FireEye³ÆÕë¶ÔAccellion FTAµÄ¹¥»÷ÓëFIN11ÓйØ£»ÎÚ¿ËÀ¼³ÆÆäµ±¾ÖµÄ¶à¸öÍøÕ¾Ôâµ½À´×Ô¶íÂÞ˹µÄ¹¥»÷

°ä²¼¹¦·ò 2021-02-24

1.FireEye³ÆÕë¶ÔAccellion FTAµÄ¹¥»÷ÓëFIN11ÓйØ


1.jpg


°²È«¹«Ë¾FireEye³Æ £¬2020Äê12Ôµ½2021Äê1ÔÂÖ®¼äÀûÓÃAccellion FTA·þÎñÆ÷ÖÐ0dayµÄ¹¥»÷»î¶¯ÓëFIN11ÓйØ £¬²¨¼°ÁËÈ«ÇòÔ¼100¼Ò¹«Ë¾¡£ºÚ¿ÍÖØÒªÀûÓÃÁËËĸö·ì϶À´¹¥»÷FTA·þÎñÆ÷ £¬²¢×°ÖÃÁËÒ»¸öÃûΪDEWMODEµÄWeb Shell £¬À´ÏÂÔØÊܺ¦ÕßFTAÉ豸ÉÏ´æ´¢µÄÎļþ¡£ÊÜÓ°ÏìµÄ¹«Ë¾ºÍ×éÖ¯Ô̺¬Fugro¡¢Danaher¡¢Singtel¡¢Jones¡¢ÐÂÎ÷À¼´¢ÐîÒøÐкͰĴóÀûÑÇ֤ȯºÍͶ×ÊίԱ»á£¨ASIC£©µÈ¡£´Ë±í £¬ºÚ¿ÍÔÚClopµÄÊý¾ÝÐ¹Â¶ÍøÕ¾ÉÏÁгöÁ˲¿ÃŹ«Ë¾ £¬ÒÔڲƭÀÕË÷¡£


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/attacks-targeting-accellion-product-linked-fin11-cybercrime-group


2.³¬¹ý1500¸öPowerhouse VPN¿É±»ÓÃÓÚ´ó¹æÄ£DDoS¹¥»÷


2.png


×êÑÐÈËÔ±Phenomite·¢ÏÖÔ¼ÓÐ1520̨Powerhouse VPN¿É±»ÓÃÓÚ´ó¹æÄ£DDoS¹¥»÷ £¬ÖØÒªÎ»ÓÚÓ¢¹ú¡¢Î¬Ò²ÄɺÍÏã¸Û¡£Phenomite³ÆÕâ¸öеÄDDoSʸÁ¿ÊÇÔËÐÐÔÚPowerhouse VPN·þÎñÆ÷µÄUDP¶Ë¿Ú20811ÉϵÄδ֪µÄ·þÎñ £¬¹¥»÷ÕßÄܹ»ÓÃÒ»¸ö×Ö½ÚµÄÒªÇópingÕâ¸ö¶Ë¿Ú £¬·þÎñͨ³£»áÓøߴïԭʼÊý¾Ý°ü40±¶µÄÊý¾Ý°üÀ´ÏìÓ¦¡£´Ë±í £¬ÕâÖÖDDoS¹¥»÷ý½éÒѱ»ÔÚÒ°ÀûÓà £¬ÆäÖÐһЩ¹¥»÷¿ìÂʸߴï22 Gbps¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/powerhouse-vpn-products-can-be-abused-for-large-scale-ddos-attacks/


3.ÎÚ¿ËÀ¼³ÆÆäµ±¾ÖµÄ¶à¸öÍøÕ¾Ôâµ½À´×Ô¶íÂÞ˹µÄ¹¥»÷


3.png


ÎÚ¿ËÀ¼¹ú¶È°²È«Óë·ÀÓùίԱ»á£¨NSDC£©³Æ×Ô2ÔÂ18ÈÕÒÔÀ´ £¬¸Ã¹úµ±¾ÖµÄ¶à¸öÍøÕ¾Ôâµ½ÁËÀ´×Ô¶íÂÞ˹µÄDDoS¹¥»÷¡£NCCCÖ¸³ö £¬ÕâЩDDoS¹¥»÷µÄ¹æÄ£ºÜ´ó £¬²¢ÇÒ¶Ô×¼Á˹ú·ÀºÍ°²È«ÁìÓòÈ·µ±¾ÖÍøÕ¾ £¬ÖØÒªÕë¶ÔÎÚ¿ËÀ¼°²È«¾Ö¡¢ÎÚ¿ËÀ¼¹ú¶È°²È«ºÍ¹ú·ÀίԱ»áµÄÍøÕ¾ÒÔ¼°ÆäËû¹ú¶È»ú¹¹ºÍÕ½ÊõÆóÒµµÄÍøÕ¾¡£NCCCµ÷²éºó°µÊ¾ £¬ºÚ¿ÍÊ×ÏÈÏòÎÚ¿ËÀ¼µ±¾Ö·þÎñÆ÷ÉÏÖ²ÈëжñÒâÈí¼þÀ´½«ÆäÔö³¤µ½½©Ê¬ÍøÂçÖÐ £¬ÒÔÓÃÓÚÕë¶ÔÎÚ¿ËÀ¼ÆäËûÍøÕ¾µÄ½øÒ»²½DDoS¹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/


4.̸ÌìÀûÓÃClubhouse´æÔÚ·ì϶ £¬ÊµÊ±ÒôƵ¿É±»ÇÔÈ¡


4.png


̸ÌìÊÒÀûÓ÷¨Ê½Clubhouse´æÔÚ·ì϶ £¬Óû§µÄʵʱÒôƵ¿É±»ÇÔÈ¡¡£ÔÚ±¾ÖÜÄ© £¬Ò»¸öδ֪ºÚ¿ÍÇÔÈ¡Á˶à¸öClubhouse·¿¼äµÄÒôƵ²¢´«Êäµ½ÁËËûÃÇ×Ô¼ºµÄµÚÈý·½ÍøÕ¾ÖС£¾ÝϤ £¬¸ÃºÚ¿Í¿ÉÄÜÀûÓÃJavaScript¿ª·¢¹¤¾ß°ü´î½¨ÁËÆ½Ì¨ £¬ÈÆ¿ªÁËClubhouseµÄÐÅÏ¢¼ÓÃÜ»úÔìÀ´ÇÔÈ¡Êý¾Ý¡£Îª´Ë £¬¸Ã¹«Ë¾ÓÀÔ¶²»ÈÝÁ˸úڿ͵ÄÕÊ»§ £¬²¢²¿ÊðÁËеķÀ»¤´ëÊ©ÒÔÔ¤·À½«À´ÔٴβúÉúÀàËÆµÄ¹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/114891/digital-id/clubhouse-privacy-issues.html


5.VMware°ä²¼°²È«¸üР£¬½¨¸´vCenterÖеÄRCE·ì϶


5.png


VMware°ä²¼°²È«¸üР£¬½¨¸´ÁËvCenter ServerÐé¹¹»ù´¡¼Ü¹¹ÖÎÀíÆ½Ì¨ÖеÄÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©·ì϶¡£¸Ã·ì϶±»×·×ÙΪCVE-2021-21972 £¬CVSSv3¸ù»ùµÃ·ÖΪ9.8 £¬Î»ÓÚvSphere Client£¨HTML5£©ÖÐ £¬ÓµÓжԶ˿Ú443µÄÍøÂç½Ó¼ûȨÏÞ¹¥»÷Õß¿ÉÄÜ»áÀûÓø÷ì϶ÔÚÍйÜvCenter ServerµÄϵͳÉÏÒÔ²»ÊÜÏ޶ȵÄȨÏÞÖ´ÐкÅÁî¡£´Ë±í £¬ÊÜÓ°ÏìµÄvRealize Operations²å¼þ´æÔÚÓÚËùÓÐĬÈÏ×°ÖÃÖС£ÓÉÓڴ˰²È«·ì϶µÄÑϳÁÐÔ £¬VMwareÇ¿ÁÒ½¨ÒéÓû§¾¡¿ìÉý¼¶¡£


 Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-rce-bug-in-all-default-vcenter-installs/


6.CrowdStrike°ä²¼2021ÄêÈ«ÇòÍþÐ²Ì¬ÊÆµÄÔ¤²â»ã±¨


6.png


CrowdStrike°ä²¼ÁË2021ÄêÈ«ÇòÍþÐ²Ì¬ÊÆµÄÔ¤²â»ã±¨¡£»ã±¨Ö¸³ö £¬¹©¸øÁ´¹¥»÷¡¢ÀÕË÷Èí¼þ¡¢Êý¾ÝÀÕË÷ºÍÃñ×åÍþв±ÈÒÔÍùÈκÎʱ³½¶¼Ô½·¢·á˶£»eCrime¹¥»÷£¨Í¨¹ýÊÖ¶¯²Ù×÷£©Õ¼ËùÓÐÈëÇÖµÄ79£¥ £¬¶ø¹©¸øÁ´³ÉÎªÍøÂç·¸×ïµÄÒ»¸öÊ¢ÐеÄÔØÌå £¬ÓÉÓÚËüÔÊÐí¹¥»÷Õß´ÓÒ»´ÎÈëÇÖÖд«²¼¶à¸öÏÂÓÎÖ¸±ê¡£´Ë±í £¬¸Ã»ã±¨»¹³Áµã½éÉÜÁËÃñ×åÖ÷ÒåºÚ¿ÍÈôºÎÉøÈëÍøÂç²¢ÇÔÈ¡ÓмÛÖµµÄÊý¾ÝÒÔ×·ÇóCOVID-19ÒßÃç×êÑгɾÍ¡£


Ô­ÎÄÁ´½Ó£º

https://www.crowdstrike.com/blog/global-threat-report-foreword-2021/