ÐÅÏ¢°²È«Öܱ¨-2018ÄêµÚ42ÖÜ

°ä²¼¹¦·ò 2018-10-22

Ò»¡¢±¾Öܰ²È«Ì¬ÊÆ×ÛÊö


2018Äê10ÔÂ15ÈÕÖÁ21ÈÕ¹²ÊÕ¼°²È«·ì϶57¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇLibssh CVE-2018-10933·þÎñÆ÷Éí·ÝÑéÖ¤ÈÆ¹ý·ì϶ £»Pivotal Spring Security OAuthȨÏÞÌáÉý·ì϶ £»Dell EMC Secure Remote ServicesȨÏÞÌáÉý·ì϶ £»Opto 22 PAC Control CVE-2018-14807»º³åÇøÒç¶Âí½Å £»HPE Intelligent Management Center PLAT´úÂëÖ´Ðзì϶¡£

±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇÃÀ¹ú·À²¿£¨Îå½Ç´óÂ¥£©Ô¼3ÍòÃûÔ±¹¤µÄ¹Û¹â¼Í¼й¶ £»ÎÚ¿ËÀ¼µ±¾Ö»ú¹¹ÔÙÔâAPT×éÖ¯BlackEnergyÏ®»÷ £»³¬¹ý3500ÍòÃÀ¹úÑ¡ÃñµÄ¼Í¼ÔÚºÚ¿ÍÂÛ̳ÉÏÏúÊÛ £»±±¿¨ÂÞÀ´ÄÉÖÝË®ÎñϵͳÔâÀÕË÷Èí¼þ¹¥»÷ £¬FBIÒÑȾָµ÷²é £»×êÑÐÍŶӷ¢ÏÖÕë¶ÔÎÚ¿ËÀ¼ºÍ²¨À¼ÄÜÔ´¹«Ë¾µÄÐÂAPT×éÖ¯GreyEnergy¡£

ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾Öܰ²È«ÍþвΪÖС£

¶þ¡¢³ÁÒª°²È«·ì϶Áбí


1. Libssh CVE-2018-10933·þÎñÆ÷Éí·ÝÑéÖ¤ÈÆ¹ý·ì϶


Libsshͨ¹ýÏò·þÎñÆ÷ÌṩSSH2_MSG_USERAUTH_SUCCESSÐÂÎÅÀ´°ü°ì·þÎñÆ÷Õý³£Æô½âÀ·ÝÑéÖ¤µÄSSH2_MSG_USERAUTH_REQUESTÐÂÎÅʱ´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬ÎÞÐèÑé֤δÊÚȨ½Ó¼û¡£


https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

2. Pivotal Spring Security OAuthȨÏÞÌáÉý·ì϶


Pivotal Spring Security OAuth´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬ÌáÉýȨÏÞ¡£

https://pivotal.io/security/cve-2018-15758

3. Dell EMC Secure Remote ServicesȨÏÞÌáÉý·ì϶


Dell EMC Secure Remote ServicesÔ̺¬¶à¸öÓµÓÐÈ«¾Ö¿É¶ÁȨÏÞµÄÅäÖÃÎļþ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬ÌáÉýȨÏÞ¡£


https://www.dellemc.com/

4. Opto 22 PAC Control CVE-2018-14807»º³åÇøÒç¶Âí½Å

Opto 22 PAC Control´æÔÚ»º³åÇøÒç¶Âí½Å £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉʹÀûÓ÷¨Ê½»òÖ´ÐÐËÁÒâ´úÂë¡£


https://www.opto22.com/support/resources-tools/knowledgebase/kb87547

5. HPE Intelligent Management Center PLAT´úÂëÖ´Ðзì϶


HPE Intelligent Management Center PLAT´æÔÚ°²È«·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÖ´ÐÐËÁÒâ´úÂë¡£


https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03901en_us

Èý¡¢³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢ÃÀ¹ú·À²¿£¨Îå½Ç´óÂ¥£©Ô¼3ÍòÃûÔ±¹¤µÄ¹Û¹â¼Í¼й¶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

ÃÀ¹ú¹ú·À²¿£¨Îå½Ç´óÂ¥£©µÄ²¿Ãžü·½ºÍÎÄÖ°ÈËÔ±µÄÓ×ÎÒÐÅÏ¢ºÍÐÅÓþ¿¨Êý¾Ýй¶ £¬Ô¼3ÍòÈËÊܵ½Ó°Ïì¡£ÕâÒ»Êý¾Ýй¶ÊÂÎñ¿ÉÄܲúÉúÔÚ¼¸¸öÔÂǰ £¬µ«Ö±µ½×î½ü²Å±»·¢ÏÖ¡£¸ÃÊÂÎñÉæ¼°µ½Ò»¼ÒΪ¹ú·À²¿Ìṩ·þÎñµÄµÚÈý·½¹©¸øÉÌ £¬Ä¿Ç°¸Ã¹©¸øÉ̵ÄÉí·ÝÒÀÈ»²»Ã÷È·¡£ÕâÒ»ÊÂÎñÒÀÈ»ÔÚ½øÒ»²½µÄµ÷²éÖ®ÖÐ £¬µ«Ã»ÓÐÈκλúÃÜÐÅÏ¢Ô⵽й¶¡£

Ô­ÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/77097/data-breach/pentagon-travel-records-data-breach.html

2¡¢ÎÚ¿ËÀ¼µ±¾Ö»ú¹¹ÔÙÔâAPT×éÖ¯BlackEnergyÏ®»÷

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÎÚ¿ËÀ¼°²È«¾Ö£¨SBU£©°µÊ¾×î½ü¶íÂÞ˹APT×éÖ¯BlackEnergyÔÙ´ÎÕë¶ÔÎÚ¿ËÀ¼µ±¾Ö»ú¹¹µÄÐÅϢϵͳºÍµçÐÅϵͳÌáÒé¹¥»÷¡£SBUר¼ÒÖ¸³ö £¬¹¥»÷ÕßʹÓÃÁËеĶñÒâÈí¼þ £¬ÆäÖ°ÄÜÔ̺¬Ô¶³ÌÖÎÀí²Ù×÷ϵͳÒÔ¼°Îļþ¸´Ôì¡¢¼à¿ØÓû§ÐÐΪºÍÀ¹½ØÃÜÂëµÈ¡£Æ¾¾ÝSBUºÍÒ»¸ö°²È«³§É̵ĵ÷²é £¬¹¥»÷ÖÐÉæ¼°µ½µÄ¶ñÒâÈí¼þÊÇIndustroyerºóÃŵÄбäÌå¡£´Ë±í £¬SBU»¹·¢ÏÖÁËÊôÓÚ¸ÃAPT×éÖ¯µÄ¶ÀÓй¤¾ß¡£


Ô­ÎÄÁ´½Ó£º
https://www.ukrinform.net/rubric-crime/2557323-russian-hackers-mount-cyberattack-on-ukraines-state-bodies.html

3¡¢³¬¹ý3500ÍòÃÀ¹úÑ¡ÃñµÄ¼Í¼ÔÚºÚ¿ÍÂÛ̳ÉÏÏúÊÛ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


±¾ÖÜÒ»Anomali LabsºÍIntel 471µÄ×êÑÐÈËÔ±ÔÚ°µÍøÂÛ̳ÉÏ·¢ÏÖÒ»¸öÔ̺¬´óÁ¿Ñ¡ÃñÊý¾ÝµÄÊý¾Ý¿âÔÚÏúÊÛ¡£¸ÃÊý¾Ý¿âÔ̺¬À´×Ô19¸öÖݵĶà´ï3500ÍòÌõÑ¡Ãñ¼Í¼¡£ÕâЩ¼Í¼Ô̺¬ÐÕÃû¡¢µç»°ºÅÂ롢סַ¡¢Í¶Æ±º¹ÇàºÍÆäËüͶƱÊý¾ÝµÈ¡£×êÑÐÈËÔ±¶Ô¸ÃÊý¾Ý¿âµÄÑù±¾½øÐÐÁËÉó²é £¬È·ÈÏÕâЩÊý¾ÝÓÐЧ²¢ÇÒ¸ÃÊý¾Ý¿âÓµÓи߶ȵĿÉÐŶÈ¡£¼øÓÚÃÀ¹ú2018ÄêµÄÖÐÆÚÑ¡¾Ù¼´½«µ½À´ £¬ÕâЩй¶µÄÊý¾Ý¿ÉÄܱ»¹¥»÷ÕßÓÃÀ´·ÛËéÑ¡¾Ù»ò½øÐÐÉí·Ý͵ÇԵȶñÒâ»î¶¯¡£


Ô­ÎÄÁ´½Ó£º
https://threatpost.com/up-to-35-million-2018-voter-records-for-sale-on-hacking-forum/138295/

4¡¢±±¿¨ÂÞÀ´ÄÉÖÝË®ÎñϵͳÔâÀÕË÷Èí¼þ¹¥»÷ £¬FBIÒÑȾָµ÷²é

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


±¾ÖÜÒ»ONWASA£¨°ºË¹Â幩ˮºÍÎÛË®ÖÎÀí¾Ö£©°ä²¼ÐÂÎųÆ £¬±±¿¨ÂÞÀ´ÄÉÖÝË®ÎñϵͳµÄÄÚ²¿ÍÆËã»úϵͳ£¨Ô̺¬·þÎñÆ÷ºÍÓ×ÎÒµçÄÔ£©Ôâµ½ÀÕË÷Èí¼þEmotet¹¥»÷¡£ONWASAûÓÐÅû¶¾ßÌåµÄÊê½ð½ð¶î¡£¸Ã¹¥»÷²úÉúÔÚ10ÔÂ4ÈÕ £¬Çé¿öËæºóÒѵõ½½ÚÔì¡£¹ÌȻûÓпͻ§ÐÅÏ¢ÔÚÕâ´Î¹¥»÷ÖÐÊܵ½Ó°Ïì £¬µ«ÐíÎÞÊý¾Ý¿â±ØÒª³Á½¨¡£Ä¿Ç°FBI¡¢ºÓɽ°²È«ÊýºÍ±±¿¨ÂÞÀ´ÄÉÖݵ±¾ÖÒÑȾָµ÷²é¡£


Ô­ÎÄÁ´½Ó£º
https://www.securityweek.com/feds-investigate-after-hackers-attack-water-utility

5¡¢×êÑÐÍŶӷ¢ÏÖÕë¶ÔÎÚ¿ËÀ¼ºÍ²¨À¼ÄÜÔ´¹«Ë¾µÄÐÂAPT×éÖ¯GreyEnergy

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ESET×êÑÐÍŶӷ¢ÏÖÒ»¸öеÄAPT×éÖ¯GreyEnergy £¬¸ÃAPT×éÖ¯±»ÒÔΪÊÇBlackEnergyµÄ¼Ì³ÐÕß¡£ÔÚ´ÓǰÈýÄêÄÚ £¬GreyEnergyÖØÒªÕë¶ÔÎÚ¿ËÀ¼ºÍ²¨À¼µÄÄÜÔ´¹«Ë¾µÈ¸ß¼ÛÖµÖ¸±ê¡£GreyEnergyµÄ¶ñÒâÈí¼þ¿ò¼ÜÓëBlackEnergyÓµÓкöàÀàËÆÖ®´¦¡£×êÑÐÈËÔ±²¢Ã»Óй۲쵽רÃÅÕë¶ÔICSµÄ¶ñÒâÈí¼þÄ£¿é £¬µ«GreyEnergyµÄ¹¥»÷Õ½ÊõÒ»ÏòÊÇÕë¶Ô¹Ø¼ü»ù´¡ÉèÊ©ÖеÄSCADA¹¤×÷Õ¾ºÍ·þÎñÆ÷µÈ¡£


Ô­ÎÄÁ´½Ó£º
https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/


ÉêÃ÷£º±¾×ÊѶÓÉ28ȦάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù