×êÑÐÍŶӷ¢ÏÖAdobe Experience ManagerÖÐRCE 0day£»¶íÂÞ˹ºÚ¿ÍÒÑÔÚµ¤ÂóÖÐÑëÒøÐеÄÍøÂçÂñ·ü³¬¹ý°ëÄê

°ä²¼¹¦·ò 2021-06-30

1.×êÑÐÍŶӷ¢ÏÖAdobe Experience ManagerÖÐRCE 0day


1.jpg


×êÑÐÍŶӷ¢ÏÖAdobe Experience Manager(AEM)ÖдæÔÚRCE 0day¡£AEMÊÇÊ¢ÐеÄÄÚÈÝÖÎÀí½â¾ö¹æ»®  £¬ÒѳÉΪºÜ¶à³ÛÃûÆóÒµµÄÊ×Ñ¡ÄÚÈÝÖÎÀíϵͳ (CMS)  £¬Ô̺¬ÍòÊ´│¡¢LinkedIn¡¢PlayStationºÍMcAfeeÔÚÄڵĶà¼Ò¹«Ë¾¶¼Êܵ½ÁËÓ°Ïì¡£¸Ã·ì϶´æÔÚÓÚÉúÔÚCRX /crx/packmgr/¶Ëµã  £¬¹¥»÷ÕßÄܹ»ÈƹýDispatcherÖеÄÉí·ÝÑéÖ¤À´½Ó¼ûCRX Package Manager  £¬¶øºóÔÚAEMÖÐÉÏ´«¶ñÒâ°üÀ´»ñµÃ¶ÔÀûÓ÷¨Ê½µÄÆëÈ«½ÚÔì¡£


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/zero-day-exploit-found-in-adobe/


2.¶íÂÞ˹ºÚ¿ÍÒÑÔÚµ¤ÂóÖÐÑëÒøÐеÄÍøÂçÂñ·ü³¬¹ý°ëÄê


2.jpg


¶íÂÞ˹ºÚ¿ÍÍÅ»ïNobeliumÈëÇÖÁ˵¤ÂóÖÐÑëÒøÐÐ(Danmarks Nationalbank)²¢Ö²ÈëÁ˶ñÒâÈí¼þ  £¬ÔÚûÓб»·¢ÏÖµÄÇé¿öϽӼûÍøÂ糬¹ý°ëÄê¡£¸Ã»î¶¯ÊÇÈ¥ÄêSolarWinds¹©¸øÁ´¹¥»÷µÄÒ»²¿ÃÅ  £¬ÔÚVersion2ÒÔÐÅÏ¢×ÔÓÉΪÓÉ´Óµ¤ÂóÑëÐлñµÃ¹Ù·½Îļþºó²ÅÅû¶µÄ¡£¸Ã¶ñÒâÈí¼þÒѾ­ÔÚµ¤ÂóÑëÐеÄÍøÂçÖдæÔÚÁ˳¤´ï7¸öÔÂÖ®¾Ã  £¬Ö±µ½FireEyeÅû¶ÁËÕâ´Î¹©¸øÁ´¹¥»÷»î¶¯ºó²Å±»·¢ÏÖ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/


3.΢Èí°ä²¼°²È«¸üР £¬½¨¸´Edgeä¯ÀÀÆ÷ÖеĶà¸ö·ì϶


3.jpg


΢Èí°ä²¼°²È«¸üР £¬½¨¸´ÁËEdgeä¯ÀÀÆ÷ÖеÄ2¸ö·ì϶¡£ÆäÖнÏΪÑϳÁµÄÊǰ²È«Èƹý·ì϶£¨CVE-2021-34506£©  £¬Ê¹ÓÃEdgeä¯ÀÀÆ÷ÄÚÖõÄMicrosoft TranslatorÖ°ÄÜ×Ô¶¯·­ÒëÍøÒ³Ê±´¥·¢µÄ¿çÕ¾µã¾ç±¾(UXSS)·ì϶µ¼ÖµÄ  £¬Äܹ»ÓÃÀ´ÔÚÍøÕ¾ÉÏÔ¶³ÌÖ´ÐÐËÁÒâ´úÂë¡£×êÑÐÈËÔ±³Æ¸Ã·ì϶µÄ¸´ÔÓÐԺܵÍ  £¬¹¥»÷ÕßÄܹ»ÔÚ²»±ØÒªÈκÎȨÏÞµÄÇé¿öÏÂʵÏÖ¡£Õâ´Î½¨¸´µÄÁíÒ»¸ö·ìÏ¶ÎªÌØÈ¨ÌáÉý·ì϶£¨CVE-2021-34475£©¡£


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html


4.NVIDIA°ä²¼°²È«¸üР £¬½¨¸´GeForceÖеݲȫ·ì϶


4.jpg


NVIDIA°ä²¼°²È«¸üР £¬½¨¸´ÁËGeForce ExperienceÖеݲȫ·ì϶¡£¸Ã·ì϶±»¸ú×ÙΪCVE?2021?1073  £¬CVSSÆÀ·ÖΪ8.3¡£¸Ã¹«Ë¾³Æ·ì϶»áµ¼ÖºýŪ¹¥»÷  £¬ÊÇÓÉNVIDIA GeForce ExperienceÈí¼þÖжÔÌØÊâÌåʽÁ´½ÓµÄ²»µ±´¦Öõ¼ÖµÄ¡£¹¥»÷ÕßÄܹ»´´½¨Ò»¸öÌØÔìµÄÁ´½Ó  £¬Óû§ÔÚä¯ÀÀÆ÷Öжø·ÇÀûÓ÷¨Ê½Öдò¿ªµÇÂ¼Ò³Ãæ  £¬²¢ÊäÈëËûÃǵÄÃÜÂëºó±»½Ù³Ö¡£


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/


5.AcadeME¹«Ë¾Ôâµ½¹¥»÷  £¬Ð¹Â¶ÒÔÉ«ÁÐÔ¼28ÍòѧÉúÐÅÏ¢


5.jpg


AcadeMEÊÇÒÔÉ«ÁеÄÒ»¼Ò·þÎñÌṩÉÌ  £¬ÎªÑ°ÕÒ¹¤×÷µÄѧÉúÌṩԮÊÖ¡£6ÔÂ20ÈÕ  £¬ÃûΪDragonForceµÄÂíÀ´Î÷ÑǺڿÍÍÅ»ï³ÆÆäÈëÇÖÁËAcadeME  £¬²¢ÇÔÈ¡ÁËÔ¼28Íò¸öѧÉúµÄÓ×ÎÒÐÅÏ¢  £¬Ô̺¬µç×ÓÓʼþ¡¢ÃÜÂë¡¢ÐÕÃû¡¢µØÖ·ÉõÖÁµç»°ºÅÂë¡£¹ÌÈ»AcadeME·ñ¶¨ÁËÕâһ˵·¨  £¬µ«¹¥»÷Õß¹«¿ªÁË´úÂë½ØÍ¼¡¢·þÎñÆ÷µØÖ·ÒÔ¼°Êý¾ÝµÄ±í¸ñÖ¤Ã÷Õâ´Î¹¥»÷¡£´Ë±í  £¬¸ÃÍŻﻹÔÚÉÏÖÜÎå¶ÔÒÔÉ«ÁеĶà¼ÒÒøÐУ¨Bank of Israel¡¢Bank LeumiºÍMizrahi Tefahot£©ÌáÒéÁËDDoS¹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://www.jpost.com/israel-news/details-of-over-200000-students-leaked-in-cyberattack-672179    


6.Tesorion×êÑÐÈËÔ±´òË㹫¿ªÐÂÀÕË÷Èí¼þLorenz½âÃÜÆ÷


6.jpg


ºÉÀ¼ÍøÂ簲ȫ¹«Ë¾Tesorion´òË㹫¿ªÐÂÀÕË÷Èí¼þLorenzµÄ½âÃÜÆ÷¡£LorenzÀÕË÷Èí¼þÍÅ»ï×Ô2021Äê4ÔÂÒÔÀ´Ò»Ïò»îÔ¾  £¬¹¥»÷ÁËÈ«ÇòµÄ¶à¸ö×éÖ¯  £¬ÆäÊê½ðÒªÇóÏ൱¸ß  £¬ÔÚ50ÍòÃÀÔªµ½70ÍòÃÀÔªÖ®¼ä¡£LorenzÔÚCBCģʽÏÂʹÓÃRSAºÍAES-128µÄ×éºÏÀ´¼ÓÃÜÎļþ  £¬ÎªÃ¿¸öÎļþʹÓÃËæ»úÌìÉúµÄÃÜÂë  £¬¶øºóʹÓÃCryptDeriveKeyº¯Êýµ¼³ö¼ÓÃÜÃÜÔ¿¡£Tesorion·ÖÎöÁ˸ÃÀÕË÷Èí¼þ²¢´òËãͨ¹ýNoMoreRansom°ä²¼¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/119492/cyber-crime/lorenz-ransomware-free-decryptor.html