³¯ºÚ¿ÍÀûÓÃαÔìµÄÉ罻ýÌåÕÊ»§½«°²È«×êÑÐÈËÔ±×÷Ϊָ±ê£»ÒÁÀÊTA453µÄÐÂÐж¯BadBloodÖ¼ÔÚÇÔȡҽѧ×êÑÐÕߵijɾÍ

°ä²¼¹¦·ò 2021-04-02

1.Ó¡¶ÈECU WorldwideϰȾMount Locker £¬2TBÊý¾Ýй¶


1.jpg


ECU WorldwideÊÇÎÞÓªÔË´¬µÄ¹«¹²³ÐÔËÈË(NVOCC) £¬ÖØÒª´Óʼ¯×°ÏäµÄÆ´ÏäÔËÊä(LCL) £¬ÊÇÓ¡¶È×î´óµÄÉÏÊй«Ë¾Ö®Ò»¡£¸Ã¹«Ë¾ÔÚ2ÔÂ16Èջ㱨ÆäÔâµ½ÁËÍøÂç¹¥»÷ £¬µ¼Ö²¿ÃÅÔÚÏ߯½Ì¨ºÍµç×ÓÓʼþϵÍÂäÙʱÖжÏ¡£ÀÕË÷Èí¼þÍÅ»ïMount LockerÓÚÉÏÖÜÈÕÔÚÆäÊý¾ÝÐ¹Â¶ÍøÕ¾·¢Ìû³ÆËûÃÇ´ÓECUÇÔÈ¡ÁË2TBµÄÊý¾Ý £¬µ«ÈÔδ¹«¿ªÓйØÕâЩÊý¾ÝµÄÈκÎÐÅÏ¢ £¬Òò¶øÉв»Ã÷ÏÔй¶Êý¾ÝµÄÀàÐÍ¡£


Ô­ÎÄÁ´½Ó£º

https://www.freightwaves.com/news/hackers-threaten-shipping-firm-ecu-worldwide-with-data-leak


2.Òâ´óÀûBoggi MilanoÔâµ½Ragnarok¹¥»÷ £¬40GBÊý¾Ý±»ÇÔ


2.jpg


Òâ´óÀûÄÐ×°Æ·ÅÆBoggi MilanoÔâµ½ºÚ¿Í×éÖ¯RagnarokµÄ¹¥»÷ £¬40GBÊý¾Ý±»ÇÔ¡£¹¥»÷²úÉúÔÚ±¾ÖÜÈý £¬¸Ã¹«Ë¾Ä¿Ç°ÔÚÓëÓйز¿ÃźÏ×÷¶Ô´ËÊ·¢Õ¹µ÷²é¡£RagnarokÍŻﰵʾËûÃÇÒÑÇÔȡԼ40 GBµÄÊý¾Ý £¬ÆäÖÐÔ̺¬ÖîÈçн×ÊÐÅÏ¢Ö®ÀàµÄÈËÁ¦×ÊÔ´Îļþ¡£ÄÚ²¿ÈËʿ֤ʵ £¬Õâ¿ÉÄÜÊÇÒ»´ÎÀÕË÷Èí¼þ¹¥»÷¡£FBI¹À¼Æ £¬´Ó2013Äêµ½2019ÄêÊܺ¦ÕßÒÑÏòºÚ¿ÍÖ§¸¶ÖÁÉÙ1.435ÒÚÃÀÔªµÄÊê½ð¡£


Ô­ÎÄÁ´½Ó£º

https://www.bloomberg.com/news/articles/2021-03-31/hackers-target-italian-menswear-boggi-milano-with-ransomware


3.Google°²È«¸üР£¬½¨¸´ChromeÖеÄɳÏäÌÓÒݵÈ8¸ö·ì϶


3.jpg


GoogleÓÚ±¾Öܰ䲼Á˰²È«¸üР£¬½¨¸´ÁËChromeÖÐÔ̺¬É³ÏäÌÓÒÝÔÚÄÚµÄ8¸ö·ì϶¡£Õâ´Î½¨¸´µÄ×îΪÑϳÁµÄ·ì϶ÊǽØÍ¼·¨Ê½ÖпªÊͺóʹÓ÷ì϶£¨CVE-2021-21194£© £¬¿Éµ¼ÖÂChromeɳÏäÌÓÒÝ £¬¹¥»÷Õß½«¸Ã·ì϶ÓëäÖȾÆ÷Öзì϶½áºÏʹÓÃÄܹ»ÔÚÖ¸±êÉ豸ÖÐÖ´ÐÐËÁÒâ´úÂë¡£´Ë±í £¬Õâ´Î¸üл¹½¨¸´ÁËV8ÖеĿªÊͺóʹÓ÷ì϶£¨CVE-2021-21195£©¡¢TabStripÖеĶѻº³åÇøÒç¶Âí½Å£¨CVE-2021-21196ºÍCVE-2021-21197£©ÒÔ¼°IPCÖеÄÔ½½ç¶ÁÈ¡£¨CVE-2021-21198£©µÈ·ì϶¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/116165/security/chrome-sandbox-escape.html


4.Group-IBÅû¶Õë¶ÔÓ¡Äá½ðÈÚ»ú¹¹µÄÚ¿Æ­»î¶¯ £¬Éæ¼°200Íò¿Í»§


4.jpg


Group-IBÅû¶Õë¶ÔÓ¡¶ÈÄáÎ÷ÑÇ´óÐͽðÈÚ»ú¹¹µÄÚ¿Æ­»î¶¯ £¬Éæ¼°³¬¹ý200Íò¿Í»§¡£¹¥»÷ÕßÔÚTwitterÉϼÙ×°³ÉÒøÐдú±í»ò¿Í»§¼¼ÊõÖ§³ÖÀ´½Ó´¥Êܺ¦Õß £¬×îÖÕÖ¸±êÊǵÁÈ¡ÆäÒøÐÐÖеÄ×ʽ𡣸ûÒѶÔÖÁÉÙÓÐÆß¼Ò×éÖ¯ÌáÒé¹¥»÷ £¬Õë¶Ô³¬¹ý200ÍòÓ¡ÄáÒøÐеĿͻ§¡£´Ë±í £¬´Ó1Ô³õµÄ600¸öαÔìTwitterÕ˺ŵ½3Ô·ݵÄ1600¸ö £¬¸Ã»î¶¯µÄÁìÓòÀ©´óÁË2.5±¶ £¬¾ùÔÈÿÌì³ÇÊд´½¨ÊýÊ®¸öÕÊ»§¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/116173/cyber-crime/5-star-customer-service-fraudsters-launch-massive-campaign-against-indonesias-major-banks-on-twitter.html


5.³¯ºÚ¿ÍÀûÓÃαÔìµÄÉ罻ýÌåÕÊ»§½«°²È«×êÑÐÈËÔ±×÷Ϊָ±ê


5.jpg


GoogleµÄÍþв·ÖÎöÓ××飨TAG£©·¢ÏÖ £¬³¯ÏʺڿÍÀûÓÃαÔìµÄÉ罻ýÌåÕÊ»§½«°²È«×êÑÐÈËÔ±×÷Ϊָ±ê¡£ºÚ¿Í´´½¨ÁËÃûΪSecuriElite¹«Ë¾µÄÍøÕ¾ £¬²¢Ðû³ÆÕâÊÇλÓÚÍÁ¶úÆäµÄÒ»¼Ò°²È«¹«Ë¾ £¬Ìá¹©ÉøÈë²âÊÔ¡¢Èí¼þ°²È«ÆÀ¹ÀºÍ·ì϶ÀûÓõȷþÎñ¡£¹¥»÷Õß»¹³ÉÁ¢ÁËÐéαµÄTwitterºÍLinkedInÕ˺Å £¬ÒÔÓëDZÔÚÖ¸±ê½øÐл¥¶¯¡£SecuriEliteÍøÕ¾Ò³Ãæµ×²¿Ò²ÓÐÖ¸Ïò¸Ã×éÖ¯PGP¹«Ô¿µÄÁ´½Ó £¬°²È«×êÑÐÔ±Ò»µ©µã»÷¸ÃÁ´½Ó¾Í»áϰȾ¶ñÒâÈí¼þ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/


6.ÒÁÀÊTA453µÄÐÂÐж¯BadBloodÖ¼ÔÚÇÔȡҽѧ×êÑÐÕߵijɾÍ


6.jpg


Proofpoint·¢ÏÖÒÁÀʵÄAPT×éÖ¯TA453£¨Ò²³ÆÎªCharming Kitten£©µÄÐÂÐж¯BadBloodÖ¼ÔÚÇÔȡҽѧ×êÑÐÕߵijɾÍ¡£¸Ã»î¶¯ÖØÒª²úÉúÓÚ2020ÄêϰëÄê £¬TA453ÀûÓÃÍøÂç´¹µö¹¥»÷ £¬×¨ÃÅÕë¶ÔÃÀ¹úºÍÒÔÉ«ÁдÓÊ»ùÒò¡¢¾«Éñ²¡Ñ§ºÍÖ×Áöѧ×êÑеĸ߼¶Ò½Ñ§×¨ÒµÈËÊ¿¡£ÔÚÈ¥Äê12ÔµÄÒ»´Î¹¥»÷ÖÐ £¬ºÚ¿Í¼Ù×°³ÉÒÔÉ«ÁгÛÃûµÄÎïÀíѧ¼Ò £¬·¢ËÍÒԺ˱øÆ÷ΪÖ÷ÌâµÄÓʼþÀ´ÇÔȡָ±êÓû§µÄMicrosoftÍ´´¦¡£


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/charming-kitten-pounces-on-researchers/165129/