×êÑÐÈËÔ±Åû¶ʷÉÏ×î´ó¹æÄ£Êý¾Ýй¶  £¬160ÒڵǼƾ֤ÔâÇÔÈ¡

°ä²¼¹¦·ò 2025-06-20

1. ×êÑÐÈËÔ±Åû¶ʷÉÏ×î´ó¹æÄ£Êý¾Ýй¶  £¬160ÒڵǼƾ֤ÔâÇÔÈ¡


6ÔÂ19ÈÕ  £¬×êÑÐÈËÔ±°ä·¢·¢ÏÖÊ·ÉÏ×î´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ  £¬Ð¹Â¶µÇ¼ƾ֤ÊýÁ¿¸ß´ï160ÒÚ·Ý ¡£¸Ãµ÷²éÓÚ½ñÄêÔçЩʱ³½Æô¶¯  £¬ÏÔʾÕâЩƾ֤ÊÇͨ¹ý¶àÖÖÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þÍøÂç¶øÀ´ ¡£Cybernews×êÑÐÈËÔ±»ã±¨³Æ  £¬Õâ´Îй¶ÓÉÀ´×Ô¸÷ƽ̨µÄ30¸öº£Á¿Ð¹Â¶Êý¾Ý¼¯×é³É  £¬×ܼÆÂ¶³ö160ÒÚÌõµÇ¼¼Í¼ ¡£³ýһ·´ËǰÒѻ㱨µÄ°¸Àý±í  £¬ÆäÓà29¸öй¶Êý¾Ý¼¯¾ùΪз¢ÏÖ  £¬ÇÒÐÂй¶ÊÂÎñ²»ÐÝÓ¿ÏÖ  £¬Í¹ÏÔÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ´«²¼ÁìÓòÖ®¹ã ¡£È»¶ø  £¬Â¶³öµÄÊý¾Ý¼¯Ö»ÄܶÌÔݽӼû  £¬´ó²¿ÃŶ³öÔÚ²»°²È«µÄElasticsearch»ò´æ´¢Ê·ýÉÏ ¡£×êÑÐÈËÔ±Ö¸³ö  £¬Õâ²»½öÊÇйÃÜ  £¬¸üÊÇ´ó¹æÄ£ÀûÓõÄÀ¶Í¼  £¬ÍøÂç·¸×ï·Ö×ÓÈç½ñÕ¼ÓÐǰËùδÓеÄÓ×ÎÒÆ¾Ö¤½Ó¼ûȨÏÞ  £¬¿ÉÓÃÓÚÕË»§ÊÕÊÜ¡¢Éí·Ý͵ÇԺ;«×¼ÍøÂç´¹µö ¡£ÓÈÆäÁîÈËÓÇÓôµÄÊÇÕâЩÊý¾Ý¼¯µÄ½á¹¹ºÍнüÐÔ  £¬ËüÃDz¢·ÇÖ»ÊǾɷì϶±»³ÁÐÂÀûÓà  £¬¶øÊÇȫеġ¢¿É´ó¹æÄ£±øÆ÷»¯µÄµý±¨ ¡£CyberNews´§Ä¦  £¬Ð¹Â¶µÄ160Òڱʼͼ´ó²¿ÃÅÀ´×ÔÇÔÈ¡¶ñÒâÈí¼þ¡¢Æ¾Ö¤Ìî³äºÍ֮ǰµÄÎ¥¹æÐÐΪ  £¬ÕâЩÊý¾ÝÕë¶ÔApple¡¢Google¡¢FacebookµÈ·þÎñ ¡£


https://securityaffairs.com/179149/data-breach/researchers-discovered-the-largest-data-breach-ever-exposing-16-billion-login-credentials.html


2. а汾Android¶ñÒâÈí¼þGodfather½èÐé¹¹»¯ÇÔÈ¡Êý¾Ý


6ÔÂ19ÈÕ  £¬Ð°汾Android¶ñÒâÈí¼þGodfatherͨ¹ý´´½¨¸ôÀëÐé¹¹»·¾³  £¬¶ÔÈ«Çò500¶à¸öÒøÐÓ×¢¼ÓÃÜÇ®±ÒºÍµç×ÓÉÌÎñÀûÓ÷¨Ê½ÌáÒé¹¥»÷ ¡£¸Ã¶ñÒâÈí¼þÒÔAPK´ó¾Ö³öÏÖ  £¬ÄÚÖÃÐé¹¹»¯¿ò¼Ü  £¬ÀûÓÃVirtualAppÒýÇæºÍXposedµÈ¹¤¾ß½øÐйҹ³  £¬ÔÚÉ豸Éϼ¤»îºó  £¬»á²é³­²¢¸éÖÃÒÑ×°ÖõÄÖ¸±êÀûÓ÷¨Ê½µ½Ðé¹¹»·¾³ÖÐ  £¬Í¨¹ýStubActivityÔÚÖ÷»úÈÝÆ÷ÄÚÆô¶¯Ëü  £¬´Ó¶øÀ¹½Ø²¢½ÚÔìºÏ·¨ÀûÓ÷¨Ê½µÄÔËÐÐ ¡£Êܺ¦Õ߯ô¶¯ÕæÕýµÄÒøÐÐÀûÓ÷¨Ê½Ê±  £¬¶ñÒâÈí¼þ»áÀ¹½Ø²¢³Á¶¨Ïò¡°Intent¡±  £¬Æô¶¯Ðé¹¹°æ±¾  £¬Óû§¿´µ½µÄËäÊÇÕæÊµ½çÃæ  £¬µ«ËùÓÐÃô¸ÐÊý¾Ý¶¼¿ÉÄܱ»½Ù³Ö ¡£Í¨¹ýAPI¹Ò¹³  £¬¶ñÒâÈí¼þÄܼͼÕË»§Í´´¦¡¢ÃÜÂë¡¢PIN¡¢´¥ÃþÊÂÎñµÈ  £¬²¢Ôڹؼüʱ¿ÌÏÔʾÐéÎ±ËøÆÁ¸²¸Ç  £¬ÓÕÆ­Êܺ¦ÕßÊäÈëPIN/ÃÜÂë ¡£Ò»µ©Êý¾ÝÍøÂç½áÊø  £¬Ëü»áÆÚ´ý²Ù×÷Ô±ºÅÁîÖ´Ðи¶¿î/תÕ˵ȲÙ×÷  £¬ÆÚ¼äÏÔʾÐéα¡°¸üС±ÆÁÄ»»òºÚÆÁÒÔÔ¤·ÀÒÉ»ó ¡£×Ô2021Äê3Ô³õ´Î³öÏÖÒÔÀ´  £¬Godfather²»Ðݽø»¯  £¬×îа汾Óë֮ǰÏà±Å×ÐÁ˳Á´ó¸Ä½ø ¡£


https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/


3. ³¯ÏÊ×éÖ¯ÀûÓÃPylangGhost¶ñÒâÈí¼þ¹¥»÷¼ÓÃÜÐÐÒµÈËÊ¿


6ÔÂ19ÈÕ  £¬Ë¼¿ÆTalos×îÐÂ×êÑÐÏÔʾ  £¬Ò»ÏµÁÐÐÂÍøÂç¹¥»÷ÕýÀûÓÃÐéαÕÐÆ¸È¦Ì×  £¬Õë¶Ô¼ÓÃÜÇ®±ÒºÍÇø¿éÁ´ÐÐҵרҵÈËÊ¿ ¡£ÕâЩ¹¥»÷ÓëºÍ³¯ÏʽáÃ˵ġ°Famous Chollima¡±×éÖ¯ÓÐ¹Ø  £¬¸Ã×éÖ¯¼ÙÒâºÏ·¨¹«Ë¾  £¬ÓÕÆ­Êܺ¦Õß×°ÖüÙ×°³ÉÊÓÆµÇý¶¯·¨Ê½µÄ¶ñÒâÈí¼þ ¡£¸Ã×éÖ¯×Ô2024ÄêÖÐÆÚÒÔÀ´Ò»Ïò»îÔ¾  £¬´Ëǰ¾ÍÒÔÐéαÕÐÆ¸ÐÅÏ¢ºÍڲƭÐÔ¿ÚÊÔÁ÷³ÌµÈ¼¿Á©ÎÅÃû  £¬Èç½ñÐж¯Óú·¢¸´ÔÓ  £¬³öÏÖÐÂÐÍ»ùÓÚPythonµÄ¶ñÒâÈí¼þPylangGhost  £¬ËüÊÇ֮ǰGolangGhostľÂíµÄ±äÖÖ ¡£¹¥»÷Õßͨ¹ýÁªÏµÖ¸±êÇóÖ°Õß  £¬Ìṩ¿´ËƼÓÃÜÇ®±ÒÐÐÒµµÄְλ  £¬ÓÕµ¼Æä½øÈëÐéα¼¼ÊõÆÀ¹ÀÒ³Ãæ  £¬¸ÃÒ³Ãæ¸ß¶È·ÂÕÕÕæÊµÆóÒµ½çÃæ  £¬ÈçCoinbase¡¢RobinhoodµÈ³ÛÃû¹«Ë¾ ¡£Êܺ¦ÕßʵÏÖ²âÊÔºó  £¬»á±»ÒªÇó¼ÔìÊÓÆµ½éÉÜ  £¬²¢Í¨¹ý¸´ÔìÕ³ÌùºÅÁîµ½ÖÕ¶Ë×°Öá°ÊÓÆµÇý¶¯·¨Ê½¡±  £¬½ø¶øÏÂÔØÔ̺¬PylangGhostľÂíµÄ¶ñÒâZIPÎļþ ¡£¸Ã¶ñÒâÈí¼þ»á×ÔÐнâѹ²¢ÔÚºó¶ÜÔËÐÐ  £¬ÔÊÐí¹¥»÷ÕßÔ¶³Ì½Ó¼ûÉ豸  £¬ÍøÂçϵͳÐÅÏ¢¡¢ÏνӺÅÁîºÍ½ÚÔì·þÎñÆ÷  £¬½Ó¹Ü²¢Ö´ÐÐÔ¶³ÌºÅÁî¡¢»ñȡƾ֤¡¢ÇÔÈ¡ä¯ÀÀÆ÷Êý¾Ý  £¬Ô̺¬ÃÜÂëºÍ¼ÓÃÜÇ®°üÃÜÔ¿  £¬Õë¶Ô80¶àÖÖ·ÖÆçä¯ÀÀÆ÷À©´ó·¨Ê½  £¬ÇÒʹÓÃRC4¼ÓÃÜÓë·þÎñÆ÷ͨѶ  £¬¼ÓÃÜÃÜÔ¿ËæÊý¾Ý·¢ËÍ  £¬ËäÏÞ¶ÈÁ˰²È«ÐÔ  £¬µ«ÓÐÖúÓÚÈÚÈëͨÀýÁ÷Á¿  £¬Ôö³¤¼ì²âÄÑ¶È ¡£


https://hackread.com/n-korean-hackers-pylangghost-malware-crypo-job-scam/


4. Krispy KremeÔâPlayÀÕË÷Èí¼þ¹¥»÷  £¬³¬16ÍòÈËÐÅÏ¢ÔâÇÔ


6ÔÂ19ÈÕ  £¬ÃÀ¹úÌðÌðȦÁ¬ËøµêKrispy Kreme֤ʵ  £¬2024Äê11Ô²úÉúµÄÒ»Â·ÍøÂç¹¥»÷µ¼Ö³¬¹ý16ÍòÈ˵ÄÓ×ÎÒÐÅÏ¢±»ÇÔÈ¡ ¡£¸Ã¹«Ë¾ÔÚÈ«Çò40¸ö¹ú¶È/µØÓòÕ¼ÓдóÁ¿Ô±¹¤¡¢ÃŵêºÍ½ÓÈëµã  £¬²¢ÓëÂóµ±ÀͺÏ×÷ÔÚÈ«ÇòÊýǧ¼ÒÃŵêÏúÊÛ²úÆ· ¡£ÔÚÏòÃåÒòÖÝ×ܼì²ì³¤°ì¹«ÊÒÌá½»µÄÎļþÖÐ  £¬Krispy Kremeй©Õâ´ÎÊý¾Ýй¶ÊÂÎñÓ°ÏìÁË161,676ÈË  £¬µ«°µÊ¾Ã»ÓÐÖ¤¾ÝÅú×¢ÐÅÏ¢±»ÀÄÓà  £¬Ò²Î´½Óµ½Éí·Ý͵ÇÔ»òڲƭµÄ»ã±¨ ¡£Ö»¹Ü¹«Ë¾Î´Ð¹Â©¾ßÌåй¶µÄÊý¾ÝÀàÐÍ  £¬µ«Ìá½»¸øÂíÈøÖîÈûÖÝ×ܼì²ì³¤µÄÎļþÏÔʾ  £¬±»µÁÎļþÔ̺¬Éç»á°²È«ºÅÂë¡¢½ðÈÚÕË»§ÐÅÏ¢ºÍ¼ÝÊ»ÅÆÕÕÐÅÏ¢µÈÃô¸ÐÊý¾Ý ¡£Krispy KremeÓÚ11ÔÂ29ÈÕ¼ì²âµ½ITϵͳÉϵÄδ¾­ÊÚȨ»î¶¯  £¬²¢ÓÚ12ÔÂ11ÈÕÏòÃÀ¹ú֤ȯÂòÂôίԱ»áÅû¶ÁËÕâÒ»ÊÂÎñ¼°ÔÚÏß¶©¹ºÖжϵÄÇé¿ö ¡£¹«Ë¾²ÉÈ¡´ëÊ©¶ôÔìÎ¥¹æÐÐΪ  £¬²¢ÀñƸ±í²¿ÍøÂ簲ȫר¼ÒÆÀ¹À¹¥»÷Ó°Ïì ¡£PlayÀÕË÷Èí¼þÍÅ»ïÐû³Æ¶ÔÕâ´Î¹¥»÷ÕÆ¹Ü  £¬²¢³Æ´Ó¹«Ë¾ÍøÂçÖÐÇÔÈ¡ÁËÊý¾Ý  £¬Ô̺¬¡°¸öÈ˺ÍÓ×ÎÒ»úÃÜÊý¾Ý¡±µÈ  £¬ÔÚÓëKrispy Kreme½»ÉæÊ§°Üºó  £¬ÓÚ°µÍøÐ¹ÃÜÍøÕ¾Éϰ䲼ÁËÔ̺¬Êý°ÙGBÎĵµµÄµµ°¸ ¡£


https://www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/


5. Banana Squad½«¶ñÒâÈí¼þ°µ²ØÔÚÐéαµÄGitHub´æ´¢¿âÖÐ


6ÔÂ19ÈÕ  £¬ReversingLabs×êÑÐÈËÔ±·¢ÏÖÁËÒ»ÖÖÓÉ¡°Ïã½¶Ó×¶Ó¡±£¨Banana Squad£©×éÖ¯¸¨µ¼µÄÐÂÐ͹¥»÷²½Öè ¡£¸Ã×éÖ¯ÓÚ2023Äê10Ô³õ´Î±»Checkmarx×êÑÐÈËÔ±·¢ÏÖ  £¬ÒԵ󻬹¥»÷¼¿Á©Öø³Æ ¡£ReversingLabsÍŶÓÔÚGitHubÉÏ·¢ÏÖ60¶à¸öÐéαÏîÄ¿Îļþ¼Ð  £¬ÕâЩ¿´ËÆPython±àдµÄºÚ¿Í¹¤¾ßʵÔò±»Ä¾Âí²¡¶¾Ï°È¾  £¬Ô̺¬°µ²Ø¶ñÒâ´úÂë ¡£ÔçÔÚ2023Äê4Ô  £¬Ïã½¶Ó×¶Ó¾ÍÒÔ¸÷ÀàÓû§Ãû°ä²¼ÁËÊý°Ù¸ö¶ñÒâÈí¼þ°ü  £¬×¨ÎªWindowsµçÄÔÉè¼Æ  £¬Ö¼ÔÚÇÔÈ¡´óÁ¿Ãô¸ÐÊý¾Ý  £¬Ô̺¬µçÄÔ¡¢ÀûÓ÷¨Ê½¡¢ÍøÂçä¯ÀÀÆ÷ÐÅÏ¢  £¬ÉõÖÁͨ¹ý×ªÒÆ×ʽðÇÔÈ¡¼ÓÃÜÇ®±ÒÇ®°üÐÅÏ¢  £¬ÕâЩ¶ñÒâÈí¼þ°üÔÚ±»·¢ÏÖ²¢ÒƳýǰ±»ÏÂÔØ½ü75,000´Î ¡£2024Äê11Ô  £¬¸Ã×éÖ¯ÓÖÀûÓÃGitHub³¤´úÂëÐв»»»Ðм°Ôö³¤¿Õ¸ñµÄ¸öÐÔ  £¬½«¶ñÒâ´úÂëÍÆµ½ÆÁÄ»±í  £¬Ôö³¤·¢ÏÖÄÑ¶È  £¬ÇÒͨ³£Ê¹ÓÃÐéαÓû§ÕË»§ÍйÜÓк¦´æ´¢¿â ¡£


https://hackread.com/banana-squad-data-stealing-malware-github-repositories/


6. ÈðÒøÒòµÚÈý·½¹©¸øÉÌÔâÍøÂç¹¥»÷ÖÂ13ÍòÔ±¹¤ÐÅϢй¶


6ÔÂ19ÈÕ  £¬È«ÇòÒøÐÐÒµ¾ÞÍ·ÈðÒø¼¯ÍÅ£¨UBS£©ÒòµÚÈý·½¹©¸øÉÌChain IQÔâÍøÂç¹¥»÷¶ø²úÉúÊý¾Ýй¶ ¡£ÈðÒø½²»°ÈËÈ·ÈÏÊÂÎñ²úÉú  £¬µ«Ç¿µ÷¿Í»§Êý¾Ý¼°ÒµÎñÔËӪδÊÜÓ°Ïì  £¬²¢³ÆÒÑѸ¿ì²ÉÈ¡Ðж¯Ô¤·ÀÓ°Ïì ¡£È»¶ø  £¬ÈðʿýÌ塶ʱÆÚ±¨¡·±¨Â·  £¬ÀÕË÷×éÖ¯World LeaksÔÚ°µÍø¹«¿ªÁËÔ¼13ÍòÃûÈðÒøÔ±¹¤µÄ¾ßÌåÐÅÏ¢  £¬Ô̺¬µç»°ºÅÂ롢ְλ½ÇÉ«¡¢°ì¹«µØÖ·µÈ  £¬ÉõÖÁÉæ¼°Ê×ϯִÐйٵÄÖ±½Óµç»°ºÅÂë ¡£ÈðÒøÖ¤ÊµÉæÊ¹©¸øÉÌΪChain IQ  £¬ÁíÒ»¼Ò¿Í»§°Ù´ïÒøÐÐҲȷÈÏÔâ·êÊý¾Ýй¶  £¬µ«³Æ±»µÁÐÅÏ¢½öÉæ¼°ÒøÐй©¸øÉ̵ķ¢Æ±Êý¾Ý  £¬²»º¬¿Í»§×ÊÁÏ ¡£Chain IQÔÚÉêÃ÷ÖаµÊ¾  £¬¸Ã¹«Ë¾ÓëÁí±í19¼ÒÆóÒµÓÚ6ÔÂ12ÈÕÔâ·ê¡°È«ÇòÁìÓòÄÚǰËùδ¼û¡±µÄÍøÂç¹¥»÷  £¬²¿Ãſͻ§Êý¾Ý±»°ä²¼ÖÁ°µÍø ¡£ÍøÂ簲ȫר¼ÒÕë¶ÔÊÂÎñÓ°ÏìÌá³ö¶à³Á¾¯Ê¾  £¬Ô̺¬Êý¾Ýй¶µÄDZÔÚ·çÏÕ¿ÉÄÜÊýÖܺó²ÅÏÔ¶¡¢¹«¿ªÔ±¹¤ÐÅÏ¢¿ÉÄÜÇÖº¦ÒøÐÐÃûÓþÓë¿Í»§ÐÅÀµ  £¬ÒÔ¼°Ð¹Â¶Êý¾Ý¿ÉÄܱ»ÓÃÓÚÉç»á¹¤³Ì¹¥»÷ºÍ½ðÈÚڲƭ ¡£


https://www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/