×êÑÐÈËÔ±ÑÝÊ¾ÈÆ¹ýCPUÖзì϶SpectreÓ²¼þ·ÀÓùµÄв½Öè

°ä²¼¹¦·ò 2022-03-14

×êÑÐÈËÔ±ÑÝÊ¾ÈÆ¹ýCPUÖзì϶SpectreÓ²¼þ·ÀÓùµÄв½Öè


¾ÝýÌå3ÔÂ8ÈÕ±¨Â· £¬VUSec×êÑÐÈËÔ±ÑÝʾÁËÈÆ¹ýCPUÖзì϶SpectreÓ²¼þ·ÀÓù´ëÊ©µÄв½ÖèBHI£¨»òSpectre-BHB£©  ¡£µÍȨÏ޵Ĺ¥»÷ÕßÀûÓø÷ì϶ £¬Äܹ»ÏòÖ¸±êµÄº¹Çà¼ÇͶ¶¾ £¬²¢ºýŪÄÚºËÌø×ªµ½×¢Èë´úÂëµÄµØÎ» £¬²¢ÔÚÄÇÀïÖ´ÐÐÕÒµ½µÄ´úÂë  ¡£×êÑÐÈËÔ±»¹°ä²¼ÁËÒ»¸öPoC £¬ÑÝʾÈôºÎÇÔȡָ±êϵͳµÄrootÃÜÂë  ¡£3ÔÂ9ÈÕ £¬3¸öCPUÔì×÷ÉÌÓ¢ÌØ¶û¡¢AMDºÍArm¾ù°ä²¼Á˹ØÓڸ÷ì϶µÄ°²È«¹«¸æ £¬²¢¸½Óлº½â´ëÊ©ºÍ°²È«½¨Òé  ¡£


https://www.csoonline.com/article/3652525/new-attack-bypasses-hardware-defenses-for-spectre-flaw-in-intel-and-arm-cpus.html


¶íÂÞ˹¶à¸ö¹Ù·½ÍøÕ¾Ôâµ½¹©¸øÁ´¹¥»÷µ¼Ö½ӼûÖжÏ


¾Ý3ÔÂ9ÈÕ±¨Â·³Æ £¬¶íÂÞ˹¶à¸öµ±¾Ö»ú¹¹µÄÍøÕ¾ÒòÔâµ½¹©¸øÁ´¹¥»÷½Ó¼ûÖÐ¶Ï  ¡£¸Ã¹úµ±¾Ö°µÊ¾ £¬¹¥»÷²úÉúÔÚ±¾Öܶþ£¨3ÔÂ8ÈÕ£© £¬ÊÜÓ°ÏìµÄ»ú¹¹Ô̺¬ÄÜÔ´²¿¡¢¹ú¶Èͳ¼Æ¾Ö¡¢¹ú¶È¼àÓü¾Ö¡¢¹ú¶È·¨¾¯¾Ö¡¢¹ú¶È·´Â¢¶Ï¾ÖºÍÎÄ»¯²¿µÈ  ¡£¾ÝϤ £¬¹¥»÷ÕßÊ×ÏÈÈëÇÖÁËÓÃÓÚ¸ú×Ù¶à¸öµ±¾Ö»ú¹¹ÍøÕ¾½Ó¼ûÕßÊýÁ¿µÄͳ¼Æ×é¼þ £¬½ø¶øÈëÇÖÕâÐ©ÍøÕ¾  ¡£¶íÂÞ˹Êý×Ö·¢Õ¹²¿Ðû³Æ £¬ÕâÐ©ÍøÕ¾ÔÚÔâµ½¹¥»÷ºóµÄÒ»Ó×ʱÄÚÒѱ»¸´Ô­  ¡£


https://securityaffairs.co/wordpress/128853/breaking-news/russian-government-sites-supply-chain-attack.html


Lumen³ÆEmotetµÄÐÂÒ»ÂֻÒÑϰȾ³¬¹ý10Íǫ̀É豸


LumenÔÚ3ÔÂ8ÈÕ°ä²¼»ã±¨³Æ½©Ê¬ÍøÂçEmotetÔÚ10¸öÔµĶÌÔÝͣϢºó £¬ÕýÇ¿ÊÆ¹éÀ´  ¡£×Ô2021Äê11ÔÂÒÔÀ´ £¬¸Ã»î¶¯ÒÑʹÓÃTrickBotϰȾÁËÔ¼130000¸öÉ豸 £¬±é²¼179¸ö¹ú¶ÈºÍµØÓò £¬µ«ÉÐδ´ïµ½ÒÔǰµÄ¹æÄ££¨³¬¹ý160Íǫ̀É豸£©  ¡£EmotetµÄбäÌåѡȡÁËÍÖÔ²ÇúÏß¼ÓÃÜ(ECC)°ü°ìÔ­À´µÄRSA¼ÓÃܹ滮 £¬ÇÒÐÂÔöÁË´ÓÖ¸±êÖÐÍøÂçÔËǰ¹ý³ÌÁбíÖ®±íµÄϵͳÐÅÏ¢µÄÖ°ÄÜ  ¡£¾ÝϤ £¬EmotetÔ̺¬½ü200̨C2·þÎñÆ÷ £¬ÆäÖдó²¿ÃÅÓòλÓÚÃÀ¹ú¡¢µÂ¹úºÍ·¨¹úµÈµØ £¬ÖØÒªÕë¶ÔÑÇÖÞµÄÖ¸±ê  ¡£


https://thehackernews.com/2022/03/emotet-botnets-latest-resurgence.html


Abnormal·¢ÏÖ½üÆÚ·Ö·¢BazarBackdoorµÄ´¹µö»î¶¯


3ÔÂ9ÈÕ £¬Abnormal Security°ä²¼Á˹ØÓÚ´«²¼BazarBackdoorµÄ´¹µö»î¶¯µÄ»ã±¨  ¡£BazarBackdoorÊÇTrickBot¿ª·¢µÄºóÃÅ £¬Ä¿Ç°ÕýÓÉConti²Ù¿Ø  ¡ £»î¶¯ÆðÍ·ÓÚ2021Äê12Ô £¬Ö¼ÔÚ×°ÖÃCobalt Strike»òÀÕË÷Èí¼þ  ¡£¹¥»÷ÕßʹÓÃÁ˹«Ë¾ÁªÏµ±í¸ñ £¬¶ø¼«¶È¼ûµÄ´¹µöÓʼþ  ¡£ÔÚÒ»´Î¹¥»÷ÖÐ £¬¹¥»÷Õß¼Ù×°³ÉÒ»¼Ò¼ÓÄôó¹¹Öþ¹«Ë¾µÄÔ±¹¤²¢Ìá½»²úÆ·¹©¸ø±¨¼ÛÒªÇó £¬Ö¸±êÔڻظ´ºó¾Í»áÊÕµ½¼Ù×°³ÉЭÉÌÎļþµÄ¶ñÒâISOÎļþ  ¡£´Ë±í £¬¹¥»÷Õß»¹Ê¹ÓÃÁËÎļþ¹²Ïí·þÎñ £¬ÈçTransferNowºÍWeTransfer £¬ÒÔ·À´¥·¢°²È«¾¯±¨  ¡£


https://www.bleepingcomputer.com/news/security/corporate-website-contact-forms-used-to-spread-bazarbackdoor-malware/


ProofpointÅû¶TA416¹¥»÷Å·ÖÞ¶à¸ö±í½»»ú¹¹µÄÏêÇé


ProofpointÔÚ3ÔÂ7ÈÕÅû¶ÁËAPT×éÖ¯TA416£¨ÓÖ³ÆMustang Panda£©¹¥»÷Å·ÖÞ¶à¸ö±í½»»ú¹¹µÄ¾ßÌåÐÅÏ¢  ¡£TA416×Ô2020Äê8ÔÂÒÔÀ´¾ÍÒ»Ö¹Øë¶ÔÅ·ÖÞ±í½»µÄ»ú¹¹  ¡£½ñÄê1ÔÂ17ÈÕ £¬Proofpoint·¢ÏÖ¸ÃÍÅ»ïʹÓÃеķַ¢·½Ê½ £¬´ËʱµÄ¹¥»÷Õ½ÊõÒ²²úÉúÁ˱䶯 £¬ÀûÓÃdropper·Ö·¢4¸ö×é¼þ£º¶ñÒâÈí¼þPlugX¡¢loader¡¢DLLËÑË÷ºÅÁî½Ù³Ö·¨Ê½(¹ý³Ì¼ÓÔØ·¨Ê½)ºÍPDFµö¶üÎļþ  ¡£×êÑÐÈËÔ±ÔÚ2ÔÂ28ÈÕ·¢ÏÖ £¬¹¥»÷Õß¶Ô×¼Á˱±Ô¼¹ú¶ÈµÄÄÑÃñºÍÒÆÃñ·þÎñ²¿Ãŵĸ߼¶¹ÙÔ±  ¡£


https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european


Symantec°ä²¼¹ØÓÚ¶ñÒâÈí¼þDaxinµÄ¼¼Êõ·ÖÎö»ã±¨


3ÔÂ9ÈÕ £¬Symantec°ä²¼Á˹ØÓÚ¶ñÒâÈí¼þDaxinµÄͨѶºÍÍøÂçÖ°Äܵļ¼Êõ·ÖÎö»ã±¨  ¡£»ã±¨Ö¸³ö £¬DaxinÔÚÃÜÔ¿»¥»»ÆÚ¼äÖ§³ÖÁ½ÖÖÍÆËã¹²ÏíÃÜÔ¿µÄ²½Öè £¬²¢ÓÉinitiatorͨ¹ý±ÈÁ¦Ñ¡Ôñ¸üÏàÒ˵ÄÒ»ÖÖ £¬Õâ¿ÉÄÜÊÇΪÁËÔÚÉý¼¶¶ñÒâÍøÂçʱ²»»áµ¼ÖÂÖÐ¶Ï  ¡£´Ë±í £¬³ýÁË2¸öºóÃÅÖ®¼äµÄͨѶ £¬¸Ã¶ñÒâÈí¼þ»¹Ö§³Ö2ÖÖ¶î±íµÄͨѶ²½Öè £¬ÊʺÏÓâÔ½Ö¸±ê×éÖ¯µÄÌìǵ½øÐÐͨѶ£ºÆäÒ»ÊÇʹÓÃHTTPÐÂÎÅÀ´·â×°ºóÃÅͨѶ £¬ÁíÒ»ÖÖÊǶñÒâÇý¶¯·¨Ê½ÅäÖÃΪÓëÔ¶³ÌTCP·þÎñÆ÷ͨѶÀ´½øÐкóÃÅͨѶ  ¡£


https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage-analysis



°²È«¹¤¾ß


Master_Librarian


Éó¼Æ Unix/*BSD/Linux ϵͳ¿âÒÔ·¢ÏÖ¹«¹²°²È«·ì϶µÄµ¥Ò»¹¤¾ß  ¡£


https://github.com/CoolerVoid/master_librarian


geowifi


ͨ¹ý BSSID ºÍ SSID ÔÚ·ÖÆçµÄ¹«¹²Êý¾Ý¿âÉÏËÑË÷ WiFi µØÀíµØÎ»Êý¾Ý  ¡£


https://github.com/GONZOsint/geowifi


wslu


ÕâÊÇ Windows 10 Linux ×ÓϵͳµÄʵÓ÷¨Ê½¼¯ÖÐ  ¡£


https://github.com/wslutilities/wslu


SysWhispers3


ͨ¹ýÌìÉú¿ÉÓÃÓÚ½øÐÐÖ±½ÓϵͳŲÓõÄÍ·Îļþ/ASM ÎļþÀ´Ô®ÊÖÈÆ¹ý  ¡£


https://securityonline.info/syswhispers3-av-edr-evasion-via-direct-system-calls/


frogy


×ÓÓòö¾Ù¾ç±¾ £¬Ö¼ÔÚ´´½¨Ò»¸ö¿ªÔ´¹¥»÷ÃæÖÎÀí½â¾ö¹æ»®  ¡£


https://github.com/iamthefrogy/frogy



°²È«·ÖÎö


REvil ³ÉÔ±±»Òý¶Éµ½ÃÀ¹úÊÜÉó Kaseya ¹¥»÷ÊÂÎñ


https://www.bleepingcomputer.com/news/security/revil-ransomware-member-extradited-to-us-to-stand-trial-for-kaseya-attack/


¶íÂÞ˹´´½¨×Ô¼ºµÄ TLS Ö¤ÊéÐû¸æ»ú¹¹ÒÔÈÆ¹ýÔì²Ã


https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/


CISAÐÂÔö½ü 100 ¸ö Conti ¶ñÒâ»î¶¯µÄÓòÃûµÄ IoC


https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/


΢Èí°ä·¢ÍƳöºÏÓÃÓÚ PC ºÍÒÆ¶¯É豸µÄ Defender Ô¤ÀÀ°æ


https://news.softpedia.com/news/microsoft-announces-microsoft-defender-preview-for-pc-and-mobile-535016.shtml


½ü30% µÄÑϳÁµÄ WordPress ²å¼þ·ìϼû»Óв¹¶¡


https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/


Î÷ÃÅ×Ó½â¾öÁË 90 ¶à¸öÓ°ÏìµÚÈý·½×é¼þµÄ·ì϶


https://www.securityweek.com/siemens-addresses-over-90-vulnerabilities-affecting-third-party-components