Fortinet³ÆSSL-VPN·ì϶CVE-2022-42475Òѱ»ÔÚÒ°ÀûÓÃ

°ä²¼¹¦·ò 2023-01-17
1¡¢Fortinet³ÆSSL-VPNÖзì϶CVE-2022-42475Òѱ»ÔÚÒ°ÀûÓÃ

      

FortinetÔÚ1ÔÂ11ÈÕ³ÆÆäFortiOS SSL-VPNÖлùÓڶѵĻº³åÇøÒç¶Âí½ÅÒѱ»ÔÚÒ°ÀûÓ᣸÷ì϶׷×ÙΪCVE-2022-42475 £¬CVSSÆÀ·ÖΪ9.8 £¬ÒÑÓÚ2022Äê12Ô·ݽ¨¸´¡£×êÑÐÈËÔ±Ö¸³ö £¬·ì϶ÀûÓõĸ´ÔÓÐÔÅú×¢µÐÊÖÊÇÒ»¸ö¸ÉÁ·µÄ¹¥»÷Õß £¬²¢ÇÒÖØÒªÕë¶Ôµ±¾Ö»òÓëµ±¾ÖÓйصÄ×éÖ¯¡£¹¥»÷ÕßÀûÓø÷ì϶·Ö·¢ÎªFortiOS¶¨ÔìµÄͨÓÃLinuxÖ²È뷨ʽµÄ±äÌå¡£¶ñÒâ¶þ½øÔìÎļþλÓÚ/data/lib/libips.bak £¬¹¥»÷Õß½«Æä¼Ù×°³ÉÁËλÓÚ/data/lib/libips.soµÄFortinet IPSÒýÇæµÄÒ»¸ö×é¼þ¡£


https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd


2¡¢°²È«¹«Ë¾Avast°ä²¼ÀÕË÷Èí¼þBianLianµÄÃâ·Ñ½âÃÜÆ÷

      

¾ÝýÌå1ÔÂ16ÈÕ±¨Â· £¬°²È«¹«Ë¾Avast°ä²¼ÁËÀÕË÷Èí¼þBianLianµÄÃâ·Ñ½âÃÜÆ÷¡£BianLianÊÇÒ»ÖÖ»ùÓÚGoµÄÕë¶ÔWindowsϵͳµÄÀÕË÷Èí¼þ £¬ËüʹÓöԳÆAES-256Ëã·¨ºÍCBCÃÜÂëģʽÀ´¼ÓÃÜËùÓпɽӼûÇý¶¯Æ÷ÉϵÄ1013¶à¸öÎļþÀ©´óÃû¡£Avast°ä²¼µÄ½âÃܹ¤¾ßÖ»ÄÜÔ®ÊÖ±»BianLianÒÑÖª±äÖÖ¹¥»÷µÄÓû§ £¬ÈôÊǺڿÍʹÓõÄÊÇ×êÑÐÈËÔ±ÉÐδ·¢ÏÖµÄа汾¶ñÒâÈí¼þ £¬Ôò¸Ã¹¤¾ßĿǰ±­Ë®³µÐ½¡£²»Íâ £¬Avast°µÊ¾¸Ã½âÃÜÆ÷ÔÚ¿ª·¢ÖÐ £¬ºÜ¿ì¾Í»áÔö³¤½âÃܸü¶à±äÌåµÄÖ°ÄÜ¡£


https://www.bleepingcomputer.com/news/security/avast-releases-free-bianlian-ransomware-decryptor/


3¡¢×êÑÐÈËÔ±·¢ÏÖÑÇÂíÑ·ÉÏÏúÊÛµÄT95°²×¿µçÊÓºÐԤװ¶ñÒâÈí¼þ

      

¾Ý1ÔÂ12ÈÕ±¨Â· £¬×êÑÐÈËÔ±Daniel Milisic·¢´Ë¿ÌÑÇÂíÑ·²É°ìµÄT95°²×¿µçÊӺб»Ô¤×°ÁËÓÆ¾ÃµÄ¡¢¸´ÔӵĶñÒâÈí¼þ¡£T95Á÷ýÌåÉ豸ʹÓôøÓвâÊÔÃÜÔ¿ÊðÃûµÄ»ùÓÚAndroid 10µÄROM £¬ÒÔ¼°Í¨¹ýÒÔÌ«ÍøºÍWiFi´ò¿ªµÄADB¡£Milisic·¢ÏÖ¸ÃÉ豸ÊÔͼÏνӵ½¶à¸öÓë»î¶¯¶ñÒâÈí¼þÓйصÄIPµØÖ· £¬²¢ÒÔΪװÖÃÔÚÉ豸ÉϵĶñÒâÈí¼þÊÇÒ»ÖÖÀàËÆÓÚCopyCatµÄ±äÖÖ¡£´Ë±í £¬¸Ã¶ñÒâÈí¼þÊÔͼ´Óycxrl.com¡¢cbphe.comºÍcbpheback.com»ñÈ¡¶î±íµÄpayload¡£×êÑÐÈËԱΪT95Óû§ÌṩÁ˶ϸù¶ñÒâÈí¼þµÄ²½Öè¡£


https://www.bleepingcomputer.com/news/security/android-tv-box-on-amazon-came-pre-installed-with-malware/


4¡¢SentinelOneÅû¶NoName057(16)Õë¶ÔÎÚ¿ËÀ¼µÈ¹úµÄDDoS¹¥»÷

      

SentinelOneÓÚ1ÔÂ12ÈÕÅû¶Á˺ڿÍÍÅ»ïNoName057(16)Õë¶ÔÎÚ¿ËÀ¼ºÍ±±Ô¼Áйú×éÖ¯µÄDDoS¹¥»÷¡£ÕâЩ¹¥»÷ʼÓÚ2022Äê3Ô £¬ÖØÒªÕë¶Ôµ±¾Ö»ú¹¹ºÍ¹Ø¼ü»ù´¡ÉèÊ©×éÖ¯¡£ÉÏÖÜ £¬¸ÃÍÅ»ïÖжÏÁ˵¤Âó½ðÈÚ²¿ÃŵķþÎñ¡£×î½üµÄÆäËü¹¥»÷»î¶¯Éæ¼°²¨À¼ºÍÁ¢ÌÕÍðµÈ¹ú¶È¡£1ÔÂ11ÈÕ £¬×êÑÐÈËÔ±·¢ÏÖNoName057(16)ÆðÍ·Õë¶Ô2023Äê½Ý¿Ë×Üͳѡ¾ÙºòÑ¡È˵ÄÍøÕ¾¡£Ä¿Ç° £¬SentinelLabsÒѾ­È·¶¨Á˸ÃÍÅ»ïÊÇÈôºÎͨ¹ý¹«¹²Telegram channel¡¢×ÔÔ¸ÕßÍÆ¶¯µÄDDoSÖ§¸¶´òËã¡¢Ö§³Ö¶à²Ù×÷ϵͳµÄ¹¤¾ß°üºÍGitHub½ø×ßÔËÓª¡£


https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/


5¡¢StrRATºÍRattyµÈRATͨ¹ý¶à˵»°Îļþ·Ö·¢À´Èƹý¼ì²â

      

1ÔÂ12ÈÕ £¬Deep Instinct»ã±¨³ÆStrRATºÍRattyµÄÔËÓªÍŶÓÔÚʹÓöà˵»°MSI/JARºÍCAB/JARÎļþÀ´Èƹý°²È«¹¤¾ßµÄ¼ì²â¡£PolyglotÎļþÒÔijÖÖ·½Ê½×éºÏÁËÁ½ÖÖ»ò¶àÖÖÎļþÌåʽ £¬Ê¹ËüÃÇÄܹ»±»¶à¸ö·ÖÆçµÄÀûÓ÷¨Ê½ÎÞÎóµØÚ¹ÊÍºÍÆô¶¯¡£´Ë»î¶¯ÖÐʹÓõĶà˵»°·¨Ê½Í¨¹ýSendgridºÍURLËõ¶Ì·þÎñ´«²¼ £¬¶ø¶ñÒâÈí¼þpayload´æ´¢ÔÚDiscordÖС£×êÑÐÈËÔ±°µÊ¾ £¬StrRATºÍRattyµÄ¶à¸ö¶à˵»°·¨Ê½Ê¹ÓÃÒ»ÑùµÄC2µØÖ· £¬²¢ÓÉͳһ¼Ò±£¼ÓÀûÑǹ«Ë¾ÍйÜ £¬×¢Ã÷ÕâÁ½¸ö¶ñÒâÈí¼þÓпÉÄÜÀ´×ÔͳһºÚ¿ÍÍŻ


https://www.deepinstinct.com/blog/malicious-jars-and-polyglot-files-who-do-you-think-you-jar


6¡¢Check Point°ä²¼2022Äê12ÔÂÈ«ÇòÍþвָÊýµÄ·ÖÎö»ã±¨

      

1ÔÂ13ÈÕ £¬Check Point°ä²¼ÁË2022Äê12ÔÂÈ«ÇòÍþвָÊýµÄ·ÖÎö»ã±¨¡£»ã±¨Ö¸³ö £¬QbotÊÇ12ÔÂ×î³£¼ûµÄ¶ñÒâÈí¼þ £¬Ó°ÏìÁËÈ«Çò7%µÄ×éÖ¯ £¬Æä´ÎÊÇEmotet£¨Îª4%£©ºÍXMRig£¨Îª3%£©¡£½ÌÓýºÍ×êÑÐÐÐÒµÒÀÈ»ÊÇÔâµ½¹¥»÷×îÑϳÁµÄÐÐÒµ £¬Æä´ÎÊǾüÕþÐÐÒµÒÔ¼°Ò½ÁƱ£½¡ÐÐÒµ¡£×î³£±»ÀûÓõķì϶Web·þÎñÆ÷¶³öµÄGit´æ´¢¿âÐÅϢй¶·ì϶ £¬¶øºóÊÇWeb·þÎñÆ÷¶ñÒâURLĿ¼±éÀú·ì϶ºÍHTTPÉϵĺÅÁî×¢Èë·ì϶¡£12Ô £¬AnubisÒÀÈ»ÊÇ×îÊ¢ÐеÄÒÆ¶¯¶ñÒâÈí¼þ £¬Æä´ÎÊÇHiddadºÍAlienBot¡£


https://blog.checkpoint.com/2023/01/13/december-2022s-most-wanted-malware-glupteba-entering-top-ten-and-qbot-in-first-place/