Ó¢ÃÀ°ÄÁªºÏÐû²¼2020Äê³£±»ÀûÓé¶´µÄÄþ¾²×Éѯ£»Ñо¿ÈËÔ±½«Åû¶Hyper-VÖдúÂëÖ´ÐЩ¶´µÄÏêϸÐÅÏ¢

Ðû²¼Ê±¼ä 2021-07-30

1.Ó¢ÃÀ°ÄÁªºÏÐû²¼2020Äê³£±»ÀûÓé¶´µÄÄþ¾²×Éѯ


1.jpg


ÃÀ¹ú¡¢Ó¢¹úºÍ°Ä´óÀûÑÇÍøÂçÄþ¾²»ú¹¹ÁªºÏÐû²¼Ò»·ÝÁªºÏÅû¶2020Äê³£±»ÀûÓé¶´ £¬¸Ã×Éѯ°üÂÞÿ¸ö©¶´µÄ¼¼Êõϸ½Ú £¬ÀýÈçËðº¦Ö¸±ê(IoCs)ÒÔ¼°ÕâЩ©¶´µÄ»º½â´ëÊ©¡£×Éѯָ³ö £¬2020Äê×î¾ßÕë¶ÔÐÔµÄËĸö©¶´Ó°ÏìÁËÔ¶³ÌÊÂÇé¡¢vpn»ò»ùÓÚÔÆ¼¼Êõ¡£ÕâЩ©¶´°üÂÞMicrosoft ExchangeÖеÄCVE-2021-26855ºÍCVE-2021-26857µÈ¡¢Pulse SecureÖеÄCVE-2021-22893ºÍCVE-2021-22894µÈ £¬ÒÔ¼°VMwareÖеÄCVE-2021-21985µÈ©¶´¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/120644/hacking/top-routinely-flaws-exploited.html


2.ProofpointÅû¶ÒÁÀʺڿÍÕë¶Ô¹ú·À³Ð°üÉ̵Ĺ¥»÷»î¶¯


2.jpg


Äþ¾²¹«Ë¾ProofpointÅû¶ÒÁÀʺڿÍÕë¶Ô¹ú·À³Ð°üÉ̵Ĺ¥»÷»î¶¯¡£ÕâȺºÚ¿ÍÀûÓÃÉ罻ýÌåÆ½Ì¨ £¬ÌرðÊÇFacebook £¬ÇÔÈ¡º½¿Õ·ÀÎñ³Ð°üÉÌÔ±¹¤µÄµÇ¼ƾ֤¡£ProofpointÑо¿ÈËÔ±Ö¸³ö £¬´Ë´Î¹¥»÷»î¶¯ÖÁÉÙÁ¬ÐøÁË18¸öÔ £¬ºÚ¿Íαװ³ÉÀ´×ÔÓ¢¹úÀûÎïÆÖµÄ½¡ÃÀ²Ù½ÌÁ· £¬Ä¿±êÊÇÃÀ¹ú¡¢Ó¢¹úºÍÅ·ÖÞµÄԼĪ200Ãû¾üÊÂÈËÔ±ÒÔ¼°º½¿Õº½ÌìºÍ³Ð°üÉÌ¡£Ä¿Ç° £¬ÓÐÖ¤¾Ý±íÃ÷´Ë´Î»î¶¯ÓëTA456Óйأ¨Ò²±»³ÆÎªTortoiseshell£© £¬¶ø¸ÃÍÅ»ïÓëÒÁÀʾüʲ¿ÃÅ¡°ÒÁ˹À¼¸ïÃüÎÀ¶Ó¡±(IRGC)¹ØÏµÃÜÇС£


Ô­ÎÄÁ´½Ó£º

https://www.hackread.com/hackers-malware-aerospace-defense-contractor/


3.PKPLUGÍÅ»ïÀûÓÃжñÒâÈí¼þTHORÕë¶Ô¶«ÄÏÑǵÄ×éÖ¯


3.jpg


Unit 42Ñо¿ÍŶӷ¢ÏÖºÚ¿ÍÍÅ»ïPKPLUGÀûÓÃжñÒâÈí¼þTHORÕëµÄ»î¶¯¡£PKPLUG(ÓÖÃûMustang Panda£©ÊÇÒ»¸ö¼äµý×éÖ¯ £¬Ö÷ÒªÕë¶Ô¶«ÄÏÑǵÄÄ¿±ê¡£THORΪ¶ñÒâÈí¼þPlugXµÄ±äÌå £¬Æä×îÔç¿ÉÒÔ×·Ëݵ½2019Äê8Ô¡£PKPLUGʹÓÃÁËÒ»ÖÖÃûΪ¡°living off the land¡±µÄ¼¼ÊõÀ´Èƹý²¡¶¾¼ì²â²¢Ãé×¼Microsoft Exchange·þÎñÆ÷ £¬Ê×ÏÈÀûÓúϷ¨µÄ¿ÉÖ´ÐÐÎļþ £¬ÈçBITSAdmin £¬´ÓGitHub´æ´¢¿âÏÂÔØÒ»¸öÃûΪAro.datµÄÎÞº¦Îļþ¡£Aro.datÒ»µ©±»¼ÓÔØµ½ÄÚ´æÖоͿªÊ¼×Ô¼º½â°ü £¬²¢¿ªÊ¼ÓëC2·þÎñÆ÷ͨÐÅ¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/120636/malware/chinese-cyberspies-thor-rat.html


4.Ñо¿ÈËÔ±½«Åû¶Hyper-VÖдúÂëÖ´ÐЩ¶´µÄÏêϸÐÅÏ¢


4.jpg


Ñо¿ÈËÔ±HarpazºÍHadar¼Æ»®ÔÚ8ÔÂ4ÈյĺÚñÄþ¾²»áÒéÉϽéÉÜHyper-VÖдúÂëÖ´ÐЩ¶´ £¬ÒÔ¼°ÈçºÎʹÓÃÄÚ²¿Ä£ºý·¨Ê½hAFL1·¢ÏÖÕâ¸ö©¶´¡£¸Ã©¶´¸ú×ÙΪCVE-2021-28476 £¬ÆÀ·ÖΪ9.9 £¬¿Éµ¼Ö¾ܾø·þÎñ»òÔÚÖ÷»úÉÏÖ´ÐÐÈÎÒâ´úÂë¡£ËüÔÚ2019Äê8ÔÂÊ״ηºÆð £¬²¢ÓÚ½ñÄê5ÔÂÊÕµ½Á˲¹¶¡¡£Ñо¿ÈËÔ±³Æ £¬ËäÈ»Azure·þÎñ²»»á·ºÆðÕâ¸öÎÊÌâ £¬µ«Ò»Ð©µ±µØHyper-V²¿ÊðÈÔÈ»ÈÝÒ×Êܵ½¹¥»÷ £¬¶ø´óÁ¿¹ÜÀíÔ±²¢Î´ÔÚ²¹¶¡Ðû²¼Ê±¾Í¸üÐÂWindowsϵͳ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/critical-microsoft-hyper-v-bug-could-haunt-orgs-for-a-long-time/


5.IBM SecurityÐû²¼2021ÄêÊý¾Ýй¶³É±¾µÄ·ÖÎö³ÂËß


5.jpg


IBM SecurityÐû²¼ÁË2021ÄêÊý¾Ýй¶³É±¾µÄ·ÖÎö³ÂËß¡£³ÂËßÖ¸³ö £¬³ÂËßÔ¤¼Æ £¬2021ÄêÆóÒµÔâÓöÒ»´ÎµäÐÍÊý¾Ýй¶Ê¹ʣ¨Éæ¼°1000-10ÍòÌõ¼Ç¼£©µÄ³É±¾Îª424ÍòÃÀÔª £¬±È2020Äê¸ß³ö10%¡£¶ø¶ÔÓÚÄÇЩÑÏÖØµÄʹÊ £¬¼ÈÓ°ÏìÁË5000ÍòÖÁ6500Íò¼Ç¼µÄ¶¥¼¶ÆóÒµ¹«Ë¾ £¬ÔòÐèÒªÖ§¸¶¸ü¸ßµÄ´ú¼Û¡ª¡ªÆ½¾ùÒª»¨·Ñ4.01ÒÚÃÀÔª¡£IBM³Æ £¬½ÓÄÉ»ùÓÚÈ˹¤ÖÇÄÜ(AI)Ëã·¨¡¢»úÆ÷ѧϰ¡¢·ÖÎöºÍ¼ÓÃܵÄÄþ¾²½â¾ö·½°¸µÄ¹«Ë¾¶¼½µµÍÁËDZÔÚÈëÇÖËðʧ £¬Æ½¾ùΪ¹«Ë¾½ÚÊ¡ÁË125Íòµ½149ÍòÃÀÔª¡£


Ô­ÎÄÁ´½Ó£º

https://www.ibm.com/security/data-breach


6.±±°®¶ûÀ¼DoH³ÆÆäCOVIDCert NI·þÎñµÄÓû§ÐÅÏ¢ÒÑй¶


6.jpg


±±°®¶ûÀ¼ÎÀÉú²¿(DoH)³ÆÆäCOVIDCert NI·þÎñй¶²¿ÃÅÓû§µÄÐÅÏ¢¡£COVIDCert NI·þÎñÖ÷ÒªÓÃÓÚΪ±±°®¶ûÀ¼µÄµÄ½ÓÖÖÕß·¢±íÈ·ÈÏÆäCOVID-19ÒßÃç½ÓÖÖ״̬µÄÊý×ÖÖ¤Êé £¬¸Ã²¿ÃÅÌåÏÖ £¬ÔÚijЩÇé¿öϸ÷þÎñ»áÏòһЩÓû§ÏÔʾÆäËûÓû§µÄÊý¾Ý¡£Ä¿Ç°¸Ã·þÎñµÄÍøÕ¾covidcertni.nidirect.gov.ukºÍÒÆ¶¯Ó¦Óö¼´¦ÓڹرÕ״̬ £¬¶ø±±°®¶ûÀ¼ÎÀÉú²¿ÕýÔÚŬÁ¦½â¾öÕâÒ»ÎÊÌâ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/northern-ireland-suspends-vaccine-passport-system-after-data-leak/