FBIºÍNSA½áºÏÅû¶¶íÂÞ˹Õë¶ÔLinuxµÄ¶ñÒâÈí¼þDrovorub£»ºÚ¿ÍÀûÓÃWindowsºÍIE11ÖеÄ0day¹¥»÷º«¹ú¹«Ë¾

°ä²¼¹¦·ò 2020-08-14

1.FBIºÍNSA½áºÏÅû¶¶íÂÞ˹Õë¶ÔLinuxµÄ¶ñÒâÈí¼þDrovorub


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


FBIºÍNSA½áºÏ°ä²¼°²È«¾¯±¨ £¬Åû¶Á˶íÂÞ˹ºÚ¿ÍʹÓõĶñÒâÈí¼þDrovorub £¬ÆäÕë¶ÔLinuxϵͳֲÈëºóÃÅ·¨Ê½¡£Æ¾¾ÝFBIºÍNSAÍøÂçµÄÖ¤¾Ý £¬¸Ã¶ñÒâÈí¼þ¿ÉÄÜÊôÓÚ¶íÂÞ˹ºÚ¿Í×éÖ¯APT28£¨Fancy Bear £¬Sednit£©¡£NSA°µÊ¾ £¬DrovorubÊÇÒ»¸ö¶à×é¼þϵͳ £¬ÓµÓÐÖ²È벿ÃÅ¡¢ÄÚºËÄ £¿érootkit¡¢Îļþ´«Ê乤¾ß¡¢¶Ë¿Úת·¢Ä £¿éºÍºÅÁîÓë½ÚÔ죨C2£©·þÎñÆ÷ £¬²¢ÇÒÓÐ׳´óµÄÖ°ÄÜ £¬Ê¹¹¥»÷Õß¿ÉÄÜÖ´Ðкܶà·ÖÆçµÄ¶ñÒâ²Ù×÷ £¬ÀýÈçÇÔÈ¡ÎļþºÍÔ¶³Ì½ÚÔìÊܺ¦ÕßµÄÍÆËã»ú¡£Ä¿Ç°¸Ã¶ñÒâÈí¼þµÄÖ÷ÕÅÉÐδ¿ÉÖª £¬»ò½«½øÐÐóÒ×¼äµý»î¶¯ÉõÖÁÊǹýÎÊÃÀ¹ú´óÑ¡¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/fbi-and-nsa-expose-new-linux-malware-drovorub-used-by-russian-state-hackers/


2.CISAÖÒ¸æÒÔCOVID-19´û¿î¼õÃâΪÖ÷ÌâµÄÍøÂç´¹µö»î¶¯


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÍøÂ簲ȫºÍ»ù´¡½á¹¹°²È«¾Ö£¨CISA£©°ä²¼¾¯±¨ £¬ÓкڿÍÒÔCOVID-19´û¿î¼õÃâΪÖ÷ÌâÌáÒéÍøÂç´¹µö¹¥»÷ £¬ÒÔ½øÐжñÒâ³Á¶¨ÏòºÍÍ´´¦ÇÔÈ¡¡£CISA·ÖÎöʦ·¢ÏÖÒ»¸öδ֪ºÚ¿ÍÏò¸÷¸öÁª¹úÃñÕþÖ´Ðв¿ÃÅÒÔ¼°ÖÝ¡¢´¦Ëù¡¢²¿ÂäºÍµØÓòµ±¾ÖµÄÊÕ¼þÈË·¢ËÍÁËÍøÂç´¹µöµç×ÓÓʼþ £¬¸ÃÓʼþÖ÷ÌâΪSBAÉêÇë¨CÉóºË²¢³ÖÐø £¬Ô̺¬ÓÐÒ»¸öÖ¸ÏòÐéαSBA¹ÙÍøµÄ¶ñÒâÁ´½Ó¡£Ò»µ©Óû§µã»÷¸ÃÁ´½Ó £¬¾Í»á±»³Á¶¨Ïòµ½Î±Ôì³ÉSBA¹ÙÍøµÄ´¹µöÍøÒ³ £¬²¢±»ÇÔÈ¡µÇ¼ƾ֤¡£


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/alerts/aa20-225a


3.ÃÀ¹úFINRAÖÒ¸æ £¬ÓкڿͼÙÒâÆä¹ÙÍøÌáÒé´¹µö¹¥»÷


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÃÀ¹ú½ðÈÚÒµ¼à¹Ü¾Ö£¨FINRA£©ÖÒ¸æ £¬ÓкڿͼÙÒâÆä¹ÙÍøÌáÒé´¹µö¹¥»÷¡£ÔÚºÚ¿ÍαÔìµÄÍøÕ¾ÖÐ £¬ÆäURLΪfinnra[.]org £¨ÕæÕýµÄ¹ÙÍøÎªfinra.org£© £¬»¹Ô̺¬¿ÉÓÃÓÚÍøÂçÃô¸ÐÐÅÏ¢µÄ×¢²á±í £¬ÕâЩÄÚÈݶ¼¿ÉÓÃÓÚÕë¶ÔFINRA³ÉÔ±µÄÍøÂç´¹µö¹¥»÷¡£´Ë±í £¬BleepingComputer·¢ÏÖ¸ÃÐéÎ±ÍøÕ¾Óëx32team.website½âÎöµ½ÁËͳһ¸öIPµØÖ· £¬¶øºóÕßÊôÓÚÒ»¸öÔÚ2018Äê»îÔ¾µÄºÚ¿Í×éÖ¯ £¬Ä¿Ç°ÉÐÎÞ·¨ÕÒµ½Óë¸Ã×éÖ¯ÓÐ¹ØµÄÆäËûÐÅÏ¢¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/us-stock-broker-regulator-finra-warns-of-copycat-phishing-site/


4.ºÚ¿ÍÀûÓÃWindowsºÍIE11ÖеÄ0day¹¥»÷Ò»¼Òº«¹ú¹«Ë¾


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


¿¨°Í˹»ùµÄ×êÑÐÈËÔ±·¢ÏÖ £¬ºÚ¿ÍÀûÓÃWindowsºÍIE11ÖеÄ0day¹¥»÷ÁËÒ»¼Òº«¹ú¹«Ë¾¡£¸Ã¹¥»÷±»³ÆÎªOperation PowerFall £¬ÆäÀûÓÃÁËInternet Explorer 11ÖеÄÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2020-1380£©ºÍWindows GDI Print / Print Spooler APIÖеÄÒ»¸öÌáȨ·ì϶£¨CVE-2020-0986£©¡£ºÚ¿ÍÔÚÔÚÔ¶³Ì½Ó¼ûÖ¸±êÍÆËã»úÖ®ºó £¬Ê¹ÓÃÁËÒ»¸öÄ £¿é´´½¨ÁËÃûΪok.exeµÄÎļþ £¬²¢ÀûÓÃCVE-2020-0986ÒÔ¸ü¸ßµÄȨÏÞÔËÐиÃÎļþÖеĶñÒâ´úÂë¡ £¿¨°Í˹»ù·ÖÎö·¢ÏÖ £¬ ÕâЩ·ì϶ÀûÓ÷¨Ê½Óë´ÓǰµÄÓÐһЩÀàËÆÖ®´¦ £¬²¢ÒÔΪºÚ¿Í×éÖ¯DarkHotel»òÒ²²Î¼ÓÆäÖС£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/windows-ie11-zero-day-vulnerabilities-chained-in-targeted-attack/


5.ºÚ¿ÍÔÚ°µÍøÏúÊÛÓ¡¶È³¬¹ý2.1ÍòÃûѧÉúµÄÓ×ÎÒÐÅÏ¢


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


ÍøÂ簲ȫ¹«Ë¾ Cyble·¢ÏÖ £¬ºÚ¿ÍÔÚ°µÍøÏúÊÛÓ¡¶È³¬¹ý2.1ÍòÃûѧÉúµÄÓ×ÎÒÐÅÏ¢¡£Õâ´ÎÊÂÎñй¶µÄÐÅÏ¢Ô̺¬Ñ§ÉúµÄAadhar¿¨¡¢Ñ§ÉúÖ¤¡¢ÕÕÆ¬¡¢ÆëÈ«ÊðÃû¡¢ÐÕÃû¡¢µç»°¡¢µç×ÓÓʼþ¡¢ÉúÈÕ¡¢ÐÔ±ð¡¢ÆëÈ«µØÖ·¡¢´óѧ¡¢¿Î³Ì¡¢±ÏÒµÈÕÆÚ¡¢°éµÄÃû×ֺͰéµĺÅÂëµÈÐÅÏ¢¡£×êÑÐÈËÔ±°µÊ¾ £¬Õâ´Îй¶¿ÉÄÜÔ´ÓÚÒ»¼Ò½ðÈÚ¼¼Êõ¹«Ë¾¡£ÓÉÓÚ°²È«´ëÊ©²»¼° £¬Ó¡¶ÈµÄ¸ß¿Æ¼¼¹«Ë¾Ò»Ïò±¸Êܺڿ͵ĹØ×¢ £¬¸ÃÊÂÎñÖкڿͿÉÄÜÀûÓÃÁ˽ðÈÚ¼¼Êõ¹«Ë¾ÓÃÓÚ´æ´¢Óû§Êý¾ÝµÄÔÆÏµÍ³Öеķì϶ÌáÒéÁ˹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://ciso.economictimes.indiatimes.com/news/data-of-21k-indian-students-on-sale-on-dark-web/77455110


6.Sonatype·¢ÏÖÕë¶Ô¿ªÔ´Èí¼þ¹©¸øÁ´µÄ¹¥»÷¼¤Ôö430£¥


28Ȧ-28Ȧ¹Ù·½ÍøÕ¾-ÏàÐÅÆ·ÅƵÄÁ¦Á¿


Sonatype°ä²¼»ã±¨ £¬·¢ÏÖÕë¶Ô¿ªÔ´Èí¼þ¹©¸øÁ´µÄ¹¥»÷¼¤Ôö430£¥¡£Æ¾¾Ý¸Ã»ã±¨ £¬´Ó2019Äê7Ôµ½2020Äê5Ô £¬¹²²úÉúÁË929´ÎÈí¼þ¹©¸øÁ´¹¥»÷ £¬Ïà±È֮Ϡ£¬ÔÚ2015Äê2ÔÂÖÁ2019Äê6ÔµÄËÄÄêÖÐ £¬Ö»²úÉúÁË216Æð´ËÀ๥»÷ÊÂÎñ¡£´Ë±í £¬¸Ã»ã±¨»¹Ö¸³ö £¬ÆóÒµÈí¼þ¿ª·¢ÍŶӶԿªÔ´Èí¼þ×é¼þ·ì϶µÄÏìÓ¦¹¦·ò²»¾¡Ò»Ñù £¬47%µÄ×éÖ¯ÔÚÒ»ÖܺóÒâʶµ½ÁËеĿªÔ´·ì϶ £¬51%µÄ×éÖ¯»¨ÁËÒ»¸ö¶àÐÇÆÚµÄ¹¦·òÀ´½¨¸´¿ªÔ´·ì϶¡£


Ô­ÎÄÁ´½Ó£º

https://www.helpnetsecurity.com/2020/08/13/surge-in-cyber-attacks-targeting-open-source-software-projects/