×êÑÐÍŶӳÆ1.28ÒÚiOSÓû§ÒÑϰȾ¶ñÒâÈí¼þXcodeGhost£»TorÍøÂçÐÂÔöÊýǧ¸ö¶ñÒâ½Ó¿Ú £¬¼àÌý¼ÓÃÜÇ®±ÒÓйصÄÁ÷Á¿

°ä²¼¹¦·ò 2021-05-11

1.×êÑÐÍŶӳÆ1.28ÒÚiOSÓû§ÒÑϰȾ¶ñÒâÈí¼þXcodeGhost


1.jpg


×êÑÐÍŶӳÆ £¬ÔÚ×î½üµÄ¶ñÒâÈí¼þ¹¥»÷ÖÐ £¬³¬¹ý1.28ÒÚiOSÓû§³ÉΪ¹¥»÷Ö¸±ê¡£¹¥»÷ÕßÔÚÕâ´Î»î¶¯ÖÐʹÓÃÁËXcodeGhost £¬¸Ã¶ñÒâÈí¼þÓÚ2015Äê³õ´Î³öÏÖ¡£AppleÖÒ¸æ³Æ £¬Ô¼Äª2500¸öÀûÓÃϰȾÁ˶ñÒâXcode´úÂë¡£¾Ý±¨Â· £¬ÆäÖÐÔ¼55%µÄÓû§ÊÇÖйúÈË £¬¶ø66%µÄÏÂÔØÁ¿ÓëÖйúÓйØ¡£³ö¸ñÊÇ £¬Ò»Ð©¹ãÊÜÓ­½ÓµÄÀûÓÃÒ²ÒÑϰȾÁ˸öñÒâÈí¼þ £¬Ô̺¬ÓÎÏ·¡°ÄÕÅ­µÄÓ×Äñ2¡±¡£


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2021/05/xcodeghost-malware-infected-around-128m.html


2.TorÍøÂçÐÂÔöÊýǧ¸ö¶ñÒâ½Ó¿Ú £¬¼àÌý¼ÓÃÜÇ®±ÒÓйصÄÁ÷Á¿


2.jpg


The Record³Æ £¬×Ô2020ÄêÒÔÀ´TorÍøÂçÐÂÔöÊýǧ¸ö¶ñÒâ½Ó¿Ú £¬¼àÌý¼ÓÃÜÇ®±ÒÓйØÍøÕ¾µÄÁ÷Á¿¡£ÔÚÕë¶ÔTorÍøÂçµÄ¹¥»÷ÖÐ £¬¹¥»÷Õß¿ÉÀûÓÃÆä½ÚÔìµÄÇ®°ü´úÌæºÏ·¨Ç®°üµÄµØÖ·À´½Ù³ÖÂòÂô¡£´Ë±í £¬Nusenu·¢ÏÖºÚ¿ÍÒѾ­Á½´ÎÍ»ÆÆÁËÆä×Ô2020Äê5ÔÂÒÔÀ´µÄ¼Í¼(¶ñÒâ½Ó¿Ú±ÈÀýΪ23%):2020Äê10ÔÂ30ÈÕ £¬ºÚ¿ÍÍÅ»ï°Ñ³ÖÁ˳¬¹ý26%µÄtorÍøÂç½Ó¿Ú £¬µ½2021Äê02ÔÂ02ÈÕ £¬ÆäÒѾ­ÖÎÀíÁ˳¬¹ý27%µÄ½Ó¿Ú¡£Ä¿Ç° £¬¶ñÒâ½Ó¿Ú¾ùÒÑ´ÓTorÍøÂçÖÐÒÆ³ý¡£


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/117749/deep-web/tor-exit-nodes-ssl-stripping.html


3.ÃÀ¹úËþ¶ûÈøÊÐÍøÂçϰȾÀÕË÷Èí¼þ £¬ÊÐÕþϵͳȫÊý¹Ø¹Ø


3.jpg


ÉÏÖÜÄ© £¬ÃÀ¹úËþ¶ûÈøÊеÄÍøÂçϰȾÀÕË÷Èí¼þ £¬ÊÐÕþϵͳȫÊý¹Ø¹Ø¡£Ëþ¶ûÈø£¨Tulsa£©ÊÇÃÀ¹ú¶í¿ËÀ­ºÉÂíÖݵĵڶþ´ó³ÇÊÐ £¬È˶¡Ô¼40ÍòÈË¡£¸ÃÊÐÊг¤³ÆÆäÔÚ·þÎñÆ÷ÉÏ·¢ÏÖÁ˶ñÒâÈí¼þ £¬²¢ÂíÉϹعØÁËËùÓÐϵͳ¡£Æä911·þÎñ»ò´¹Î£ÏìÓ¦²¢Î´Êܵ½Ó°Ïì £¬µ«ÊÇÔÚÏßÕ˵¥Ö§¸¶ÏµÍ³¡¢¹«¹²ÊÂÎñ·þÎñ¡¢Ëþ¶ûÈøÊÐÒé»á¡¢¾¯Ô±¾ÖºÍËþ¶ûÈøµÈ311¸öÍøÕ¾ÈÔÔÚÊØ»¤ÖС£¸ÃÊгÆÕâ´Î¹¥»÷²¢Î´Ð¹Â¶¹«ÃñµÄÐÅÏ¢ £¬µ«²¿ÃÅÎļþÒѾ­±»ÇÔ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/city-of-tulsas-online-services-disrupted-in-ransomware-incident/


4.°Ä´óÀûÑǹúÁ¢´óѧÔâµ½¹¥»÷ £¬Ô±¹¤ºÍѧÉúµÄÐÅϢй¶


4.jpg


°Ä´óÀûÑǹúÁ¢´óѧ(ANU)½üÆÚ·¢ÏÔìäÔøÔâµ½¹¥»÷ £¬Ô±¹¤ºÍѧÉúµÄÐÅϢй¶¡£ANUÓÚÁ½ÖÜǰ·¢ÏÔìäÔÚ2018Äêµ×Ôâµ½ÁËÍøÂç¹¥»÷ £¬±»µÁÊý¾Ý¿É×·Òäµ½19ÄêÒÔǰ £¬Éæ¼°Ô±¹¤¡¢Ñ§ÉúºÍ·Ã¿Í £¬Ä¿Ç°Éв»Ã÷ÏÔºÚ¿ÍÔÚANUµÄϵͳÖаµ²ØÁ˶೤¹¦·ò¡£Õâ´Îй¶µÄÐÅÏ¢Ô̺¬ÐÕÃû¡¢µØÖ·¡¢µ®ÉúÈÕÆÚ¡¢µç»°ºÅÂë¡¢ÓʼþµØÖ·¡¢´¹Î£ÁªÏµ·½Ê½¡¢Ë°ÎñÎļþ±àºÅ¡¢¹¤×ʵ¥ÐÅÏ¢¡¢ÒøÐÐÕÊ»§¾ßÌåÐÅÏ¢¡¢»¤ÕÕ¾ßÌåÐÅÏ¢ºÍѧÊõ¼Í¼µÈ¡£


Ô­ÎÄÁ´½Ó£º

https://www.databreaches.net/au-19-years-of-personal-data-was-stolen-from-anu-it-could-show-up-on-the-dark-web/


5.×êÑÐÈËÔ±ÑÝʾ¿ÉÈÆ¹ýSpectre·À»¤´ëÊ©µÄй¥»÷·½Ê½


5.jpg


×êÑÐÈËÔ±ÑÝʾÁËÒ»ÖÖÐµĹ¥»÷·½Ê½ £¬¿ÉÈÆ¹ýоƬÖÐÄÚÖõÄËùÓÐSpectre·À»¤´ëÊ©¡£SpectreÓÚ2018Äê1Ô¹«¿ª £¬ËüµÄÖ÷ÌâÊǰ´Ê±²àÐÅ·¹¥»÷ £¬ÀûÓÃÁËCPUÓ²¼þʵÏÖÖеĴ§Ä¦Ö´ÐÐÓÅ»¯²½Öè £¬ÓÕʹ·¨Ê½½Ó¼ûÄÚ´æÖеÄËÁÒâµØÎ»´Ó¶øÐ¹Â©ÐÅÏ¢¡£ÕâÖÖÐµĹ¥»÷·½Ê½Ê¹ÓÃÁË΢²Ù×÷£¨micro-ops£©»º´æ £¬ÕâÊÇÄܹ»½«»úеָÁî·Ö»¯Îª¸üµ¥Ò»µÄºÅÁîµÄ×é¼þ £¬¿É×÷Ϊй¶»úÃÜÐÅÏ¢µÄ¸¨ÖúÇþ· £¬×Ô2011ÄêÒÔÀ´±ãÒѱ»ÄÚÖõ½»ùÓÚIntelµÄÍÆËã»úÖС£


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2021/05/new-spectre-flaws-in-intel-and-amd-cpus.html


6.Alien Labs·¢ÏÖQBotÀûÓÃÏÖÓкϷ¨ÓʼþµÄ¹¥»÷»î¶¯


6.jpg


Alien LabsµÄ×êÑÐÈËÔ±·¢ÏÖÁËÐÂÒ»ÂÖµÄQBot¹¥»÷»î¶¯¡£QBot×Ô2007ÄêÆðÍ·»îÔ¾ £¬×î³õÖ»ÊÇ´¦ÓÚ²ÆÕþÖ÷ÕŵÄÒøÐÐľÂí¡£ÔÚÕâ´Î¹¥»÷ÖÐ £¬¹¥»÷ÕßÀûÓÃÁËÖ¸±êÖ®¼äºÏ·¨µÄóÒ×ͨѶ £¬²¢¶ÔÆä½øÐÐÁËÅú¸Ä £¬Ê¹µÃµö¶üÓʼþ¿´ÉÏÈ¥¸üÓÐ˵·þÁ¦¡£´Ë±í £¬ÎªÁËÔö³¤¼ì²âºÍ·ÖÎöµÄÄѶÈ £¬QBot»á¶ÔÆä×Ö·û´®½øÐмÓÃܲ¢ÔÚÔËÐÐʱ¶ÔÆä½øÐнâÃÜ £¬Ò»µ©QBotµÄÖ´ÐÐÂß¼­Ê¹ÓÃÍê×Ö·û´® £¬Ëü½«µ±¼´´ÓÄÚ´æÖÐɾ³ý¸Ã×Ö·û´®¡£


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2021/05/qakbot-malware-is-targeting-users-via.html