×êÑÐÍŶÓÅû¶ÒÑ´æÔÚ¶àÄêµÄLinuxºóÃÅRotaJakiro £»Î¢ÈíÅû¶IoTºÍOTÉ豸ÖеÄ25¸öRCE·ì϶BadAlloc

°ä²¼¹¦·ò 2021-04-30

1.×êÑÐÍŶÓÅû¶ÒÑ´æÔÚ¶àÄêµÄLinuxºóÃÅRotaJakiro


1.jpg


×êÑÐÍŶÓÅû¶×Ô2018ÄêÒÔÀ´¾Í´æÔÚµÄLinuxºóÃÅRotaJakiro £¬Ö¼ÔÚ´ÓÊÜϰȾµÄÉ豸ÖÐÇÔÈ¡Ãô¸ÐÐÅÏ¢¡£RotaJakiroÖ®ËùÒÔµÃÃû £¬ÊÇÓÉÓÚËüʹÓÃÁËÂÖ»»¼ÓÃÜ £¬²¢ÇÒÔÚrootÕÊ»§ºÍ·ÇrootÕÊ»§ÖÐÖ´ÐÐʱÓÐËù·ÖÆç¡£´Ë±í £¬ÆäʹÓÃÁ˶àÖÖ¼ÓÃÜËã·¨ £¬Ô̺¬ÓÃÓÚ¶ÔÑù±¾ÖеÄ×ÊÔ´ÐÅÏ¢½øÐмÓÃܵÄAESËã·¨ £¬ÒÔ¼°ÓÃÓÚC2ͨѶµÄAES¡¢XOR¡¢ROTATE¼ÓÃܺÍZLIBѹËõ £¬Ö¼ÔÚ¾¡¿ÉÄÜÒñ±ÎµØÔËÐС£ÓµÓÐÇÔÈ¡Éè±¸Ö¸ÎÆ¡¢ÎļþºÍ²å¼þÖÎÀí£¨²éÎÊ¡¢ÏÂÔØºÍɾ³ý£©ºÍÖ´ÐÐÌØ¶¨²å¼þµÄÖ°ÄÜ¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/117332/breaking-news/rotajakiro-linux-backdoor.html


2.Naikon APTÔÚÕë¶Ô¶«ÄÏÑǾüÊÂ×éÖ¯µÄ¹¥»÷ÖÐʹÓÃкóÃÅNebulae


2.jpg


Bitdefender·¢ÏÖ £¬APT×éÖ¯NaikonÔÚÕë¶Ô¶«ÄÏÑǾüÊÂ×éÖ¯µÄ¹¥»÷»î¶¯ÖÐʹÓÃÁËкóÃÅNebulae¡£¸Ã×éÖ¯×Ô2010ÄêÒÔÀ´ÆðÍ·»îÔ¾ £¬ÖØÒªÕë¶Ô·ÆÂɱö¡¢ÂíÀ´Î÷ÑÇ¡¢Ó¡¶ÈÄáÎ÷ÑÇ¡¢ÐÂ¼ÓÆÂºÍÌ©¹úÈ·µ±¾ÖºÍ¾üÊÂ×éÖ¯¡£ÔÚ½üÆÚµÄ»î¶¯ÖУ¨2019Äê6ÔÂÖÁ2021Äê3Ô£© £¬NaikonÀûÓÃÁ˺Ϸ¨Èí¼þ¼ÓÔØNebulaeÀ´ÊµÏÖÓÆ¾ÃÐÔ £¬¸ÃºóÃÅÄܹ»ÍøÂçϵͳÐÅÏ¢¡¢°Ñ³ÖÎļþºÍÎļþ¼Ó×¢´ÓC2ÏÂÔØÎļþÒÔ¼°Ö´ÐÓ×¢Áгö»òÖÕÖ¹ÊÜϰȾÉ豸ÉϵĹý³Ì¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/117321/apt/naikon-apt-nebulae-backdoor.html


3.΢ÈíÅû¶IoTºÍOTÉ豸ÖеÄ25¸öRCE·ì϶BadAlloc


3.jpg


΢Èí°²È«×êÑÐÈËÔ±ÔÚÎïÁªÍø£¨IoT£©É豸ºÍÔËÓª¼¼Êõ£¨OT£©¹¤ÒµÏµÍ³Öз¢ÏÖÁË25¸öÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©·ì϶ £¬±»Í³³ÆÎªBadAlloc¡£ÕâЩ·ì϶ÊÇÓÉÓÚÕûÊýÒç³ö»ò»·±§µ¼ÖµÄ £¬ÓÉÓÚÄÚ´æ·ÖÅäÖ°ÄÜÖÐûÓнøÐÐÊäÈëÑéÖ¤ £¬¹¥»÷ÕßÄܹ»ÀûÓøÃÖ°ÄÜÀ´½øÐжÑÒç³ö £¬´Ó¶øÔÚÖ¸±êÉ豸ÉÏÖ´ÐжñÒâ´úÂë¡£ÕâЩ·ìÏ¶ÖØÒªÓ°ÏìÁËÏû·ÑÕß¡¢Ò½Áƺ͹¤ÒµµÄÍøÂç £¬CISA½¨Òé×éÖ¯ÀûÓÿÉÓõĹ©¸øÉ̸üС¢¾¡Á¿Ï÷¼õÏµÍ³ÍøÂçµÄ¶³ö¡¢½«½ÚÔìϵͳµÄÍøÂçºÍÔ¶³ÌÉ豸ÖÃÓÚ·À»ðǽ֮ºó²¢ÓëÒµÎñÍøÂç¸ôÀëÒÔ¼°Ê¹ÓÃVPN½øÐÐÔ¶³Ì½Ó¼û¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsoft-finds-critical-code-execution-bugs-in-iot-ot-devices/


4.ºÚ¿ÍÂÛ̳OGUsersÔâµ½µÚËĴι¥»÷ £¬ÆäÊý¾Ý¿â±»ÏúÊÛ


4.jpg


°²È«¹«Ë¾KELA³ÆOGUsersÒÑÈ·ÈÏÆäÔâµ½¹¥»÷ £¬ÕâÊÇÆäÁ½ÄêÄÚÔâµ½µÄµÚËÄ´ÎÈëÇÖ¡£OGUsersÊÇÒ»¸öºÚ¿ÍÂÛ̳ £¬ÖØÒªÏúÊÛͨ¹ýSIM»¥»»¹¥»÷¡¢Í´´¦Ìî³ä¹¥»÷µÈ·½Ê½µÃµ½µÄÉ罻ýÌåÕÊ»§¡£¾ÝϤ £¬¹¥»÷²úÉúÔÚ2021Äê4ÔÂ11ÈÕ £¬ºÚ¿Í½«Web ShellÉÏ´«µ½ÁËOGUsersµÄ·þÎñÆ÷ £¬²¢ÔÚ°µÍøÒÔ3000ÃÀÔªµÄ¼ÛÖµÏúÊÛÆäÊý¾Ý¿â £¬ÆäÖÐÔ̺¬Ô¼350000¸ö»áÔ±µÄÓû§¼Í¼ºÍ¸öÈËÐÂÎÅ¡£ÔçÔÚÔÚ2019Äê5Ô¡¢2020Äê4ÔºÍ2020Äê11Ô £¬OGUsersÔâµ½ÁË3´Î¹¥»÷¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/fourth-times-a-charm-ogusers-hacking-forum-hacked-again/


5.Google°²È«¸üР£¬½¨¸´Chrome V8ÖеĴúÂëÖ´Ðзì϶


5.jpg


Google°ä²¼°²È«¸üР£¬½¨¸´ÁËChrome V8ÖеĴúÂëÖ´Ðзì϶¡£¸Ã·ì϶±»×·×ÙΪ £¬Î»ÓÚä¯ÀÀÆ÷ʹÓõÄV8 JavaScriptÒýÇæÖÐ £¬ÊÇÓÉÓÚÊý¾ÝÑéÖ¤²»¼°µ¼ÖµÄ¡£½«ÆäÓëɳºÐÌÓÒÝ·ì϶½áºÏʹÓÃÄܹ»ÔÚ²Ù×÷ϵͳÉÏÖ´ÐжñÒâ´úÂë £¬ÓëÒѱ»½¨¸´µÄCVE-2020-16040ºÍCVE-2020-15965·ì϶ÓйØ¡£´Ë±í £¬Õâ´Î¸üл¹½¨¸´ÁËANGLE×é¼þÖеĶѻº³åÇøÒç¶Âí½Å£¨CVE-2021-21233£©ºÍV8×é¼þÖеÄÀàÐÍ»ìºÏ·ì϶£¨CVE-2021-21230£©µÈÆäËü8¸ö·ì϶¡£


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/google-chrome-v8-bug-remote-code-execution/165662/


6.Ó¢¹úÌúÂ·ÍøÕ¾MerseyrailϰȾLockbit £¬¿Í»§ÐÅϢй¶


6.jpg


Merseyrail³ÆÆäÔâµ½LockbitÀÕË÷Èí¼þ¹¥»÷ £¬Óʼþϵͳ±»·ÛËé¡£MerseyrailÊÇÓ¢¹úµÄÌúÂ·ÍøÕ¾ £¬ÎªÓ¢¸ñÀ¼ÀûÎïÆÖÊеØÓòµÄ68¸ö³µÕ¾Ìṩ»ð³µ·þÎñ¡£¹¥»÷ÕßÓÚ4ÔÂ18ÈÕ°ä²¼Óʼþ £¬·î¸æ¸Ã¹«Ë¾ÓйØÕâ´ÎµÄ¹¥»÷ÊÂÎñ £¬²¢Ðû³ÆÆäÒÑÇÔÈ¡ÁËÔ±¹¤ºÍ¿Í»§µÄÐÅÏ¢¡£Í¬Ê± £¬¸ÃÓʼþÒ²±»·¢Ë͸øÁËÓ¢¹úµÄ¼¸¼Ò±¨ÉçºÍMerseyrailµÄÔ±¹¤ £¬ÒÔÏò¹«Ë¾Ê©¼ÓѹÁ¦ £¬ÆÈʹÆäÖ§¸¶Êê½ð¡£MerseyrailÒÑÉϱ¨¸øÓ¢¹úµ±¾Ö £¬²¢ÔÚ·¨Âɲ¿ÃŵÄЭÖú϶ԸÃÊÂÎñ·¢Õ¹µ÷²é¡£


Ô­ÎÄÁ´½Ó£º

https://news-block.com/uks-merseyrail-rail-network-likely-to-be-hit-by-lockbit-ransomware/