ºÚ¿Íй¶¶íÂÞ˹Éç½»ÍøÂçVK 3.9ÒÚÓû§Êý¾Ý

°ä²¼¹¦·ò 2024-09-04
1. ºÚ¿Íй¶¶íÂÞ˹Éç½»ÍøÂçVK 3.9ÒÚÓû§Êý¾Ý


9ÔÂ3ÈÕ  £¬ºÚ¿Í¡°HikkI-Chan¡±ÔÚ·¸·¨ºÚ¿ÍÂÛ̳Breach ForumsÉϹ«¿ªÁ˾ªÈ˵Ä3.9ÒÚVKÓû§Êý¾Ý¡£VK×÷Ϊ¶íÂÞ˹¼°¶«Å·µØÓò¹ãÊÜÓ­½ÓµÄÉ罻ýÌåÆ½Ì¨  £¬ÆäÓû§Ó×ÎÒÐÅÏ¢Ô̺¬³ÇÊÓ×¢¹ú¶È¡¢È«Ãû¡¢Ó×ÎÒ×ÊÁÏͼƬURLµÈÃô¸ÐÄÚÈݲ»ÐÒ±»Ð¹Â¶  £¬×ÜÁ¿¸ß´ï390,425,719±Ê¼Í¼  £¬Êý¾Ý¹æÄ£³¬¹ý27GB¡£ÖµÍ×ÌùÐĵÄÊÇ  £¬Ö»¹ÜÕâ´Îй¶µÄÐÅÏ¢Á¿¾Þ´ó  £¬µ«²¢Î´Ô̺¬Óû§µÄµç»°ºÅÂë»òÃÜÂë  £¬¼õÇáÁËÖ±½Ó°²È«Íþв¡£È»¶ø  £¬Óû§È«Ãû¡¢³ÇÊм°¹ú¶ÈµÈÐÅÏ¢µÄ¶³öÈÔ¿ÉÄÜÒý·¢Ò»ÏµÁзçÏÕ  £¬ÓÈÆäÊÇ˼¿¼µ½ÕâЩÐÅϢΪ¶íÓï  £¬Ëä¿ÉÄÜÏ޶ȷǶíÓïÍþвÕßµÄÖ±½ÓÀûÓà  £¬µ«Òþ»¼ÈÔ²»ÈݺöÊÓ¡£ºÚ¿Í¡°HikkI-Chan¡±Ðû³ÆÕâ´Î²¢·ÇÖ±½ÓÈëÇÖVK·þÎñÆ÷  £¬¶øÊÇÒ»´ÎËùνµÄ¡°¶þ½×¡±ÈëÇÖ  £¬¼´ÀûÓÃ´ÓÆäËûµÚÈý·½Çþ··¸·¨»ñÈ¡µÄÊý¾ÝÀ´¼ä½Ó»ñÈ¡VKÓû§ÐÅÏ¢¡£VK²¢·Ç³õ´ÎÔâ·êÊý¾Ýй¶Î£»ú  £¬ÔçÔÚ2016Äê  £¬¾ÍÓб¨Â·Ö¸³ö¸Ãƽ̨µÄÓû§ÕË»§ÔøÔÚ°µÍøÉϱ»ÏúÊÛ¡£


https://hackread.com/hacker-leaks-data-of-vk-users-russian-social-network/


2. ÅûÈøÁ¬ËøµêƵÔâÍøÂç´¹µöÚ¿Æ­  £¬ÇÔÊØÐÅÓþ¿¨Êý¾Ý


9ÔÂ2ÈÕ  £¬È«ÇòÁìÓòÄÚ  £¬³ö¸ñÊǼÓÄôó  £¬¶à¼Ò³ÛÃûÅûÈøÁ¬ËøµêÕýÔâ·êÍøÂç´¹µöÚ¿Æ­µÄÇÖÏ®  £¬Ú¿Æ­ÕßÀûÓÃÓòÃûºýŪ¡¢ÍøÂç´¹µö¼°ÌìÉúʽÈËΪÖÇÄܵȼ¿Á©  £¬´´½¨¸ß¶È·ÂÕæµÄ¶ñÒâÍøÕ¾  £¬ÇÔÈ¡¹Ë¿ÍÐÅÓþ¿¨ÐÅÏ¢  £¬Ôì³É³Á´ó¾­¼ÃËðʧ¡£Õⳡ×Ô2023Äê±ãÆðÍ·µÄÚ¿Æ­»î¶¯  £¬Í¨¹ý·ÂÕպϷ¨ÅûÈø±íÂôÍøÕ¾µÄ¶©µ¥Ò³Ãæ  £¬ÓÕµ¼Óû§ÊäÈëÓ×ÎÒÐÅÏ¢¼°Ò»´ÎÐÔÃÜÂë  £¬½ø¶øµÁÊØÐÅÓþ¿¨Êý¾Ý¡£³ýÐÂ¼ÓÆÂµÄDomino's Pizza±í  £¬¼ÓÄôó±¾ÍÁµÄÅûÈø³øÊ¦¡¢±ÈÈø±ÈÈø¡¢²¨Ê¿¶ÙÅûÈøµÈ³ÛÃûÆ·ÅÆÒàδÄÜÐÒÃâ¡£Ú¿Æ­Õßͨ¹ý¸¶·ÑËÑË÷ÒýÇæ¸æ°×ÌáÉý¶ñÒâÓòÃûÆØ¹â¶È  £¬ÀûÓÃÆ´Ð´ÃýÎó¡¢Í¬ÐÎÒìÒå´ÊµÈ¼¼ÇÉÎóµ¼Óû§  £¬²¢Í¨¹ý²»ÐÝ×¢²áÐÂÓòÃû¡¢¸üÐÂÏÖÓÐÓòÃû¼°¸ü»»IPµØÖ·À´Ìӱܼì²â¡£´ËÀ๥»÷²»½ö¼¼Êõ¸´ÔÓ  £¬ÇÒÁìÓò¿í·º  £¬¶ÔÈ«ÇòÅûÈøÐÐÒµ×é³ÉÑϳÁÍþв¡£ÎªÁË·À±¸´ËÀàÍøÂç´¹µöÚ¿Æ­  £¬¹Ë¿ÍÐèÌá¸ß¾¯Ìè  £¬×Ðϸ²é³­ÓòÃûÖеÄÒì³£ÐźÅ  £¬¹Ø×¢×¢²áÈÕÆÚ  £¬ÆôÓöà³É·ÖÉí·ÝÑéÖ¤  £¬²¢ÊµÊ±Ïò·¨Âɲ¿ÃŻ㱨¿ÉÒÉÂòÂô¡£


https://hackread.com/phishing-scam-canadian-pizza-chains-credit-card-data/


3. CISA´¹Î£¶½´Ù½¨²¹Draytek·ÓÉÆ÷Óë½ðɽWPS Office°²È«·ì϶


9ÔÂ3ÈÕ  £¬ÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨CISA£©´¹Î£°ä²¼Á˹ØÓÚÈý¸öÕý±»»ý¼«ÀûÓõÄÑϳÁ·ì϶µÄ¾¯Ê¾  £¬¶½´ÙÈ«Çò×éÖ¯ÓÈÆäÊÇÁª¹ú»ú¹¹Ñ¸¿ìÓ¦¶Ô¡£ÆäÖÐ  £¬Draytek VigorConnect ·ÓÉÆ÷¶³öµÄ CVE-2021-20123 ºÍ CVE-2021-20124 ·ì϶  £¬ÈÃδÊÚȨ¹¥»÷ÕßÄܵÈÏнӼûÃô¸ÐÎļþ  £¬×é³ÉÊý¾Ýй¶¼°ÏµÍ³ÈëÇֵijÁ´óÍþв¡£ÁíÒ»Ïî¸ß·çÏÕ·ì϶ CVE-2024-7262 ¾Û½¹ÓÚ½ðɽWPS Office  £¬Õâ¿îÔÚ¶«ÑǵØÓò¿í·ºÊ¹Óõİ칫Ì×¼þ  £¬Òò´æÔÚÑϳÁµÄõè¾¶±éÀúÎÊÌ⣨CVSS ÆÀ·Ö¸ß´ï9.8£©  £¬³ÉΪº«¹ú¹ØÁªÍøÂç¼äµý×éÖ¯APT-C-60µÄ¹¥»÷Ö¸±ê¡£ÀûÓôËÁãÈÕ·ì϶  £¬APT-C-60²¿ÊðÁËSpyGlaceºóÃÅ  £¬´Ë·ì϶µÄÖ÷ÌâÔÚÓÚ¶ÔÓû§Îļþõè¾¶ÑéÖ¤µÄºöÂÔ  £¬Ê¹µÃ¹¥»÷ÕßÄÜÉÏ´«²¢Ö´ÐÐËÁÒâWindows¿â  £¬ÊµÏÖÔ¶³Ì´úÂëÖ´ÐÐ  £¬È«Ãæ½ÚÔìÊܺ¦ÏµÍ³  £¬²¢³Ö¾ÃÇÔÈ¡Êý¾Ý¡£ÎªÓ¦¶ÔÕâÒ»½ôÆÈ¾ÖÊÆ  £¬CISAÒÑÒªÇóÁª¹úÃñÊÂÐÐÕþ²¿ÃÅÔÚ2024Äê9ÔÂ24ÈÕǰʵÏÖ·ì϶½¨²¹¡£


https://securityonline.info/cisa-issues-alert-three-actively-exploited-vulnerabilities-demand-immediate-attention/


4. Head MareºÚ¿Í×éÖ¯Õë¶Ô¶í°×·¢ÆðÍøÂç¹¥»÷ÓëÀÕË÷


9ÔÂ3ÈÕ  £¬Head MareºÚ¿Í×éÖ¯×Ô2023ÄêÆð»îÔ¾  £¬×¨ÃÅÕë¶Ô¶íÂÞ˹ºÍ°×¶íÂÞ˹µÄ×éÖ¯·¢ÆðÍøÂç¹¥»÷¡£¸Ã×é֯ѡȡÏȽøÕ½Êõ  £¬ÈçÀûÓÃWinRARÖеÄCVE-2023-38831·ì϶ִÐжñÒâ´úÂë  £¬ÒÔ¼ÓÇ¿Æä¹¥»÷Òñ±ÎÐÔºÍЧÄÜ¡£Head Mare²»½öй¶Êܺ¦ÕßÃô¸ÐÐÅÏ¢  £¬»¹Í¨¹ýLockBit£¨Õë¶ÔWindows£©ºÍBabuk£¨Õë¶ÔLinux£©¼ÓÃÜÉ豸  £¬Ë÷ÒªÊê½ð¡£Æä¹¤¾ß°üÔ̺¬PhantomDLºÍPhantomCoreµÈ¶¨ÔìºóÃÅ  £¬ÓÃÓÚÉÏ´«ÎļþºÍÖ´ÐкÅÁî  £¬¼Ù×°³É΢Èí¸üй¤×÷ÒÔ»ìºÏÊÓÌý¡£´Ë±í  £¬¸Ã×éÖ¯»¹ÀûÓÃSliverµÈ¿ªÔ´C2¿ò¼Ü¼°¶àÖÖ¹«¿ª¹¤¾ß½øÐкáÏòÒÆ¶¯ºÍÆ¾Ö¤ÍøÂç¡£¹¥»÷ͨ³£ÒÔÍøÂç´¹µöÓʼþЯ´øË«À©´óÃûÎĵµÎª³õ²½  £¬×îÖÕ²¿ÊðÀÕË÷Èí¼þ²¢ÁôÏÂÊê½ðÒªÇó¡ £¿¨°Í˹»ùÖ¸³ö  £¬Head MareµÄÕ½Êõ¡¢¼¼ÊõºÍ·¨Ê½Óë¶íÎÚì¶Ü²¼¾°ÏÂÆäËûÕë¶Ô¶í°×Á½¹úµÄºÚ¿Í×éÖ¯ÀàËÆ  £¬µ«ÆäÌØÉ«ÔÚÓÚʹÓö¨Ôì¶ñÒâÈí¼þºÍ×îзì϶  £¬Õ¹Ê¾Á˸߶ȵÄרҵÐÔºÍÕë¶ÔÐÔ¡£


https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html


5. Booking.comÔâ·ê¸´ÔÓÍøÂç´¹µö¹¥»÷


9ÔÂ3ÈÕ  £¬OSINTMATTER×îл㱨½ÒʾÁËÕë¶ÔBooking.comµÄ¸´ÔÓÍøÂç´¹µö»î¶¯  £¬ÆäÕ½ÊõÔ̺¬¶à½×¶ÎÈëÇÖ  £¬´Ó¾Æµê¾­ÀíÕË»§µ½Ö±½ÓºýŪ¿Í»§¡£¹¥»÷ÕßÀûÓ÷ÂðÓòÃû¡°extraknet-booking.com¡±ÓÕÆ­Óû§½øÈë±í¹ÛÕæÇеÄÐéÎ±ÍøÕ¾  £¬Ö¼ÔÚÇÔÈ¡Ãô¸ÐÐÅÏ¢  £¬Ô̺¬µÇ¼ʹ´¦¡¢Ó×ÎÒÊý¾ÝºÍ²ÆÕþ¾ßÌåÐÅÏ¢¡£¸ÃÍøÕ¾Í¨¹ýJavaScript»ìºÏ¼¼Êõ°µ²Ø¶ñÒâ´úÂë  £¬²¢¿ÉÄÜÓëNinja TrojanµÈ¶ñÒâÈí¼þÓйØÁª¡£´Ë±í  £¬¹¥»÷Õß»¹ÀûÓÃSTUN°ó¶¨ÒªÇ󰵲ضñÒâÁ÷Á¿  £¬²¢Í¨¹ý¶¯Ì¬¼Ù×°¼¼Êõƾ¾ÝÓû§Ìصãչʾ·ÖÆçÄÚÈÝ  £¬ÒÔÌӱܼì²â¡£³ö¸ñÖµÍ×ÌùÐĵÄÊÇ  £¬¹¥»÷ÍøÂçÖеÄiFrameÏνÓÖÁÒ»¸öÖÐÐÄÊàŦ  £¬¼¯ÖнÚÔì²¢À©´ó´¹µöÁìÓò¡£Õâ´Î¹¥»÷͹ÏÔÁËÍøÂç´¹µö¼¿Á©µÄÈÕÒæ¸´ÔÓÓëÒñ±Î  £¬¶ÔÓÎÀÀÒµ°²È«×é³ÉÑϳÁÍþв  £¬¾¯Ê¾Óû§ºÍÆóÒµÐè¼ÓÇ¿¾¯Ìè  £¬¶ÀÁ¢ÑéÖ¤ÍøÕ¾ºÏ·¨ÐÔ  £¬·À±¸Ó×ÎÒÐÅϢй¶¡£


https://securityonline.info/travelers-targeted-booking-com-phishing-scam-unveiled/


6. ¿¨°Í˹»ù¸æ·¢£ºICMPºóÃŹ¥»÷ÔÙÏÖ  £¬ÒÉËÆToddyCat APTÊÖ·¨


9ÔÂ3ÈÕ  £¬¿¨°Í˹»ùÈ«ÇòÓ¦¼±ÏìÓ¦Ó××飨GERT£©µÄÍøÂ簲ȫר¼Ò¸æ·¢ÁËÒ»ÖÖ¸´ÔÓµÄÍøÂç¹¥»÷  £¬ÆäÊÖ·¨Óë³ÛÃûAPT×éÖ¯ToddyCatµÄÕ½Êõ¸ß¶ÈÀàËÆ¡£Õâ´Î¹¥»÷Õë¶Ô¿Í»§Óò½ÚÔìÆ÷ºÍExchange·þÎñÆ÷  £¬ÀûÓÃÔ̺¬Microsoft ExchangeÔ¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2021-26855£©¼°Òѽ¨²¹µÄIKEEXT·þÎñ¾É·ì϶ÔÚÄڵĶàÖÖ°²È«·ì϶  £¬³É¹¦»ñÈ¡³õʼ½Ó¼ûȨ²¢¹¹½¨ÓƾÃÐÔ¡£¹¥»÷ÕßÓÈΪµó»¬µØ³ÁÓÃÁËÓëwlbsctrl.dll¿âÓйصľɷì϶  £¬Í¨¹ý´úÌæsystem32Ŀ¼ÏµĸÿâÎļþ  £¬Ê¹IKEEXT·þÎñÿ´ÎŲÓÃʱ¾ùÖ´ÐкóÃÅ´úÂë  £¬ÎÞÐè¸ü¸ÄͨÀýÆô¶¯ÅäÖ᣽øÒ»²½µØ  £¬ËûÃÇÀûÓÃSMBºÍ̸ÉèÖÃ×Ô½ç˵·À»ðǽ¹æ¶¨  £¬ÈöñÒâdllhost.exe¼àÌýÌØ¶¨¶Ë¿Ú  £¬ÊµÏÖÍøÂçÖеĺáÏòÒÆ¶¯  £¬ÇÄÎÞÉùÏ¢µØÀ©´ó¹¥»÷ÁìÓò¡£ÓÈΪ¹Ø¼üµÄÊÇ  £¬¹¥»÷Õß²¿ÊðÁËÒ»¸öICMPºóÃÅ  £¬Í¨¹ý¸ÃºóÃÅÒÔ¼ÓÔØ·¨Ê½´ó¾ÖÔËÐÐ  £¬Ö´Ðи´ÔÓ²Ù×÷ÒÔά³ÖÒñ±ÎÐÔ¡£¸ÃºóÃÅÊ×ÏȲ鳭»¥³âËøÒÔÔ¤·À³Á¸´ÔËÐÐ  £¬Ëæºó½âÃܲ¢Ö´Ðд洢ÔÚWindows×¢²á±íÖеÄÓÐЧ¸ºÔØ  £¬ÕâЩ¸ºÔØÒÔ¡°CAFEBABE¡±Îª±êʶ  £¬ÀûÓÃICMPÌ×½Ó×ֽӹܲ¢Ö´ÐÐÀ´×Ô¹¥»÷ÕßµÄÖ¸Áî  £¬´Ó¶øÔÚ²»³ÉÁ¢³öÕ¾ÏνӵÄÇé¿öÏÂʵÏÖÔ¶³Ì½ÚÔì  £¬¼«´ó½µµÍÁ˱»¼ì²âµÄ·çÏÕ¡£


https://securityonline.info/researcher-identifies-toddycat-inspired-apt-attack-leveraging-icmp-backdoor-and-microsoft-exchange-flaws/