LiteSpeed Cache²å¼þ·ì϶µ¼ÖÂÊý°ÙÍòWordPressÍøÕ¾Ãæ¶Ô±»¿Ø·çÏÕ

°ä²¼¹¦·ò 2024-08-23
1. LiteSpeed Cache²å¼þ·ì϶µ¼ÖÂÊý°ÙÍòWordPressÍøÕ¾Ãæ¶Ô±»¿Ø·çÏÕ


8ÔÂ21ÈÕ  £¬LiteSpeed Cache×÷ΪWordPressƽ̨ÉÏÒ»¿î¹ãÊÜÓ­½ÓµÄÍøÕ¾¼Ó¿ì²å¼þ  £¬½üÆÚ±»·¢ÏÖ´æÔÚÒ»¸öÑϳÁ°²È«·ì϶£¨CVE-2024-28000£©  £¬¸Ã·ì϶ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õßͨ¹ý´´½¨¶ñÒâÖÎÀíÔ¹ØË»§À´½ÚÔìÊý°ÙÍò¸öÍøÕ¾¡£¸Ã·ì϶ԴÓÚLiteSpeed Cache 6.3.0.1¼°ÒÔÉϰ汾ÖÐÓû§·ÂÕÕÖ°ÄܵÄÈõ¹þϣУÑéÎÊÌâ¡£°²È«×êÑÐÔ±John BlackbournÓÚ8Ô³õ»ã±¨ÁË´Ë·ì϶  £¬LiteSpeedÍŶÓѸ¿ìÏìÓ¦  £¬²¢ÓÚ8ÔÂ13ÈÕ°ä²¼ÁËÔ̺¬½¨¸´²¹¶¡µÄ6.4°æ±¾¡£´Ë·ì϶µÄÑϳÁÐÔÔÚÓÚ  £¬Ò»µ©³É¹¦ÀûÓà  £¬¹¥»÷ÕßÄܹ»»ñÈ¡ÖÎÀíԱȨÏÞ  £¬½ø¶ø×°ÖöñÒâ²å¼þ¡¢´Û¸ÄÍøÕ¾ÉèÖᢳÁ¶¨ÏòÁ÷Á¿ÖÁ¶ñÒâÕ¾µã¡¢·Ö·¢¶ñÒâÈí¼þ»òÇÔÈ¡Óû§Êý¾Ý¡£×êÑÐÈËÔ±Ö¸³ö  £¬Í¨¹ý±©Á¦ÆÆ½â¹þÏ£ÖµµÄ·½Ê½  £¬¹¥»÷Õß¿ÉÄÜÔڶ̹¦·òÄÚʵÏÖ¶ÔÌØ¶¨Óû§IDµÄÖÎÀíÔ±¼¶½Ó¼û  £¬ÓÈÆäµ±Ê¹Óó£¼ûµÄÓû§ID£¨Èç1£©Ê±  £¬³É¹¦Âʸü¸ß¡£Ö»¹ÜLiteSpeedÒѰ䲼½¨¸´°æ±¾  £¬µ«¼øÓÚWordPress¹Ù·½²å¼þ¿âÏÂÔØÊý¾ÝÏÔʾ½öÓаëÊýÍøÕ¾¸üР £¬Ôü×Ò³¬¹ýÒ»°ëµÄÓû§ÈÔÃæ¶Ô·çÏÕ¡£½¨ÒéËùÓÐʹÓÃLiteSpeed CacheµÄWordPressÍøÕ¾ÖÎÀíÔ±µ±¼´Éý¼¶ÖÁ×îа汾¡£


https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-millions-of-wordpress-sites-to-takeover-attacks/


2. ÎÚ¿ËÀ¼MonobankÔâ´ó¹æÄ£DDoS¹¥»÷  £¬¾è¿î·þÎñ³ÉºÚ¿ÍÖ¸±ê


8ÔÂ19ÈÕ  £¬ÎÚ¿ËÀ¼³ÛÃûÍøÉÏÒøÐÐMonobank½üÆÚÔâ·êÁËǰËùδÓеĴó¹æÄ£É¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷  £¬Õâ´Î¹¥»÷ÓÈÆäÕë¶ÔÆäÓÃÓÚΪÎÚ¿ËÀ¼¾ü¶Ó³ï¼¯¾è¿îµÄÔÚÏß·þÎñ¡£´ÓÖÜÎåÍíÖÁÖÜÒ»Ôç  £¬¹¥»÷·åÖµ´ïµ½Ã¿Ãë75ÒÚ´ÎÒªÇó  £¬¹æÄ£Òì³£ÖØ´ó  £¬Ö»¹Üδֱ½ÓÓ°ÏìÒøÐÐÖ÷ÌâÒµÎñÔËÐÐ  £¬µ«Í¹ÏÔÁ˰²È«ÌôÕ½µÄÑϸñÐÔ¡£MonobankѸ¿ì½áºÏÎÚ¿ËÀ¼°²È«ÊýÃż°ÑÇÂíÑ·ÔÆ·þÎñר¼Ò½øÐзÀÓù  £¬ÓÐЧ»º½âÁ˹¥»÷ѹÁ¦¡£ÖµÍ×ÌùÐĵÄÊÇ  £¬Monobank½öͨ¹ýÒÆ¶¯ÀûÓÃÌṩ·þÎñ  £¬ÕâÒ»¸öÐÔʹÆä³ÉΪºÚ¿ÍµÄ³Áµã¹¥»÷¶ÔÏó¡£´Ëǰ  £¬¸ÃÒøÐÐÔÚ1ÔÂÒÑÔâ·ê¹ýÒ»´ÎDDoS¹¥»÷  £¬ÈýÈÕÄÚ½Ó¹ÜÁË5.8ÒÚÌõÀ¬»øÒªÇó¡£Õâ´Î¹¥»÷Ö÷ÕÅÃ÷È·  £¬Ö¼ÔÚ·ÛËéÎÚ¿ËÀ¼Ãñ¶àͨ¹ýMonobankƽ̨±ã½ÝµØÎª¾ü¶Ó¾è¿îµÄÇþ·  £¬¸Ã·þÎñÔÊÐíÓû§´´½¨Ð鹹Ǯ°ü²¢Í¨¹ýÉ罻ýÌå·ÖÏí  £¬¼ò»¯¾è¿îÁ÷³Ì¡£MonobankÊ×ϯִÐйÙOleh HorokhovskyiÖ¸³ö  £¬´ÓǰÈýÄê¼ä  £¬¸Ãƽ̨³ÖÐø²»Ðݵľè¿î»î¶¯¿ÉÄÜ´¥Å­Á˵жÔÈ¨ÊÆ  £¬´ÙʹËûÃDzÉÈ¡¼«¶Ë¼¿Á©ÊÔͼ̱»¾·þÎñ¡£Ö»¹ÜÒøÐаµÊ¾¶íÂÞ˹¿ÉÄÜΪÕâ´Î¹¥»÷µÄÄ»ºó²ß¶¯Õß  £¬µ«²¢Î´¹«¿ª¾ßÌåÖ¤¾Ý¡£HorokhovskyiÇ¿µ÷  £¬MonobankÒѳÉΪÎÚ¿ËÀ¼ITÁìÓòÔâ·ê×îÑϳÁ¹¥»÷µÄÖ¸±êÖ®Ò»¡£


https://therecord.media/ukraine-monobank-ddos-attack-donations


3. ÒÁÀÊAPT×éÖ¯GreenCharlie¶ÔÃÀ¹úÕþÖλÌáÒéÍøÂç¹¥»÷


8ÔÂ21ÈÕ  £¬Insikt Group×îа䲼µÄ»ã±¨½ÒʾÁËÒÁÀÊÖ§³ÖµÄ¸ß¼¶³ÖÐøÐÔÍþв×éÖ¯GreenCharlieµÄÒþÃØÐж¯  £¬¸Ã×éÖ¯±»Ö¸ÓëÕë¶ÔÃÀ¹úÕþÖλµÄÍøÂç¹¥»÷ÓйØÁª  £¬ÇÒÊÜÒÁÀʸïÃüÎÀ¶Óµý±¨×éÖ¯(IRGC-IO)Ö¸»Ó¡£×Ô2024Äê5ÔÂÆð  £¬GreenCharlie¹¹½¨²¢À©´óÁËÆä¶ñÒâ»ù´¡ÉèÊ©ÍøÂç  £¬Õë¶Ôµ±¾Ö¹ÙÔ±¡¢±í½»¹ÙµÈ¸ß¼ÛÖµÖ¸±êÖ´ÐÐÍøÂç¼äµý»î¶¯¡£Æä»ù´¡ÉèÊ©ÀûÓö¯Ì¬DNS·þÎñºÍ¶àÖÖ¶¥¼¶ÓòÃû  £¬ÍƽøÍøÂç´¹µöºÍ¶ñÒâÈí¼þ´«²¼¡£»ã±¨Ç¿µ÷  £¬GreenCharlieʹÓÃÔ̺¬GORBLE¡¢POWERSTARºÍNokNokÔÚÄڵĸ´ÔÓ¶ñÒâÈí¼þ¼Ò×å  £¬Í¨¹ýÓã²æÊ½ÍøÂç´¹µö¼¿Á©ÇÔÈ¡Ãô¸ÐÐÅÏ¢  £¬ÕâЩ¶ñÒâÈí¼þ¼Ò×å¼ä´æÔÚÏÔÖø´úÂë³Áµþ  £¬ÏÔʾÆä±äÖÖ¼äµÄçÇÃÜÁªÏµ¡£´Ë±í  £¬GreenCharlieƵÈÔʹÓÃÒÁÀÊIPµØÖ·Óë»ù´¡ÉèʩͨѶ  £¬½øÒ»²½Ö¤ÊµÁËÆäÓëÒÁÀʵÄçÇÃÜÁªÏµ¼°µý±¨ÍøÂçÕ½Êõ¡£Îª¸²¸Ç»î¶¯  £¬GreenCharlie»¹Ñ¡È¡ÁËÔ̺¬ProtonVPNºÍProtonMailÔÚÄڵļÓÃÜ·þÎñ  £¬ÕâÊÇÒÁÀÊAPT¼¯ÌåµÄ¹ßÓÃÊÖ·¨¡£ÆäÍøÂç´¹µö²Ù×÷¼«Æäµó»¬  £¬Í¨¹ýαÔìºÏ·¨·þÎñÓòÃûÓÕÆ­Êܺ¦Õß¡£Ç¿ÁÒ½¨Òé²Î¼ÓÕþÖλµÄ×éÖ¯  £¬ÓÈÆäÊÇÃÀ¹úµÄÓйØ×éÖ¯Ìá¸ß¾¯Ìè¡£


https://securityonline.info/iranian-apt-greencharlie-escalates-threats-against-us-political-targets-using-gorble-and-powerstar-malware/


4. ʯÓ;ÞÍ·HalliburtonÔâ·ê»ùÓÚÔÆµÄÍøÂç¹¥»÷


8ÔÂ21ÈÕ  £¬È«ÇòµÚ¶þ´óÓÍÌï·þÎñ¹«Ë¾HalliburtonÈ·ÈÏÔâ·êÁËÍøÂç¹¥»÷  £¬¸ÃÊÂÎñÒÑ´Ùʹ¹«Ë¾´¹Î£ÅúʾԱ¹¤È«Ãæ¶Ï¿ªÓëÄÚ²¿ÍøÂçµÄÏνÓ  £¬ÒÔÔ¤·ÀDZÔÚµÄÊý¾Ýй¶»òϵͳÇÖº¦¡£¹«Ë¾½²»°ÈËѸ¿ì»ØÓ¦  £¬°µÊ¾ÒѾõ²ìµ½ÏµÍ³ÊÜÓ°ÏìµÄÇé¿ö  £¬²¢ÕýÈ«Á¦ÆÀ¹À¹¥»÷µÄÔ­Òò¼°¿ÉÄÜ´øÀ´µÄºó¹û¡£ÎªÓ¦¶ÔÕâ´ÎÎ £»ú  £¬Halliburton¼¤»îÁ˼ȶ¨µÄÓ¦¼±´òËã  £¬ÆäITÍŶÓÕý»ý¼«Ð­Í¬±í²¿¶¥¼âר¼Ò¹²Í¬´¦ÖÃÕâÒ»ÎÊÌâ¡£×÷ΪҵÎñ±é²¼70¸ö¹ú¶È¡¢Õ¼Óг¬4ÍòÃû¹ú¼ÊÔ±¹¤µÄÐÐÒµ¾ÞÍ·  £¬HalliburtonÔÚÄÜÔ´·þÎñÁìÓò±íÑÝמÙ×ãÇá³ÁµÄ½ÇÉ«  £¬Ìṩ´Ó¼¼Êõ·þÎñ¡¢É豸¹©¸øµ½×ê¾®¡¢Á¶Óͼ°Ë®Á¦Ñ¹ÁÑ×÷ÒµµÄÈ«Á´Ìõ·þÎñ¡£Õâ´Î¹¥»÷²»½öÓ°ÏìÁËÆäλÓÚÃÀ¹úÐÝ˹¶Ù¼°µÏ°ÝÁ½´ó×ܲ¿µÄÔËÓª  £¬»¹²¨¼°ÁËÈ«ÇòÁìÓòÄڵIJ¿ÃÅÒµÎñÍøÂç¡£É罻ýÌåÉÏ  £¬ÓйØHalliburtonÔâ·êÔÆ°²È«¹¥»÷µÄÐÂÎÅѸ¿ì´«²¼  £¬Ò»Ð©ÆÀÂÛÕßÓÇÓôµØÖ¸³ö  £¬¹ý¶ÈÒÀÀµÔÆÍÆËã¿ÉÄܼӾçÁËÕâ´ÎÊÂÎñµÄÑϳÁÐÔ¡£Ä¿Ç°ÉÐÎÞÈκÎÍøÂç·¸×ï×éÖ¯Õ¾³öÀ´Ðû³Æ¶ÔHalliburtonÔâ·êµÄÏ®»÷ÕÆ¹Ü¡£


https://cybernews.com/news/halliburton-oil-cyberattack-cloud-fuel-supply/


5. PG_MEM¶ñÒâÈí¼þÀûÓÃPostgreSQLÈõÃÜÂ뱩Á¦ÆÆ½âÍÚ¾ò¼ÓÃÜÇ®±Ò


8ÔÂ22ÈÕ  £¬ÍøÂ簲ȫ×êÑÐÈËÔ±½üÈÕ·¢ÏÖÁËÒ»ÖÖÐÂÐͶñÒâÈí¼þPG_MEM  £¬ËüÕë¶ÔPostgreSQLÊý¾Ý¿âÌáÒ鱩Á¦ÆÆ½â¹¥»÷  £¬Ö¼ÔÚÍÚ¾ò¼ÓÃÜÇ®±Ò¡£Aqua°²È«¹«Ë¾µÄAssaf MoragÖ¸³ö  £¬¹¥»÷Õßͨ¹ý²»Ðݳ¢ÊÔÈõÃÜÂëÒÔ»ñÈ¡Êý¾Ý¿â½Ó¼ûȨÏÞ  £¬²¢ÀûÓÃPostgreSQLµÄ¡°COPY ... FROM PROGRAM¡±Ö°ÄÜÖ´ÐÐËÁÒâshellºÅÁî  £¬½ø¶øÖ´ÐÐÊý¾ÝÇÔÈ¡¡¢²¿Êð¶ñÒâÈí¼þµÈ¶ñÒâ»î¶¯¡£¹¥»÷Á´ÖÐ  £¬¹¥»÷ÕßÊ×ÏÈÕë¶ÔÃýÎóÅäÖõÄPostgreSQLÊý¾Ý¿â´´½¨ÖÎÀíÔ±½ÇÉ«  £¬²¢ÀûÓÃPROGRAMÖ°ÄÜÔËÐÐshellºÅÁî¡£µÃÊÖºó  £¬ËûÃDz»½öñݶáÁË¡°postgres¡±Óû§µÄ³¬µÈÓû§È¨ÏÞ  £¬»¹Í¨¹ýÔ¶³Ì·þÎñÆ÷Ͷ·ÅPG_MEMºÍPG_COREÁ½¸öÔØºÉ  £¬ÕâÐ©ÔØºÉÄÜÖÕÖ¹¾ºÕùÍÚ¿ó¹ý³Ì¡¢ÉèÖÃÓÆ¾ÃÐÔ  £¬²¢×îÖÕ²¿ÊðMonero¼ÓÃÜÇ®±Ò¿ó¹¤¡£´Ë¹¥»÷µÄÖ÷ÌâÔÚÓÚÀûÓÃÁËPostgreSQLµÄCOPYºÅÁî¼°ÆäPROGRAM²ÎÊý  £¬ÔÊÐí·þÎñÆ÷Ö´ÐÐ±í²¿ºÅÁî²¢½«Á˾ֵ¼ÈëÊý¾Ý¿â¡£Ö»¹Ü¼ÓÃÜÇ®±ÒÍÚ¾òÊÇÆäÖØÒªÖ÷ÕÅ  £¬µ«¹¥»÷ÕßͬÑùÄÜÖ´ÐкÅÁî¡¢½Ó¼ûÊý¾Ý²¢½ÚÔìÊÜϰȾ·þÎñÆ÷¡£´Ë°²È«Íþв͹ÏÔÁË»¥ÁªÍøÏνÓPostgreSQLÊý¾Ý¿âÒòÈõÃÜÂë¶øÃæ¶ÔµÄ³Á´ó·çÏÕ  £¬ÕâÍùÍùÔ´ÓÚÅäÖò»µ±ºÍÉí·ÝÈÏÖ¤½ÚÔìµÄȱʧ¡£


https://thehackernews.com/2024/08/new-malware-pgmem-targets-postgresql.html


6. Tycoon 2FAÍøÂç´¹µöÕë¶ÔÃÀ¹úµ±¾Ö×éÖ¯


8ÔÂ22ÈÕ  £¬ANY.RUNµÄ×êÑÐÈËÔ±¸æ·¢ÁËÒ»ÏîеÄÍøÂç´¹µö»î¶¯  £¬¸Ã»î¶¯ÀûÓÃTycoon 2FA¹¤¾ß°ü  £¬Õë¶ÔÃÀ¹úµ±¾Ö×éÖ¯·¢Õ¹¹¥»÷¡£Tycoon 2FA×Ô2023ÄêÆð±ãƵÈÔ±»ÓÃÓÚ´¹µö»î¶¯  £¬ÒÔÆä¸´ÔÓÕ½ÊõºÍ¶àÖ°ÄÜÐÔÖø³Æ¡£×î½ü  £¬¹¥»÷Õßͨ¹ýÊÜϰȾµÄÑÇÂíÑ·SESÕË»§  £¬·¢ËͼÙ×°³ÉDocusignµÄÓʼþ  £¬ÓÕµ¼ÊÕ¼þÈ˵ã»÷Á´½Ó  £¬¾­ÀúһϵÁгÁ¶¨Ïòºó  £¬×îÖÕ´ïµ½¼ÙðµÄMicrosoft TeamsµÇÂ¼Ò³Ãæ¡£ÕâЩÓʼþ³ö¸ñÕë¶Ô.govÓòÄÚµÄ338¸öµ±¾Ö×éÖ¯µÄÓÊÏä  £¬ÏÔʾ³ö¸ß¶ÈµÄÖ¸±êÑ¡ÔñÐÔ¡£ÔÚANY.RUNɳÏäÖзÖÎöÏÔʾ  £¬´¹µöÁ´½Ó½«Êܺ¦ÕßÊèµ¼ÖÁMSOFT_DOCUSIGN_VERIFICATION_SECURED-DOC_OFFICE[.]zatrdg[.]comµÅ×òÃû  £¬ÒªÇóÊäÈëµç×ÓÓʼþµØÖ·¡£ÈôµØÖ·Æ¥Åä¹¥»÷ÕßÁбí  £¬Êܺ¦Õß½«±»½øÒ»²½³Á¶¨ÏòÖÁdonostain[.]com  £¬¸ÃÓòͨ¹ýAES¼ÓÃܵĶಿÃÅPOSTÒªÇó³¢ÊÔÇÔÈ¡MicrosoftÕË»§ÃÜÂë¡£´Ë±í  £¬vereares[.]ruÓòÃû×÷Ϊ¹¥»÷ÕߵijÁ¶¨Ïò¹¤¾ß  £¬¼ÓÇ¿ÁË´¹µö¹æ»®µÄ½Ã½ÝÐÔ¡£ÖµÍ×ÌùÐĵÄÊÇ  £¬¹¥»÷Õß»¹ÀûÓÃÁ˺Ϸ¨·þÎñÈçmailmeteor[.]comÀ´¼ÓÇ¿´¹µöÒ³ÃæµÄ¿ÉÐŶÈ  £¬²¢Í¨¹ýjsonip[.]com»ñÈ¡IPÐÅÏ¢¡£


https://securityonline.info/new-phishing-campaign-targets-us-government-organizations/