Ô½ÄϺڿÍ×éÖ¯²¿ÊðPXA Stealer £¬Õë¶ÔÅ·Ñǵ±¾Ö½ÌÓý»ú¹¹

°ä²¼¹¦·ò 2024-11-19

1. Ô½ÄϺڿÍ×éÖ¯²¿ÊðPXA Stealer £¬Õë¶ÔÅ·Ñǵ±¾Ö½ÌÓý»ú¹¹


11ÔÂ15ÈÕ £¬Ò»ÃûÉæÏÓÓëÔ½ÄÏÓйصÄÍþвÐÐΪÕßÀûÓÃÃûΪPXA StealerµÄÐÂÐÍPython¶ñÒâÈí¼þ £¬Õë¶ÔÅ·ÖÞºÍÑÇÖÞµ±¾ÐݽÌÓý»ú¹¹ÌáÒéÐÅÏ¢ÇÔÈ¡»î¶¯ ¡£¸Ã¶ñÒâÈí¼þÄܽâÃÜä¯ÀÀÆ÷Ö÷ÃÜÂë £¬ÇÔÈ¡ÔÚÏßÕË»§Æ¾Ö¤¡¢²ÆÕþÐÅÏ¢¡¢ä¯ÀÀÆ÷cookieµÈÃô¸ÐÐÅÏ¢ ¡£¹¥»÷Á´Ê¼ÓÚÍøÂç´¹µöµç×ÓÓʼþ £¬Ô̺¬ZIPÎļþ¸½¼þ £¬´¥·¢¼ÓÔØÆ÷ºÍÅú´¦Öþ籾 £¬ÔËÐÐPowerShellºÅÁîÏÂÔØÓÐЧ¸ºÔز¢²¿ÊðÇÔÈ¡·¨Ê½ ¡£PXA Stealer³ö¸ñ¹Ø×¢ÇÔÈ¡Facebook cookie £¬ÓÃÓÚÓëFacebook Ads ManagerºÍGraph API½»»¥ÍøÂç¾ßÌåÐÅÏ¢ ¡£´Ë±í £¬ÆäËûÇÔÈ¡¶ñÒâÈí¼þÈçStrelaStealer¡¢RECORDSTEALER¡¢Rhadamanthys¡¢Amnesia StealerºÍGlove StealerµÈÒ²ÔÚ²»ÐÝ·¢Õ¹ºÍÓ¿ÏÖ £¬Ö¤ÁËÈ»ÇÔÈ¡¶ñÒâÈí¼þµÄÊ¢ÐÐ ¡£Ö»¹Ü·¨Âɲ¿ÃÅÖÂÁ¦½ø¹¥ £¬µ«´ËÀà»î¶¯ÈÔ³ÖÐø´æÔÚ ¡£


https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html


2. GitHubÏîĿƵÔâ¶ñÒâºóÃŹ¥»÷


11ÔÂ16ÈÕ £¬GitHubÏîÄ¿Õý³ÉΪ¶ñÒâÌá½»ºÍÀ­È¡ÒªÇóµÄÖ¸±ê £¬Ö¼ÔÚÏòÕâЩÏîĿעÈëºóÃÅ ¡£×î½ü £¬Exo LabsµÄGitHub´æ´¢¿â¾ÍÔâµ½ÁË´ËÀ๥»÷ £¬¹¥»÷Õßͨ¹ýÌá½»¿´ËÆÎÞº¦µÄ´úÂë¸ü¸Ä £¬ÊÔͼÔÚ´úÂëÖÐÖ²ÈëºóÃÅ £¬ÒÔÔ¶³ÌÖ´ÐжñÒâ´úÂë ¡£È»¶ø £¬¸Ã´úÂë¸ü¸Ä²¢Î´±»ºË×¼¹é²¢µ½¹Ù·½´æ´¢¿â ¡£¹¥»÷ÕßʹÓõÄGitHubÕË»§¡°evildojo666¡±ÏÖÒѱ»É¾³ý £¬¶ø¸ÃÕË»§Ö¸ÏòµÄ°²È«×êÑÐÔ±Mike BellÔò·ñ¶¨Óë´ËÊÂÓйØ £¬²¢Ðû³Æ×Ô¼ºÔâµ½Á˼ÙÒâ ¡£´Ë±í £¬»¹ÓÐÆäËûÏîĿҲ³ÉΪÁËÀàËÆµÄ¹¥»÷Ö¸±ê £¬Ô̺¬Ê¢ÐеĿªÔ´ÒôƵºÍÊÓÆµÏÂÔØÆ÷¡°yt-dlp¡± ¡£ÕâЩ¹¥»÷ÊÂÎñÌáÐÑ¿ªÔ´ÏîÄ¿ÊØ»¤ÕßÒª×ÐϸÉó²é´«ÈëµÄÀ­È¡ÒªÇó £¬¼´±ãËüÃÇÀ´×Ô¿´ËÆ¡°ÉÆÒ⡱µÄ¹±Ï×Õß £¬Ò²Ó¦Ê¹ÓÃ×Ô¶¯»¯¹¤¾ßºÍ´óÁ¿ÈËΪ´úÂëÉó²éÀ´È·±£°²È« ¡£


https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/


3. Maxar Space SystemsÔâºÚ¿ÍÈëÇÖ £¬Ô±¹¤Ó×ÎÒÊý¾ÝÔâÇÔÈ¡


11ÔÂ18ÈÕ £¬ÃÀ¹úÎÀÐÇÔì×÷ÉÌMaxar Space SystemsÔâ·êºÚ¿ÍÈëÇÖ £¬µ¼ÖÂÔ±¹¤Ó×ÎÒÊý¾Ý±»ÇÔÈ¡ ¡£ºÚ¿ÍÔÚ2024Äê10ÔÂ11ÈÕ±»·¢ÏÖǰÒÑÇÖÈë¹«Ë¾ÍøÂçÔ¼Ò»Öܹ¦·ò ¡£Maxar Space SystemsÊÇÃÀ¹úº½¿Õº½ÌìÒµµÄ³ÁÒª²Î¼ÓÕß £¬Òѽ¨Ôì80¶à¿ÅÔÚ¹ìÎÀÐÇ £¬²¢ÎªNASAµÄPsyche¹¤×÷ºÍArtemisÔÂÇòË÷Çó´òËãÌṩÁ˹ؼü¼¼Êõ ¡£Ð¹Â¶µÄÔ±¹¤ÐÅÏ¢Ô̺¬ÐÕÃû¡¢¼ÒÍ¥µØÖ·¡¢Éç»á±£ÏÕºÅÂëµÈÃô¸ÐÐÅÏ¢ £¬µ«ÒøÐÐÕË»§ÐÅϢδÊÜÓ°Ïì ¡£ÊÜÓ°ÏìÔ±¹¤¿ÉÏíÊÜIDShieldÉí·Ý±£»¤ºÍÐÅÓþ¼à¿Ø·þÎñ £¬¶øÇ°ÈÎÔ±¹¤¿ÉÔڹ水¹¦·òÄÚ×¢²áIDXµÄÉí·Ý͵ÇÔ±£»¤·þÎñ ¡£´Ë±í £¬ÓÐÐÂÎųƺڿͻ¹Ðû³ÆÇÔÈ¡ÁËMaxar Technologies¿ª·¢µÄµØÀí¿Õ¼äµý±¨Æ½Ì¨GeoHIVEµÄÓû§Èº £¬µ«Maxar TechnologiesÉÐδ¶Ô´Ë°ä·¢ÆÀÂÛ ¡£


https://www.bleepingcomputer.com/news/security/us-space-tech-giant-maxar-discloses-employee-data-breach/


4. ²©Í¨ÖҸ棺VMware vCenter ServerÁ½´ó·ì϶Õý±»¹¥»÷ÕßÀûÓÃ


11ÔÂ18ÈÕ £¬²©Í¨½üÈÕ·¢³öÖÒ¸æ £¬Ö¸³ö¹¥»÷ÕßÔÚÀûÓÃVMware vCenter ServerµÄÁ½¸ö°²È«·ì϶ £¬ÆäÖÐ֮һΪÑϳÁµÄÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2024-38812£© £¬ÓÉTZL°²È«×êÑÐÈËÔ±ÔÚÖйú2024 Matrix CupºÚ¿Í´óÈüÆÚ¼ä»ã±¨ ¡£¸Ã·ì϶ԴÓÚvCenterµÄDCE/RPCºÍ̸ʵÏÖÖеĶÑÒç³öÎÊÌâ £¬Ó°ÏìVMware vSphereºÍVMware Cloud FoundationµÈ²úÆ· ¡£ÁíÒ»¸ö·ì϶£¨CVE-2024-38813£©ÎªÈ¨ÏÞÌáÉý·ì϶ £¬Í¬ÑùÓɸÃ×êÑÐÈËÔ±·¢ÏÖ £¬¹¥»÷Õß¿ÉÀûÓÃÌØÔìÍøÂçÊý¾Ý°üÌáÉýÖÁrootȨÏÞ ¡£²©Í¨È·ÈÏÕâÁ½¸ö·ì϶Òѱ»ÀûÓà £¬²¢ÓÚ9Ô°䲼Á˰²È«¸üР£¬µ«Ëæºó·¢ÏÖCVE-2024-38812µÄ²¹¶¡²¢Î´ÆëÈ«½â¾öÎÊÌâ £¬²¢Ç¿ÁÒ½¨ÒéÖÎÀíÔ±ÀûÓÃв¹¶¡ ¡£ÊÜÓ°Ïì¿Í»§¸Ãµ±¼´ÀûÓÃ×îиüÐÂÒÔ·À±¸¹¥»÷ ¡£´Ë±í £¬²©Í¨»¹°ä²¼Á˲¹³ä²¼¸æ £¬Ìṩ¸ü¶à°²È«¸üÐÂÐÅÏ¢ºÍ¿ÉÄÜÓ°ÏìÒÑÉý¼¶Óû§µÄÒÑÖªÎÊÌâ ¡£


https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/


5. DocuSignÍøÂç´¹µöÚ¿Æ­¼¤Ôö £¬¼ÙÒâÃÀµ±¾Ö»ú¹¹ÇÔÈ¡Êý¾Ý


11ÔÂ18ÈÕ £¬DocuSignÍøÂç´¹µöÚ¿Æ­ÊýÁ¿½üÆÚ¼¤Ôö98% £¬¹¥»÷ÕßÀûÓÃÐÅÀµÇÔÈ¡Êý¾Ý £¬¼ÙÒâÃÀ¹úµ±¾Ö»ú¹¹ÈçÎÀÉúÓ빫¼Ò·þÎñ²¿(HHS)ºÍÂíÀïÀ¼Öݽ»Í¨²¿(MDOT)µÈ·¢ËÍ´¹µöURL ¡£ÕâЩ´¹µöURL±»Éè¼Æ³É·ÂÕÕ¹Ù·½Í¨Ñ¶ £¬Ê¹ÓÃÕæÕýµÄDocuSignÕÊ»§ºÍAPI¼Ù×°³ÉÕæÊµÒªÇó ¡£Ò»µ©Ö¸±ê´ò¿ª¶ñÒâÎĵµ £¬¾Í»á±»ÒªÇóÌṩÃô¸ÐÐÅÏ¢»òÊÚȨڲƭÂòÂô ¡£ÓÉÓÚÒªÇó¿´Ëƹٷ½ £¬ÊÕ¼þÈ˸ü¿ÉÄÜδ¾­³¹µ×ÑéÖ¤¾Í×ñÊØÒªÇó £¬Î£¼°¹«Ë¾°²È« ¡£ÃÀ¹ú¹«Ãñ¡¢µ±¾Ö»ú¹¹ºÍÊÐÕþ°ì¹«ÊÒÊÇÕâЩ¹¥»÷µÄÖØÒªÖ¸±ê ¡£×¨¼Ò½¨ÒéÆóÒµÖ´Ðжà²ã°²È«Õ½Êõ £¬ÓÉÓÚÊܺ¦Õß×ñÑ­µÄÊÇËûÃǽÓÊܹýÅàѵ²¢±»½øÕ¹×ñÑ­µÄÁ÷³Ì £¬ÎÊÌâÔÚÓÚÎÞ·¨ÑéÖ¤ÒªÇóÆðÔ´ £¬±ØÒª³ÁÐÂ˼¿¼ÈôºÎÌṩÊðÃûÒªÇó £¬²¢¿ÉÄÜѡȡ׳´óµÄÉí·ÝÑéÖ¤²½Öè ¡£


https://hackread.com/us-govt-agencies-impersonate-docusign-phishing-scams/


6. ÃÀÒûÓÃˮϵͳ´æÍøÂ簲ȫ·ì϶ £¬»òÖ·þÎñÖжÏ


11ÔÂ18ÈÕ £¬ÃÀ¹ú»·¾³±£»¤Êð£¨EPA£©¼à²ì³¤°ì¹«ÊÒ£¨OIG£©°ä²¼µÄл㱨ÏÔʾ £¬ÎªÃÀ¹úÔ¼1.1ÒÚÈËÌṩ·þÎñµÄ300¶à¸öÒûÓÃˮϵͳ´æÔÚ·ì϶ £¬¿ÉÄܵ¼Ö·þÎñÖжÏ ¡£ÆÀ¹Àº­¸Ç1062¸öÒûÓÃˮϵͳ £¬·¢ÏÔìäÖÐËÄ·ÖÖ®Ò»¿ÉÄܳÉΪ¹¥»÷Êܺ¦Õß £¬µ¼ÖÂÖ°ÄÜʧÂä¡¢»Ø¾ø·þÎñµÈÇé¿ö¼°¿Í»§ÐÅϢй¶ ¡£97¸ö¹©Ë®ÏµÍ³´æÔÚÑϳÁºÍ¸ß¶ÈÑϳÁÎÊÌâ £¬¸²¸ÇÔ¼2700ÍòÈË£»211¸öϵͳÊÜÖжȺ͵ͶÈȱµãÓ°Ïì £¬¸²¸ÇÔ¼8300ÍòÈË ¡£OIGÖ¸³ö £¬Èô¶ñÒâÐÐΪÕßÀûÓ÷ì϶ £¬¿ÉÄÜ·ÛËé·þÎñ»òÔì³ÉÎïÀí°Ü»µ ¡£ÆÀ¹ÀÉæ¼°³¬¹ý75000¸öIPºÍ14400¸öÓòµÄ·ÖÎö ¡£´Ë±í £¬EPA²»×ãÏò¸Ã»ú¹¹´«µÝÍøÂ簲ȫÊÂÎñµÄ»ã±¨ÏµÍ³ £¬²¢ÒÀÀµÆäËû»ú¹¹½øÐдËÀà»ã±¨ £¬Í¬Ê±²»×ãÓëÆäËûÁª¹úºÍÖݵ±¾ÖµÄЭµ÷¼Í¼ ¡£´Ëǰ £¬ÒÑÓÐË®Îñ¹«Ë¾Ôâ·êÍøÂç¹¥»÷ £¬µ«¹©Ë®·þÎñδÊÜÓ°Ïì ¡£½ñÄê5Ô £¬EPAÔøÖҸ泬70%¹©Ë®ÏµÍ³²»Çкϡ¶°²È«ÒûÓÃË®·¨¡· £¬´æÔÚÑϳÁ°²È«ÎÊÌâ ¡£


https://www.securityweek.com/300-drinking-water-systems-in-us-exposed-to-disruptive-damaging-hacker-attacks/