Ó¢¹ú³¬¹ý5Íò¼ÒÖÐÓׯóÒµ¿ÉÄÜÒòÍøÂç¹¥»÷µ¹¹Ø£»¿ªÔ´·ÂÕÕÆ÷QEMU·ì϶¿Éµ¼ÖÂÐé¹¹»úÌÓÒÝ£»ImpervaÊý¾Ýй¶

°ä²¼¹¦·ò 2019-08-28

1.΢Èí³Æ¶à³ÁÉí·ÝÑéÖ¤¿É×èÖ¹99.9%µÄÕË»§ÈëÇÖ


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


΢Èí°µÊ¾ÎªÕÊ»§ÆôÓöà³ÁÉí·ÝÑéÖ¤£¨MFA£©¿É×èÖ¹99.9£¥µÄ×Ô¶¯¹¥»÷¡£ÕâÏÒé²»½öºÏÓÃÓÚMicrosoftÕÊ»§ £¬»¹ºÏÓÃÓÚÆäËüÈκÎÔÚÏßÍøÕ¾»ò·þÎñ¡£Ôü×ÒµÄ0.1%´ú±íÁËʹÓü¼Êõ½â¾ö¹æ»®²¶»ñMFAÁîÅÆµÄ¸´ÔÓ¹¥»÷ £¬ÓëÈÕ³£µÄ½©Ê¬ÍøÂçײ¿â¹¥»÷Ïà±È £¬ÕâЩ¹¥»÷ÈÔÏ൱º±¼û¡£Î¢ÈíµÄ½áÂÛÊÇ»ùÓÚÆäÔÆ·þÎñÿÌì¶¼Ôâµ½µÄ½ü3ÒÚ´ÎڲƭÐԵǼ³¢ÊÔ¡£5Ô·ݹȸèÒ²°ä·¢ÁËÀàËÆÓßÂÛ £¬¹È¸è°µÊ¾ÎªÆäGoogleÕÊ»§Ôö³¤Õһص绰ºÅÂ루ÒÔ¼°¼ä½ÓÆôÓöÌÐÅMFA£©µÄÓû§Äܹ»×èÖ¹100%µÄ×Ô¶¯»úеÈË¡¢99%µÄÅúÁ¿´¹µö¹¥»÷ÒÔ¼°66%µÄÕë¶ÔÐÔ¹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/


2.Ó¢¹ú³¬¹ý5Íò¼ÒÖÐÓׯóÒµ¿ÉÄÜÒòÍøÂç¹¥»÷µ¹¹Ø


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ƾ¾ÝGallagherµÄ×îÐÂ×êÑÐ £¬Ó¢¹ú³¬¹ý5Íò¼ÒÖÐÓ×ÐÍÆóÒµ¿ÉÄÜÒòÍøÂç¹¥»÷µ¼ÖÂÆÆ²ú¡£×êÑз¢ÏÖÈ¥ÄêÓÐ140Íò¼ÒÆóÒµÔâ·ê³Á´ó¹¥»÷ £¬×ܼƺÄ×Ê88ÒÚÓ¢°÷¡£½üËÄ·ÖÖ®Ò»£¨24£¥£©µÄÆóÒµÊÜΣ»úÊÂÎñµÄÓ°Ïì - ±ÈǰһÄêÔö³¤ÁË5%¡£¹ÌÈ»ÊÜÓ°ÏìÆóÒµµÄ¾ùÔȳɱ¾ÎªÔ¼6400Ó¢°÷ £¬µ«17£¥µÄÊÜ·ÃÕß°µÊ¾ËûÃDZ»ÆÈÆÆ·Ñ1ÍòÓ¢°÷ÒÔÉÏ £¬½ü¼«¶ÈÖ®Ò»£¨9£¥£©µÄÆóÒµÖ§¸¶³¬¹ý2ÍòÓ¢°÷¡£ËÄ·ÖÖ®Ò»£¨23£¥£©µÄÖÐÓׯóÒµ³ÆÈôÊÇΣ»úµ¼ÖÂËûÃÇÎÞ·¨ÂòÂô £¬ËûÃǽ«Ö»ÄÜ´æ»îÒ»¸öÔ¡£Gallagher¹À¼ÆÈôÊÇÔâ·êÕâÑùµÄ¹¥»÷ £¬½ñÄêÓ¢¹úÓÐ5.7Íò¼ÒÖÐÓׯóÒµ¿ÉÄÜÃæ¶Ôµ¹¹Ø·çÏÕ¡£


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/over-50000-uk-smes-could-collapse/


3.×êÑÐÈËÔ±ÔÚ613¸öÈȵãÍøÕ¾ÉÏ·¢ÏÖµã»÷½Ù³Ö¾ç±¾


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÔÚ±¾ÔÂÔçЩʱ³½°ä·¢µÄһƪÂÛÎÄÖÐ £¬Î¢Èí×êÑÐÔº¡¢Ïã¸ÛÖÐÎÄ´óѧ¡¢Ê×¶û¹úÁ¢´óѧºÍ±öϦ·¨ÄáÑÇÖÝÁ¢´óѧµÄѧÕßÃÇ·¢ÏÖ613¸öÈȵãÍøÕ¾Ï°È¾Á˵ã»÷½Ù³Ö¾ç±¾¡£×êÑÐÍŶӿª·¢ÁËÒ»¸öÃûΪObserverµÄ¹¤¾ß £¬ÓÃÓÚɨÃèAlexa Top 250000×îÊÜÓ­½ÓÍøÕ¾Áбí £¬¼ì²âÊÇ·ñ´æÔÚÈýÖÖÀàÐ͵ĶñÒâ¾ç±¾£º³¬Á´½Óµã»÷½Ù³Ö£»µ¥»÷ÊÂÎñ´¦ÖýٳÖ£»Í¨¹ýÊÓ¾õºýŪµã»÷½Ù³Ö¡£×êÑÐÈËÔ±¼ì²âµ½437¸öµÚÈý·½¾ç±¾½Ù³ÖÁË613¸öÈȵãÍøÕ¾µÄÓû§µã»÷ £¬ÕâÐ©ÍøÕ¾Ã¿ÌìµÄ½Ó¼ûÁ¿´ï½ü4300Íò´Î¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/clickjacking-scripts-found-on-613-popular-sites-academics-say/


4.з¸×ïÍÅ»ïLYCEUM¶Ô׼ʯÓͺÍÌìÈ»Æø¹«Ë¾


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


×êÑÐÈËÔ±·¢ÏÖÒ»¸öǰËùδ֪µÄз¸×ïÍÅ»ïLYCEUM £¬LYCEUMÔÚ2019Äê±»¹Û²ìµ½ÏòʯÓͺÍÌìÈ»Æø¹«Ë¾·¢ËÍ´øÓжñÒâExcel¸½¼þµÄ´¹µöÓʼþ¡£¸Ã¸½¼þÓÃÓÚ·Ö·¢DanBot £¬Ò»¸ö¿ÉÇÔȡʹ´¦¡¢ÕË»§ÐÅÏ¢ÒÔ¼°¼üÅ̼ͼµÄжñÒâÈí¼þ¡£×êÑÐÈËÔ±ÒÔΪLYCEUMÔçÔÚ2018Äê4ÔÂ¾ÍÆðÍ·»îÔ¾ £¬ÆäÓòÃû×¢²áÐÐΪ½²ÁËȻһ¸öÕë¶ÔÄÏ·ÇÖ¸±êµÄ¹¥»÷»î¶¯¡£2019Äê2Ô £¬×êÑÐÈËÔ±·¢ÏÖ¸Ã×éÖ¯µÄ¶ñÒ⹤¾ß°üÕë¶Ô°²È«³§É̹«¹²É¨Ãè·þÎñµÄ¿ª·¢ºÍ²âÊԻÓÐËùÔö³¤¡£2019Äê5Ô £¬¸Ã×éÖ¯Õë¶ÔÖж«µØÓòµÄʯÓͺÍÌìÈ»Æø¹«Ë¾ÌáÒéÁËÒ»ÂÖ¹¥»÷»î¶¯¡£¹ÌȻûÓгä·ÖµÄÖ¤¾Ý½øÐйéÒò £¬µ«LYCEUMʹÓõļ¸ÖÖ²½ÖèÀàËÆÓÚÓëÒÁÀʵ±¾Ö´æÔÚÁªÏµµÄAPT×éÖ¯Cobalt Gypsy¡£


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/


5.¿ªÔ´·ÂÕÕÆ÷QEMU·ì϶¿Éµ¼ÖÂÐé¹¹»úÌÓÒÝ


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


¿ªÔ´·ÂÕÕÆ÷QEMU±»ÆØ´æÔÚÒ»¸ö¿Éµ¼ÖÂÐé¹¹»úÌÓÒݵķì϶£¨CVE-2019-14378£©¡£Ó¡¶È×êÑÐÔ±Vishnu Devͨ¹ý´úÂëÉ󼯷¢ÏÖÁËÕâ¸ö·ì϶ £¬²¢ÔÚ²¹¶¡°ä²¼ÖÜΧºóÅû¶ÁË·ì϶ϸ½Ú¡£¸Ã·ì϶ÊÇÓëSlirpÓйصĶѻº³åÇøÒç¶Âí½Å £¬Æ¾¾ÝºìñµÄ°²È«²¼¸æ £¬ip_reass()º¯ÊýÔÚÕûºÏ´«ÈëµÄÊý¾Ý°üʱ £¬ÈôÊǵÚÒ»¸öƬ¶Î´óÓÚm->m_dat[]»º³åÇø £¬»á´¥·¢¸Ã·ì϶¡£¹¥»÷Õß¿ÉÀûÓô˷ì϶µ¼ÖÂQEMU¹ý³Ì±ÀÀ£ £¬²úÉú»Ø¾ø·þÎñ»òÒÔQEMU¹ý³ÌµÄȨÏÞÖ´ÐÐËÁÒâ´úÂë¡£QEMU±»ÒÔΪÊÇVMwareµÄÃâ·Ñ´úÌæÆ· £¬¿ÉÓÃÓÚ¶à¸öÖØÒªµÄLinux¿¯Ðаæ £¬Xen¡¢VirtualBoxºÍKVM¶¼Ê¹ÓÃÁ˸ÃÈí¼þ¡£


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/code-execution-flaw-qemu-mostly-impacts-development-test-vms


6.ImpervaÔâ·êÊý¾Ýй¶ £¬WAF²úÆ·¿Í»§ÐÅÏ¢ÆØ¹â


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


°²È«³§ÉÌImpervaÅû¶һ·Êý¾Ýй¶ÊÂÎñ £¬¸ÃÊÂÎñµ¼ÖÂÆäWAF²úÆ·µÄ²¿Ãſͻ§Ãô¸ÐÐÅÏ¢ÆØ¹â¡£ImpervaÊ×ϯִÐйÙChris Hylenй© £¬¸Ã¹«Ë¾ÔÚ2019Äê8ÔÂ20ÈÕÏàʶµ½ÕâÒ»ÊÂÎñ £¬ÆØ¹âµÄÊý¾ÝÔ̺¬2017Äê9ÔÂ15ÈÕ֮ǰע²áµÄËùÓÐCloud WAF¿Í»§µÄµç×ÓÓʼþµØÖ·ºÍ¼ÓÑιþÏ£ÃÜÂë £¬ÒÔ¼°Óû§µÄAPIÃÜÔ¿ºÍSSLÖ¤Êé¡£¸Ã¹«Ë¾ÉÐδй©ÕâЩÊý¾ÝÊÇÈôºÎй¶µÄ £¬Ò²Ã»ÓÐй©Æä·þÎñÆ÷ÊÇ·ñÔâµ½ÈëÇÖ»òÕßÊÇÊý¾Ý¿âÒⱩ¶³öÔÚ¹«ÍøÉÏ¡£¸Ã¹«Ë¾ÈÔÔÚµ÷²é´ËÊÂÎñ £¬²¢ÒÑÈ·±£Í¨ÖªËùÓÐÊÜÓ°ÏìµÄ¿Í»§¡£


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/08/imperva-waf-breach.html