¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20190313

°ä²¼¹¦·ò 2019-03-13
1¡¢F5 NetworksÒÔ6.7ÒÚÃÀÔªµÄ¼ÛÖµÊÕ¹ºNGINX

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


±¾ÖÜÒ»F5 Networks°ä·¢½«ÒÔ6.7ÒÚÃÀÔªµÄ¼ÛÖµÊÕ¹ºNGINX£¬Ë«·½¶­Ê»áÒѺË×¼Õâ´ÎÂòÂô£¬¸ÃÂòÂôÔ¤¼Æ½«ÓÚ2019ÄêµÚ¶þ¼¾¶ÈʵÏÖ ¡£NGINXÊÇÊÀ½çÉÏʹÓÃ×î¿í·ºµÄÍøÂç·þÎñÆ÷Èí¼þÖ®Ò»£¬F5 NetworksÃ÷È·°µÊ¾£¬ÊÕ¹ºÊµÏÖºóNGINXÆ·ÅÆ¼°Æä¾É½ðɽ×ܲ¿½«Î¬³Ö²»±ä£¬NGINXÊ×ϯִÐйÙRobertsonºÍÊ×´´ÈËIgor SysoevÒÔ¼°Maxim Konovalov½«³ÖÐø¸¨µ¼NGINX ¡£

   

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/03/f5-networks-acquires-nginx.html

2¡¢Õë¶ÔWordPressµÄй¥»÷º£³±£¬ÖØÒªÀûÓùºÎï³µ²å¼þÖеÄXSS·ì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Defiant×êÑÐÈËÔ±Mikey Veenstra·¢ÏÖÒ»¸öÕë¶ÔWordPress¹ºÎïÍøÕ¾µÄ¹¥»÷º£³±£¬¹¥»÷ÕßÀûÓùºÎï³µ²å¼þ¡°Abondoned Cart Lite for WooCommerce¡±ÖеÄXSS·ì϶£¬ÏòÍøÕ¾Ö²ÈëºóÃŲ¢»ñµÃÍøÕ¾µÄ½ÚÔìȨ ¡£¾Ý±¨Â·¸Ã²å¼þÒÑÔÚ³¬¹ý2Íò¸öWordPressÍøÕ¾ÉÏ×°Öà ¡£¹¥»÷ÕßÖ²ÈëµÄºóÃÅÔ̺¬Ò»¸öÖÎÀíÔ¹ØË»§woouserÒÔ¼°Ôڷǻ²å¼þÖÐÖ²ÈëµÄPHPºóÃÅ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/hackers-abuse-xss-vulnerability-in-cart-plugin-to-target-wordpress-based-shopping-sites-ff4b4019

3¡¢ÐÂÀÕË÷Èí¼þYatron£¬ÀûÓÃEternalBlueºÍDoublePulsar½øÐд«²¼

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

×êÑÐÈËÔ±A Shadow·¢ÏÖÐÂÀÕË÷Èí¼þYatronÔÚTwitterÉϽøÐÐÍÆ¹ã ¡£Yatron»áÔÚ¼ÓÃܵÄÎļþºó¸½¼Ó.YatronÀ©´óÃû£¬ÈôÊÇÊܺ¦ÕßÔÚ72Ó×ʱÄÚδ֧¸¶Êê½ð£¬Yatron»áÊÔͼɾ³ý¼ÓÃܵÄÎļþ ¡£Æ¾¾ÝGillespieµÄ˵·¨£¬¸ÃÀÕË÷Èí¼þÊÇ»ùÓÚHiddenTear£¬µ«Åú¸ÄÁ˼ÓÃÜËã·¨ ¡£Yatron»¹Ô̺¬EternalBlueºÍDoublePulsarµÄ·ì϶ÀûÓôúÂ룬ÓÃÓÚÏ°È¾Í³Ò»ÍøÂçÖÐµÄÆäËüWindows»úе ¡£Yatron±»×÷ΪRansomware-as-a-Service½øÐÐÍÆ¹ã£¬ÊÛ¼ÛΪ100ÃÀÔª ¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/yatron-ransomware-plans-to-spread-using-eternalblue-nsa-exploits/

4¡¢Î¢Èí°ä²¼3Ô°²È«¸üУ¬½¨¸´64¸ö·ì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿

΢ÈíÔÚ3ÔÂWindows°²È«¸üÐÂÖн¨¸´ÁË64¸ö·ì϶£¬ÆäÖÐÔ̺¬ÉÏÖܹȸèÌáµ½µÄ¿ÉÓëChrome 0day×éºÏÀûÓõÄWin 7 0day£¨CVE-2019-0808£©£¬ÒÔ¼°¿¨°Í˹»ùÍŶӷ¢ÏÖµÄÒѱ»»ý¼«ÀûÓõÄÌáȨ·ì϶£¨CVE-2019-0797£© ¡£´Ë±í£¬Î¢Èí»¹½¨¸´ÁËÁí±íÁ½¸öÒѱ»¹«¿ªÅû¶µÄ·ì϶£ºWindows»Ø¾ø·þÎñ·ì϶£¨CVE-2019-0754£©ºÍNuGet°üÖÎÀíÆ÷·ì϶£¨CVE-2019-0757£© ¡£¾ßÌå·ì϶ÁбíÇë²Î¿¼ÒÔÏÂÁ´½Ó ¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsoft-march-2019-patch-tuesday-includes-fixes-for-64-vulnerabilities/

5¡¢Adobe°ä²¼3Ô°²È«¸üУ¬½¨¸´Á½¸öËÁÒâ´úÂëÖ´Ðзì϶

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Adobe°ä²¼3Ô°²È«¸üУ¬½¨¸´ÁËPhotoshopºÍAdobe Digital EditionsÖеÄÁ½¸öËÁÒâ´úÂëÖ´Ðзì϶ ¡£ÆäÖзì϶£¨CVE-2019-7094£©ÊÇÓÉÇ÷Ïò¿Æ¼¼ZDIµÄ×êÑÐÈËÔ±·¢Ïֵģ¬¸Ã·ì϶ÒÑÔÚPhotoshop CC 19.1.8ºÍPhotoshop CC 20.0.4Öн¨¸´ ¡£ÁíÒ»¸ö·ì϶£¨CVE-2019-7095£©ÊÇÓÉalbalawi-s·¢Ïֵģ¬¸Ã·ì϶¿Éµ¼ÖÂËÁÒâ´úÂëÖ´ÐкÍÐÅϢй¶£¬²¢ÒÑÔÚAdobe Digital Editions 4.5.10.186048Öеõ½½¨¸´ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/adobe-releases-march-2019-security-fixes-for-photoshop-cc-and-digital-editions/

6¡¢×êÑÐÈËÔ±·¢ÏÖÈðʿѡ¾ÙͶƱϵͳ´æÔÚºóÃÅ£¬¿ÉÔÊÐíÅú¸ÄѡƱ

28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


×êÑÐÈËÔ±ÔÚеÄÈðÊ¿ÔÚÏßÑ¡¾ÙͶƱϵͳÖз¢ÏÖ°²È«·ì϶£¬¸Ã·ì϶¿ÉÔÊÐí¹¥»÷Õߴ۸ĺϷ¨Ñ¡Æ±¶ø²»±»·¢ÏÖ ¡£ÕâһϵͳÊÇÓÉÈðÊ¿ÓÊÕþ¹«Ë¾ºÍ°ÍÈûÂÞÄÇScytl¹«Ë¾ºÏ×÷¿ª·¢µÄ£¬×êÑÐÈËÔ±Ïò¸Ã¹«Ë¾ÌṩÁËPoC ¡£ÈðÊ¿ÓÊÕþÈ·ÈÏÁË×êÑÐÈËÔ±µÄ·¢ÏÖÁ˾Ö£¬²¢ÒªÇóScytl½¨¸´¸ÃÎÊÌâ ¡£¸Ã¹«Ë¾»¹°µÊ¾£¬ÀûÓÃÕâÒ»·ì϶±ØÒª»ñµÃÈðÊ¿ÓÊÕþµÄIT»ù´¡ÉèÊ©µÄ½Ó¼ûȨ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://motherboard.vice.com/en_us/article/zmakk3/researchers-find-critical-backdoor-in-swiss-online-voting-system

ÉêÃ÷£º±¾×ÊѶÓÉ28ȦάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù