ÐÅÏ¢Çå¾²Öܱ¨-2018ÄêµÚ32ÖÜ

Ðû²¼Ê±¼ä 2018-08-13

Ò»¡¢±¾ÖÜÇå¾²Ì¬ÊÆ×ÛÊö


2018Äê08ÔÂ06ÈÕÖÁ12ÈÕ¹²ÊÕ¼Çå¾²Îó²î49¸ö£¬£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇSiemens SIMATIC STEP 7ºÍWinCC´úÂëÖ´ÐÐÎó²î£»£»£»HP Ink PrintersÔ¶³Ì´úÂëÖ´ÐÐÎó²î£»£»£»Linux kernel 'tcp_input.c'Ô¶³Ì¾Ü¾øÐ§ÀÍÎó²î£»£»£»SonicWall Global Management System XML-RPCŲÓÃí§Òâ´úÂëÖ´ÐÐÎó²î£»£»£»HPE Intelligent Management Center PLAT´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£¡£¡£¡£

±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǰ¢À­Ë¹¼ÓijÕòµÄÕþ¸®ÍøÂçÒòѬȾÀÕË÷Èí¼þBitPaymer¶ø±»ÆÈ¹Ø±Õ£»£»£»Ä«Î÷¸çÒ»Ò½ÁÆÊý¾Ý¿â¿É¹ûÕæ»á¼û£¬£¬£¬£¬£¬£¬£¬Ô¼200Íò»¼ÕßµÄÐÅϢй¶£»£»£»TCMÒøÐÐÒòÍøÕ¾ÉèÖùýʧµ¼Ö²¿·ÖÓû§µÄÃô¸ÐÊý¾Ýй¶£»£»£»SnapchatÔ´ÂëÔÚGitHubÉÏÆØ¹â£¬£¬£¬£¬£¬£¬£¬¹«Ë¾ÉñÃØ¿ÉÄÜÍâй£»£»£»ÃÀÖ°Òµ¸ß¶û·òЭ»áPGAÒÉÔâÀÕË÷Èí¼þBitPaymer¹¥»÷¡£¡£¡£¡£¡£¡£¡£

ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£¡£


¶þ¡¢Ö÷ÒªÇå¾²Îó²îÁбí


1¡¢Siemens SIMATIC STEP 7ºÍWinCC´úÂëÖ´ÐÐÎó²î

Siemens SIMATIC STEP 7ºÍWinCC TIA PortalĬÈÏ×°ÖÃÖеÄÎļþȨÏÞ·ÖÅɲ»µ±£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÍâµØ¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþ£¬£¬£¬£¬£¬£¬£¬Ö´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£

Óû§¿É²Î¿¼Èçϳ§ÉÌÌṩµÄÇå¾²²¹¶¡ÒÔÐÞ¸´¸ÃÎó²î£ºhttps://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf


2¡¢HP Ink PrintersÔ¶³Ì´úÂëÖ´ÐÐÎó²î

HP Ink¶à¸ö´òÓ¡»ú±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£

Óû§¿É²Î¿¼Èçϳ§ÉÌÌṩµÄÇå¾²²¹¶¡ÒÔÐÞ¸´¸ÃÎó²î£ºhttps://support.hp.com/us-en/document/c06097712


3¡¢Linux kernel 'tcp_input.c'Ô¶³Ì¾Ü¾øÐ§ÀÍÎó²î

Linux kernel tcp_collapse_ofo_queue()¼°tcp_prune_ofo_queue() ŲÓñ£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬¾ÙÐоܾøÐ§À͹¥»÷¡£¡£¡£¡£¡£¡£¡£

Óû§¿É²Î¿¼Èçϳ§ÉÌÌṩµÄÇå¾²²¹¶¡ÒÔÐÞ¸´¸ÃÎó²î£ºhttps://www.synology.com/support/security/Synology_SA_18_41


4¡¢SonicWall Global Management System XML-RPCŲÓÃí§Òâ´úÂëÖ´ÐÐÎó²î

SonicWall Global Management SystemûÓÐÑéÖ¤Óû§Ìá½»µÄÓÃÓÚXML-RPCŲÓõIJÎÊý£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£

Óû§¿É²Î¿¼Èçϳ§ÉÌÌṩµÄÇå¾²²¹¶¡ÒÔÐÞ¸´¸ÃÎó²î£ºhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007


5¡¢HPE Intelligent Management Center PLAT´úÂëÖ´ÐÐÎó²î

HPE Intelligent Management Center£¨iMC£©PLAT±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬£¬Ö´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£

Óû§¿É²Î¿¼Èçϳ§ÉÌÌṩµÄÇå¾²²¹¶¡ÒÔÐÞ¸´¸ÃÎó²î£ºhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03864en_us


Èý¡¢Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢°¢À­Ë¹¼ÓijÕòµÄÕþ¸®ÍøÂçÒòѬȾÀÕË÷Èí¼þBitPaymer¶ø±»ÆÈ¹Ø±Õ

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

7ÔÂ24ÈÕ°¢À­Ë¹¼Ó³ÇÕòMat-SuµÄÕþ¸®ÍøÂçѬȾÀÕË÷Èí¼þBitPaymer£¬£¬£¬£¬£¬£¬£¬µ¼ÖÂÆäÍøÂçÏÝÈë̱»¾¡£¡£¡£¡£¡£¡£¡£BitPaymerËÆºõÔçÔÚ5ÔÂ3ÈÕ¾ÍÒѾ­½øÈëÁËMat-SuµÄÍøÂ磬£¬£¬£¬£¬£¬£¬µ«´¦ÓÚÐÝÃß»òδ±»·¢Ã÷״̬¡£¡£¡£¡£¡£¡£¡£¸ÃÀÕË÷Èí¼þÔÚ7ÔÂ24ÈÕ±¬·¢£¬£¬£¬£¬£¬£¬£¬Ó°ÏìÁË500̨×ÀÃæÊÂÇéÕ¾ºÍ120̨ЧÀÍÆ÷¡£¡£¡£¡£¡£¡£¡£Mat-Su¹«¹²ÊÂÎñ×ܼàPatty Sullivan³Æ¸ÃÕòµÄ»ù´¡ÉèÊ©ÕýÔÚÎȲ½ÖØÐÞ£¬£¬£¬£¬£¬£¬£¬°üÀ¨µç×ÓÓʼþЧÀÍ¡¢µç»°ºÍ»¥ÁªÍøµÈЧÀÍÒ²½«»Ö¸´¡£¡£¡£¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/bitpaymer-ransomware-infection-forces-alaskan-town-to-use-typewriters-for-a-week/

2¡¢Ä«Î÷¸çÒ»Ò½ÁÆÊý¾Ý¿â¿É¹ûÕæ»á¼û£¬£¬£¬£¬£¬£¬£¬Ô¼200Íò»¼ÕßµÄÐÅϢй¶

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Çå¾²Ñо¿Ô±Bob Diachenkoͨ¹ýShodan·¢Ã÷Ò»¸öÄ«Î÷¸çÒ½ÁÆÊý¾Ý¿â¿É¹ûÕæ»á¼û£¬£¬£¬£¬£¬£¬£¬¸ÃMongoDBÊý¾Ý¿â°üÀ¨Ô¼200Íò»¼ÕßµÄÒ½ÁÆÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬°üÀ¨ÐÕÃû¡¢ÐԱ𡢳öÉúÈÕÆÚ¡¢°ü¹ÜÐÅÏ¢¡¢²Ð¼²×´Ì¬ºÍ¼ÒͥסַµÈÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£Diachenko·¢Ã÷¸ÃÊý¾Ý¿âµÄÖÎÀíÔ±µç×ÓÓʼþÓòÃûΪhovahealth.comºÍefimed.care£¬£¬£¬£¬£¬£¬£¬ÔÚ֪ͨHova Health¹«Ë¾ºó£¬£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¿âÔÚÈý¸öСʱÄÚ»ñµÃ±£»£»£»¤¡£¡£¡£¡£¡£¡£¡£

 Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/health-care-data-of-2-million-people-in-mexico-exposed-online/

3¡¢TCMÒøÐÐÒòÍøÕ¾ÉèÖùýʧµ¼Ö²¿·ÖÓû§µÄÃô¸ÐÊý¾Ýй¶

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


TCMÒøÐÐÊÇICBA BancardµÄ×Ó¹«Ë¾£¬£¬£¬£¬£¬£¬£¬ËüÊÇÃÀ¹ú750¶à¼ÒСÐͺÍÉçÇøÒøÐеÄÐÅÓÿ¨¿¯ÐÐÉÌ¡£¡£¡£¡£¡£¡£¡£¸ÃÒøÐÐÐû²¼ÆäÍøÕ¾ÉèÖùýʧµ¼Ö²¿·ÖÐÅÓÿ¨ÉêÇëÈ˵ÄÐÅÏ¢ÔÚ2017Äê3Ô³õÖÁ2018Äê7ÔÂÖÐѮ֮¼äµÄ16¸öÔÂÄÚÔÚÏß̻¶¡£¡£¡£¡£¡£¡£¡£¿£¿£¿ £¿ÉÄÜй¶µÄÊý¾Ý°üÀ¨ÉêÇëÈ˵ÄÐÕÃû¡¢µØµã¡¢³öÉúÈÕÆÚºÍÉç±£ºÅÂëµÈ¡£¡£¡£¡£¡£¡£¡£ÊÜÓ°ÏìµÄ¿Í»§ÊýĿΪ²»µ½1ÍòÈË¡£¡£¡£¡£¡£¡£¡£TCM³ÆÆäÔÚ2018Äê7ÔÂ16ÈÕ·¢Ã÷Á˸ÃÎÊÌ⣬£¬£¬£¬£¬£¬£¬²¢ÔÚµÚ¶þÌì¾ÙÐÐÁËÐÞ¸´¡£¡£¡£¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://securityaffairs.co/wordpress/75078/data-breach/tcm-bank-data-leak.html

4¡¢SnapchatÔ´ÂëÔÚGitHubÉÏÆØ¹â£¬£¬£¬£¬£¬£¬£¬¹«Ë¾ÉñÃØ¿ÉÄÜÍâй


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ê¢ÐеÄÉ罻ýÌåÓ¦ÓÃSnapchatµÄÔ´´úÂë±»Ò»ÃûºÚ¿ÍÐû²¼ÔÚGitHubÉÏ¡£¡£¡£¡£¡£¡£¡£¸ÃGitHubÕË»§ÎªKhaled Alshehri£¬£¬£¬£¬£¬£¬£¬ÊÇÒ»Ãû°Í»ù˹̹Óû§£¬£¬£¬£¬£¬£¬£¬ÆäÔÚSource-Snapchat´æ´¢¿âÖÐÐû²¼ÁËÌý˵ÊÇSnapchatµÄiOSÓ¦ÓõĴúÂë¡£¡£¡£¡£¡£¡£¡£µ×²ã´úÂë¿ÉÄÜ»áй¶¹«Ë¾µÄÉñÃØÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬ÀýÈçappµÄÕûÌåÉè¼Æ¡¢ÊÂÇé·½·¨ÒÔ¼°ÍýÏëµÄδÀ´¹¦Ð§µÈ¡£¡£¡£¡£¡£¡£¡£SnapchatµÄĸ¹«Ë¾Snap Inc.ƾ֤DMCA·¨ÒªÇóɾ³ýÁ˸ô洢¿â¡£¡£¡£¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://thehackernews.com/2018/08/snapchat-hack-source-code.html

5¡¢ÃÀÖ°Òµ¸ß¶û·òЭ»áPGAÒÉÔâÀÕË÷Èí¼þBitPaymer¹¥»÷

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨

ƾ֤GolfWeekµÄ±¨µÀ£¬£¬£¬£¬£¬£¬£¬±¾ÖܶþÃÀ¹úÖ°Òµ¸ß¶û·òЭ»á£¨PGA£©ÒÉÔâÀÕË÷Èí¼þBitPaymerµÄ¹¥»÷¡£¡£¡£¡£¡£¡£¡£ÓëÀÕË÷Èí¼þSamSamÒ»Ñù£¬£¬£¬£¬£¬£¬£¬BitPaymerÇãÏòÓÚͨ¹ýRDPЧÀÍÈëÇÖÄ¿µÄ×éÖ¯µÄÍøÂ磬£¬£¬£¬£¬£¬£¬²¢ºáÏòÈö²¥ÖÁÿһ̨ÅÌËã»ú¡£¡£¡£¡£¡£¡£¡£¸Ã±äÖÖÔÚ¼ÓÃܵÄÎļþºó¸½¼Ó.lockedÀ©Õ¹Ãû£¬£¬£¬£¬£¬£¬£¬²¢ÀÕË÷½Ï¸ßµÄÊê½ð¡£¡£¡£¡£¡£¡£¡£ÔÚÒÑÍùµÄ¼¸ÖÜÄÚBitpaymerÒѾ­·ºÆðÁËÊý´ÎÕë¶ÔÆóÒµ¡¢Õþ¸®»ú¹¹ºÍÒ½ÔºµÄ¹¥»÷¡£¡£¡£¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/the-pga-possibly-infected-with-the-bitpaymer-ransomware/