安全研究 Safety research
Atomic Stealer伪装为Mac版Microsoft Teams,通过谷歌广告传播 https://www.malwarebytes.com/blog/threat-intelligence/2024/07/fake-microsoft-teams-for-mac-delivers-atomic-stealer MuddyWater组织部署新Bugsleep后门以针对以色列 https://research.checkpoint.com/2024/new-bugsleep-backdoor-deployed-in-recent-muddywater-campaigns/ Braodo Stealer信息窃取程序瞄准越南等国 https://www.cyfirma.com/research/braodo-info-stealer-targeting-vietnam-and-abroad/ MirrorFace组织针对日本制造业和研究机构实施钓鱼攻击活动 https://blogs.jpcert.or.jp/en/2024/07/mirrorface-attack-against-japanese-organisations.html 恶意软件活动滥用RDPWrapper和Tailscale来攻击加密货币用户 https://cyble.com/blog/new-malware-campaign-abusing-rdpwrapper-and-tailscale-to-target-cryptocurrency-users/
发布时间: 2024 - 07 - 17
Adobe Coldfusion存在路径遍历漏洞 https://packetstormsecurity.com/files/99380/Adobe-ColdFusion-Directory-Traversal.html Cisco Ios_xr存在安全漏洞 https://exchange.xforce.ibmcloud.com/vulnerabilities/61443 Microsoft多款产品存在漏洞 https://www.cybersecurity-help.cz/vdb/SB2021091445 Sonicwall多款产品存在SQL注入漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202108-422 Php等厂商的多款产品存在跨界内存写漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-201910-1456
发布时间: 2024 - 07 - 17
Postgresql存在特权放弃/降低错误漏洞 https://access.redhat.com/security/cve/cve-2024-0985 Google Android存在整数溢出或超界折返漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202406-1628 Openvpn存在危险类型文件的不加限制上传漏洞 https://community.openvpn.net/openvpn/wiki/CVE-2024-27903 Juniper Junos存在资源穷尽漏洞 https://nvd.nist.gov/vuln/detail/CVE-2023-36841 Fortinet多款产品存在OS命令注入漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202310-700
发布时间: 2024 - 07 - 15
Microsoft SmartScreen漏洞CVE-2024-21412遭到活跃利用 https://cyble.com/blog/increase-in-the-exploitation-of-microsoft-smartscreen-vulnerability-cve-2024-21412/ 微软补丁日通告:2024年7月版 https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul CloudSorcerer:采用云服务传递数据的新型黑客组织 https://securelist.com/cloudsorcerer-new-apt-cloud-actor/113056/ 未知攻击者使用零日漏洞CVE-2024-38112下发恶意负载 https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/  以地区运输办公室为主题的钓鱼活动瞄准印度安卓用户 https://cyble.com/blog/regional-transport-office-phishing-scam-targets-android-users-in-india/?&web_view=true
发布时间: 2024 - 07 - 15
Fasterxml等厂商的多款产品存在可信数据的反序列化漏洞 https://www.auscert.org.au/bulletins/ESB-2020.1766/ Splunk多款产品存在Xpath盲注漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202311-1496 Vmware Hyperic_server存在可信数据的反序列化漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202211-2653 Redhat多款产品存在使用欺骗进行的认证绕过漏洞 https://www.cve.org/CVERecord?id=CVE-2024-5037 Google等厂商的多款产品存在类型混淆漏洞 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG/
发布时间: 2024 - 07 - 08
Rejetto HTTP File Server未授权RCE漏洞被用于投递恶意程序 https://asec.ahnlab.com/ko/67509/ Andariel组织向韩国国防和制造业分发Xctdoor恶意软件 https://asec.ahnlab.com/en/67558/ 未知攻击者瞄准亚洲国家的电信行业 https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia 伪装成破解程序和商业工具的新型恶意软件正在传播 https://asec.ahnlab.com/en/67502/ 具备后门功能的蠕虫病毒欺骗用户以感染移动磁盘 https://mp.weixin.qq.com/s/P_WqwkTT7ppjyXagQjo6PA
发布时间: 2024 - 07 - 08
俄罗斯多个行业遭到ReaverBits组织攻击 https://www.facct.ru/blog/reaverbits/ Kimsuky组织部署TRANSLATEXT扩展以针对韩国学术界 https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 微软Office漏洞CVE-2021-40444用于部署MerkSpy信息窃取程序 https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems Poseidon窃取程序通过Google广告感染Mac用户 https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads Unfurling Hemlock:向多国传播大量恶意软件以牟取经济利益 https://outpost24.com/blog/unfurling-hemlock-cluster-bomb-campaign/#introducing-unfurling-hemlock
发布时间: 2024 - 07 - 03
Samsung Android存在安全漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-34593 Hanwhavision多款产品存在对异常条件检查或处理不恰当漏洞 https://nvd.nist.gov/vuln/detail/CVE-2023-5038 Mkdocs存在路径遍历漏洞 https://github.com/nisdn/CVE-2021-40978/issues/1 Statamic存在安全漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202202-966  Baomidou Mybatis-plus存在SQL注入漏洞 https://github.com/baomidou/mybatis-plus/issues/4407
发布时间: 2024 - 07 - 03
韩国ERP服务器遭攻击者部署VPN程序 https://asec.ahnlab.com/ko/66581/ 嵌入二维码的伪造公文被用于针对中国公民 https://cyble.com/blog/rising-wave-of-qr-code-phishing-attacks-chinese-citizens-targeted-using-fake-official-documents/ 韩国医疗机构遭遇挖矿攻击 https://asec.ahnlab.com/ko/66860/ 攻击者诱导用户复制并执行Powershell脚本 https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn 疑似巴基斯坦黑客组织UTA0137向印度政府传播DISGOMOJI恶意软件 https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/
发布时间: 2024 - 06 - 19
Microsoft多款产品存在释放后使用漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-30080 Totolink多款产品存在命令注入漏洞 https://cxsecurity.com/cveshow/CVE-2023-51016/ Mariadb等厂商的多款产品存在资源穷尽漏洞 https://access.redhat.com/security/cve/CVE-2023-5157 Netapp等厂商的多款产品存在越界读取漏洞 https://packetstormsecurity.com/files/174154/Ubuntu-Security-Notice-USN-6285-1.html Mongodb等厂商的多款产品存在越界读取漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-5629
发布时间: 2024 - 06 - 19
Qemu存在整数溢出或超界折返漏洞 http://www.securityfocus.com/bid/108434 Luajit等厂商的多款产品存在类型混淆漏洞 https://www.cve.org/CVERecord?id=CVE-2019-19391 Redhat多款产品存在开放式重定向漏洞 https://bugzilla.redhat.com/show_bug.cgi?id=2251407 Apple多款产品存在跨界内存写漏洞https://security.gentoo.org/glsa/202401-04 Authlib存在密码学签名的验证不恰当漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202406-830
发布时间: 2024 - 06 - 17
微软补丁日通告:2024年6月版https://msrc.microsoft.com/update-guide/releaseNote/2024-Jun More_eggs恶意软件通过求职网站瞄准工业服务行业 https://www.esentire.com/blog/more-eggs-activity-persists-via-fake-job-applicant-lures 短信钓鱼团伙Smishing Triad攻击范围扩展至巴基斯坦 https://www.resecurity.com/blog/article/smishing-triad-is-targeting-pakistan-to-defraud-banking-customers-at-scale Muhstik恶意软件瞄准Apache RocketMQ平台 https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Sticky Werewolf以视频会议邀请为诱饵攻击俄罗斯航空航天行业 https://blog.morphisec.com/sticky-werewolfs-aviation-attacks
发布时间: 2024 - 06 - 17
Netgsm存在授权机制缺失漏洞https://nvd.nist.gov/vuln/detail/CVE-2024-35672Softlabbd Integrate_google_drive存在认证机制不恰当漏洞https://wordpress.org/plugins/integrate-google-drive/#developersSamsung多款产品存在漏洞https://semiconductor.samsung.com/support/quality-support/product-security-updates/Redislabs Redis存在安全漏洞https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202109-1327Pax多款产品存在竞争条件漏洞https://drive.google.com/drive/u/0/folders/14X-XTYhkiaIVBS3zf68VigG4-imbKEuV
发布时间: 2024 - 06 - 12
UAC-0200利用DarkCrystal RAT恶意软件攻击乌克兰关键组织https://cert.gov.ua/article/6279561ExCobalt组织持续开发GoRed后门以攻击俄罗斯公司https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/ex-cobalt-go-red-tehnika-skrytogo-tunnelya/#id29SSLoad恶意软件技术剖析https://intezer.com/blog/research/ssload-technical-malware-analysis/Silver Fox组织ValleyRAT木马最新变体披露https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat#indicators-of-compromise--iocs-针对西班牙语人群的新Agent Tesla活动追踪https://www.fortinet.com/blog/threat-research/new-agent-tesla-campaign-targeting-spanish-speaking-people
发布时间: 2024 - 06 - 12
Anji-plus Report存在服务器端请求伪造漏洞https://github.com/anji-plus/report/issues/15Cacti等厂商的多款产品存在关键功能的认证机制缺失漏洞https://nvd.nist.gov/vuln/detail/CVE-2023-31132Google等厂商的多款产品存在越界读取漏洞 https://packetstormsecurity.com/files/174563/Debian-Security-Advisory-5491-1.htmlTenda多款产品存在栈缓冲区溢出漏洞https://www.tendacn.com/us/download/detail-3851.html Sonicwall多款产品存在OS命令注入漏洞https://cxsecurity.com/cveshow/CVE-2022-22273/
发布时间: 2024 - 06 - 11
俄罗斯APT28利用HeadLace恶意软件渗透欧洲关键网络https://www.cybernewsgroup.co.uk/2024/05/31/russian-hackers-target-europe-with-headlace-malware-credential-harvesting/攻击者假冒巴林政府官方服务程序窃取用户数据https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-bahrain-government-android-app-steals-personal-data-used-for-financial-fraud/NiceRAT正通过僵尸网络感染主机https://asec.ahnlab.com/ko/66040/Chalubo木马被用于破坏性活动,导致60万个路由器离线https://blog.lumen.com/the-pumpkin-eclipse/FaCai团伙通过某翻译软件的引流服务实施钓鱼攻击https://mp.weixin.qq.com/s/SsXfrYYjToet4TBxLprCGA
发布时间: 2024 - 06 - 11
Git存在链接跟随漏洞 https://www.cve.org/CVERecord?id=CVE-2024-32002 Oracle Weblogic_server存在安全漏洞 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html  Atlassian多款产品存在漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202405-4060  Opendental存在安全漏洞 http://www.securityfocus.com/bid/92780 Dlink多款产品存在命令注入漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-3273
发布时间: 2024 - 06 - 05
俄罗斯APT28利用HeadLace恶意软件渗透欧洲关键网络 https://www.cybernewsgroup.co.uk/2024/05/31/russian-hackers-target-europe-with-headlace-malware-credential-harvesting/ PikaBot加载器分析 https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/ 攻击者假冒巴林政府官方服务程序窃取用户数据 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-bahrain-government-android-app-steals-personal-data-used-for-financial-fraud/ NiceRAT正通过僵尸网络感染主机 https://asec.ahnlab.com/ko/66040/ Konni黑客组织使用俄罗斯政府软件安装包进行攻击 https://mp.weixin.qq.com/s/3GhWv3wsiAIZTClDBJxG-g
发布时间: 2024 - 06 - 05
Mitsubishi多款产品存在不恰当的资源关闭或释放漏洞 https://www.cve.org/CVERecord?id=CVE-2022-33324 Apache Activemq存在认证机制不恰当漏洞 https://www.openwall.com/lists/oss-security/2023/11/28/1 Javs Javs_viewer存在嵌入式恶意代码漏洞 https://www.cnnvd.org.cn/home/globalSearch?keyword=CNNVD-202405-4238 Checkpoint多款产品存在信息暴露漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-24919 Microsoft多款产品存在跨界内存写漏洞 https://packetstormsecurity.com/files/154096/Microsoft-Font-Subsetting-DLL-MakeFormat12MergedGlyphList-Heap-Corruption.html
发布时间: 2024 - 06 - 03
Moonstone Sleet组织瞄准区块链、AI等多个行业https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/Hellhounds组织持续攻击俄罗斯https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/Sapphire Werewolf组织瞄准俄罗斯关键行业下发窃密程序https://bi.zone/expertise/blog/sapphire-werewolf-ottachivaet-izvestnyy-stiler-dlya-novykh-atak/Anatsa:Google商店中活跃的Android银行恶意软件https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-googleAllaSenha:一个针对拉丁美洲地区的ALLAKORE银行木马变体https://harfanglab.io/en/insidethelab/allasenha-allakore-variant-azure-c2-steal-banking-latin-america/
发布时间: 2024 - 06 - 03
友情连接:
免费服务热线 ree service hotline 400-613-1868 手机端
法律声明 Copyright  西安交大捷普网络科技有限公司  陕ICP备18022218号-1

陕公网安备 61019002000857号

犀牛云提供云计算服务