú×¢£¬£¬£¬£¬£¬£¬PHI¿ÉÄÜÔÚ2023Äê2ÔÂ2ÈÕǰºóÊܵ½Ó°Ïì¡£¡£¡£¡£¡£Ð¹Â¶ÐÅÏ¢Éæ¼°ÐÕÃû¡¢µØµãºÍÉç»áÇå¾²ºÅÂëµÈ¡£¡£¡£¡£¡£ZOLL½«ÎªÊÜÓ°ÏìµÄСÎÒ˽¼ÒÌṩ24¸öÔµÄExperian IdentityWorksSMʹÓÃȨÏÞ¡£¡£¡£¡£¡£
https://www.databreaches.net/zoll-medical-notifying-1004443-patients-of-data-breach-hipaa/
6¡¢SentinelLabsÐû²¼ÀÕË÷Èí¼þIceFireµÄLinux°æ±¾µÄ±¨¸æ
3ÔÂ9ÈÕ£¬£¬£¬£¬£¬£¬SentinelLabsÐû²¼Á˹ØÓÚÀÕË÷Èí¼þIceFireµÄÆÊÎö±¨¸æ¡£¡£¡£¡£¡£×î½ü¼¸ÖÜ£¬£¬£¬£¬£¬£¬SentinelLabs·¢Ã÷еÄLinux°æ±¾IceFire±»ÓÃÓÚÕë¶Ô¶à¸öýÌåºÍÓéÀÖÐÐÒµµÄ×éÖ¯µÄ¹¥»÷»î¶¯ÖС£¡£¡£¡£¡£¹¥»÷ÕßʹÓÃÁËIBM Aspera FaspexÎļþ¹²ÏíÈí¼þÖеķ´ÐòÁл¯Îó²î£¨CVE-2022-47986£©À´×°ÖÃÀÕË÷Èí¼þ¡£¡£¡£¡£¡£Ö´ÐÐʱ£¬£¬£¬£¬£¬£¬IceFire»á¼ÓÃÜÎļþ£¬£¬£¬£¬£¬£¬½«À©Õ¹Ãû.ifire¸½¼Óµ½ÎļþÃû£¬£¬£¬£¬£¬£¬È»ºóͨ¹ýɾ³ý×ÔÉíºÍ¶þ½øÖÆÎļþÀ´ÑÚÊÎÆä×Ù¼£¡£¡£¡£¡£¡£
https://www.sentinelone.com/labs/icefire-ransomware-returns-now-targeting-linux-enterprise-networks/