Î÷ÑÅͼ¸ÛºÍÎ÷ÑÅͼ-Ëþ¿ÆÂí¹ú¼Ê»ú³¡ÒÉÔâÍøÂç¹¥»÷

°ä²¼¹¦·ò 2024-08-26
1. Î÷ÑÅͼ¸ÛºÍÎ÷ÑÅͼ-Ëþ¿ÆÂí¹ú¼Ê»ú³¡ÒÉÔâÍøÂç¹¥»÷


8ÔÂ25ÈÕ  £¬Î÷ÑÅͼ¸ÛÓëÎ÷ÑÅͼ-Ëþ¿ÆÂí¹ú¼Ê»ú³¡Í¬Ê±ÔËÓª  £¬½üÆÚÔâ·êÁËÑϳÁµÄÐÅϢϵͳÌôÕ½  £¬ÒÉËÆÔâ·êÁËÍøÂç¹¥»÷¡£ÖÜÁùÔ糿  £¬¸Û¿ÚÊ×ÏÈͨ¹ýÉ罻ýÌåÆ½Ì¨´«µÝÁË·þÎñÖжϵÄÇé¿ö  £¬Ëæºó»ú³¡¹Ù·½È·ÈÏÔâ·êÁËϵͳÖжÏ  £¬²¢°µÊ¾Õâ¿ÉÄÜÔ´ÓÚÒ»´ÎÍøÂç¹¥»÷¡£Ëæ×ÅÊÂ̬·¢Õ¹ÖÁÖÜÁùÍí¼ä  £¬»ú³¡·½Ã氵ʾ·þÎñÖжÏÇé¿öÈÔ¾Éδ½â  £¬ÇÒÎÞ·¨Ã÷È·¸ø³ö¸´Ô­È«Ãæ·þÎñµÄ¹¦·ò±í¡£Ãæ¶ÔÕâһͻ·¢Çé¿ö  £¬»ú³¡·½Ãæ»ý¼«Ó¦¶Ô  £¬½¨Òé´î¿ÍÀûÓú½¿Õ¹«Ë¾ÌṩµÄÊÖ»úÀûÓ÷¨Ê½½â¾öµÇ»úÊÖÐø²¢´òÓ¡µÇ»úÅÆ¼°ÐÐÀî±êÇ©  £¬Í¬Ê±ÌáÐѳ˿ÍÌáǰµ½´ï»ú³¡ÒÔÓ¦¶Ô¿ÉÄܵÄÑÓÎó¡£¾ÝTechCrunchµÄ¼¼Êõ·ÖÎö  £¬½ØÖÁÖÜÈÕÉýƽÑ󹦷òÔ糿  £¬Î÷ÑÅͼ¸Û¶Ô±í·þÎñµÄÍøÂç»ù´¡ÉèÊ©  £¬ÓÈÆäÊÇÆä¹Ù·½ÍøÕ¾  £¬ÈÔ´¦ÓÚ²»³É½Ó¼ûµÄÀëÏß״̬  £¬ÏÔʾ³öÕâ´ÎÍøÂç¹¥»÷¶Ô¸Û¿Ú¼°»ú³¡ÔËÓªÔì³ÉÁËÏÔÖøÓ°Ïì¡£


https://techcrunch.com/2024/08/25/the-port-of-seattle-and-sea-tac-airport-say-theyve-been-hit-by-possible-cyberattack/


2. PEAKLIGHT ¶ñÒâÈí¼þ£ºÒ»ÖÖÐÂÐÍÒþÃØÄÚ´æÍþв³öÏÖ


8ÔÂ24ÈÕ  £¬MandiantµÄÍøÂ簲ȫÍŶӸ淢ÁËÒ»ÖÖÃûΪPEAKLIGHTµÄ¸´ÔÓÐÂÐͶñÒâÈí¼þ  £¬Ëüͨ¹ýһϵÁо«ÐÄÉè¼ÆµÄ¶à½×¶ÎϰȾ¹ý³Ì  £¬ÇÄÎÞÉùÏ¢µØÔÚÊܺ¦ÕßµÄϵͳÖд«²¼Ô̺¬LUMMAC.V2¡¢SHADOWLADDERºÍCRYPTBOTÔÚÄڵĶàÖÖÐÅÏ¢ÇÔÈ¡·¨Ê½¡£PEAKLIGHTµÄÈëÇÖʼÓÚ¼Ù×°³ÉµÁ°æµçÓ°µÄ¶ñÒâZIPÎļþ  £¬ÄÚº¬¼Ù×°³ÉýÌåͼ±êµÄLNK¿ì½Ý·½Ê½Îļþ  £¬ÓÕµ¼Óû§Ö´ÐÐǶÈëµÄPowerShell¾ç±¾  £¬½ø¶øÏÂÔØ²¢Ö´ÐÐÄÚ´æÖеÄJavaScriptÖ²È뷨ʽ¡£¸ÃÖ²È뷨ʽÀûÓÃÄÚÈÝ·Ö·¢ÍøÂ磨CDN£©ÍйÜ  £¬²¢Ñ¡È¡»ìºÏ¼¼Êõ¶ã±Ü¼ì²â  £¬×îÖÕÏÂÔØ²¢Ö´ÐÐPEAKLIGHTÏÂÔØ·¨Ê½  £¬¸Ã·¨Ê½Æ¾¾ÝϵͳÇé¿öÏÂÔØ¶î±íµÄ¶ñÒâ¸ºÔØ¡£PEAKLIGHT±äÖÖ¶àÑù  £¬µ«Ö÷ÌâÖ¸±êÒ»Ö£ºÒñ±ÎµØ²¿ÊðÐÅÏ¢ÇÔÈ¡¹¤¾ß¡£·ÖÎöÏÔʾ  £¬PEAKLIGHTÏÂÔØµÄZIPÎļþÔ̺¬SHADOWLADDERºÍCRYPTBOTµÈ¶ñÒâÈí¼þ  £¬Í¬Ê±ÀûÓúϷ¨ÊÓÆµÎļþ×÷Ϊµö¶ü¡£MandiantÇ¿µ÷  £¬´ËÀ๥»÷͹ÏÔÁËά³Ö¾¯Ìè¡¢²ÉÈ¡¶àµµ´Î°²È«´ëÊ©µÄ³ÁÒªÐÔ  £¬Ô̺¬Èí¼þ¸üС¢Ç¿ÃÜÂëºÍ¶à³É·ÖÈÏÖ¤  £¬ÒÔ¼°²¿ÊðÓÐЧµÄ¶Ëµã±£»¤¡£


https://securityonline.info/peaklight-malware-a-new-stealthy-memory-only-threat-emerges/


3. CISAÖÒ¸æVersa Networks·ì϶CVE-2024-39717Õý±»»ý¼«ÀûÓÃ


8ÔÂ23ÈÕ  £¬ÃÀ¹úÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©½üÆÚ´¹Î£°ä²¼Á˹ØÓÚCVE-2024-39717·ì϶µÄ°²È«¾¯±¨  £¬Ö¸³ö¸Ã¸ßÑϳÁÐÔ·ì϶Õý±»»ý¼«ÀûÓà  £¬¶ÔʹÓÃVersa Networks Director GUIµÄϵͳ×é³É³Á´óÍþв¡£´Ë·ì϶ÔÊÐíÓµÓи߼¶ÖÎÀíȨÏÞµÄÓû§Í¨¹ýÉÏ´«¼ÙװΪ.pngͼƬµÄ¶ñÒâÎļþ  £¬½ø¶ø¿ÉÄÜ»ñȡδÊÚȨ½Ó¼ûȨÏÞ»òÖ´ÐÐËÁÒâ´úÂë¡£ÕâÒ»·ì϶µÄÑϳÁÐÔÔÚÓÚ  £¬ËüÒÑÈ·Èϱ»Ò°±í¹¥»÷ÕßÀûÓà  £¬²¿ÃÅÔ­ÒòÊǿͻ§Î´×ñѭ֮ǰ°ä²¼µÄ·À»ðǽָÄÏ¡£Ö»¹Ü¸Ã¶ñÒâÎļþÔÚÎÞÊýÖ÷Á÷ä¯ÀÀÆ÷ÉÏÎÞ·¨Ö±½ÓÖ´ÐÐ  £¬µ«Ç±ÔÚµÄÀûÓÃÊ·ý¼°Î´Ö¤ÊµµÄ»ã±¨ÈÔÅú×¢·çÏÕ³ÖÐø´æÔÚ¡£CISAÒѽ«CVE-2024-39717ÄÉÈëÒÑÖª±»ÀûÓ÷ì϶Ŀ¼  £¬²¢¶½´ÙÁª¹ú»ú¹¹ÔÚ2024Äê9ÔÂ13ÈÕǰ²¿Êð×îа²È«²¹¶¡  £¬ÒÔ·À±¸Ç±ÔÚµÄÍøÂç¹¥»÷¡£Òò¶ø  £¬ËùÓÐʹÓÃVersa Networks Director GUIµÄ×é֯ӦѸ¿ìÉó²é²¢¼ÓÇ¿Æä°²È«ºÍ̸  £¬Í¬Ê±µ±¼´ÀûÓÃËùÓпÉÓõݲȫ²¹¶¡ºÍ¸üР £¬ÒÔÈ·±£ÍøÂ簲ȫÃâÊÜ´Ë·ì϶µÄÇÖº¦¡£


https://securityonline.info/cve-2024-39717-versa-networks-director-gui-flaw-under-active-attack-cisa-issues-urgent-patching-directive/


4. еÄmacOS¶ñÒâÈí¼þCthulhu Stealer¶Ô×¼AppleÓû§Êý¾Ý


8ÔÂ23ÈÕ  £¬ÍøÂ簲ȫ×êÑÐÈËÔ±·¢ÏÖÁËÒ»ÖÖÕë¶ÔApple macOSµÄÐÂÐÍÐÅÏ¢ÇÔÈ¡·¨Ê½Cthulhu Stealer  £¬¸Ã¶ñÒâÈí¼þ×Ô2023Äêµ×ÆðÒÔÿÔÂ500ÃÀÔªµÄMaaS£¨¶ñÒâÈí¼þ¼´·þÎñ£©Ä£Ê½Ìṩ  £¬¿É¿çx86_64ÓëArm¼Ü¹¹ÔËÐС£Cthulhu Stealer¼Ù×°³ÉºÏ·¨Èí¼þÈçCleanMyMacµÈ  £¬ÀûÓÃÓû§ÐÅÀµÈƹýGatekeeper±£»¤  £¬ÓÕµ¼Óû§ÊäÈëÃÜÂë  £¬½øÒ»²½ÇÔÈ¡MetaMaskÃÜÂë¡¢iCloud Keychain¼°ä¯ÀÀÆ÷cookieµÈÃô¸ÐÊý¾Ý¡£Ëü»¹ÀûÓÃChainbreakerµÈ¹¤¾ßÍøÂçϵͳÐÅÏ¢  £¬²¢½«Êý¾ÝѹËõºó·¢ËÍÖÁC2·þÎñÆ÷¡£Ö»¹ÜCthulhu StealerÔÚ¼¼ÊõÉϲ¢²»¸´ÔÓ  £¬²»×ã¸ß¼¶·´·ÖÎö¼¿Á©  £¬µ«ËüչʾÁËÍþвÐÐΪÕßÈÕÒæ¹Ø×¢macOSµÄÇ÷Ïò¡£ÖµÍ×ÌùÐĵÄÊÇ  £¬¸Ã¶ñÒâÈí¼þ±³ºóµÄ¿ª·¢ÕßÒòÄÚ²¿¾À·×ÒÑÍ˳öÊг¡  £¬µ«Õâ²¢²»Åųý½«À´ÀàËÆÍþвµÄÔÙÏÖ¡£Ãæ¶ÔÕâÒ»·çÏÕ  £¬Æ»¹û¹«Ë¾ÒѲÉÈ¡´ëÊ©  £¬´òËãÔÚmacOS SequoiaÖмÓÇ¿¶ÔδÊðÃû»òδ¹«Ö¤Èí¼þµÄÏÞ¶È  £¬Óû§Ðèͨ¹ýϵͳÉèÖöø·Çµ¥Ò»²Ù×÷À´ÔÊÐíÈí¼þÔËÐÐ  £¬ÒÔÌá¸ßϵͳ°²È«ÐÔ¡£Í¬Ê±  £¬×¨¼Ò½¨ÒémacOSÓû§½ö´Ó¿ÉÐÅÆðÔ´ÏÂÔØÈí¼þ  £¬Î¬³Öϵͳ¸üÐÂÖÁ×îа汾¡£


https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html?&web_view=true


5. QilinÀÕË÷Èí¼þж¯Ïò£ºÇÔÈ¡Chromeƾ֤


8ÔÂ23ÈÕ  £¬ÍøÂ簲ȫÁìÓò³öÏÖÁËһ·ÒýÈËÖõÖ÷ÕÅQilinÀÕË÷Èí¼þ¹¥»÷ÊÂÎñ¡£¾ÝSophosÍøÂ簲ȫ¹«Ë¾»ã±¨  £¬Õâ´Î¹¥»÷²»½öÏÞÓÚ´«Í³µÄÎļþ¼ÓÃÜÓëÀÕË÷  £¬»¹º±¼û½â½áºÏÁËÆ¾Ö¤ÍøÂ缿Á©  £¬¶ÔÊܺ¦ÕßµÄGoogle Chromeä¯ÀÀÆ÷ÖеÄÃô¸ÐÐÅÏ¢×é³ÉÍþв¡£¹¥»÷ÕßÀûÓÃVPNÃÅ»§Ð¹Â¶µÄ¡¢²»×ã¶à³É·ÖÈÏÖ¤µÄÍ´´¦  £¬³É¹¦ÉøÈëÖ¸±êÍøÂç  £¬²¢ÔÚ³õ´ÎÈëÇÖºóÂñ·ü18Ìì½øÐÐÉî¶ÈºóÀûÓ᣹¥»÷Õ߯æÃîµØ±à×ëÁËÓò½ÚÔìÆ÷ÖеÄĬÈÏÓòÕ½Êõ  £¬ÒýÈëÁËÁ½¸ö¹Ø¼ü¾ç±¾£ºÒ»ÊÇÓÃÓÚÍøÂçChromeä¯ÀÀÆ÷´æ´¢Æ¾Ö¤µÄPowerShell¾ç±¾¡°IPScanner.ps1¡±  £¬¶þÊÇ´¥·¢¸Ã¾ç±¾Ö´ÐеÄÅú´¦ÖÃÎļþ¡°logon.bat¡±¡£ÕâЩ¾ç±¾Í¨¹ýµÇ¼ʱµÄ×éÕ½Êõ¶ÔÏó£¨GPO£©×Ô¶¯Ö´ÐÐ  £¬Ê¹µÃÿ´ÎÓû§µÇ¼ʱ¶¼¿ÉÄÜÔÚ²»ÖªÇéµÄÇé¿öÏ´¥·¢Æ¾Ö¤ÇÔÈ¡  £¬³ÖÐøÈýÌìÖ®¾Ã  £¬¼«´óµØÔö³¤ÁËÐÅϢй¶µÄ·çÏÕ¡£Ëæºó  £¬¹¥»÷Õß²»½ö¼ÓÃÜÁËÎļþ¡¢¸éÖÃÀÕË÷ÐÅ  £¬»¹ÇÔÈ¡ÁËÍøÂçµ½µÄƾ֤  £¬²¢¶Ï¸ù»î¶¯ºÛ¼£¡£Chromeƾ֤µÄʧÇÔÆÈʹÊܺ¦ÕßÐèÔÚ¶à¸öµÚÈý·½·þÎñÉϳÁÖÃÕË»§ÃÜÂë  £¬½øÒ»²½¼Ó¾çÁËÊÂÎñµÄ¸´ÔÓÐÔºÍÓ°ÏìÁìÓò¡£


https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html


6. Android¶ñÒâÈí¼þNGateÀûÓÃNFC¼¼ÊõÓÃÓÚATMÈ¡¿î


8ÔÂ23ÈÕ  £¬ÔÚ´Óǰ¾Å¸öÔÂÖÐ  £¬Ë¹Âå·¥¿ËÍøÂ簲ȫ¹«Ë¾ESET¸æ·¢ÁËһ·Õë¶Ô½Ý¿ËÈý¼ÒÒøÐеijÁ´óÍøÂç·¸×ï»î¶¯¡£·¸×ï·Ö×ÓÀûÓÃÃûΪNGateµÄ¶ñÒâÈí¼þ  £¬Í¨¹ý¾«ÐÄÉè¼ÆµÄ´¹µöÓʼþÓÕÆ­AndroidÉ豸Óû§ÏÂÔØ¼Ù×°³ÉÒøÐÐÀûÓõĶñÒⷨʽ¡£Õâ¿îÈí¼þ²»½öÄÜÇÔÈ¡Óû§µÄÒøÐÐÐÅÏ¢  £¬»¹Ñ¡È¡ÁËÒ»ÖÖǰËùδÓеÄNFCÖм̼¼Êõ  £¬ÄÜ´ÓÊܺ¦ÕßµÄʵÌåÖ§¸¶¿¨ÖÐÔ¶³Ì´«Êä½ü³¡Í¨Ñ¶Êý¾ÝÖÁ¹¥»÷ÕßÉ豸  £¬½ø¶øÖ´ÐÐATMÂòÂô»ò×ªÒÆ×ʽ𡣴˶ñÒâÈí¼þ´ÓδÉϼÜGoogle PlayÉ̵ê  £¬ÖØÒªÍ¨¹ý´¹µöÓʼþÖеķǹٷ½Á´½Ó´«²¼¡£Êܺ¦Õß±»ÓÕµ¼¿ªÆôNFCÖ°Äܲ¢¸éÖÃÖ§¸¶¿¨ÓÚÊÖ»ú±³²¿  £¬ÒÔʵÏÖ¿¨ÐÅÏ¢µÄ·¸·¨»ñÈ¡¡£ESET×Ô2023Äê11ÔÂÆð×·×Ù¸Ã×éÖ¯  £¬·¢ÏÔìä»î¶¯ÔÚÒ»Ãû³ÉÔ±±»²¶ºó¶ÌÔÝÖͰ­  £¬µ«´ËÀàAndroid¶ñÒâÈí¼þµÄÐÂÖ°ÄÜÈÔÊô³õ´ÎÔÚÒ°±í±»·¢ÏÖ¡£×¨¼ÒÖҸ湫¼ÒÐèÌá¸ß¾¯Ìè  £¬²é³­ÍøÕ¾URL¡¢Í×ÉÆÉú»îPINÂë  £¬²¢ÔڷDZØÒªÊ±¹Ø¹ØNFCÖ°ÄÜ  £¬ÍƼöʹÓÃÐé¹¹¿¨ÒÔÏ÷¼õ·çÏÕ¡£


https://therecord.media/android-malware-atm-stealing-czech-banks