¶ñÒâGoogle¹ã¸æÍÆËÍ´øÓÐÒþ²ØºóÃŵļÙIPɨÃèÈí¼þ
Ðû²¼Ê±¼ä 2024-04-191. ¶ñÒâGoogle¹ã¸æÍÆËÍ´øÓÐÒþ²ØºóÃŵļÙIPɨÃèÈí¼þ
4ÔÂ18ÈÕ£¬£¬£¬£¬£¬Ð嵀 Google ¶ñÒâ¹ã¸æ»î¶¯ÕýÔÚʹÓÃÒ»×éÄ£ÄâÕýµ± IP ɨÃèÈí¼þµÄÓòÀ´Ìṩһ¸öÒÔǰδ֪µÄÃûΪMadMxShell µÄºóÃÅ¡£¡£¡£¡£¡£¡£¡£ÍþвÐÐΪÕßʹÓÃÎóÖ²ÊÖÒÕ×¢²áÁ˶à¸öÏàËÆµÄÓòÃû£¬£¬£¬£¬£¬²¢Ê¹Óà Google Ads ½«ÕâЩÓòÃûÍÆÖÁÕë¶ÔÌØ¶¨ËÑË÷Òªº¦×ÖµÄËÑË÷ÒýÇæÐ§¹ûµÄ¶¥²¿£¬£¬£¬£¬£¬´Ó¶øÒýÓÕÊܺ¦Õß»á¼ûÕâÐ©ÍøÕ¾¡£¡£¡£¡£¡£¡£¡£¾Ý³Æ£¬£¬£¬£¬£¬2023 Äê 11 ÔÂÖÁ 2024 Äê 3 ÔÂʱ´ú×¢²áµÄÓòÃû¶à´ï 45 ¸ö£¬£¬£¬£¬£¬ÕâÐ©ÍøÕ¾Î±×°³É¶Ë¿ÚɨÃèºÍ IT ÖÎÀíÈí¼þ£¬£¬£¬£¬£¬Èç Advanced IP Scanner¡¢Angry IP Scanner¡¢IP ɨÃèÒÇ PRTG ºÍ ManageEngine¡£¡£¡£¡£¡£¡£¡£ËäÈ»Õâ²¢²»ÊÇÍþвÐÐΪÕßµÚÒ»´ÎʹÓöñÒâ¹ã¸æÊÖÒÕͨ¹ýÏàËÆµÄÍøÕ¾Ìṩ¶ñÒâÈí¼þЧÀÍ£¬£¬£¬£¬£¬µ«ÕâÒ»Éú³¤±ê¼Ç׎»¸¶¹¤¾ßÊ״α»ÓÃÀ´Èö²¥ÖØ´óµÄ Windows ºóÃÅ¡£¡£¡£¡£¡£¡£¡£
https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html
2. ¹¥»÷ÕßʹÓÃOpenMetadataÔÚKubernetesÉϾÙÐÐÍÚ¿ó
4ÔÂ17ÈÕ£¬£¬£¬£¬£¬Microsoft Threat Intelligence ·¢Ã÷ÁËÕë¶ÔÔËÐÐÊ¢ÐпªÔ´ÔªÊý¾Ýƽ̨ OpenMetadata µÄ Kubernetes ¼¯ÈºµÄй¥»÷»î¶¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÕýÔÚʹÓÃһϵÁÐ×î½üÅû¶µÄÒªº¦Îó²îÀ´»á¼ûÊÂÇé¸ºÔØ²¢×°ÖüÓÃÜÇ®±ÒÍÚ¾ò¶ñÒâÈí¼þ¡£¡£¡£¡£¡£¡£¡£¸Ã¹¥»÷ʹÓÃÁË 1.3.1 ֮ǰµÄ OpenMetadata °æ±¾Öб£´æµÄ¶à¸öÇå¾²Îó²î£¨CVE-2024-28255¡¢CVE-2024-28847¡¢CVE-2024-28253¡¢CVE-2024-28848¡¢CVE-2024-28254£©¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓøÃÎó²î½«¸¶Óë¹¥»÷ÕßÔ¶³ÌÖ´ÐдúÂëµÄÄÜÁ¦£¬£¬£¬£¬£¬´Ó¶øÊ¹ËûÃÇÄܹ»ÍêÈ«¿ØÖÆÊÜÓ°ÏìµÄϵͳ¡£¡£¡£¡£¡£¡£¡£¹¥»÷ͨ³£´ÓÍøÂç·¸·¨·Ö×ÓɨÃèÔËÐÐÒ×Êܹ¥»÷µÄ OpenMetadata ʵÀýµÄ̻¶ÓÚ»¥ÁªÍøµÄ Kubernetes ÊÂÇé¸ºÔØ×îÏÈ¡£¡£¡£¡£¡£¡£¡£Ò»µ©Ê¶±ð³öÄ¿µÄ£¬£¬£¬£¬£¬¹¥»÷Õ߾ͻáʹÓÃÕâЩÎó²îÀ´¿ØÖÆÍÐ¹Ü OpenMetadata µÄÈÝÆ÷¡£¡£¡£¡£¡£¡£¡£
https://securityonline.info/attackers-exploit-critical-openmetadata-flaws-for-cryptomining-on-kubernetes/
3. SoumniBot ¶ñÒâÈí¼þʹÓà Android Îó²îÀ´Èƹý¼ì²â
4ÔÂ17ÈÕ£¬£¬£¬£¬£¬Ò»ÖÖÃûΪ¡°SoumniBot¡±µÄРAndroid ÒøÐжñÒâÈí¼þͨ¹ýʹÓà Android Çåµ¥ÌáȡϢÕùÎöÀú³ÌÖеÄÈõµã£¬£¬£¬£¬£¬Ê¹ÓÃÒ»ÖÖ²»Ì«³£¼ûµÄ»ìÏýÒªÁì¡£¡£¡£¡£¡£¡£¡£¸ÃÒªÁìʹ SoumniBot Äܹ»¹æ±Ü Android ÊÖ»úÖеıê×¼Çå¾²²½·¥²¢Ö´ÐÐÐÅÏ¢ÇÔÈ¡²Ù×÷¡£¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þÓÉ¿¨°Í˹»ùÑо¿Ö°Ô±·¢Ã÷²¢ÆÊÎö£¬£¬£¬£¬£¬ËûÃÇÌṩÁË ¸Ã¶ñÒâÈí¼þʹÓà Android Àý³ÌÆÊÎöºÍÌáÈ¡ APK Çåµ¥µÄÒªÁìµÄÊÖÒÕϸ½Ú¡£¡£¡£¡£¡£¡£¡£Çåµ¥Îļþ£¨¡°AndroidManifest.xml¡±£©Î»ÓÚÿ¸öÓ¦ÓóÌÐòµÄ¸ùĿ¼ÖУ¬£¬£¬£¬£¬°üÀ¨ÓйØ×é¼þ£¨Ð§ÀÍ¡¢¹ã²¥ÎüÊÕÆ÷¡¢ÄÚÈÝÌṩ³ÌÐò£©¡¢È¨ÏÞºÍÓ¦ÓóÌÐòÊý¾ÝµÄÏêϸÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£ËäÈ»¶ñÒâ APK ¿ÉÒÔʹÓà Zimperium µÄÖÖÖÖѹËõ¼¼ÇÉÀ´ÓÞŪÇå¾²¹¤¾ß²¢ÌӱܯÊÎö£¬£¬£¬£¬£¬µ«¿¨°Í˹»ùÆÊÎöʦ·¢Ã÷ SoumniBot ʹÓÃÈýÖÖ²î±ðµÄÒªÁìÀ´ÈƹýÆÊÎöÆ÷¼ì²é£¬£¬£¬£¬£¬ÆäÖÐÉæ¼°Ê¹ÓÃÇåµ¥ÎļþµÄѹËõºÍ¾Þϸ¡£¡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/soumnibot-malware-exploits-android-bugs-to-evade-detection/
4. FIN7 Õë¶ÔÃÀ¹úÆû³µÖÆÔìÉÌµÄ IT Ô±¹¤Ìá³«ÍøÂç´¹ÂÚ¹¥»÷
4ÔÂ17ÈÕ£¬£¬£¬£¬£¬³öÓÚ¾¼ÃÄîÍ·µÄÍþв×éÖ¯ FIN7 Õë¶ÔÒ»¼ÒÃÀ¹ú´óÐÍÆû³µÖÆÔìÉÌ£¬£¬£¬£¬£¬Ïò IT ²¿·ÖµÄÔ±¹¤·¢ËÍÓã²æÊ½ÍøÂç´¹ÂÚµç×ÓÓʼþ£¬£¬£¬£¬£¬ÒÔʹÓà Anunak ºóÃÅѬȾϵͳ¡£¡£¡£¡£¡£¡£¡£¾ÝºÚÝ®Ñо¿Ö°Ô±³Æ£¬£¬£¬£¬£¬Õâ´Î¹¥»÷±¬·¢ÔÚÈ¥Äêµ×£¬£¬£¬£¬£¬²¢ÇÒÒÀÀµÓÚ·ÇÍâµØ¶þ½øÖÆÎļþ¡¢¾ç±¾ºÍ¿â (LoLBas)¡£¡£¡£¡£¡£¡£¡£ÍþвÐÐΪÕß½«Öصã·ÅÔÚ¾ßÓи߼¶È¨ÏÞµÄÄ¿µÄÉÏ£¬£¬£¬£¬£¬Í¨¹ýð³äÕýµ±¸ß¼¶ IP ɨÃèÆ÷¹¤¾ßµÄ¶ñÒâ URL Á´½ÓÀ´ÒýÓÕËûÃÇ¡£¡£¡£¡£¡£¡£¡£ºÚÝ®¸ß¶ÈÈ·ÐŴ˴ι¥»÷ÊÇÓÉ FIN7 ÌᳫµÄ£¬£¬£¬£¬£¬ÓÉÓڸù¥»÷ʹÓÃÁËÆæÒìµÄ PowerShell ¾ç±¾£¬£¬£¬£¬£¬¸Ã¾ç±¾Ê¹ÓÃÁ˵ÐÊÖµÄÊðÃû¡°PowerTrash¡±»ìÏýµÄ shellcode ŲÓóÌÐò£¬£¬£¬£¬£¬¸Ã¾ç±¾Ê״ηºÆðÔÚ 2022 ÄêµÄÒ»´Î»î¶¯ÖС£¡£¡£¡£¡£¡£¡£ÔÚ´Ë֮ǰ£¬£¬£¬£¬£¬FIN7 ±»·¢Ã÷ÒÔ̻¶µÄVeeam ±¸·ÝºÍMicrosoft ExchangeЧÀÍÆ÷ΪĿµÄ£¬£¬£¬£¬£¬²¢½«Black BastaºÍClop ÀÕË÷Èí¼þ¸ºÔذ²Åŵ½ÆóÒµÍøÂçÉÏ¡£¡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/fin7-targets-american-automakers-it-staff-in-phishing-attacks/
5. Óë¶íÂÞ˹ÓйصÄSandworm ¹¥»÷¾üÆ÷¿âÖеÄкóÃÅKapeka
4ÔÂ17ÈÕ£¬£¬£¬£¬£¬³ýÁË΢ÈíÓÚ 2024 Äê 2 Ô 14 ÈÕÐû²¼µÄ¹ØÓÚ·¢Ã÷Ò»¸öÃûΪ KnuckleTouch µÄкóÃŵļò¶ÌÐÎò֮Í⣬£¬£¬£¬£¬ÏÖÔÚ¹«ÖÚ¶Ô Kapeka ºóÃŵÄÏàʶÏÕЩΪÁã¡£¡£¡£¡£¡£¡£¡£Î¢Èí½« KnuckleTouch ºóÃŹé×ïÓÚ SeaShell Blizzard£¬£¬£¬£¬£¬ÕâÊÇÆä¶Ô Sandworm µÄÃû³Æ¡£¡£¡£¡£¡£¡£¡£Microsoft ÉÐδ¶Ô´Ë¶ñÒâÈí¼þ¾ÙÐÐÆÊÎö£¬£¬£¬£¬£¬µ« WithSecure È·ÐÅ KnuckleTouch ¾ÍÊÇ Kapeka¡£¡£¡£¡£¡£¡£¡£Î¢ÈíºÍ WithSecure ÒÔΪ¸Ã¶ñÒâÈí¼þ×Ô 2022 ÄêÒÔÀ´Ò»Ö±ÔÚʹÓ㬣¬£¬£¬£¬µ«³ýÁË WithSecure ÆÊÎöÖ®Í⣬£¬£¬£¬£¬ÈËÃÇ¶Ô Kapeka ÖªÖ®ÉõÉÙ¡£¡£¡£¡£¡£¡£¡£WithSecure Æù½ñΪֹֻ·¢Ã÷ÁËÁ½¸öÒ°ÍâÑù±¾¡£¡£¡£¡£¡£¡£¡£¿£¿£Ë¼Á¿µ½Ä¿½ñµÄµØÔµÕþÖΣ¬£¬£¬£¬£¬Êܺ¦ÕßѧҲÅú×¢ÆäÆðÔ´ÓÚ¶íÂÞ˹£º°®É³ÄáÑǺÍÎÚ¿ËÀ¼¡£¡£¡£¡£¡£¡£¡£ÕâÖÖÓÐÏÞµÄÒ£²â¿ÉÄÜÊÇÓÉÓڸöñÒâÈí¼þÉÐδÆÕ±éʹÓ㬣¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚ Kapeka ͬÐÄÐÁ¦¼á³ÖÒþÃØ¡£¡£¡£¡£¡£¡£¡£
https://www.securityweek.com/kapeka-a-new-backdoor-in-sandworms-arsenal-of-aggression/
6. VisaÕë¶Ô½ðÈÚ»ú¹¹µÄJSOutProxÈÕÒæÔöÌíµÄÍþв·¢³öͨ¸æ
4ÔÂ17ÈÕ£¬£¬£¬£¬£¬Visa ×î½üÐû²¼Á˹ØÓÚÌØÊâΣÏÕµÄJSOutProx ¶ñÒâÈí¼þ»î¶¯ÏÔ×ÅÔöÌíµÄÑÏÖØÇå¾²¾¯±¨¡£¡£¡£¡£¡£¡£¡£ÕâÖÖÔ¶³Ì»á¼ûľÂí ( RAT ) ÒÔÆä¶Ô½ðÈÚ»ú¹¹¼°Æä¿Í»§µÄÖØ´ó¹¥»÷ÄÜÁ¦¶øÖøÃû£¬£¬£¬£¬£¬ÌØÊâÊÇÕë¶ÔÄÏÑǺͶ«ÄÏÑÇ¡¢Öж«ºÍ·ÇÖÞµØÇø¡£¡£¡£¡£¡£¡£¡£JSOutProx ÓÚ 2019 Äê 12 ÔÂÊ״α»·¢Ã÷£¬£¬£¬£¬£¬ÊÇÒ»Öָ߶ȻìÏýµÄ JavaScript ºóÃÅ£¬£¬£¬£¬£¬Ê¹ÍøÂç·¸·¨·Ö×ÓÄܹ»Ö´Ðдó×Ú¶ñÒâ»î¶¯¡£¡£¡£¡£¡£¡£¡£ÆäÖаüÀ¨ÔËÐÐ shell ÏÂÁî¡¢ÏÂÔØÌØÁíÍâÓк¦¸ºÔØ¡¢Ö´ÐÐÎļþ¡¢²¶»ñÆÁÄ»½ØÍ¼ÒÔ¼°ÍêÈ«¿ØÖÆÊÜѬȾװ±¸µÄ¼üÅ̺ÍÊó±ê¡£¡£¡£¡£¡£¡£¡£Ëæ×Åʱ¼äµÄÍÆÒÆ£¬£¬£¬£¬£¬JSOutProx Ò»Ö±Éú³¤£¬£¬£¬£¬£¬ÔöÇ¿ÁËÆä¹æ±ÜÊÖÒÕÒÔ×èÖ¹¼ì²â²¢ÔöÇ¿ÁËÆäÆÆËðÄÜÁ¦¡£¡£¡£¡£¡£¡£¡£JSOutProx µÄ³õʼÓÐÓøºÔØÖ§³Ö»ù±¾µ«Òªº¦µÄ¹¦Ð§£¬£¬£¬£¬£¬Ê¹¹¥»÷ÕßÄܹ»¶ÔÊÜѬȾµÄϵͳ¾ÙÐÐÏ൱´óµÄ¿ØÖÆ¡£¡£¡£¡£¡£¡£¡£
https://securityboulevard.com/2024/04/jsoutprox-malware-variant-targeting-financial-orgs-warns-visa/#google_vignette