GandCrabÖÕ³¡ÔËÓª£»ÀûÓÃRealtek SDK RCE·ì϶µÄ¹¥»÷»î¶¯¼¤Ôö£»Àí¹âTheta360Òâ±íй¶1100ÍòÕÅÓû§ÕÕÆ¬

°ä²¼¹¦·ò 2019-06-03
1¡¢GandCrabÖÕ³¡ÔËÓª £¬¹¥»÷Õß°ä·¢¹Ø¹ØRaaS·þÎñ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
ÀÕË÷Èí¼þGandCrabµÄ¿ª·¢ÕßÔÚºÚ¿ÍÂÛ̳Éϰ䷢½«ÔÚÒ»¸öÔÂÄÚ¹Ø¹ØÆäRaaS£¨ÀÕË÷Èí¼þ¼´·þÎñ£©ÒµÎñ £¬×Ô2018Äê1ÔÂÕýÊ½ÍÆ³öÒÔÀ´ £¬GandCrab RaaSÒ»ÏòÔÚ¸ÃÂÛ̳ÉÏÐû´«×Ô¼ºµÄ·þÎñ ¡£¹¥»÷Õß°µÊ¾ËûÃÇÒѾ­¿¿¸ÃÀÕË÷Èí¼þ׬ȡÁ˳¬¹ý20ÒÚÃÀÔªµÄÊê½ð £¬Òò¶ø¾ö¶¨¡°ÍËÐÝ¡± £¬µ«ÕâÒ»Êý×ÖµÄÕæÊµÐÔ´æÒÉ ¡£¹¥»÷Õß»¹°µÊ¾½«É¾³ýËùÓеĽâÃÜÃÜÔ¿ £¬Ê¹µÃÊܺ¦ÕßÎÞ·¨¸´Ô­Îļþ ¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/

2¡¢ÀûÓÃLive Chat²å¼þµ¯´°¹¥»÷»î¶¯ £¬Ç±ÔÚÊܺ¦Õß´ïÊýÍò

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
ZScalerµÄThreatLabZ×êÑÐÍŶӷ¢ÏÖ¹¥»÷ÕßÔÚ»ý¼«ÀûÓÃWP Live Chat²å¼þÖеÄXSS·ì϶ £¬ÏòWordPressÍøÕ¾×¢Èë¶ñÒâJavaScript´úÂëÒÔ½øÐжñÒâ³Á¶¨ÏòºÍµ¯´°¹¥»÷ ¡£ÖÁÉÙÒÑÓÐ47¸öÍøÕ¾Êܵ½¹¥»÷ £¬ÕâÒ»ÊýÁ¿»¹ÔÚÔö³¤ £¬ÓÉÓڸòå¼þµÄ×°ÖÃÁ¿´ï5Íò £¬Òò¶øÇ±ÔÚÊܺ¦Õ߿ɴïÊýÍò ¡£¸Ã¶ñÒâJavaScript´úÂëÏòblackawardago[.]com·¢³öÒªÇó £¬ºóÕßÕÆ¹ÜÍÆË͵¯´°¸æ°×ºÍÐéα¶©ÔÄÐÂÎÅ ¡£Æ¾¾Ý¸ÃÓòÃûµÄWhoIs¼Í¼ £¬¸Ã·þÎñÆ÷µÄIPµØÖ·Î»ÓÚÓ¡¶È ¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/wordpress-plugin-flaw-used-for-malicious-redirects-and-pop-ups/

3¡¢ÀûÓÃRealtek SDK RCE·ì϶µÄ¹¥»÷»î¶¯¼¤Ôö

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
NetScout×êÑÐÍŶӷ¢ÏÖ´Ó2019Äê4Ôµ׵½2019Äê5ÔÂÉϰëÔÂÆÚ¼ä £¬ÀûÓÃRealtek SDK RCE·ì϶£¨CVE-2014-8361£©µÄ¹¥»÷»î¶¯¼¤Ôö £¬¹¥»÷ÊýÁ¿ÔÚ´ËÆÚ¼äÔö³¤ÁË5043% ¡£ÕâЩ¹¥»÷ÖØÒªÀ´×Ô°£¼° £¬Õë¶ÔÄϷǵØÓòµÄ·ÓÉÆ÷ £¬·Ö·¢µÄpayloadÖØÒªÊÇHakai DDoS botµÄ±äÌå £¬¸Ã±äÌå¿ÉÓÃÓÚÌáÒé»ùÓÚHTTP¡¢TCP¡¢UDPµÄDDoS¹¥»÷ ¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt

4¡¢Àí¹âTheta360Òâ±íй¶1100ÍòÕÅÓû§ÕÕÆ¬

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
vpnMonitor×êÑÐÈËÔ±Noam RotemºÍRan Locar·¢ÏÖÀí¹âµÄTheta360ÕÕÆ¬¹²ÏíϵͳÒâ±íй¶1100ÍòÕÅÓû§ÕÕÆ¬ ¡£×êÑÐÈËÔ±°µÊ¾¸ÃϵͳµÄÒ»¸öÊý¾Ý¿â¿É¹«¿ª½Ó¼û £¬µ¼ÖÂÊýǧÃûÓû§µÄÕÕÆ¬Ð¹Â¶ £¬¸ÃÊý¾Ý¿â²¢Î´Ð¹Â¶Óû§µÄÓ×ÎÒÐÅÏ¢ £¬µ«×êÑÐÈËÔ±ÔںܶసÀýÖз¢ÏÖÁËÓû§µÄÐÕÃû¡¢Óû§Ãû¡¢ÕÕÆ¬UUID¡¢ÒþÖÔÉèÖõÈÐÅÏ¢ ¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.scmagazine.com/home/security-news/privacy-compliance/theta360-leak-exposes-11-million-photos-user-data/?

5¡¢Leicester×ãÇò¾ãÀÖ²¿¹ÙÍøÔâºÚ¿ÍÈëÇÖ £¬¿Í»§Ö§¸¶ÐÅϢй¶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
Leicester×ãÇò¾ãÀÖ²¿°µÊ¾Æä¹ÙÍøhttps://shop.lcfc.com/ÔâºÚ¿ÍÈëÇÖ £¬²¿Ãſͻ§µÄÖ§¸¶ÐÅϢй¶ £¬Ô̺¬ÐÅÓþ¿¨ºÅÂë¡¢³Ö¿¨ÈËÐÕÃû¡¢ÓÐЧÆÚºÍCVVµÈ ¡£¸ÃÊÂÎñ²úÉúÔÚ4ÔÂ23ÈÕÖÁ5ÔÂ4ÈÕÆÚ¼ä £¬¸Ã¾ãÀÖ²¿ÔÚ·¢ÏÖ¹¥»÷ºóÂíÉÏ֪ͨÁËÐÅϢרԱ°ì¹«ÊÒºÍÓйص±¾Ö ¡£µ÷²éÈÔÔÚ½øÐÐÖÐ £¬Ä¿Ç°Éв»Ã÷ÏÔ¹¥»÷µÄ¾ßÌåÐÅÏ¢ºÍºÚ¿ÍÈëÇֵķ½Ê½ £¬Ò²²»Ã÷ÏÔÓм¸¶à¿Í»§Êܵ½Ó°Ïì ¡£

Ô­ÎÄÁ´½Ó£ºhttps://securityaffairs.co/wordpress/86479/data-breach/leicester-city-site-card-brech.html

6¡¢×êÑÐÍŶӰ䲼Hidden BeeбäÌåµÄ·ÖÎö»ã±¨

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿
 
Malwarebytes Labs×êÑÐÍŶӰ䲼¹ØÓÚHidden BeeбäÌåµÄ·ÖÎö»ã±¨ ¡£Hidden BeeÊÇÒ»¸ö¶ñÒâÍÚ¿óÈí¼þ £¬ÓÉÓû§×é¼þºÍbootkit×é³É ¡£¸Ã±äÌ彫×Ô¼º×°ÖÃΪWindows·þÎñ £¬²¢±ÉÈËÔØÏÂÒ»½×¶Î×é¼þºóɾ³ý´Ë·þÎñ £¬¶øºó½«payload×¢Èësvchost.exe¡¢msdtc.exe¡¢dllhost.exeºÍWmiPrvSE.exeµÈ¹ý³Ì £¬ÆäÔ̺¬µÄ¶ñÒâÍÚ¿ó×é¼þÊÇCryptonight ¡£

Ô­ÎÄÁ´½Ó£ºhttps://blog.malwarebytes.com/threat-analysis/2019/05/hidden-bee-lets-go-down-the-rabbit-hole/