ÐÂÐÍDoubleClickjacking·ì϶¿ÉÈÆ¹ýÍøÕ¾µÄµã»÷½Ù³Ö±£»¤

°ä²¼¹¦·ò 2025-01-03

1. ÐÂÐÍDoubleClickjacking·ì϶¿ÉÈÆ¹ýÍøÕ¾µÄµã»÷½Ù³Ö±£»¤


1ÔÂ1ÈÕ £¬°²È«×¨¼Ò½ÒʾÁËÒ»ÖÖÐÂÐÍ·ì϶DoubleClickjacking £¬ÕâÊÇÒ»ÖÔìձ鴿ÔڵĻùÓÚ¹¦·òµÄ·ì϶ £¬Í¨¹ýÀûÓÃË«»÷²Ù×÷ÍÆ¶¯µã»÷½Ù³Ö¹¥»÷ £¬ÏÕЩӰÏìËùÓдóÐÍÍøÕ¾¡£¸Ã·ì϶Óɰ²È«×êÑÐÔ±Paulos Yibelo¶¨Ãû £¬ËüÀûÓÃË«»÷ÐòÁжø·Çµ¥Ò»µã»÷ £¬ÄÜÈÆ¹ýÏÖÓеã»÷½Ù³Ö·À»¤´ëÊ© £¬ÈçX-Frame-OptionsºÍSameSite cookie¡£DoubleClickjacking¹¥»÷ÖÐ £¬¹¥»÷Õß½ÚÔìµÄÍøÕ¾»áÓÕµ¼Óû§Ë«»÷¿´ËÆÎÞº¦µÄÔªËØ £¬ÈçCAPTCHAÑéÖ¤ £¬ÆÚ¼äÀûÓÃJavaScript͵͵³Á¶¨ÏòÖÁ¶ñÒâÒ³Ãæ £¬ÈçºË×¼¶ñÒâµÄOAuthÀûÓ÷¨Ê½ £¬Í¬Ê±¹Ø¹Ø¶¥²ã´°¿Ú £¬Ê¹Óû§ÔÚ²»ÖªÇéÏÂÊÚÓè½Ó¼ûȨÏÞ¡£YibeloÖ¸³ö £¬´óÎÞÊýWebÀûÓ÷¨Ê½ºÍ¿ò¼Üδ˼¿¼Ë«»÷·çÏÕ £¬ÏÖÓзÀÓù´ëÊ©ÎÞЧ¡£ÍøÕ¾ËùÓÐÕß¿Éͨ¹ý¿Í»§¶Ë¼¿Á©½â³ý·ì϶ £¬ÈçĬÈϽûÓùؼü°´Å¥ £¬ÔÚ¼ì²âµ½Êó±êÊÖÊÆÊ±¼¤»î¡£³¤Ô¶À´¿´ £¬ä¯ÀÀÆ÷¹©¸øÉÌӦѡȡг߶ȷÀÓùË«»÷ÀûÓá£DoubleClickjackingÊǵã»÷½Ù³Ö¹¥»÷µÄ±äÖÖ £¬ÀûÓõã»÷¼äµÄ¹¦·ò²îÎÞ·ì´úÌæÁ¼ÐÔUIÔªËØÎªÃô¸ÐÔªËØ¡£


https://thehackernews.com/2025/01/new-doubleclickjacking-exploit-bypasses.html


2. Brain CipherÀÕË÷Èí¼þÍÅ»ïй¶Â޵µºRIBridgesƽ̨Êý¾Ý


1ÔÂ2ÈÕ £¬Brain Cipher ÀÕË÷Èí¼þÍÅ»ï½üÆÚÆðͷй¶ÔÚ¹¥»÷Â޵µº¡°RIBridges¡±Éç½»·þÎñƽ̨ʱÇÔÈ¡µÄÎļþ¡£RIBridgesÊÇÒ»¸ö×ۺϻï¸ñϵͳ £¬ÓÃÓÚÖÎÀíºÍÌṩÔ̺¬Ò½ÁƱ£½¡¡¢Ê³Æ·ÔöÔ®¡¢¶ùͯ±£ÓýµÈÉç»áÔöÔ®´òËã¡£Â޵µºÖÝÓÚ12ÔÂ5ÈÕ³õ´ÎµÃ֪ϵͳÔâµ½¹¥»÷ £¬µ«Ö±µ½12ÔÂ10ÈÕ²ÅÈ·ÈÏÊý¾Ý¿ÉÄÜÒѱ»ÇÔÈ¡¡£12ÔÂ13ÈÕ £¬ÏµÍ³¹©¸øÉ̵ÂÇÚÈ·ÈÏ´æÔÚ¶ñÒâ´úÂë £¬Öݵ±¾ÖËæ¼´Åúʾ¹Ø¹ØRIBridgesϵͳ¡£ÉÏÖÜ £¬Brain CipherÆðÍ·ÔÚÆäÊý¾ÝÐ¹Â¶ÍøÕ¾Éϰ䲼²¿Ãű»µÁÊý¾Ý £¬Ô̺¬³ÉÄêÈ˺Íδ³ÉÄêÈ˵ÄÓ×ÎÒÊý¾Ý¡£ÍøÂ簲ȫ×êÑÐÔ±Connor GoodwolfÏÂÔØÁËÕâЩÊý¾Ý²¢Ö¤ÊµÁËÆäÕæÊµÐÔ¡£¾Ý¹À¼Æ £¬Ô¼ÓÐ65ÍòÈËÊܵ½Õâ´Î¹¥»÷µÄÓ°Ïì £¬ËûÃǵÄÃô¸ÐÐÅÏ¢ÈçÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢Éç»á°²È«ºÅÂëºÍÄ³Ð©ÒøÐÐÐÅÏ¢¿ÉÄÜÒѱ»Ð¹Â¶¡£Öݵ±¾Ö¹ÙÔ±½¨ÒéÂ޵µº¾ÓÃñ¶³½á²¢¼à¿ØÆäÐÅÓþ £¬ÒÔ·Àڲƭ»î¶¯ £¬²¢¾¯ÌèÀûÓñ»µÁÊý¾Ý½øÐÐÍøÂç´¹µöÚ¿Æ­¡£


https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-in-rhode-islands-ribridges-breach/


3. ÈÕ±¾Òƶ¯ÔËÓªÉÌNTT DocomoÔâDDoS¹¥»÷µ¼Ö²¿ÃÅ·þÎñÖжÏ


1ÔÂ2ÈÕ £¬ÈÕ±¾×î´óµÄÒÆ¶¯ÔËÓªÉÌNTT DocomoÔâ·êÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷ £¬µ¼Ö²¿ÃÅ·þÎñÁÙʱÖÐ¶Ï £¬Ô̺¬ÐÂÎÅÍøÕ¾¡¢ÊÓÆµÁ÷ýÌåÆ½Ì¨¡¢Òƶ¯Ö§¸¶ºÍÍøÂçÓʼþ·þÎñÒÔ¼°¸ß¶û·ò°®ºÃÕßÍøÕ¾µÈ¡£¸Ã¹«Ë¾ÔÚÉêÃ÷ÖÐÈ·ÈÏÁËÕâ´Î¹¥»÷ £¬²¢°µÊ¾ÔÚÖÂÁ¦¸´Ô­·þÎñ £¬´óÎÞÊý·þÎñµÄ½Ó¼ûÒѸ´Ô­ £¬µ«²¿ÃÅÄÚÈݸüпÉÄÜÑÓ³¤¡£NTT Docomo佫´ËÊÂÎñ¹é×ïÓÚÈκÎÌØ¶¨µÄÍþвÐÐΪÕß £¬µ«ÖµÍ×ÌùÐĵÄÊÇ £¬¸Ã¹«Ë¾ÔÚ2023ÄêÒѳÉΪRansomed.vcÍÅ»ïÀÕË÷Èí¼þ¹¥»÷µÄÊܺ¦Õß¡£×î½ü¼¸¸öÔ £¬ÈÕ±¾¶à¼Ò¹«Ë¾Ò²Ôâ·êÁËÍøÂç¹¥»÷ £¬Ô̺¬ÈÕ±¾º½¿Õ¡¢Èý¾®×¡ÓѺ£Éϱ£ÏÕ¹«Ë¾¡¢½Ç´¨¡¢¿¨Î÷Å·µÈ³ÛÃûÆóÒµ £¬ÒÔ¼°µç¶¯»úÔì×÷ÉÌNidec¡¢Æû³µÁ㲿¼þÔì×÷ÉÌYorozuºÍÑз¢»ú¹¹MonohakobiµÈ¡£´Ë±í £¬ÈÕ±¾ÖØÒª½ðÈÚ»ú¹¹ÈçÈýÁâÈÕÁªÒøÐÓ×¢ÀïË÷ÄÉÒøÐкÍÈðËëÒøÐеÄÍøÉÏÒøÐзþÎñÒ²ÒòÉæÏÓÍøÂç¹¥»÷¶øÖжÏ¡£


https://therecord.media/ntt-docomo-japan-mobile-carrier-ddos-incident


4. ³¬Èý°ÙÍòÓʼþ·þÎñÆ÷δ¼ÓÃÜ £¬Ò×ÊÜÍøÂçÐá̽¹¥»÷


1ÔÂ2ÈÕ £¬Ä¿Ç°»¥ÁªÍøÉÏ´æÔÚ³¬¹ýÈý°ÙÍò¸öδѡȡTLS¼ÓÃܵÄPOP3ºÍIMAPÓʼþ·þÎñÆ÷ £¬ÕâЩ·þÎñÆ÷ÈÝÒ×Ôâ·êÍøÂçÐá̽¹¥»÷¡£IMAPºÍPOP3ÊǽӼûµç×ÓÓʼþµÄÁ½ÖÖ²½Öè £¬ÆäÖÐIMAP½¨ÒéÓÃÓÚ¶àÉ豸ͬ²½ £¬¶øPOP3ÔòÏÂÔØÓʼþµ½±¾µØÉ豸¡£µ±TLS¼ÓÃÜδÆôÓÃʱ £¬ÓʼþÄÚÈݺÍÍ´´¦½«ÒÔÃ÷ÎÄ´ó¾Ö·¢ËÍ £¬Ôö³¤Á˱»¹¥»÷µÄ·çÏÕ¡£ShadowServer°²È«Íþв¼à¿ØÆ½Ì¨µÄɨÃèÏÔʾ £¬ÕâЩδ¼ÓÃܵÄÓʼþ·þÎñÆ÷¶³öÁËÓû§ÃûºÍÃÜÂë £¬Ê¹ÆäÒ×Êܹ¥»÷¡£ShadowServerÔÚ֪ͨÓйØÔËÓªÉÌÆôÓÃTLSÖ§³Ö £¬ÒÔ±£»¤Óû§Êý¾Ý¡£´Ë±í £¬Ëæ×ÅTLSºÍ̸µÄ²»ÐÝ·¢Õ¹ £¬²»°²È«µÄTLS 1.0ºÍTLS 1.1ºÍ̸Òѱ»²Ã¼õ £¬ÏÖ´ú²Ù×÷ϵͳĬÈÏÆôÓøü°²È«µÄTLS 1.3°æ±¾¡£ÃÀ¹ú¹ú¶È°²È«¾ÖÒ²ÌṩÁË´úÌæ¹ýÆÚTLSºÍ̸ÅäÖõÄÁìµ¼ £¬ÒÔÔ¤·À¹¥»÷ÕßÀûÓÃÕâЩÅäÖýӼûÃô¸ÐÊý¾Ý¡£


https://www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/


5. RansomHubÐû³ÆÈëÇÖ´ó³ÇÊÐÈËÊÙ £¬±£ÏÕ¾ÞÍ··ñ¶¨


12ÔÂ31ÈÕ £¬RansomHub×éÖ¯Ðû³ÆÔÚÐÂÄêǰϦÈëÇÖÁËÈ«Çò×î´ó±£ÏÕ¡¢Äê½ðºÍÔ±¹¤¸£Àû´òËãÌṩÉÌÖ®Ò»µÄ´ó³ÇÊÐÈËÊÙ±£ÏÕ¹«Ë¾(MetLife) £¬²¢ÔÚÆä°µÍø²©¿ÍÉϰ䲼Á˹¥»÷ÐÅÏ¢ £¬Ðû³ÆÇÔÈ¡ÁË1TBÃô¸ÐÊý¾Ý¡£È»¶ø £¬´ó³ÇÊÐÈËÊÙ·ñ¶¨²úÉúÀÕË÷Èí¼þ¹¥»÷ £¬½öÈ·ÈÏÆä×Ó¹«Ë¾Fondo GenesisÔÚ¶ò¹Ï¶à¶ûÔâ·êÍøÂçÊÂÎñ £¬ÇÒÓëÆóҵϵͳ·Ö¸ôÔËÓª¡£RansomHub°ä²¼µÄÑù±¾Îļþ¶àΪÎ÷°àÑÀÓï £¬¾Ý´§Ä¦À´µÃÒâ³ÇÊÐÈËÊÙÀ­¶¡ÃÀÖÞ·Ö²¿¡£´ó³ÇÊÐÈËÊÙÔÚÈ«Çò115¸ö¹ú¶ÈΪ³¬¹ý1ÒÚ¿Í»§Ìṩ·þÎñ £¬ÆäÖÐÔ̺¬1000ÍòÃÀ¹úÒÔ±íµØÓò¿Í»§¡£´Ë±í £¬Æ¾¾ÝÒÔÉ«ÁÐÍøÂ簲ȫ¹«Ë¾Hudson Rock 11 Ô·ݵĻ㱨 £¬Ò»ÃûºÚ¿Íй¶Á˽ü60ÍòÌõ¾Ý³ÆÊôÓÚ´ó³ÇÊÐÈËÊÙµÄÊý¾Ý¼Í¼ £¬×êÑÐÈËÔ±ÒÉ»óÕâÓë MOVEit ·ì϶ÓÐ¹Ø £¬µ«´ó³ÇÊÐÈËÊÙ·ñ¶¨ÓëCl0pÀÕË÷Èí¼þ×éÖ¯µÄMOVEitºÚ¿Í¹¥»÷ÓйØ¡£


https://cybernews.com/news/metlife-latin-america-claimed-by-ransomhub-group/


6. ÒÔÌ«·»¿ª·¢ÈËÔ±Ôâ·êÀûÓöñÒânpm°üµÄ¸´ÔÓ¹©¸øÁ´¹¥»÷


1ÔÂ2ÈÕ £¬¾ÝSocket×êÑÐÍŶÓÅû¶ £¬ÒÔÌ«·»¿ª·¢ÈËÔ±ÒѳÉΪ¸´ÔÓ¹©¸øÁ´¹¥»÷µÄÖ¸±ê £¬¹¥»÷ÕßÀûÓÃÈËÃǶԿªÔ´Éú̬ϵͳµÄÐÅÀµ £¬ÔÚnpmÉú̬ϵͳÖа䲼ÁËÖÁÉÙ20¸ö¶ñÒâHardhat²å¼þ £¬ÕâЩ²å¼þÃû³ÆÓëºÏ·¨Èí¼þ°üºÍ×éÖ¯ÀàËÆ £¬ÀýÈç@nomisfoundation/hardhat-configureºÍhardhat-deploy-others £¬ÆäÖÐһλ×÷ÕßµÄÏÂÔØÁ¿³¬¹ý1,000´Î¡£ÕâЩ¶ñÒâÈí¼þ°üÐû³ÆÄܹ»¼ÓÇ¿¹¤×÷Á÷³Ì £¬ÊµÔò°ÂÃØÇÔÈ¡ÊÜϰȾµÄ¿ª·¢»·¾³ÖеÄÃô¸ÐÊý¾Ý £¬ÈçÖú¼Ç·ûºÍ˽ԿµÈ¡£¹¥»÷Õßѡȡ¶àµµ´ÎÕ½Êõ £¬Ô̺¬´ÓHardhatÔËÐл·¾³ÖÐÌáÈ¡¹Ø¼üÐÅÏ¢ £¬Ê¹ÓÃAESÃÜÔ¿¼ÓÃÜÊý¾Ý²¢´«Êäµ½¹¥»÷Õß½ÚÔìµÄ¶Ëµã £¬ÒÔ¼°ÀûÓÃÒÔÌ«·»ÖÇÄܺÏÔ¼¶¯Ì¬¼ìË÷ºÅÁîÓë½ÚÔ죨C2£©·þÎñÆ÷µØÖ· £¬ÊµÏÖC2»ù´¡ÉèÊ©µÄÈ¥ÖÐÐÄ»¯ºÍ²»³É´Û¸Ä¸öÐÔ £¬Ôö³¤ÁË·ÛËéÄѶÈ¡£Õâ´Î»î¶¯¸øÒÔÌ«·»¿ª·¢ÉçÇø´øÀ´Á˳Á´ó·çÏÕ £¬Ç¿µ÷ÁË¿ªÔ´Éú̬ϵͳÖеݲȫÎÊÌâ¡£


https://securityonline.info/supply-chain-attack-on-ethereum-developers-via-malicious-npm-packages/