CISA½«Wing FTP·þÎñÆ÷ÐÅϢй¶·ì϶ÁÐÈëKEVĿ¼

°ä²¼¹¦·ò 2026-03-17

1. CISA½«Wing FTP·þÎñÆ÷ÐÅϢй¶·ì϶ÁÐÈëKEVĿ¼


3ÔÂ16ÈÕ £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÈÕ½«Wing FTP·þÎñÆ÷·ì϶£¨±àºÅCVE-2025-47813 £¬CVSSÆÀ·Ö4.3£©ÕýʽÄÉÈëÆäÒÑÖªÀûÓ÷ì϶£¨KEV£©Ä¿Â¼¡£¸Ã·ì϶ÊôÓÚÐÅÏ¢ÐÂäįàÐÍ £¬Ó°ÏìWing FTP Server 7.4.4֮ǰµÄËùÓа汾 £¬¾ßÌå´æÔÚÓÚloginok.htmlÒ³ÃæµÄWebÉí·ÝÑéÖ¤Á÷³ÌÖС£Æ¾¾ÝCISA°ä²¼µÄ²¼¸æ £¬µ±¹¥»÷ÕßÏò·þÎñÆ÷·¢ËÍÔ̺¬³¬³¤ÖµµÄUID cookieʱ £¬»á´¥·¢loginok.htmlÒ³Ãæ·µ»ØÃýÎóÐÅÏ¢ £¬´Ó¶øÐ¹Â¶·þÎñÆ÷µÄÆëÈ«±¾µØ×°ÖÃõè¾¶¡£Ö»¹Ü¸Ã·ì϶ÎÞ·¨Ö±½Óµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÐ £¬µ«Ð¹Â¶µÄÎļþϵͳ¾ßÌåÐÅÏ¢¿ÉÄܱ»ÓÃÓÚ¿úËŻ £¬½ø¶ø¸¨ÖúÖ´ÐÐõè¾¶±éÀú¹¥»÷¡¢ÎļþÔ̺¬¹¥»÷µÈºóÐø¹¥»÷¼¿Á© £¬¶Ôϵͳ°²È«×é³ÉDZÔÚÍþв¡£Æ¾¾ÝÓµÓÐÔ¼ÊøÁ¦µÄ²Ù×÷Ö¸ÁBOD£©22-01¡¶½µµÍÒÑÖª·ì϶±»ÀûÓõijÁ´ó·çÏÕ¡·µÄÒªÇó £¬Áª¹úÃñÊÂÖ´ÐÐίԱ»á£¨FCEB£©ÏÂÊô»ú¹¹±ØÐëÔÚ2026Äê3ÔÂ30ÈÕǰʵÏָ÷ì϶µÄ½¨¸´¹¤×÷ £¬ÒÔ·À±¸KEVĿ¼ÖмͼµÄ·ì϶±»¶ñÒâÀûÓá£


https://securityaffairs.com/189530/security/u-s-cisa-adds-a-flaw-in-wing-ftp-server-to-its-known-exploited-vulnerabilities-catalog.html


2. Laundry Bear APT×éÖ¯ÀûÓÃDRILLAPPºóÃŹ¥»÷ÎÚ¿ËÀ¼»ú¹¹


3ÔÂ16ÈÕ £¬S2 GroupÆìϵý±¨ÍŶÓLAB52½üÈÕÅû¶ £¬Ò»¸öÃûΪDRILLAPPµÄÐÂÐͺóÃŻÕýÕë¶ÔÎÚ¿ËÀ¼×éÖ¯Ö´Ðй¥»÷¡£¸Ã»î¶¯ÓÚ2026Äê2Ô±»·¢ÏÖ £¬Óë¶íÂÞ˹֧³ÖµÄLaundry Bear APT×éÖ¯£¨±ðÃûUAC-0190¡¢Void Blizzard£©´æÔÚ¹ØÁª £¬Åú×¢¸Ã×éÖ¯³ÖÐø¶ÔÎÚ¿ËÀ¼½øÐÐÍøÂç¼äµý»î¶¯¡£¹¥»÷ÕßÀûÓÃMicrosoft Edgeä¯ÀÀÆ÷µÄµ÷ÊÔÖ°Äܶã±Ü¼ì²â¡£µÚÒ»¸öDRILLAPP±äÖÖͨ¹ýLNKÎļþ´«²¼ £¬ÔÚһʱÎļþ¼ÐÖд´½¨HTMLÎļþ £¬¼ÓÔØÀ´×Ôpastefy.appµÄ»ìºÏ¾ç±¾¡£µö¶üÖ÷Ì⺭¸ÇStarlink×°ÖÃͼÏñµ½Come Back Alive´È±¯ÒªÇó¡£ä¯ÀÀÆ÷ÒÔÎÞͷģʽִÐÐ £¬ÆôÓÃ-no-sandbox¡¢-disable-web-securityµÈ²ÎÊý £¬×Ô¶¯ÊÚÓèÉãÏñÍ·¡¢Âó¿Ë·çºÍÆÁÄ»²¶»ñȨÏÞ £¬ÎÞÐèÓû§½»»¥¡£¹¥»÷Õß¿Éͨ¹ýWebSocket C2·þÎñÆ÷½øÐÐÔ¶³Ì½ÚÔì £¬ÌìÉúÉè±¸Ö¸ÎÆ²¢¼ì²âÌØ°´Ê±Çø¡£µÚ¶þ¸ö±äÖÖ½«LNKÎļþ´úÌæÎªCPLÎļþ £¬µö¶üÔ̺¬±øÆ÷½É»ñ»ã±¨ºÍÎÚ¿ËÀ¼¹ú¶ÈÉó¼ÆÊðÄÏ·½°ì¹«ÊÒÎļþ¡£¸Ã±äÖÖÐÂÔöµÝ¹éÎļþÁÐ±í¡¢ÅúÁ¿ÉÏ´«ºÍÔ¶³ÌÎļþÏÂÔØÖ°ÄÜ¡£¹¥»÷ÕßÀûÓÃChrome DevTools ProtocolÈÆ¹ýJavaScriptÏÂÔØÏÞ¶È £¬Í¨¹ýremote-debugging¶Ë¿ÚÅú¸ÄÏÂÔØõè¾¶²¢×¢Èë¾ç±¾·ÂÕÕÓû§µã»÷¡£


https://securityaffairs.com/189519/malware/russia-linked-apt-uses-drillapp-backdoor-to-spy-on-ukrainian-targets.html


3.Ò½ÁÆ»úеÈ˹«Ë¾IntuitiveÔâ´¹µö¹¥»÷ÖÂÊý¾Ýй¶


3ÔÂ16ÈÕ £¬Ò½ÁÆ»úеÈËÊÖÊõ¼¼Êõ¹«Ë¾Intuitive½üÈÕ°ä·¢ £¬Î´¾­ÊÚȨµÄ¹¥»÷Õßͨ¹ý´¹µö¹¥»÷ÇÔȡԱ¹¤Æ¾Ö¤ºó £¬³É¹¦ÈëÇÔì䲿ÃÅÄÚ²¿ITÒµÎñÀûÓ÷¨Ê½¡£¸Ã¹«Ë¾ÊÇ»úеÈ˸¨¸±ÊÖÊõƽ̨ȷµ±ÏÈÔì×÷ÉÌ £¬ÖØÒª²úÆ·Ô̺¬da VinciÊÖÊõϵͳºÍÓÃÓڷλî¼ìµÄIonÇ»ÄÚϵͳ¡£Ð¹Â¶µÄÊý¾ÝÔ̺¬²¿Ãſͻ§ÒµÎñºÍÁªÏµÐÅÏ¢ £¬ÒÔ¼°IntuitiveÔ±¹¤ºÍÆóÒµÊý¾Ý¡£¹«Ë¾°µÊ¾ £¬Õâ´ÎÍøÂçÈëÇÖ¶ÔÆä»úеÈËϵͳƽ̨»òʹÓÃÆäϵͳµÄҽԺûÓÐÔì³ÉÔËÓªÓ°Ïì¡£IntuitiveÇ¿µ÷ £¬Æä»úеÈËϵͳռÓжÀÁ¢µÄ°²È«ºÍ̸ £¬Ó빫˾ÄÚ²¿ÒµÎñÍøÂçÏ໥¸ôÀë¡£Intuitive°µÊ¾ÒÑ¶ÔÆäÍøÂç»ù´¡ÉèÊ©½øÐзֶÎ £¬ËùÓÐÖ§³ÖÄÚ²¿ITÒµÎñϵͳ¡¢Ôì×÷ÔËÓªºÍÊý×Ö²úÆ·µÄ»ù´¡ÉèÊ©¾ùά³Ö¶ÀÁ¢¡£ÓÉÓÚÕâÖÖÍøÂç·Ö¶Î´ëÊ© £¬¹«Ë¾µÄda Vinci¡¢IonºÍÊý×Ôì½Ì¨Î´ÊÜÕâ´Îй¶ӰÏì £¬³ÖÐø°²È«ÔËÐС£Ò½Ôº¿Í»§ÍøÂçÓëIntuitiveÍøÂçά³Ö¶ÀÁ¢ £¬Óɿͻ§ITÍŶÓÖÎÀíºÍ±£»¤ £¬Òò¶øÒ²Î´ÊÜÓ°Ïì¡£·¢ÏÖÈëÇÖºó £¬IntuitiveÒѲÉÈ¡´¹Î£´ëÊ©½ÚÔìй¶²¢·¢Õ¹µ÷²é £¬Ä¿Ç°µ÷²éÈÔÔÚ½øÐÐÖС£


https://www.theregister.com/2026/03/16/robotics_surgical_biz_intuitive_discloses/


4. Ò½ÁƿƼ¼¾ÞÍ·StrykerÔâºÚ¿Í¹¥»÷ÖÂÊýÍòÉ豸±»²Á³ý


3ÔÂ16ÈÕ £¬Ò½ÁƼ¼Êõ¾ÞÍ·Stryker½üÈÕÅû¶ £¬ÉÏÖܲúÉúµÄÍøÂç¹¥»÷½öÏÞÓÚÆäÄÚ²¿Microsoft»·¾³ £¬¹¥»÷ÕßÔ¶³Ì²Á³ýÁËÊýÍǫ̀Ա¹¤É豸¡£¸Ã¹«Ë¾ÖÜÈÕ¸üаµÊ¾ £¬ËùÓÐÒ½ÁÆÉ豸¾ù¿É°²È«Ê¹Óà £¬µ«µç×Ó¶©¹ºÏµÍ³ÈÔÀëÏß £¬¿Í»§Ðèͨ¹ýÏúÊÛ´ú±íÊÖ¶¯Ïµ¥¡£StrykerÇ¿µ÷Õâ´ÎÊÂÎñ²¢·ÇÀÕË÷Èí¼þ¹¥»÷ £¬ÍþвÐÐΪÕßδÔÚÆäϵͳÉϲ¿ÊðÈκζñÒâÈí¼þ¡£¹¥»÷ÕßHandalaºÚ¿Í×éÖ¯Ðû³Æ²Á³ýÁ˳¬¹ý20Íǫ̀ϵͳ¡¢·þÎñÆ÷ºÍÒÆ¶¯É豸 £¬²¢ÇÔÈ¡ÁË50TBÊý¾Ý £¬µ«µ÷²éÈËԱδ·¢ÏÖÊý¾Ý±íй¼£Ïó¡£¹¥»÷²úÉúºó £¬¶à¹úStrykerÔ±¹¤Í¶Ë߯äÍйÜÉ豸ÔÚÒ»Ò¹Ö®¼ä±»Ô¶³Ì²Á³ý¡£²¿ÃŽ«Ó×ÎÒÉ豸½ÓÈë¹«Ë¾ÍøÂçµÄÔ±¹¤ÔÚ²Á³ý¹ý³ÌÖÐÃÔʧÁËÓ×ÎÒÊý¾Ý¡£ÊìϤ¹¥»÷µÄÐÂÎÅÈËʿй© £¬ÍþвÐÐΪÕßÀûÓÃMicrosoftÔÆ¶Ë¶ËµãÖÎÀí·þÎñIntuneÖеIJÁ³ýºÅÁî £¬ÔÚ3ÔÂ11ÈÕUTC¹¦·ò5:00ÖÁ8:00Ö®¼ä²Á³ýÁ˽ü8Íǫ̀É豸¡£¹¥»÷ÕßÔÚÈëÇÖÖÎÀíÔ¹ØË»§²¢´´½¨ÐµÄÈ«¾ÖÖÎÀíÔ¹ØË»§ºóÖ´ÐÐÁ˴˲Ù×÷¡£¹«Ë¾ÕýÓëÈ«ÇòÔì×÷»ùµØºÏ×÷Ó¦¶ÔDZÔÚÔËÓªÓ°Ïì £¬µ±Ç°ÓÅÏÈÊÂÏîÊǸ´Ô­¹©¸øÁ´ÏµÍ³²¢¸´Ô­¿Í»§¶©µ¥ºÍÔËÊä¡£


https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/


5. Microsoft Exchange Online¹ÊÕÏÖÂÓû§ÎÞ·¨½Ó¼ûÓÊÏä


3ÔÂ16ÈÕ £¬Microsoft½üÈÕÈ·ÈÏÆäExchange Online·þÎñ²úÉú¹ÊÕÏ £¬µ¼Ö¿ͻ§ÎÞ·¨½Ó¼ûÓÊÏäºÍÈÕÀú¡£¸Ã¹«Ë¾ÔÚUTC¹¦·òÉÏÎç6:42ÈÏ¿ÉÎÊÌâ £¬°µÊ¾ÔÚµ÷²é²¿ÃÅÓû§Í¨¹ýÒ»ÖÖ»ò¶àÖÖÏνӲ½Öè½Ó¼ûExchange OnlineÓÊÏäʱÓöµ½µÄÎÊÌ⡣ƾ¾ÝMicrosoft 365ÖÎÀíÖÐÐĸüР(EX1253275) £¬Outlook on the web¡¢Outlook×ÀÃæ¿Í»§¶Ë¡¢Exchange ActiveSync¼°ÆäËûExchange OnlineÏνӺÍ̸¾ùÊܴ˹ÊÕÏÓ°Ïì¡£Microsoft°µÊ¾Ò£²âÊý¾ÝÏÔʾÊÜÓ°ÏìÓû§µÄÎÊÌâÒѲ»ÔÙ²úÉú £¬¹¤³Ìʦ³ÖÐø¼à¿Ø·þÎñ½¡È«Çé¿öÒÔÆÀ¹ÀÊÇ·ñ±ØÒª²ÉÈ¡¶î±í´ëʩȷά³ÖÐø¸´Ô­ £¬µ«¿Í»§ÈԻ㱨ÎÞ·¨½Ó¼ûµç×ÓÓʼþ¡£¹ÊÕϲúÉúǰ £¬Office.comÃÅ»§ÍøÕ¾ÔøÏÔʾ"±§À¢ £¬³öÏÖÎÊÌâ £¬Çë³¢ÊÔË¢ÐÂÒ³Ãæ"µÄÃýÎóÐÅÏ¢¡£Microsoft»¹ÔÚµ÷²éÁíÒ»¶ÀÁ¢¹ÊÕÏ £¬¸Ã¹ÊÕÏÓ°ÏìMicrosoft 365 CopilotÍøÒ³µÇÂ¼Ò³Ãæ¼°office.com/chat¡¢m365.cloud.microsoft¡¢m365.cloud.microsoft/chatºÍcopilot.cloud.microsoftµÈCopilotÍøÒ³¿Í»§¶Ë¡£


https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-blocks-access-to-mailboxes/


6. AWS Bedrock´úÂëÚ¹ÊÍÆ÷·ì϶¿ÉÖÂÃô¸ÐÊý¾Ýй¶


3ÔÂ16ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±·¢ÏÖAmazon Web Services(AWS) ¹¤¾ßÖдæÔÚÒ»¸ö·ì϶ £¬¹¥»÷Õß¿ÉÀûÓø÷ì϶ÇÔÈ¡¹«Ë¾Ãô¸ÐÊý¾Ý¡£BeyondTrustÆìÏÂPhantom LabsµÄ×êÑÐÈËÔ±½«µ÷²é³Áµã·ÅÔÚAWS Bedrock AgentCore Code InterpreterÉÏ¡£AWS BedrockÊÇÓÃÓÚ¹¹½¨AIÀûÓ÷¨Ê½µÄƽ̨ £¬¶øAgentCore Code InterpreterÔÊÐí̸Ìì»úеÈ˱àдºÍÔËÐдúÂëÒÔÖ´ÐÐÊý¾Ý·ÖÎöºÍÍÆËãµÈ¹¤×÷¡£Îª±£»¤ÏµÍ³°²È« £¬AWSʹÓÃSandboxģʽ×÷ΪÊý×Ö¸ôÀëÊÒ £¬×èÖ¹AI´úÂëÓë±í²¿ÊÀ½çͨѶ¡£È»¶ø £¬Ê×ϯ×êÑÐÔ±Kinnaird McQuade·¢ÏÖ £¬Ö»¹ÜɳºÐ×èÖ¹ÁË´ó²¿ÃÅÁ÷Á¿ £¬µ«ÈÔÔÊÐíDNS²éÎÊ £¬³ö¸ñÊÇAºÍAAAA¼Í¼¡£×êÑÐÈËÔ±Ö¤Ã÷ £¬¹¥»÷Õ߿ɽ«ÇÔÈ¡µÄÊý¾Ý»ò°ÂÃØºÅÁî°µ²ØÔÚÕâЩDNSÒªÇóÖС£ÍŶӹ¹½¨ÁËÒ»¸öϵͳ £¬Í¨¹ýÕâЩ²éÎÊÔËÐÐÊý¾Ý £¬Óë±»¸ôÀëµÄAI½øÐÐʵʱ˫ÏòͨѶ £¬ÓÐÐ§ÈÆ¹ýÁËAWS³ÐŵµÄ°²È«¸ôÀë¡£AWS½¨ÒéÇл»ÖÁVPCģʽÒÔ»ñµÃ¸üºÃ½ÚÔì £¬²¢È·±£AI¹¤¾ß½öÕ¼ÓÐ×îµÍ±ØÒªÈ¨ÏÞ¡£


https://hackread.com/data-leak-risk-in-aws-bedrock-ai-code-interpreter/