¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20190307

°ä²¼¹¦·ò 2019-03-07
1¡¢¹È¸è½¨¸´Chrome 0day £¬½¨ÒéÓû§¾¡¿ì¸üÐÂ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

°²È«×êÑÐÔ±Clement LecigneÔÚ2ÔÂÄ©Ïò¹È¸è»ã±¨ÁËChromeÖеÄÒ»¸ö0day £¬¸Ã·ì϶¿ÉÔÊÐíÔ¶³Ì¹¥»÷ÕßÔÚÓû§µÄÍÆËã»úÉÏÖ´ÐÐËÁÒâ´úÂë²¢ÆëÈ«½ÚÔìÍÆËã»ú¡£¸Ã·ì϶£¨CVE-2019-5786£©Ó°ÏìÁËËùÓÐÖ÷Á÷ƽ̨ÉϵÄChrome°æ±¾ £¬Ô̺¬Windows¡¢macOSºÍLinux¡£Chrome°²È«ÍŶӰµÊ¾ÎÊÌâÊÇÓÉChromeµÄFileReader×é¼þÖеÄuse-after-free·ì϶µ¼ÖµÄ £¬µ«Î´Åû¶Èκμ¼Êõϸ½Ú¡£¹È¸è»¹ÖÒ¸æ³Æ¸Ã·ì϶ÒÑÔÚÒ°±í±»»ý¼«ÀûÓ᣽¨ÒéÓû§¾¡¿ì×°ÖÃChrome¸üÐÂ72.0.3626.121¡£

   

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/03/update-google-chrome-hack.html

2¡¢ÂÞ¿ËΤ¶û×Ô¶¯»¯½¨¸´RSLinxÖеÄDoS/RCE·ì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

ÂÞ¿ËΤ¶û×Ô¶¯»¯ÎªÆäRSLinx ClassicÈí¼þ°ä²¼²¹¶¡ £¬½¨¸´ÁËÒ»¸ö¿Éµ¼ÖÂDoSÒÔ¼°RCEµÄ¸ßΣ·ì϶£¨CVE-2019-6553£©¡£RSLinx ClassicÊÇ×°ÖÃ¿í·ºµÄͨѶÈí¼þ £¬ÓÃÓÚ½«Allen Bradley PLCÏνӵ½±à³Ì¡¢Êý¾Ý²É¼¯ºÍÅäÖÃÀûÓá£Tenable×êÑÐÈËÔ±·¢ÏָòúƷʹÓõÄDLLÖдæÔÚÒ»¸öÊäÈëÑéÖ¤ÎÊÌâ £¬¿Éµ¼Ö»º³åÇøÒç³ö¡£¹¥»÷Õß¿Éͨ¹ýÏò¶Ë¿Ú44818·¢ËͶñÒâÊý¾Ý°üÀ´´¥·¢´Ë·ì϶¡£¸Ã·ì϶µÄCVSSÆÀ·ÖΪ10·Ö¡£ÂÞ¿ËΤ¶û°µÊ¾¸Ã·ì϶ӰÏìÁËRSLinx Classic 4.10.00¼°Ö®Ç°µÄ°æ±¾¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-flaw-rslinx-software

3¡¢¹È¸è°ä²¼3ÔÂAndroid°²È«¸üР£¬½¨¸´45¸ö·ì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

¹È¸è°ä²¼3Ô·ݵÄAndroid°²È«¸üР£¬¹²½¨¸´¿ò¼Ü¡¢Ã½Ìå¿ò¼Ü¡¢ÏµÍ³¡¢Äں˼°¸ßͨ×é¼þÖеÄ45¸ö·ì϶¡£ÆäÖÐ×îΪÑϳÁµÄ·ì϶ÊÇýÌå¿ò¼ÜÖеĸßΣRCE·ì϶£¨CVE-2019-1989ºÍCVE-2019-1990£© £¬Ô¶³Ì¹¥»÷ÕßÄܹ»ÀûÓø÷ì϶ÔÚÌØÈ¨¹ý³ÌµÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂë¡£ÆëÈ«·ì϶ÁбíÇë²Î¿¼ÒÔÏÂÁ´½Ó¡£

  

Ô­ÎÄÁ´½Ó£º

https://news.softpedia.com/news/android-security-patch-for-march-2019-now-rolling-out-with-45-security-fixes-525184.shtml

4¡¢×êÑÐÅú×¢2018Äê²úÉú12449ÆðÊý¾Ýй¶ÊÂÎñ £¬±È2017ÄêÔö³¤424%

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

ƾ¾ÝÍþвµý±¨¹«Ë¾4IQµÄÒ»·Ýл㱨 £¬2018ÄêÒÑÈ·ÈϵÄÊý¾Ýй¶ÊÂÎñµÄÊýÁ¿´ï12449Æð £¬Óë2017ÄêÏà±ÈÔö³¤424% £¬ÆäÖÐ47%µÄÊÂÎñÓëÃÀ¹úºÍÖйúµÄ¹«Ë¾ÓйØ¡£¸Ã¹«Ë¾Í³¼ÆµÄÊÇÒÑÈ·ÈϵÄÊý¾Ýй¶ÊÂÎñ £¬¹ÌÈ»ÊÂÎñµÄÊýÁ¿ÔÚ2018Äê´ó·ùÌáÉý £¬µ«¾ùÔÈй¶¹æÄ£Ôò½µÂäÖÁ216884±Ê¼Í¼ £¬±È2017ÄêÒªÓ×4.7±¶¡£´Ë±í £¬2018ÄêÓÐ149ÒÚ±»µÁµÄԭʼÉí·Ý¼Í¼ÔÚ°µÍøÉϽøÐд«²¼ £¬µ«Ö»ÓÐ36ÒÚÊÇеĺÍÕæÊµµÄ¡£

 

 Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/12-449-data-breaches-confirmed-in-2018-a-424-percent-increase-over-the-previous-year/

5¡¢Chafer APTй¥»÷»î¶¯ £¬Õë¶ÔÍÁ¶úÆäµ±¾Ö»ú¹¹

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

Palo Alto Networks×êÑÐÍŶӷ¢ÏÖÒÁÀÊAPT×éÖ¯ChaferÔÚ2018Äê11ÔÂÕë¶ÔÍÁ¶úÆäµ±¾ÖµÄ¹¥»÷»î¶¯ÖÐʹÓÃÁËеĻùÓÚPythonµÄºóÃÅMechaFlounder¡£ÔÚÕâ´Î¹¥»÷»î¶¯ÖÐ £¬¹¥»÷ÕßʹÓÃÁËÓë֮ǰһÑùµÄ»ù´¡ÉèÊ© £¬Ô̺¬ÓòÃûwin10-update[.]com¼°ÓÃÓÚ·Ö·¢¶ñÒâÈí¼þµÄIPµØÖ·185.177.59¡£MechaFlounderÊÇChaferʹÓõÄÊ׸ö»ùÓÚPythonµÄ¶ñÒâÈí¼þ £¬Ö§³Ö³£¼ûµÄºóÃźÅÁî £¬Ô̺¬ÓëC&C·þÎñÆ÷ͨѶ¡¢ÉÏ´«ºÍÏÂÔØÎļþ¡¢ÔËÐкÅÁîºÍÀûÓ÷¨Ê½µÈ¡£

  

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/82004/breaking-news/chafer-apt-python-backdoor.html

6¡¢À­Ê²´óѧҽÁÆÖÐÐÄ4.5Íò»¼ÕßµÄÒ½ÁÆÐÅϢй¶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

ÃÀ¹úÀ­Ê²´óѧҽÁÆÖÐÐÄÓÚ1ÔÂ22ÈÕ²úÉú´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ £¬²¨¼°Ô¼4.5ÍòÃû»¼Õß¡£Ð¹Â¶µÄÐÅÏ¢Ô̺¬»¼ÕßµÄÐÕÃû¡¢µØÖ·¡¢ÉúÈÕ¡¢Éç»á°²È«ºÅÂë¡¢Ò½ÁƱ£ÏÕÐÅÏ¢ºÍÒ½ÁÆÐÅÏ¢¡£ÔÚ·¢ÏÖй¶ÊÂÎñºó £¬¸ÃÒ½ÁÆÖÐÐĶôÖÆÁËIT¹©¸øÉ̵ĺÏͬ £¬²¢ÆðÍ·½øÐÐÄÚ²¿µ÷²é¡£´Ë±í £¬¸ÃÒ½ÁÆÖÐÐÄ»¹ÎªÊÜÓ°ÏìµÄ»¼ÕßÃâ·ÑÌṩÁËÒ»ÄêµÄÐÅÓþ±£»¤·þÎñ¡£

 

 Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/close-to-45000-patients-affected-in-rush-data-breach-84af30ec

ÉêÃ÷£º±¾×ÊѶÓÉ28ȦάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù