¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20190308

°ä²¼¹¦·ò 2019-03-08
1¡¢¿¨°Í˹»ù°ä²¼2018Äê½ðÈÚÐÐÒµÍøÂçÍþвµÄ·ÖÎö»ã±¨

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ƾ¾Ý¿¨°Í˹»ù°ä²¼µÄ2018Äê½ðÈÚÐÐÒµÍþв¾°¹Û»ã±¨£¬2018Äê½ðÈÚÐÐÒµÔâµ½µÄ´¹µö¹¥»÷Õ¼Æä¼ì²âµ½µÄËùÓд¹µö¹¥»÷µÄ½üÒ»°ë£¨44.7%£©£¬Ïà±È2017ÄêµÄ53.8%ÓÐËù½µÂä¡£2018ÄêÔâµ½ÒøÐÐľÂí¹¥»÷µÄÓû§ÊýÁ¿Îª889452£¬Óë2017ÄêµÄÊý×Ö767072Ïà±ÈÔö³¤ÁË15.9£¥¡£×î³£Ôâµ½ÒøÐÐľÂí¹¥»÷µÄ¹ú¶ÈÊǶíÂÞ˹¡¢µÂ¹ú¡¢Ó¡¶È¡¢Ô½ÄÏ¡¢Òâ´óÀû¡¢ÃÀ¹úºÍÖйú¡£2018ÄêÔâµ½AndroidÒøÐжñÒâÈí¼þ¹¥»÷µÄÓû§ÊýÁ¿Ôö³¤ÁËÁ½±¶¶à£¬´ï1799891¡£

   

Ô­ÎÄÁ´½Ó£º

https://securelist.com/financial-cyberthreats-in-2018/89788/

2¡¢ÐÂÍøÂç¼äµý×éÖ¯Whitefly£¬ÓëÐÂ¼ÓÆÂ¶à¸ö¹¥»÷»î¶¯ÓйØ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÈüÃÅÌú¿Ë×êÑÐÍŶӳÆ2018Äê7ÔÂÐÂ¼ÓÆÂSingHealth´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ±³ºóµÄ¹¥»÷ÕßÊÇÍøÂç¼äµý×éÖ¯Whitefly¡£¸Ã×éÖ¯×Ô2017ÄêÒÔÀ´Ò»Ïò»îÔ¾£¬ÖØÒªÕë¶ÔÐÂ¼ÓÆÂµÄ·ÖÆçÒµÒµµÄ¹«Ë¾£¬²¢ÊÔͼÇÔÈ¡´óÁ¿Ãô¸ÐÐÅÏ¢¡£×Ô2017ÄêÖÐÆÚµ½2018ÄêÖÐÆÚ£¬WhiteflyÒѾ­ÏòÒ½ÁƱ£½¡¡¢Ã½Ìå¡¢µçÐź͹¤³ÌÁìÓòµÄ¶à¸öÆóÒµÌáÒéÁ˹¥»÷£¬ÆäʹÓõŤ¾ßÔ̺¬Vcrodat¡¢Nibatad¡¢RootkitºÍMimikatz¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore

3¡¢×êÑÐÍŶӷ¢ÏÖ2Ô·ÝÀÕË÷Èí¼þShadeµÄ¹¥»÷»î¶¯ì­Éý

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

Malwarebytes Labs×êÑÐÍŶӷ¢ÏÖÀÕË÷Èí¼þTroldesh£¨±ðÃûShade£©ÔÚ2018ÄêQ4µ½2019ÄêQ1ÆÚ¼äµÄ¼ì²âÊýÁ¿¼±¾çÔö³¤¡£Shadeͨ³£Í¨¹ý´¹µöÓʼþ½øÐд«²¼£¬Æä¸½¼þÊÇÔ̺¬Javascript¾ç±¾µÄzipÎļþ¡£ShadeµÄÖØÒª¹¥»÷Ö¸±êÊÇWindowsϵͳ£¬ÆäѡȡAES 256 CBCËã·¨½øÐмÓÃÜ¡£²¿ÃÅShadeµÄ±äÖÖ´æÔÚÃâ·ÑµÄ½âÃܹ¤¾ß£¬Óû§¿ÉÔÚNoMoreRansom.orgÍøÕ¾ÉÏÕÒµ½ËüÃÇ¡£

  

Ô­ÎÄÁ´½Ó£º

https://blog.malwarebytes.com/threat-analysis/2019/03/spotlight-troldesh-ransomware-aka-shade/

4¡¢×êÑÐÍŶӷ¢ÏÖÊ׸öÀûÓÃSlack API½øÐÐͨѶµÄSLUBºóÃÅ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

Ç÷Ïò¿Æ¼¼×êÑÐÍŶӷ¢ÏÖÊ׸öÀûÓÃSlack APIͨѶµÄ¶ñÒâÈí¼þSLUBºóÃÅ¡£SLUBÊÇÒ»¸öÓÃC++±àдµÄ×Ô½ç˵ºóÃÅ£¬ÆäÔ̺¬¾²Ì¬Á´½Ó¿âcurl£¨ÓÃÓÚÖ´ÐÐHTTPÒªÇ󣩡¢boost£¨ÓÃÓÚ´ÓgistƬ¶ÎÖÐÌáÈ¡ºÅÁºÍJsonCpp£¨ÓÃÓÚ½âÎöslackͨѶ£©¡£¸ÃºóÃÅͨ¹ýË®¿Ó¹¥»÷´«²¼£¬²¢ÇÒÀûÓÃÁË΢ÈíÔÚ2018Äê5Ô½¨¸´µÄVBScriptÒýÇæ·ì϶£¨CVE-2018-8174£©½øÐÐϰȾ¡£¸ÃºóÃÅ»¹»á´ÓGithub¸ßµÍÔØÒ»¸öÌØ¶¨µÄgistƬ¶Î²¢ÌáÈ¡ÓйغÅÁî¡£

  

Ô­ÎÄÁ´½Ó£º

https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/

5¡¢ÐÂľÂíPirate Matryoshka£¬ÀûÓú£µÁÍå½øÐзַ¢

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

¿¨°Í˹»ù×êÑÐÍŶӷ¢ÏÖ¹¥»÷ÕßÀûÓú£µÁÍå·Ö·¢ÐÂľÂíPirate Matryoshka¡£¸ÃľÂí¼Ù×°³ÉÆÆ½âÈí¼þµÄ×°ÖÃÎļþ£¬µ±Óû§ÔËÐиÃÎļþʱ£¬½«»áÏÔʾһ¸öαÔìµÄº£µÁÍåµÇÂ¼Ò³Ãæ¡£Ò»µ©Óû§ÊäÈëÕË»§ÃûºÍÃÜÂ룬¹¥»÷Õ߾ͻá½Ù³ÖÓû§µÄÕË»§²¢ÉÏ´«¸ü¶àµÄ¶ñÒâÎļþ¡£´Ë±í£¬×°ÖÃÎļþ»¹Ä¬Èϰó¸¿ÁËÆäËüÈí¼þ£¬ÆäÖÐÎå·ÖÖ®Ò»ÊǸæ°×Èí¼þ¡¢½Ù³Öä¯ÀÀÆ÷Ö÷Ò³µÄ¶ñÒâÈí¼þÒÔ¼°Ä¾ÂíµÈ¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.kaspersky.com/blog/pirate-matryoshka-malware/25905/

6¡¢Ë¼¿Æ½¨¸´Nexus»¥»»»úÖеĶþÊ®¶à¸ö°²È«·ì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

˼¿Æ±¾Öܽ¨¸´ÁËNexus»¥»»»úÖеĶþÊ®¶à¸ö°²È«·ì϶£¬·ì϶ÁìÓòÔ̺¬DoS¡¢ËÁÒâ´úÂëÖ´ÐкÍȨÏÞÌáÉýµÈ¡£ÕâЩ·ì϶ӰÏìÁËTetration Analytics´úÀí¡¢LDAP¡¢Óû§ÕÊ»§ÖÎÀí½çÃæ¡¢ºÅÁîÐнçÃæ£¨CLI£©µÈ×é¼þ£¬¶à¸ö·ì϶¿ÉÔÊÐí±¾µØ¹¥»÷Õß½øÐÐÌáȨ¡¢ÒÔrootÉí·ÝÖ´ÐÐËÁÒâ´úÂë¡¢×°ÖöñÒâÈí¼þ¡¢»ñÈ¡³ÁÒªÅäÖÃÎļþµÄ½Ó¼ûȨÏÞ»ò½øÐÐÊÜÏÞshellÌÓÒÝ¡£´Ë±í£¬Ë¼¿Æ»¹½¨ÒéÓû§²ÉÈ¡´ëÊ©± £»¤²¿ÊðÁËPOAPµÄÍøÂç»ò½ûÓøÃÖ°ÄÜ¡£

  

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/82120/breaking-news/cisco-nexus-flaws-2.html

ÉêÃ÷£º±¾×ÊѶÓÉ28ȦάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù