¶ñÒâGoogle¹ã¸æÍÆËÍ´øÓÐÒþ²ØºóÃŵļÙIPɨÃèÈí¼þ

Ðû²¼Ê±¼ä 2024-04-19

1. ¶ñÒâGoogle¹ã¸æÍÆËÍ´øÓÐÒþ²ØºóÃŵļÙIPɨÃèÈí¼þ


4ÔÂ18ÈÕ£¬£¬ £¬£¬£¬Ð嵀 Google ¶ñÒâ¹ã¸æ»î¶¯ÕýÔÚʹÓÃÒ»×éÄ£ÄâÕýµ± IP ɨÃèÈí¼þµÄÓòÀ´Ìṩһ¸öÒÔǰδ֪µÄÃûΪMadMxShell µÄºóÃÅ¡£¡£¡£¡£¡£¡£¡£ÍþвÐÐΪÕßʹÓÃÎóÖ²ÊÖÒÕ×¢²áÁ˶à¸öÏàËÆµÄÓòÃû£¬£¬ £¬£¬£¬²¢Ê¹Óà Google Ads ½«ÕâЩÓòÃûÍÆÖÁÕë¶ÔÌØ¶¨ËÑË÷Òªº¦×ÖµÄËÑË÷ÒýÇæÐ§¹ûµÄ¶¥²¿£¬£¬ £¬£¬£¬´Ó¶øÒýÓÕÊܺ¦Õß»á¼ûÕâÐ©ÍøÕ¾¡£¡£¡£¡£¡£¡£¡£¾Ý³Æ£¬£¬ £¬£¬£¬2023 Äê 11 ÔÂÖÁ 2024 Äê 3 ÔÂʱ´ú×¢²áµÄÓòÃû¶à´ï 45 ¸ö£¬£¬ £¬£¬£¬ÕâÐ©ÍøÕ¾Î±×°³É¶Ë¿ÚɨÃèºÍ IT ÖÎÀíÈí¼þ£¬£¬ £¬£¬£¬Èç Advanced IP Scanner¡¢Angry IP Scanner¡¢IP ɨÃèÒÇ PRTG ºÍ ManageEngine¡£¡£¡£¡£¡£¡£¡£ËäÈ»Õâ²¢²»ÊÇÍþвÐÐΪÕßµÚÒ»´ÎʹÓöñÒâ¹ã¸æÊÖÒÕͨ¹ýÏàËÆµÄÍøÕ¾Ìṩ¶ñÒâÈí¼þЧÀÍ£¬£¬ £¬£¬£¬µ«ÕâÒ»Éú³¤±ê¼Ç׎»¸¶¹¤¾ßÊ״α»ÓÃÀ´Èö²¥ÖØ´óµÄ Windows ºóÃÅ¡£¡£¡£¡£¡£¡£¡£


https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html


2. ¹¥»÷ÕßʹÓÃOpenMetadataÔÚKubernetesÉϾÙÐÐÍÚ¿ó


4ÔÂ17ÈÕ£¬£¬ £¬£¬£¬Microsoft Threat Intelligence ·¢Ã÷ÁËÕë¶ÔÔËÐÐÊ¢ÐпªÔ´ÔªÊý¾Ýƽ̨ OpenMetadata µÄ Kubernetes ¼¯ÈºµÄй¥»÷»î¶¯¡£¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÕýÔÚʹÓÃһϵÁÐ×î½üÅû¶µÄÒªº¦Îó²îÀ´»á¼ûÊÂÇé¸ºÔØ²¢×°ÖüÓÃÜÇ®±ÒÍÚ¾ò¶ñÒâÈí¼þ¡£¡£¡£¡£¡£¡£¡£¸Ã¹¥»÷ʹÓÃÁË 1.3.1 ֮ǰµÄ OpenMetadata °æ±¾Öб£´æµÄ¶à¸öÇå¾²Îó²î£¨CVE-2024-28255¡¢CVE-2024-28847¡¢CVE-2024-28253¡¢CVE-2024-28848¡¢CVE-2024-28254£©¡£¡£¡£¡£¡£¡£¡£ÀÖ³ÉʹÓøÃÎó²î½«¸¶Óë¹¥»÷ÕßÔ¶³ÌÖ´ÐдúÂëµÄÄÜÁ¦£¬£¬ £¬£¬£¬´Ó¶øÊ¹ËûÃÇÄܹ»ÍêÈ«¿ØÖÆÊÜÓ°ÏìµÄϵͳ¡£¡£¡£¡£¡£¡£¡£¹¥»÷ͨ³£´ÓÍøÂç·¸·¨·Ö×ÓɨÃèÔËÐÐÒ×Êܹ¥»÷µÄ OpenMetadata ʵÀýµÄ̻¶ÓÚ»¥ÁªÍøµÄ Kubernetes ÊÂÇé¸ºÔØ×îÏÈ¡£¡£¡£¡£¡£¡£¡£Ò»µ©Ê¶±ð³öÄ¿µÄ£¬£¬ £¬£¬£¬¹¥»÷Õ߾ͻáʹÓÃÕâЩÎó²îÀ´¿ØÖÆÍÐ¹Ü OpenMetadata µÄÈÝÆ÷¡£¡£¡£¡£¡£¡£¡£


https://securityonline.info/attackers-exploit-critical-openmetadata-flaws-for-cryptomining-on-kubernetes/


3. SoumniBot ¶ñÒâÈí¼þʹÓà Android Îó²îÀ´Èƹý¼ì²â


4ÔÂ17ÈÕ£¬£¬ £¬£¬£¬Ò»ÖÖÃûΪ¡°SoumniBot¡±µÄРAndroid ÒøÐжñÒâÈí¼þͨ¹ýʹÓà Android Çåµ¥ÌáȡϢÕùÎöÀú³ÌÖеÄÈõµã£¬£¬ £¬£¬£¬Ê¹ÓÃÒ»ÖÖ²»Ì«³£¼ûµÄ»ìÏýÒªÁì¡£¡£¡£¡£¡£¡£¡£¸ÃÒªÁìʹ SoumniBot Äܹ»¹æ±Ü Android ÊÖ»úÖеıê×¼Çå¾²²½·¥²¢Ö´ÐÐÐÅÏ¢ÇÔÈ¡²Ù×÷¡£¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þÓÉ¿¨°Í˹»ùÑо¿Ö°Ô±·¢Ã÷²¢ÆÊÎö£¬£¬ £¬£¬£¬ËûÃÇÌṩÁË ¸Ã¶ñÒâÈí¼þʹÓà Android Àý³ÌÆÊÎöºÍÌáÈ¡ APK Çåµ¥µÄÒªÁìµÄÊÖÒÕϸ½Ú¡£¡£¡£¡£¡£¡£¡£Çåµ¥Îļþ£¨¡°AndroidManifest.xml¡±£©Î»ÓÚÿ¸öÓ¦ÓóÌÐòµÄ¸ùĿ¼ÖУ¬£¬ £¬£¬£¬°üÀ¨ÓйØ×é¼þ£¨Ð§ÀÍ¡¢¹ã²¥ÎüÊÕÆ÷¡¢ÄÚÈÝÌṩ³ÌÐò£©¡¢È¨ÏÞºÍÓ¦ÓóÌÐòÊý¾ÝµÄÏêϸÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£ËäÈ»¶ñÒâ APK ¿ÉÒÔʹÓà Zimperium µÄÖÖÖÖѹËõ¼¼ÇÉÀ´ÓÞŪÇå¾²¹¤¾ß²¢ÌӱܯÊÎö£¬£¬ £¬£¬£¬µ«¿¨°Í˹»ùÆÊÎöʦ·¢Ã÷ SoumniBot ʹÓÃÈýÖÖ²î±ðµÄÒªÁìÀ´ÈƹýÆÊÎöÆ÷¼ì²é£¬£¬ £¬£¬£¬ÆäÖÐÉæ¼°Ê¹ÓÃÇåµ¥ÎļþµÄѹËõºÍ¾Þϸ¡£¡£¡£¡£¡£¡£¡£


https://www.bleepingcomputer.com/news/security/soumnibot-malware-exploits-android-bugs-to-evade-detection/


4. FIN7 Õë¶ÔÃÀ¹úÆû³µÖÆÔìÉÌµÄ IT Ô±¹¤Ìá³«ÍøÂç´¹ÂÚ¹¥»÷


4ÔÂ17ÈÕ£¬£¬ £¬£¬£¬³öÓÚ¾­¼ÃÄîÍ·µÄÍþв×éÖ¯ FIN7 Õë¶ÔÒ»¼ÒÃÀ¹ú´óÐÍÆû³µÖÆÔìÉÌ£¬£¬ £¬£¬£¬Ïò IT ²¿·ÖµÄÔ±¹¤·¢ËÍÓã²æÊ½ÍøÂç´¹ÂÚµç×ÓÓʼþ£¬£¬ £¬£¬£¬ÒÔʹÓà Anunak ºóÃÅѬȾϵͳ¡£¡£¡£¡£¡£¡£¡£¾ÝºÚÝ®Ñо¿Ö°Ô±³Æ£¬£¬ £¬£¬£¬Õâ´Î¹¥»÷±¬·¢ÔÚÈ¥Äêµ×£¬£¬ £¬£¬£¬²¢ÇÒÒÀÀµÓÚ·ÇÍâµØ¶þ½øÖÆÎļþ¡¢¾ç±¾ºÍ¿â (LoLBas)¡£¡£¡£¡£¡£¡£¡£ÍþвÐÐΪÕß½«Öصã·ÅÔÚ¾ßÓи߼¶È¨ÏÞµÄÄ¿µÄÉÏ£¬£¬ £¬£¬£¬Í¨¹ýð³äÕýµ±¸ß¼¶ IP ɨÃèÆ÷¹¤¾ßµÄ¶ñÒâ URL Á´½ÓÀ´ÒýÓÕËûÃÇ¡£¡£¡£¡£¡£¡£¡£ºÚÝ®¸ß¶ÈÈ·ÐŴ˴ι¥»÷ÊÇÓÉ FIN7 ÌᳫµÄ£¬£¬ £¬£¬£¬ÓÉÓڸù¥»÷ʹÓÃÁËÆæÒìµÄ PowerShell ¾ç±¾£¬£¬ £¬£¬£¬¸Ã¾ç±¾Ê¹ÓÃÁ˵ÐÊÖµÄÊðÃû¡°PowerTrash¡±»ìÏýµÄ shellcode ŲÓóÌÐò£¬£¬ £¬£¬£¬¸Ã¾ç±¾Ê״ηºÆðÔÚ 2022 ÄêµÄÒ»´Î»î¶¯ÖС£¡£¡£¡£¡£¡£¡£ÔÚ´Ë֮ǰ£¬£¬ £¬£¬£¬FIN7 ±»·¢Ã÷ÒÔ̻¶µÄVeeam ±¸·ÝºÍMicrosoft ExchangeЧÀÍÆ÷ΪĿµÄ£¬£¬ £¬£¬£¬²¢½«Black BastaºÍClop ÀÕË÷Èí¼þ¸ºÔذ²Åŵ½ÆóÒµÍøÂçÉÏ¡£¡£¡£¡£¡£¡£¡£


https://www.bleepingcomputer.com/news/security/fin7-targets-american-automakers-it-staff-in-phishing-attacks/


5. Óë¶íÂÞ˹ÓйصÄSandworm ¹¥»÷¾üÆ÷¿âÖеÄкóÃÅKapeka


4ÔÂ17ÈÕ£¬£¬ £¬£¬£¬³ýÁË΢ÈíÓÚ 2024 Äê 2 Ô 14 ÈÕÐû²¼µÄ¹ØÓÚ·¢Ã÷Ò»¸öÃûΪ KnuckleTouch µÄкóÃŵļò¶ÌÐÎò֮Í⣬£¬ £¬£¬£¬ÏÖÔÚ¹«ÖÚ¶Ô Kapeka ºóÃŵÄÏàʶÏÕЩΪÁã¡£¡£¡£¡£¡£¡£¡£Î¢Èí½« KnuckleTouch ºóÃŹé×ïÓÚ SeaShell Blizzard£¬£¬ £¬£¬£¬ÕâÊÇÆä¶Ô Sandworm µÄÃû³Æ¡£¡£¡£¡£¡£¡£¡£Microsoft ÉÐδ¶Ô´Ë¶ñÒâÈí¼þ¾ÙÐÐÆÊÎö£¬£¬ £¬£¬£¬µ« WithSecure È·ÐÅ KnuckleTouch ¾ÍÊÇ Kapeka¡£¡£¡£¡£¡£¡£¡£Î¢ÈíºÍ WithSecure ÒÔΪ¸Ã¶ñÒâÈí¼þ×Ô 2022 ÄêÒÔÀ´Ò»Ö±ÔÚʹÓ㬣¬ £¬£¬£¬µ«³ýÁË WithSecure ÆÊÎöÖ®Í⣬£¬ £¬£¬£¬ÈËÃÇ¶Ô Kapeka ÖªÖ®ÉõÉÙ¡£¡£¡£¡£¡£¡£¡£WithSecure Æù½ñΪֹֻ·¢Ã÷ÁËÁ½¸öÒ°ÍâÑù±¾¡£¡£¡£¡£¡£¡£¡£¿£¿£Ë¼Á¿µ½Ä¿½ñµÄµØÔµÕþÖΣ¬£¬ £¬£¬£¬Êܺ¦ÕßѧҲÅú×¢ÆäÆðÔ´ÓÚ¶íÂÞ˹£º°®É³ÄáÑǺÍÎÚ¿ËÀ¼¡£¡£¡£¡£¡£¡£¡£ÕâÖÖÓÐÏÞµÄÒ£²â¿ÉÄÜÊÇÓÉÓڸöñÒâÈí¼þÉÐδÆÕ±éʹÓ㬣¬ £¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚ Kapeka ͬÐÄЭÁ¦¼á³ÖÒþÃØ¡£¡£¡£¡£¡£¡£¡£ 


https://www.securityweek.com/kapeka-a-new-backdoor-in-sandworms-arsenal-of-aggression/


6. VisaÕë¶Ô½ðÈÚ»ú¹¹µÄJSOutProxÈÕÒæÔöÌíµÄÍþв·¢³öͨ¸æ


4ÔÂ17ÈÕ£¬£¬ £¬£¬£¬Visa ×î½üÐû²¼Á˹ØÓÚÌØÊâΣÏÕµÄJSOutProx ¶ñÒâÈí¼þ»î¶¯ÏÔ×ÅÔöÌíµÄÑÏÖØÇå¾²¾¯±¨¡£¡£¡£¡£¡£¡£¡£ÕâÖÖÔ¶³Ì»á¼ûľÂí ( RAT ) ÒÔÆä¶Ô½ðÈÚ»ú¹¹¼°Æä¿Í»§µÄÖØ´ó¹¥»÷ÄÜÁ¦¶øÖøÃû£¬£¬ £¬£¬£¬ÌØÊâÊÇÕë¶ÔÄÏÑǺͶ«ÄÏÑÇ¡¢Öж«ºÍ·ÇÖÞµØÇø¡£¡£¡£¡£¡£¡£¡£JSOutProx ÓÚ 2019 Äê 12 ÔÂÊ״α»·¢Ã÷£¬£¬ £¬£¬£¬ÊÇÒ»Öָ߶ȻìÏýµÄ JavaScript ºóÃÅ£¬£¬ £¬£¬£¬Ê¹ÍøÂç·¸·¨·Ö×ÓÄܹ»Ö´Ðдó×Ú¶ñÒâ»î¶¯¡£¡£¡£¡£¡£¡£¡£ÆäÖаüÀ¨ÔËÐÐ shell ÏÂÁî¡¢ÏÂÔØÌØÁíÍâÓк¦¸ºÔØ¡¢Ö´ÐÐÎļþ¡¢²¶»ñÆÁÄ»½ØÍ¼ÒÔ¼°ÍêÈ«¿ØÖÆÊÜѬȾװ±¸µÄ¼üÅ̺ÍÊó±ê¡£¡£¡£¡£¡£¡£¡£Ëæ×Åʱ¼äµÄÍÆÒÆ£¬£¬ £¬£¬£¬JSOutProx Ò»Ö±Éú³¤£¬£¬ £¬£¬£¬ÔöÇ¿ÁËÆä¹æ±ÜÊÖÒÕÒÔ×èÖ¹¼ì²â²¢ÔöÇ¿ÁËÆäÆÆËðÄÜÁ¦¡£¡£¡£¡£¡£¡£¡£JSOutProx µÄ³õʼÓÐÓøºÔØÖ§³Ö»ù±¾µ«Òªº¦µÄ¹¦Ð§£¬£¬ £¬£¬£¬Ê¹¹¥»÷ÕßÄܹ»¶ÔÊÜѬȾµÄϵͳ¾ÙÐÐÏ൱´óµÄ¿ØÖÆ¡£¡£¡£¡£¡£¡£¡£


https://securityboulevard.com/2024/04/jsoutprox-malware-variant-targeting-financial-orgs-warns-visa/#google_vignette