¶ñÒâÈí¼þDark HerringÒÑϰȾÉÏÒŲ́AndroidÉ豸

°ä²¼¹¦·ò 2022-02-10

¶ñÒâÈí¼þDark HerringÒÑϰȾÉÏÒŲ́AndroidÉ豸


¾ÝýÌå1ÔÂ26ÈÕ±¨Â· £¬ZimperiumÔÚGoogle PlayÉϼì²âµ½470¿î¶ñÒâÀûÓá£ÕâЩÀûÓÃÒÑÔÚÈ«Çò³¬¹ý1.05ÒŲ́AndroidÉ豸ÉÏ×°ÖÃÁ˶ñÒâÈí¼þDark Herring £¬ËüÄܹ»Í¨¹ýÖ¸±êµÄ»°·ÑÕ˵¥ÇÔÈ¡×ʽ𡣸ûÿÔÂÏòÖ¸±êµÄ»°·ÑÕ˵¥ÖÐÔö³¤15ÃÀÔªµÄÓÃ¶È £¬ÓÚ2020Äê3Ô³õ´Î±»·¢ÏÖ £¬²¢Ò»Ïò³ÖÐøµ½È¥Äê11Ô £¬¾Ý¹À¼ÆÇÔÈ¡µÄ½ð¶î×ÜÊýÒÑ´ïÊýÒÚ¡£Ä¿Ç° £¬GoogleÒÑÔÚPlayÉ̵êÖÐɾ³ýÁËÉÏÊöµÄ¶ñÒâÀûÓá£


https://threatpost.com/dark-herring-billing-malware-android/178032/


µÂ¹úBfV³ÆAPT27ÍÅ»ïÀûÓÃHyperBro¹¥»÷ÆäóÒ××éÖ¯ 


1ÔÂ26ÈÕ £¬µÂ¹úÁª¹úÏÜ·¨±£»¤°ì¹«ÊÒ(BfV)°ä²¼¹«¸æ £¬³ÆAPT27ÍÅ»ïÔÚ¹¥»÷ÆäóÒ××éÖ¯¡£APT27±ðÃûEmissary Panda £¬×Ô2010ÄêÒÔÀ´Ò»Ïò»îÔ¾¡£BfV³Æ £¬×Ô2021Äê3ÔÂÒÔÀ´ £¬APT27Ò»ÏòÔÚÀûÓÃMicrosoft ExchangeºÍZoho AdSelf Service Plus1Èí¼þÖеķì϶¹¥»÷µÂ¹úµÄ¹«Ë¾¡£´Ë±í £¬»¹ÀûÓÃÁËHyperBro RAT £¬Ö¼ÔÚÇÔȡָ±êµÄÊý¾Ý £¬²¢ÊÔͼÕë¶ÔÆä¿Í»§ÌáÒ鹩¸øÁ´¹¥»÷¡£


https://securityaffairs.co/wordpress/127230/apt/german-intel-warns-apt27-attacks.html


¹¥»÷ÕßÀûÓÃ800¶à¸öÍøÕ¾·Ö·¢Õë¶Ô°ÍÎ÷µÄÒøÐÐľÂíChaes


ýÌå1ÔÂ26ÈÕ±¨Â· £¬¹¥»÷ÕßʹÓÃ800¶à¸öÒѱ»ÈëÇÖµÄWordPressÍøÕ¾·Ö·¢Õë¶Ô°ÍÎ÷µÄÒøÐÐľÂíChaes¡£µ±Ö¸±ê½Ó¼û±»Ï°È¾ÍøÕ¾Ê± £¬»á±»ÒªÇó×°ÖÃÒ»¸ö¼ÙµÄJava RuntimeÀûÓ᣸ÃMSI×°Ö÷¨Ê½Ô̺¬Èý¸ö¶ñÒâJavaScriptÎļþ£ºinstall.js¡¢sched.js¡¢sucesso.js £¬ËüÃÇΪÏÂÒ»½×¶ÎµÄ¼ÓÔØ·¨Ê½³ï±¸Python»·¾³¡£Avast°µÊ¾ £¬ÒѼì²âµ½ÁË5ÖÖ·ÖÆçµÄ¶ñÒâChromeÀ©´ó·¨Ê½¡£Ä¿Ç° £¬¸Ã°²È«¹«Ë¾ÒÑ֪ͨ°ÍÎ÷CERT £¬µ«¹¥»÷»î¶¯ÈÔÔÚ½øÐÐÖС£


https://www.bleepingcomputer.com/news/security/chaes-banking-trojan-hijacks-chrome-with-malicious-extensions/


Bitdefender·¢ÏÖ´ó¹æÄ£·Ö·¢FluBotºÍTeaBotµÄ»î¶¯


1ÔÂ26ÈÕ±¨Â·³Æ £¬ÐµÄFluBotºÍTeaBot¶ñÒâÈí¼þ·Ö·¢»î¶¯ÔÚÕë¶Ô°Ä´óÀûÑÇ¡¢µÂ¹ú¡¢²¨À¼¡¢Î÷°àÑÀºÍÂÞÂíÄáÑǵÄAndroidÓû§¡£Bitdefender Labs×Ô2021Äê12ÔÂÒÔÀ´ £¬½Ø»ñÁ˳¬¹ý10ÍòÌõ¶ñÒâ¶ÌÐÅ £¬Ö¼ÔÚ´«²¼FluBot¡£¸Ã¹«Ë¾»¹³Æ £¬TeaBotÒÑÂŴγʴ˿ÌGoogle PlayÉ̵êÖÐ £¬2021Äê12ÔÂ6ÈÕµ½2022Äê1ÔÂ17ÈÕ £¬ËûÃǼì²âµ½17¸ö·ÖÆç°æ±¾µÄTeaBotͨ¹ý¶à¸ö¶ñÒâÀûÓÃϰȾÉ豸¡£


https://www.bleepingcomputer.com/news/security/new-flubot-and-teabot-campaigns-target-android-devices-worldwide/


DiscordÒòAPIºÍÊý¾Ý¿â³öÏÖÎÊÌâµ¼Ö´ó¹æÄ£·þÎñÖжÏ


1ÔÂ26ÈÕ £¬Discord²úÉúÁË´ó¹æÄ£ÖжϵÄÇé¿ö £¬µ¼ÖÂÓû§ÎÞ·¨µÇ¼·þÎñ»òʹÓÃÓïÒô̸Ìì¡£ÖÐ¶ÏÆðÍ·ÓÚÃÀ¹ú¶«²¿±ê¶¨¹¦·òÏÂÎç2:49 £¬×î³õÊÇÓÉAPIÖжÏÒýÆðµÄ £¬µ¼Ö¶à¸ö·þÎñÎÞ·¨Ï໥ͨѶ¡£È»¶ø £¬ÔÚ½â¾öAPIÎÊÌâºó £¬Discord·¢ÏÖÊý¾Ý¿â¼¯Èº³öÏÖÎÊÌâ £¬Õâµ¼ÖÂÁ˸ü¶àÎÊÌâ¡£¸Ã¹«Ë¾ÔÚ½¨¸´ÓÐÎÊÌâµÄÊý¾Ý¿â¼¯ÈºÊ±ÆðÍ·Ï޶ȵǼ¿ìÂÊ £¬ÒÔÔ¤·À·þÎñÆ÷¹ýÔØ £¬Ö±µ½ÏÂÎç5:12×óÓÒ £¬Ï޿챻ȡµÞ¡£


https://www.bleepingcomputer.com/news/technology/major-discord-outage-caused-by-api-and-database-issues/


΢ÈíAzureÔÆÆ½Ì¨³É¹¦Õмܸߴï3.47 TbpsµÄDDoS¹¥»÷


΢ÈíÔÚ1ÔÂ25ÈÕ°ä²¼µÄ»ã±¨³Æ £¬ÆäAzureÒÑÕмÜÁ˸ߴï3.47 TbpsµÄDDoS¹¥»÷¡£11Ô £¬Î¢ÈíÑÇÖÞµÄÒ»¸ö¿Í»§Ôâµ½ÁË3.47 TbpsºÍÿÃë3.4ÒÚÊý¾Ý°ü(pps)µÄDDoS¹¥»÷ £¬Õâ±»ÒÔΪÕâÊǺ¹ÇàÉÏ×î´ó¹æÄ£µÄ¹¥»÷¡£Õâ´Î¹¥»÷À´×ÔԼĪ10000¸öÔ´ £¬Éæ¼°Öйú¡¢º«¹ú¡¢¶íÂÞ˹¡¢Ì©¹ú¡¢Ó¡¶È¡¢Ô½ÄÏ¡¢ÒÁÀÊ¡¢Ó¡¶ÈÄáÎ÷Ñǵȶà¸ö¹ú¶È¡£¹¥»÷ÏòÁ¿ÊÇʹÓÃSSDP¡¢CLDAP¡¢DNSºÍNTPÔÚ80¶Ë¿ÚÉϵÄUDP·´Éä £¬×ÜÌå¹¥»÷³ÖÐøÁËԼĪ15·ÖÖÓ¡£


https://azure.microsoft.com/en-us/blog/azure-ddos-protection-2021-q3-and-q4-ddos-attack-trends/


°²È«¹¤¾ß


jfrog-npm-tools


JFrog°ä²¼Èý¿î¿ªÔ´¹¤¾ß £¬¿É´Ó npm °üÖÎÀíÆ÷ÏÂÔØºÍ×°ÖöñÒâ JavaScript °ü֮ǰ¶ÔÆä½øÐÐÏóÕ÷¡£


https://github.com/jfrog/jfrog-npm-tools


EtherNet/IP & CIP Stack Detector


°²È«¹«Ë¾ Claroty°ä²¼ÐµĿªÔ´¹¤ÓµÓÐÖúÓÚ¼ø±ðÓÃÓÚ ICS ×êÑкͷÖÎöµÄ EtherNet/IP ²Ö¿â¡£


https://www.securityweek.com/new-open-source-tool-helps-identify-ethernetip-stacks-ics-research-analysis


Wireshark Forensics Toolkit 


¿çƽ̨µÄ Wireshark ²å¼þ £¬¿É½«ÍøÂçÁ÷Á¿Êý¾ÝÓëÍþвµý±¨¡¢×ʲú·ÖÀàºÍ·ì϶Êý¾Ý¹ØÁªÆðÀ´ £¬ÒÔ¼Ó¿ìÍøÂçȡ֤·ÖÎö¡£


https://github.com/rjbhide/wireshark-forensics-plugin


T-Reqs


ÊÇÒ»ÖÖ»ùÓÚÓï·¨µÄ HTTP Fuzzer¡£


https://github.com/bahruzjabiyev/T-Reqs-HTTP-Fuzzer


DotGit


²é³­ .git ÊÇ·ñÔÚ½Ó¼ûµÄÍøÕ¾Öж³öµÄÀ©´ó¡£


https://github.com/davtur19/DotGit


°²È«·ÖÎö


°×¹¬µ«Ô¸ÃÀ¹úµÐÔÖʹÓÃÁãÐÅÀµ°²È«Ä£ÐÍ


https://www.bleepingcomputer.com/news/security/white-house-wants-us-govt-to-use-a-zero-trust-security-model/



΢ÈíÖҸ洹µö OAuth ÀûÓ÷¨Ê½


https://blog.malwarebytes.com/privacy-2/2022/01/microsoft-warns-of-phishy-oauth-apps/


¹È¸èÉÕ»Ù FLoC ²¢ÒýÈëÖ÷Ìâ API À´´úÌæ¸æ°×µÄ¸ú×Ù Cookie


https://thehackernews.com/2022/01/google-drops-floc-and-introduces-topics.html


ÀÕË÷Èí¼þ¹¥»÷ÕßʹÓõķì϶¼¤Ôö 29%


https://www.infosecurity-magazine.com/news/29-surge-bugs-used-ransomware/


Let's Encrypt ÔÚÁ½ÌìÄÚ³·Ïú´óÁ¿ SSL Ö¤Êé


https://www.bleepingcomputer.com/news/security/lets-encrypt-is-revoking-lots-of-ssl-certificates-in-two-days/


Malwarebytes°ä²¼¹ØÓÚKONNI RATµÄ¼¼Êõ·ÖÎö»ã±¨


https://blog.malwarebytes.com/threat-intelligence/2022/01/konni-evolves-into-stealthier-rat/