з¢ÏÖµÄ RustDoor ¶ñÒâÈí¼þ¼ÙÒâ Visual Studio ¸üÐÂ

°ä²¼¹¦·ò 2024-02-22
1. з¢ÏÖµÄ RustDoor ¶ñÒâÈí¼þ¼ÙÒâ Visual Studio ¸üÐÂ


2ÔÂ20ÈÕ £¬Ð·¢ÏÖµÄ Apple macOS ºóÃÅÃûΪ RustDoor £¬Ëüͨ¹ý¸´ÔӵĶñÒâÈí¼þ»î¶¯Õë¶Ô¼ÓÃÜÇ®±ÒÁìÓòµÄ¶à¼Ò¹«Ë¾¡£¸Ã¶ñÒâÈí¼þѡȡ Rust ¿ª·¢ £¬¿ÉÔÚ»ùÓÚ Intel µÄ¼Ü¹¹ºÍ ARM ¼Ü¹¹ÉÏÔËÐС£Bitdefender µÄ×êÑÐÈËÔ±ÖÁÉÙ´Ó 2023 Äê 11 ÔÂÆð¾ÍÒ»ÏòÔÚ¸ú×ٸöñÒâÈí¼þ £¬·¢ÏÖËüÓëÓë³ôÃûÔ¶ÑïµÄALPHV/BlackCat ÀÕË÷Èí¼þÍÅ»ïÓÐ¹ØµÄ C2 ·þÎñÆ÷½øÐÐͨѶ¡£RustDoor ÖØÒª×÷Ϊ Visual Studio for Mac µÄ¸üз¨Ê½½øÐзַ¢ £¬ÓµÓÐ·ÖÆçµÄÃû³Æ,Èç¡°zshrc2¡±¡¢¡°Previewers¡±¡¢¡°VisualStudioUpdater¡±¡¢¡°VisualStudioUpdater_Patch¡±¡¢¡°VisualStudioUpdating¡±¡¢¡°visualstudioupdate¡±ºÍ¡°DO_NOT_RUN_ChromeUpdates¡±¡£Ï°È¾ÏµÍ³ºó £¬¶ñÒâÈí¼þÓë C2 ·þÎñÆ÷ͨѶÒÔ½ÚÔìÊÜϰȾµÄϵͳ¡¢Ö´Ðй¤×÷²¢ÇÔÈ¡Êý¾Ý¡£


https://cyware.com/news/newly-discovered-rustdoor-malware-impersonates-visual-studio-update-148f6632/?web_view=true


2.Earth Preta Õë¶ÔÑÇÖ޵Ĺ¥»÷»î¶¯£ºDOPLUGS ¶ñÒâÈí¼þÍþв


2ÔÂ20ÈÕ £¬Check Point µÄÉî¿ÌÍþв·ÖÎö²ûÁËÈ»¸ß¼¶³ÖÐøÍþв (APT) ×éÖ¯ Earth Preta µÄ³ÖÐøÐж¯¡£Ö»¹ÜÆäÅ·Ö޻Êܵ½¿í·º¼à¿Ø £¬µ«²»³É·ñ¶¨µÄÊÇ £¬Æä¶ÔÑÇÖÞÖ¸±êµÄ¸ß¶È¹Ø×¢¡£Õâ¿Ï¶¨ÔìÕ½ÊõµÄ¹Ø¼üÊÇÒ»ÖÖÃûΪ DOPLUGS µÄ¶¨Ôì¶ñÒâÈí¼þ £¬ËüÊÇ×î½üһϵÁÐÈëÇÖÖÐÀûÓõĹؼü¹¤¾ß¡£·ÖÎöÅú×¢ £¬ÕâÖÖ¶¨ÔìµÄ PlugX ±äÌåÔ¶·ÇµäÐÍ¡£Check Point µÄ×êÑÐÈËÔ±Òâʶµ½Æä¹ÖÒìµÄÊôÐÔ £¬²¢½«Æä¶¨ÃûΪ DOPLUGS¡£ÓëÓµÓÐÈ«Ì׺óÃźÅÁîµÄ´«Í³ PlugX ¶ñÒâÈí¼þ·ÖÆç¡£ÓÐȤµÄÊÇ £¬Check Point ·¢ÏÖÁË¿ÉÄÜÀûÓá°KillSomeOne¡±USB È䳿²¡¶¾µÄ DOPLUGS ±äÌ壨×î³õÓÚ 2020 ÄêÆØ¹â£©¡£ÕâÒ»Ôö³¤µÄά¶Å×ÐÖúÓÚÔÚÊÜϰȾµÄÍøÂçÖм±¾çÒÆ¶¯ £¬Í¹ÏÔÁËÍþв×éÖ¯×êÓª¸ü¿í·ºµÄÉøÈë¡£


https://securityonline.info/earth-pretas-targeted-asian-campaigns-the-doplugs-malware-threat/


3.DNS ·ì϶ KeyTrap ¿Éµ¼Ö»¥ÁªÍø´óÁìÓòµÄÖжÏ


2ÔÂ21ÈÕ £¬Ö»¹ÜËü×Ô 2000 ÄêÒÔÀ´¾ÍÒ»Ïò´æÔÚ £¬µ«×êÑÐÈËÔ±×î½ü²Å·¢ÏÖÓòÃûϵͳ (DNS) °²È«À©´óÖеÄÒ»¸ö¸ù»ùÉè¼ÆÈ±µã £¬¸ÃȱµãÔÚijЩÇé¿öÏ¿ÉÄܻᱻÀûÓÃÀ´·ÛËé´óÁìÓòµÄ»¥ÁªÍø¡£DNS ·þÎñÆ÷½«ÍøÕ¾ URL ת»»Îª IP µØÖ· £¬²¢ÇÒÔÚ´óÎÞÊýÇé¿öϲ»Ë½¼û½â³ÐÔØËùÓл¥ÁªÍøÁ÷Á¿¡£ÕâÒ»·¢ÏÖ±³ºóµÄÍŶÓÀ´×Ե¹ú ATHENE ¹ú¶ÈÀûÓÃÍøÂ簲ȫ×êÑÐÖÐÐÄ¡£ËûÃǽ«¸Ã°²È«·ì϶¶¨ÃûΪ¡°KeyTrap¡± £¬±àºÅΪCVE-2023-50387¡£Æ¾¾ÝËûÃǹØÓÚ KeyTrap DNS ÃýÎóµÄл㱨 £¬×êÑÐÈËÔ±·¢ÏÖ £¬Ê¹Óà DNSSEC À©´ó·¢Ë͵½ DNS ·þÎñÆ÷ʵÏÖÀ´ÑéÖ¤Á÷Á¿µÄµ¥¸öÊý¾Ý°ü¿ÉÄÜ»áÆÈʹ·þÎñÆ÷½øÈë½âÎöÑ­»· £¬´Ó¶øµ¼ÖÂÆä¿÷ËðËùÓÐ×Ô¼ºµÄÍÆËãÄÜÁ¦¡£Æ¾¾Ý¸Ã»ã±¨ºÍ ISC µÄ˵·¨ £¬ºÃÐÂÎÅÊÇ £¬µ½Ä¿Ç°ÎªÖ¹ £¬»¹Ã»ÓÐÈκÎ×Ô¶¯ÀûÓõÄÖ¤¾Ý¡£


https://www.darkreading.com/cloud-security/keytrap-dns-bug-threatens-widespread-internet-outages


4. Joomla Ô¶³Ì´úÂëÖ´Ðзì϶ CVE-2024-21726


2ÔÂ20ÈÕ £¬×êÑÐÍŶÓ×î½üµÄÒ»Ïî·¢ÏÖ¶³öÁËÊ¢ÐеÄJoomlaÄÚÈÝÖÎÀíϵͳ (CMS)ÖеÄÒ»¸ö³ÁÒªµÄ°²È«ÎÊÌâ¡£´Ë·ì϶ָ¶¨ÎªCVE-2024-21726 £¬Îª¶àÖÖ¿çÕ¾¾ç±¾ (XSS) ¹¥»÷´ò¿ªÁË´óÃÅ £¬¹¥»÷ÕßÄܹ»ÀûÓôËȨÏÞÇÔÈ¡Ãô¸ÐÊý¾Ý¡¢³Á¶¨ÏòÍøÕ¾Á÷Á¿¡¢·ÛËéÍøÕ¾»ò×°ÖÃÓÆ¾ÃÐÔ¶ñÒâÈí¼þÒÔ½øÒ»²½·çÏÕ¡£Joomla Ðж¯Ñ¸¿ì £¬°ä²¼Á˲¹¶¡°æ±¾£¨5.0.3¡¢4.4.3¡¢3.10.15-elts£©£©¡£¿ÉÔö³¤ Web ÀûÓ÷¨Ê½·À»ðǽ (WAF) ºÍ¶¨ÆÚ¶ñÒâÈí¼þɨÃè £¬ÒÔÔö³¤Õë¶Ô¹¥»÷µÄ¶î±í·®À顣ǿÔìÖ´ÐÓ×°×îÓ×ȨÏÞ¡±Õ½Êõ £¬½öÏò±ØÒªÆëÈ«ÍøÕ¾½ÚÔìµÄÈËÔ±ÊÚÓèÖÎÀí½Ó¼ûȨÏÞ¡£


https://securityonline.info/cve-2024-21726-patch-now-to-stop-joomla-remote-code-execution/


5. VMware ¶½´ÙÓû§Ð¶ÔØÒÑÆúÓõļÓÇ¿ÐÍÉí·ÝÑéÖ¤²å¼þ


2ÔÂ21ÈÕ £¬ÔÚ·¢ÏÖÑϳÁ°²È«·ì϶ºó £¬VMware ¶½´ÙÓû§Ð¶ÔØÒÑÆúÓõļÓÇ¿ÐÍÉí·ÝÑéÖ¤²å¼þ (EAP)¡£¸Ã·ì϶±àºÅΪCVE-2024-22245£¨CVSS ÆÀ·Ö£º9.6£© £¬±»ÃèÊöΪËÁÒâÉí·ÝÑéÖ¤ÖмÌÃýÎó¡£¶ñÒâÐÐΪÕß¿ÉÄÜ»áºýŪÔÚÍøÂçä¯ÀÀÆ÷ÖÐ×°ÖÃÁË EAP µÄÖ¸±êÓòÓû§ £¬ÒªÇó²¢×ª·¢ËÁÒâ Active Directory ·þÎñÖ÷ÌåÃû³Æ (SPN) µÄ·þÎñƱ֤¡£EAPÊÇÒ»¸öÈí¼þ°ü £¬Ö¼ÔÚÔÊÐíͨ¹ý Web ä¯ÀÀÆ÷Ö±½ÓµÇ¼ vSphere µÄÖÎÀí½çÃæºÍ¹¤¾ß £¬×Ô 2021 Äê 3 ÔÂÆðÒÑÆúÓá£Ä¬ÈÏÇé¿öϲ»Ô̺¬Ëü £¬Ò²²»ÊôÓÚ vCenter Server¡¢ESXi »ò Cloud Foundation¡£ÖµµÃÖ¸³öµÄÊÇ £¬ÕâЩȱµã½öÓ°ÏìÒѽ« EAP Ôö³¤µ½ Microsoft Windows ϵͳÒÔͨ¹ý vSphere Client Ïνӵ½ VMware vSphere µÄÓû§¡£


https://thehackernews.com/2024/02/vmware-alert-uninstall-eap-now-critical.html


6. Linux ¶ñÒâÈí¼þ»î¶¯ Migo ¶Ô×¼ Redis ½øÐÐÍÚ¿ó


2ÔÂ20ÈÕ £¬°²È«×êÑÐÈËÔ±·¢ÏÖÁËÕë¶ÔÊ¢ÐÐÊý¾Ý´æ´¢ÏµÍ³ Redis µÄ¸´ÔÓ¶ñÒâÈí¼þ»î¶¯¡£¸Ã»î¶¯±»³ÆÎª¡°Migo¡± £¬Ñ¡È¡ÐÂÏʵÄÕ½ÊõÀ´·ÛËé Redis ·þÎñÆ÷ £¬×îÖÕÖ¸±êÊÇÔÚ Linux Ö÷»úÉÏÍÚ¾ò¼ÓÃÜÇ®±Ò¡£³ö¸ñÊÇ £¬Cado °²È«³¢ÊÔÊÒ×êÑÐÈËÔ±¹Û²ìµ½ £¬Migo ÀûÓÃÐ嵀 Redis ϵͳÈõ»¯ºÅÁîÀ´ÀûÓÃÊý¾Ý´æ´¢½øÐмÓÃܽٳÖ¡£Óë֮ǰÕë¶Ô Redis µÄ¹¥»÷·ÖÆç £¬´Ë»î¶¯ÒýÈëÁ˹ÖÒìµÄ¼¼ÊõÀ´·çÏÕϵͳµÄ°²È«¡£¹¥»÷µÄ³õʼ½Ó¼û½×¶ÎÉæ¼°Ê¹ÓÃÌØ¶¨µÄ CLI ºÅÁî½ûÓà Redis µÄ¸÷ÀàÅäÖÃÑ¡Ïî¡£ÀýÈç £¬¹¥»÷Õ߹عر£»¤Ä£Ê½ºÍ¸±±¾Ö»¶ÁµÈÖ°ÄÜÒÔÍÆ½øÆä¶ñÒâ»î¶¯¡£»ñµÃ½Ó¼ûȨÏÞºó £¬¹¥»÷ÕßÉèÖÃÁËһϵÁкÅÁîÀ´Ö´ÐÐ´Ó Transfer.sh ºÍ Pastebin µÈ±í²¿ÆðÔ´¼ìË÷µ½µÄ¶ñÒâ¸ºÔØ¡£ÕâЩÓÐЧ¸ºÔØÖ¼ÔÚÔÚºó¶ÜÍÚ¾ò¼ÓÃÜÇ®±Ò £¬Í¬Ê±Î¬³Ö²»±»·¢ÏÖ¡£


https://www.infosecurity-magazine.com/news/linux-malware-migo-targets-redis/