SloppyLemmingÀûÓÃCloudflare WorkersµÈ¹¤¾ß·¢Æð¼äµý¹¥»÷

°ä²¼¹¦·ò 2024-09-27
1. SloppyLemmingÀûÓÃCloudflare WorkersµÈ¹¤¾ß·¢Æð¼äµý¹¥»÷


9ÔÂ25ÈÕ £¬¸ß¼¶³ÖÐøÐÔÍþв£¨APT£©×éÖ¯¡°SloppyLemming¡±½üÆÚ±»·¢ÏÖÀûÓÃCloudflareµÄWorkerÔÆ·þÎñÒÔ¼°Discord¡¢Dropbox¡¢GitHubµÈ¹¤¾ß £¬ÔÚÓ¡¶È´Î´ó½¼°ÖܱߵØÓò¶Ôµ±¾ÖºÍ·¨ÂÉ»ú¹¹½øÐÐ¿í·ºµÄ¼äµý»î¶¯¡£¸Ã×éÖ¯±»Crowdstrike×·×ÙΪ¡°Outrider Tiger¡± £¬ÆäÐж¯Óë´ÓÓ¡¶È¼°Öܱ߹ú¶ÈÃô¸Ð×éÖ¯ÇÔÈ¡µý±¨¸ß¶ÈÓйØ¡£Êܺ¦ÕßÔ̺¬µ±¾Ö»ú¹¹¡¢ITºÍµçÐÅÆóÒµ¡¢¹¹Öþ¹«Ë¾ £¬ÉõÖÁ°Í»ù˹̹µÄºËµçÉèÊ© £¬ÇÒ¹¥»÷ÁìÓò»¹À©´óÖÁÃϼÓÀ­¹ú¡¢Ë¹ÀïÀ¼¿¨¼°ÖйúµÄÄÜÔ´ÓëѧÊõ»ú¹¹ £¬ÉõÖÁ¿ÉÄÜ´¥¼°°Ä´óÀûÑÇÊ×¶¼¿°ÅàÀ­¡£SloppyLemmingͨ¹ý¾«ÐÄÉè¼ÆµÄÓã²æÊ½ÍøÂç´¹µöÓʼþÆô¶¯¹¥»÷ £¬ÀûÓÃCloudflare WorkersÕâÒ»ÎÞ·þÎñÆ÷ÍÆËãÆ½Ì¨Ö´ÐжñÒâ¾ç±¾ £¬À¹½Ø²¢²Ù×÷Á÷¾­CloudflareµÄWebÁ÷Á¿ £¬ÒÔÇÔÈ¡µÇ¼ƾ֤ºÍй¶µç×ÓÓʼþ¡£´Ë±í £¬SloppyLemming»¹¿ª·¢ÁËÃûΪ¡°CloudPhish¡±µÄ¶¨Ô칤¾ß £¬×¨ÃÅÓÃÓÚÆ¾Ö¤ÇÔÈ¡ºÍй¶ £¬Í¨¹ý·ÂÕÕÖ¸±êWebmailµÇÂ¼Ò³ÃæÀ´ÓÕÆ­Óû§ÊäÈëÐÅÏ¢¡£Í¬Ê± £¬¸Ã×éÖ¯»¹ÀûÓÃGoogle OAuthÁîÅÆÍøÂçºÍRARÎļþ·ì϶ÀûÓã¨CVE-2023-38831£©µÈ¼¿Á© £¬¹¹½¨¸´ÔӵĹ¥»÷Á´ £¬½øÒ»²½¼Ó¾çÁ˰²È«Íþв¡£


https://www.darkreading.com/cloud-security/sloppylemming-apt-cloudflare-pakistan-attacks


2. ·¨¹ú9500ÍòÌõ¹«ÃñÊý¾ÝÔâй¶ £¬Éæ¼°¶àÐÐÒµÐÅÏ¢


9ÔÂ25ÈÕ £¬·¨¹ú½üÆÚ²úÉúÁËһ·Õ𾪵ÄÊý¾Ýй¶ÊÂÎñ £¬Éæ¼°³¬¹ý9500ÍòÌõ¹«ÃñÊý¾Ý¼Í¼±»¹«¿ªÖÃÓÚ»¥ÁªÍøÉÏ £¬Ô¶³¬·¨¹ú×ÜÈ˶¡Êý £¬Êý¾ÝÁìÓòº­¸ÇÐÕÃû¡¢ÁªÏµ·½Ê½¡¢µç×ÓÓʼþ¼°²¿ÃÅÖ§¸¶ÐÅÏ¢µÈÃô¸ÐÄÚÈÝ¡£Õâ´ÎÊÂÎñÓÉCybernewsÓëÍøÂ簲ȫר¼Ò¹²Í¬¸æ·¢ £¬Ô´Í·Ö¸ÏòÒ»¸öÊ¢¿ªµÄElasticsearch·þÎñÆ÷¡°vip-v3¡± £¬ÎÞÐèÈÏÖ¤¼´¿É½Ó¼û £¬ÄÚº¬ÖÁÉÙ30GBÊý¾Ý £¬Ô´ÓÚ17Æð·ÖÆçµÄÊý¾Ýй¶±äÂÒ¡£Ð¹Â¶Êý¾Ý²»½öÊýÁ¿ÖØ´ó £¬ÇÒÖÖÀà·±¶à £¬Éæ¼°µçÐÅ¡¢µçÉÌ¡¢É罻ýÌåµÈ¶à¸öÐÐÒµ £¬Ô̺¬³ÛÃû¹«Ë¾ÈçLycamobile¡¢Pandabuy¡¢Darty¡¢Discord¼°SnapchatµÈ £¬·´Ó³ÁËÊý¾Ýй¶ÎÊÌâµÄ¿í·ºÐÔºÍÑϳÁÐÔ¡£ÓÈΪֵµÃ¹Ø×¢µÄÊÇ £¬Êý¾Ý¿â¹«¿ª×´Ì¬ÒѳÖÐøÒ»¶Î¹¦·ò £¬²»ÅųýÒÑÓжñÒâµÚÈý·½¸´ÔìÊý¾ÝÓÃÓÚ·¸·¨»î¶¯¡£´Ë±í £¬¸ÃÐÐΪÏÔÖøÎ¥·´ÁËÅ·ÃËGDPRÂÉÀý £¬ÏÔʾ³öÊý¾Ý¿âÖÎÀíÕß¶Ô˾·¨µÄºöÊÓ¼°Ç±ÔڵĶñÒâÖ÷ÕÅ¡£×êÑÐÈËÔ±ÖÒ¸æ £¬Èç´Ë¼¯ÖÐÇÒÏ꾡µÄÓ×ÎÒÐÅϢ¶³ö £¬½«¼«´óÌáÉýÉí·Ý͵ÇÔ¡¢Ú²Æ­¼°ÍøÂç¹¥»÷µÄ·çÏÕ £¬¶ÔÊý°ÙÍòÓ×ÎÒ¼°ÆóÒµ×é³ÉÍþв¡£


https://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/


3. ÃÀ¹ú¹ú»á³¬3000Ãû¹¤×÷ÈËÔ±ÐÅÏ¢Ôâ°µÍøÐ¹Â¶


9ÔÂ26ÈÕ £¬ÃÀ¹ú¹ú»á´óÏýüÆÚ³ÉΪ´ó¹æÄ£ÍøÂç¹¥»÷µÄÊܺ¦Õß £¬µ¼Ö³¬¹ý3,000Ãû¹ú»á¹¤×÷ÈËÔ±µÄÃô¸ÐÓ×ÎÒÐÅÏ¢ÔÚ°µÍøÉÏÆØ¹â¡£¾ÝProtonºÍConstella Intelligence¹«Ë¾µÄ×êÑз¢ÏÖ £¬ÕâЩй¶Êý¾ÝÔ̺¬ÃÜÂë¡¢IPµØÖ·¼°É罻ýÌåÐÅÏ¢ £¬¹²¼ÆÔ¼3,191±Ê¼Í¼ £¬ÆäÖнüÎå·ÖÖ®Ò»µÄ¹ú»áÔ±¹¤Êܵ½²¨¼°¡£³ö¸ñÖµÍ×ÌùÐĵÄÊÇ £¬²¿ÃÅÔ±¹¤Òò²»ÃÀµÂ¹ß £¬ÈçʹÓùٷ½ÓÊÏä×¢²áÔ̺¬Ô¼»áºÍ³ÉÈËÍøÕ¾µÈ¸ß·çÏÕÍøÕ¾ £¬µ¼ÖÂÐÅÏ¢±»ÂÅ´Îй¶ £¬×î¸ßµ¥ÀýÉæ¼°31¸öÃÜÂë¡£ProtonÖ¸³ö £¬ÕâÖÖ½«¹¤×÷ÓÊÏäÓë²»°²È«Æ½Ì¨°ó¶¨µÄÐÐΪ×é³ÉÁËÑϳÁ°²È«·ì϶¡£¹«Ë¾³Ðŵ½«½øÒ»²½°ä²¼µ÷²éÁË¾Ö £¬²¢Ç¿µ÷ÔÚ×Üͳѡ¾ÙÆÚ¼ä¼ÓÇ¿·À»¤µÄ³ÁÒªÐÔ¡£Í¬Ê± £¬¹«Ë¾ÒÑÏòËùÓÐÊÜÓ°ÏìµÄ¹ú»á¹¤×÷ÈËÔ±·¢³ö¾¯Ê¾¡£´Ë±í £¬½ñÄê6Ô £¬Í³Ò»µ÷²éÍŶӻ¹·¢ÏÖÊý°ÙÃûÓ¢¹ú¼°Å·ÃËÕþ¿ÍµÄÓ×ÎÒÐÅϢͬÑùÔÚ°µÍøÊг¡ÉÏÁ÷ͨ £¬Ô̺¬µç×ÓÓÊÏä¡¢ÃÜÂë¼°µ®ÉúÈÕÆÚµÈÃô¸ÐÊý¾Ý £¬Í¹ÏÔÁËÈ«ÇòÕþÖÎÁìÓòÃæ¶ÔµÄÍøÂ簲ȫÌôÕ½¡£


https://securityaffairs.com/168912/deep-web/3000-congressional-staffers-data-leaked-dark-web.html


4. Unit 42½ÒʾRomCom¶ñÒâÈí¼þбäÖÖSnipBot


9ÔÂ25ÈÕ £¬Unit 42°²È«ÍŶӽüÆÚ¸æ·¢Á˳ôÃûÔ¶ÑïµÄRomCom¶ñÒâÈí¼þ¼Ò×åµÄбäÖÖ¡°SnipBot¡± £¬¸Ã±äÖÖÓÚ2024ËêÊ×ո¶ͷ½Ç £¬×¨ÎªÆóÒµÍøÂçÉè¼Æ £¬¾ß±¸Ô¶³Ì²Ù¿ØÓë¶ñÒâ¸ºÔØÏÂÔØÄÜÁ¦¡£SnipBotÒÔÆä´´ÐµĴúÂë»ìºÏ¼¼ÊõºÍ¸ß¼¶·´¼ì²âÕ½ÊõÎªÌØµã £¬±»´§Ä¦ÎªÕë¶ÔIT·þÎñ¡¢ÆóÒµ·¨È˼°Å©ÒµµÈÐÐÒµÌáÒéµÄ¿í·ºÍøÂç¹¥»÷µÄÒ»²¿ÃÅ¡£2024Äê4Ô £¬Unit 42²¶»ñµ½Ò»¸öÒì³£DLLÄ£¿é £¬È·ÒÔΪSnipBot¹¤¾ß°ü×é¼þ¡£Í¨¹ýÉî¿Ì·ÖÎö £¬×êÑÐÈËÔ±»¹Ô­ÁËSnipBotµÄϰȾõè¾¶¼°ºóÐø»î¶¯¡£ÆäϰȾʼÓÚ¼Ù×°³ÉºÏ·¨PDFÎļþµÄ´¹µöÓʼþ £¬ÄÚº¬¶ñÒâ¿ÉÖ´ÐÐÎļþ¡£Ò»µ©ÈëÇֳɹ¦ £¬SnipBot¸³Óè¹¥»÷ÕßÈ«Ãæ½ÚÔìȨ £¬ÔÊÐíÆäÖ´ÐÐËÁÒâºÅÁî¡¢ÍøÂçϵͳÐÅÏ¢¼°ÇÔÈ¡Êý¾Ý¡£Í¬Ê± £¬SnipBotÄÜÏÂÔØÈçSnippingTool.dll¡¢svcnet.exeµÈ¶î±íÄ£¿é £¬¼ÓÇ¿¹¥»÷ÄÜÁ¦¡£Unit 42¹Û²ìµ½ £¬¹¥»÷Õß³ö¸ñ¹Ø×¢´ÓÊܺ¦ÕßÍøÂçÖÐÌáÈ¡Êý¾Ý £¬ÓÈÆäÊÇÓò½ÚÔìÆ÷ÐÅÏ¢ £¬ÀûÓÃPuTTY¡¢WinRARµÈºÏ·¨¹¤¾ß¼°fsutil.exe¡¢dsutil.exeµÈ¼Ù×°Ö´ÐжñÒâ²Ù×÷¡£Ö»¹ÜRomCom¼Ò×å³£ÓëÀÕË÷Èí¼þ»î¶¯ÓйØÁª £¬µ«SnipBotµÄÐÐΪģʽÏÔʾ³öÆäÕýתÏòµý±¨ÍøÂçÓë¼äµý»î¶¯¡£


https://securityonline.info/new-romcom-variant-snipbot-unveiled-a-sophisticated-malware-targeting-enterprise-networks/


5. ÆðÑǾ­ÏúÉÌÍøÕ¾ÏÖÑϳÁ·ì϶£ººÚ¿Í¿Éƾ³µÉ̱êÔ¶³Ì½ÚÔìÊý°ÙÍò³µÁ¾


9ÔÂ26ÈÕ £¬°²È«ÁìÓò½üÆÚÆØ³öһ·Õë¶ÔÆðÑÇÆû³µµÄ°²È«·ì϶ÊÂÎñ £¬¸Ã·ìÏ¶Éæ¼°ÆðÑÇÆû³µ¾­ÏúÉÌÃÅ»§ÍøÕ¾ £¬Ê¹µÃºÚ¿Í½öƾ³µÉ̱ê¾ÍÄÜÔÚ¼«¶Ì¹¦·òÄÚÔ¶³Ì½ÚÔìÊý°ÙÍòÁ¾2013Äêºó³ö²úµÄÆðÑÇÆû³µ¡£ÕâÒ»·¢ÏÖ×·ÒäÖÁ½ñÄê6Ô £¬Óɰ²È«×êÑÐÔ±ÈøÄ·-¿âÀïµÈÈ˸淢¡£ÓëÈ¥ÄêÆØ¹âµÄÉæ¼°¶à¼ÒÆû³µÆ·ÅƵķì϶ÀàËÆ £¬Õâ´ÎÆðÑÇ·ì϶²»½öÈúڿÍÄÜÔ¶³Ì²Ù¿Ø³µÁ¾ £¬»¹Â¶³öÁ˳µÖ÷µÄÃô¸ÐÓ×ÎÒÐÅÏ¢ £¬ÈçÐÕÃû¡¢ÁªÏµ·½Ê½¼°µØÖ·¡£×êÑÐÈËԱͨ¹ý×¢²á¾­ÏúÉÌÕË»§²¢»ñÈ¡½Ó¼ûÁîÅÆ £¬³É¹¦ÉøÈëºó¶ËAPI £¬½ø¶øÊµÏÖ¶Ô³µÁ¾¼°³µÖ÷Êý¾ÝµÄÈ«Ãæ½Ó¼û¡£ËûÃÇ¿ª·¢ÁËÒ»¸öÑÝʾ¹¤¾ß £¬Õ¹Ê¾Á˺ڿÍÈôºÎͨ¹ý³µÉ̱êÔÚ30ÃëÄÚÖ´ÐÐÔ̺¬Ëø¶¨/½âËø¡¢Æô¶¯/ÖÕ³¡³µÁ¾¡¢ÃùµÑ¼°¶¨Î»ÔÚÄÚµÄÔ¶³Ì½ÚÔì²Ù×÷¡£¸üΪÑϳÁµÄÊÇ £¬ºÚ¿Í»¹ÄÜÔÚ³µÖ÷¾ø²»ÖªÇéµÄÇé¿öÏ £¬½«×Ô¼ºÔö³¤Îª³µÁ¾µÄµÚ¶þÓû§ £¬ÊµÏÖÒñ±ÎµÄÔ¶³Ì²Ù¿Ø¡£ÐÒÔ˵ÄÊÇ £¬ÕâЩ·ì϶Òѱ»ÊµÊ±·¢ÏÖ²¢½¨¸´ £¬ÇÒδ·¢ÏÖÓжñÒâÀûÓõļͼ¡£ÆðÑÇÍŶÓҲȷÈÏÁË·ì϶δ±»±í²¿¶ñÒâ¹¥»÷ËùÀûÓá£


https://www.bleepingcomputer.com/news/security/kia-dealer-portal-flaw-could-let-attackers-hack-millions-of-cars/


6. RhadamanthysÔÚ0.7.0°æ±¾ÖÐÔö³¤ÁË´´ÐµÄAIÖ°ÄÜ


9ÔÂ26ÈÕ £¬RhadamanthysÊÇÒ»¿î×Ô2022ÄêÆðѸ¿ìÑݽøµÄ¸ß¼¶ÐÅÏ¢ÇÔÈ¡·¨Ê½ £¬Æä×îÐÂ0.7.0°æ±¾¼¯³ÉÁËÈËΪÖÇÄÜÇý¶¯µÄ¹âѧ×Ö·û¼ø±ð¼¼Êõ £¬ÄÜ´ÓͼÏñÖÐÌáÈ¡¼ÓÃÜÇ®±ÒÖÖ×Ó¶ÌÓï £¬¼«´óÌáÉýÁËÆäÍþвÐÔ¡£Ö»¹ÜÃæ¶ÔµØÓòÐÔ½ûÁî £¬¸Ã¶ñÒâÈí¼þÈÔ»îÔ¾ÓÚµØÏÂÊг¡ £¬ÀûÓÃMSI×°Ö÷¨Ê½¼Ù×°µÈ¼¿Á©¶ã±Ü¼ì²â £¬ÒÔµÁȡƾ֤¡¢ÏµÍ³ÐÅÏ¢¼°²ÆÕþÊý¾Ý¡£ÆäAIͼÏñ¼ø±ðÖ°ÄÜÓÈΪÒýÈËÖõÄ¿ £¬Ê¹¹¥»÷ÕßÄÜ×Ô¶¯²¶»ñ²¢Ð¹Â¶¼ÓÃÜÇ®±ÒÐÅÏ¢¡£RhadamanthysµÄ¿ª·¢Õßͨ¹ýTOXºÍTelegramµÈƽ̨³ÖÐøÍÆ¹ã £¬²¢Õë¶Ô±±ÃÀ¡¢ÄÏÃÀµÈµØ¼ÓÃÜÇ®±ÒÓû§Ö´Ðо«×¼½ø¹¥¡£ÎªÓ¦¶ÔÕâÒ»Íþв £¬Insikt GroupÌá³öÁ˶àÖÖ»º½âÕ½Êõ £¬Ô̺¬»ùÓÚ»¥³âËøµÄÖÕÖ¹¿ª¹Ø¡¢¸ß¼¶¼ì²â¹æ¶¨¼°Ç¿»¯¶Ëµã± £»¤µÈ £¬Ö¼ÔÚ×Ô¶¯×èÖ¹¶ñÒâÈí¼þÖ´Ðв¢ÌáÉýϵͳ·À»¤ÄÜÁ¦¡£Õ°Íû½«À´ £¬Ëæ×ÅRhadamanthys 0.8.0µÈа汾µÄÑз¢ £¬Ô¤¼ÆÆä½«Èںϸü¶à»úе½ø½¨¼¼Êõ £¬½øÒ»²½ÌáÉýÇÔȡЧÄÜÓëÒñ±ÎÐÔ¡£Òò¶ø £¬Î¬³Ö¼ì²â¼¼ÊõµÄ³ÖÐø¸üÐÂÓëÉý¼¶ £¬¶ÔÓÚÓÐЧÕмܴËÀà¸ß¼¶ÍþвÖÁ¹Ø³ÁÒª¡£


https://www.recordedfuture.com/research/rhadamanthys-stealer-adds-innovative-ai-feature-version