ÍøÂç·¸×ï·Ö×ÓÀûÓÃZIP´®ÁªÎļþÕ½Êõ¶ã±Ü°²È«¼ì²â

°ä²¼¹¦·ò 2024-11-11

1. ÍøÂç·¸×ï·Ö×ÓÀûÓÃZIP´®ÁªÎļþÕ½Êõ¶ã±Ü°²È«¼ì²â


11ÔÂ7ÈÕ £¬¾ÝCyber Security News±¨Â· £¬ÍøÂç·¸×ï·Ö×ÓÕýѡȡһÖÖ¸´ÔÓµÄZIP´®ÁªÎļþÕ½Êõ £¬×¨ÃŹ¥»÷WindowsÓû§¡£ÕâÖÖ²½Ö轫¶à¸öZIPÎļþ¹é²¢ÎªÒ»¸ö´æµµ £¬ÀûÓÃ·ÖÆçZIPÔĶÁÆ÷´¦Ö÷½Ê½µÄ²î¾à £¬Ê¹¶ñÒâÄÚÈݸüÄѱ»°²È«Èí¼þ¼ì²â¡£ZIP´®ÁªÎļþÏÖʵÉÏÔ̺¬¶à¸öÖÐÐÄĿ¼ £¬Ã¿¸öĿ¼ָÏò·ÖÆçµÄÎļþ¼¯ £¬¶øÄ³Ð©ÔĶÁÆ÷¿ÉÄÜÖ»ÏÔʾ²¿ÃÅÄÚÈÝ £¬´Ó¶ø°µ²Ø¶ñÒâÎļþ¡£ÀýÈç £¬7zipͨ³£Ö»ÏÔʾµÚÒ»¸ö´æµµµÄÄÚÈÝ £¬¶øWinRARÄܶÁÈ¡ËùÓÐÄÚÈÝ £¬Ô̺¬°µ²ØµÄ¶ñÒâÎļþ¡£WindowsÎļþ×ÊÔ´ÖÎÀíÆ÷ÔÚ´¦ÖÃÕâÖÖÎļþʱҲ´æÔÚ²»Ò»ÖÂÐÔ £¬µ¼Ö¼ì²âÍþв²»³É¿¿¡£ÒÑÓй¥»÷Õßͨ¹ý·¢ËͼÙ×°³É·¢»õ֪ͨµÄÍøÂç´¹µöµç×ÓÓʼþ £¬ÀûÓô˼¼ÊõÏòÊܺ¦Õß·¢ËͰµ²ØµÄÌØÂåÒÁľÂí¶ñÒâÈí¼þ¡£ÕâÖÖ¶ã±Ü¼¼ÊõµÄ³É¹¦ÔÚÓÚËüÄÜÀûÓù¤¾ß¼äµÄ²î¾à £¬ºÜ¶à°²È«½â¾ö¹æ»®Ò²ÒÀÀµÕâЩ¹¤¾ßÀ´É¨Ãèµµ°¸¡£Òò¶ø £¬ºÚ¿ÍÔ½À´Ô½¶àµØÊ¹ÓÃÕâÖÖ²½ÖèÕë¶ÔÌØ¶¨Óû§ £¬Í¬Ê±ÌӱܯäËû°²È«¹¤¾ßµÄ¼ì²â¡£ÍøÂ簲ȫר¼ÒÌáÐÑÓû§Ó¦Ìá¸ß¾¯Ìè £¬Ñ¡È¡¶àÖÖ°²È«¹¤¾ßºÍ²½ÖèÀ´·À±¸´ËÀ๥»÷¡£


https://cybersecuritynews.com/hackers-employ-zip-file-concatenation/#google_vignette


2. Ó¢¹ú¶¬¼¾È¡Å¯²¹ÖúڿƭƵ·¢ £¬¾¯·½·¢³öÖÒ¸æ


11ÔÂ9ÈÕ £¬Ëæ×Ŷ¬¼¾µÄµ½À´ £¬Ó¢¹úÀÏÄê¾ÓÃñ³ÉΪڿƭ·Ö×ÓµÄÖ¸±ê £¬ËûÃÇͨ¹ýÐéαµÄ¡°¶¬¼¾È¡Å¯²¹Öú¡±ºÍ¡°ÉúÑķѲ¹Öú¡±¶ÌÐÅÖ´ÐÐÚ¿Æ­¡£ÓÉÓÚµ±¾Ö½üÆÚ¾ö¶¨Ï÷¼õÔ¼1000ÍòÑøÀϽðÁìÈ¡Õߵͬ¼¾È¼Áϲ¹Öú £¬ÕâÖ¶à¿Æ­»î¶¯¸ü¾ßͶÆõÐÔ¡£Ú¿Æ­¶ÌÐÅÓÕʹ¾ÓÃñ½Ó¼û·¸·¨ÓòÃû £¬ÍøÂçÓ×ÎÒÐÅÏ¢ºÍ¸¶¿îÐÅÏ¢¡£ÆäÖÐÒ»Ìõ¶ÌÐÅÐû³ÆÊÇ¡°×îºó֪ͨ¡± £¬ÌáÐÑÊÕ¼þÈËÔÚ11ÔÂ12ÈÕǰ»Ø¸´ÒԽӹܲ¹Öú¡£¸Ã¶ÌÐÅÖеÄÁ´½Ó½«Óû§Êèµ¼ÖÁ¿´ËÆGOV.UKµÄÍøÒ³ £¬ÏÖʵÉÏÊÇÒ»¸öÍøÂç´¹µöÒ³Ãæ £¬Ö¼ÔÚÓÕÆ­Óû§½»³öÓ×ÎÒÐÅÏ¢ºÍ¸¶¿îÏêÇé¡£ÍøÂ簲ȫ×êÑÐÔ±ÒѼø±ð³öÔ¼600¸öÓë´Ë»î¶¯ÓйصÄΨһÓòÃû £¬Ö¤ÁËÈ»¸Ã»î¶¯µÄ¹æÄ£ºÍÍþвÐÐΪÕßµÄͶÈë¡£Ó¢¹ú¾¯·½ÒÑ·¢³öÖÒ¸æ £¬ÌáÐÑÑøÀϽðÁìÈ¡Õß¾¯Ìè´ËÀàÚ¿Æ­¶ÌÐÅ £¬Ô¤·Àµã»÷Á´½Ó»òÌṩÓ×ÎÒÐÅÏ¢ºÍ¸¶¿îϸ½Ú¡£ÈËÃÇÄܹ»Ïò¹ú¶ÈÍøÂ簲ȫÖÐÐÄ¡¢Òƶ¯·þÎñÌṩÉÌ»òÓйػú¹¹»ã±¨ÒÉËÆÚ¿Æ­ÐÐΪ¡£


https://www.bleepingcomputer.com/news/security/scammers-target-uk-senior-citizens-with-winter-fuel-payment-texts/


3. ¶ñÒâPython°ü¡°fabrice¡±ÇÔÈ¡AWSÍ´´¦ £¬ÒÑÏÂÔØ³¬3.7Íò´Î


11ÔÂ9ÈÕ £¬×Ô2021ÄêÆð £¬Ò»¸öÃûΪ¡°fabrice¡±µÄ¶ñÒâPython°üÔÚPython°üË÷Òý(PyPI)ÖгöÏÖ £¬Í¨¹ýÇÔÈ¡Amazon Web ServicesÍ´´¦À´¹¥»÷¿ª·¢ÈËÔ±¡£¸ÃÈí¼þ°üÀûÓÃÁËÓëºÏ·¨ÇÒ¹ãÊÜÓ­½ÓµÄSSHÔ¶³Ì·þÎñÆ÷ÖÎÀí°ü¡°fabric¡±Ãû³ÆÀàËÆµÄÌØµã £¬Òѱ»ÏÂÔØ³¬¹ý37,000´Î¡£fabriceÖ®ËùÒÔ³Ö¾Ãδ±»·¢ÏÖ £¬²¿ÃÅÔ­ÒòÊÇÆä²¿ÊðÁËÏȽøµÄɨÃ蹤¾ß £¬²¢ÇÒ×·ÒäɨÃèµÄ½â¾ö¹æ»®½ÏÉÙ¡£¸ÃÈí¼þ°üƾ¾Ý²Ù×÷ϵͳִÐÐÌØ¶¨²Ù×÷ £¬ÔÚLinuxÉÏ´´½¨°µ²ØÄ¿Â¼´æ´¢±àÂëµÄshell¾ç±¾ £¬ÔÚWindows¸ßµÍÔØ±àÂëµÄÓÐЧ¸ºÔز¢Ö´ÐÐPython¾ç±¾ÒÔ»ñÈ¡¶ñÒâ¿ÉÖ´ÐÐÎļþ¡£ÎÞÂÛʹÓÃʲô²Ù×÷ϵͳ £¬fabriceµÄÖØÒªÖ¸±ê¶¼ÊÇʹÓÃboto3£¨Amazon Web ServicesµÄ¹Ù·½Python SDK£©ÇÔÈ¡AWSƾ֤¡£¹¥»÷Õß½«ÇÔÈ¡µÄÃÜԿй¶¸øÓɰÍÀèµÄM247ÔËÓªµÄVPN·þÎñÆ÷ £¬Ôö³¤ÁË×·×ÙÄѶÈ¡£Îª¼õÇá´ËÀà·çÏÕ £¬Óû§Ó¦²é³­´ÓPyPIÏÂÔØµÄÈí¼þ°ü £¬²¢Ê¹ÓÃרÃżì²âºÍ×èÖ¹´ËÀàÍþвµÄ¹¤¾ß¡£ÖÎÀíÔ±Ó¦ÊÔÂÇʹÓÃAWSÉí·ÝºÍ½Ó¼ûÖÎÀí(IAM)À´ÖÎÀí¶Ô×ÊÔ´µÄȨÏÞ £¬ÒÔ± £»¤AWS´æ´¢¿âÃâÊÜδ¾­ÊÚȨµÄ½Ó¼û¡£


https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/


4. Remcos RATбäÖÖʹÓø߼¶¼¼ÊõϰȾWindowsϵͳ


11ÔÂ9ÈÕ £¬FortinetµÄFortiGuard³¢ÊÔÊÒ·¢ÏÖÁËÒ»ÖÖеÄRemcos RAT£¨Ô¶³Ì½Ó¼ûľÂí£©±äÖÖÔÚͨ¹ýÍøÂç´¹µö»î¶¯´«²¼ £¬Õë¶ÔMicrosoft WindowsÓû§¡£¸Ã¶ñÒâÈí¼þÀûÓÃCVE-2017-0199·ì϶ÏÂÔØ²¢Ö´ÐÐHTAÎļþ £¬¸ÃÎļþ¾­¹ý¶à²ã»ìºÏ´¦Öà £¬Ô̺¬JavaScript¡¢VBScript¡¢Base64±àÂëµÈ £¬×îÖÕÏÂÔØ²¢Ö´ÐжñÒâ¿ÉÖ´ÐÐÎļþ £¬²¿ÊðRemcos RAT¡£¸Ã¶ñÒâÈí¼þÓµÓжàÖÖÓÆ¾ÃÐÔ»úÔì £¬ÈçÏòÁ¿Òì³£´¦Öõȸ߼¶·´·ÖÎö¼¼Êõ £¬Ê¹ÓùþÏ£Öµ¼ø±ðAPI £¬¼ì²âµ÷ÊÔÆ÷µÄ´æÔÚ £¬²¢Í¨¹ý¹ý³ÌÍÚ¿Õ¼¼ÊõÌӱܼì²â¡£ÎªÁËά³Ö¶ÔÉ豸µÄ½ÚÔì £¬¶ñÒâ´úÂëÔÚϵͳע²á±íÖÐÔö³¤ÁËеÄ×Ô¶¯ÔËÐÐÏΪÁ˱ £»¤×Ô¼º £¬Óû§Ó¦Ô¤·Àµã»÷µç×ÓÓʼþÖеÄÁ´½Ó»ò¸½¼þ £¬Ê¹Óð²È«Èí¼þºÍ·À²¡¶¾Èí¼þ £¬²¢Î¬³ÖÈí¼þ¸üÐÂ×îв¹¶¡¡£


https://hackread.com/hackers-use-excel-files-remcos-rat-variant-windows/


5. Newpark ResourcesÔâÀÕË÷Èí¼þ¹¥»÷ £¬ÐÅϢϵͳºÍÒµÎñÀûÓÃÖжÏ


11ÔÂ8ÈÕ £¬µÂ¿ËÈøË¹ÖÝÓÍÌ﹩¸øÉÌNewpark ResourcesÔÚ2024Äê10ÔÂ29ÈÕÔâ·êÁËÒ»´ÎÀÕË÷Èí¼þ¹¥»÷ £¬µ¼ÖÂÆä²¿ÃÅÐÅϢϵͳºÍÒµÎñÀûÓ÷¨Ê½µÄ½Ó¼û±»ÖжÏ¡£¸Ã¹«Ë¾Ñ¸¿ìÆô¶¯ÁËÍøÂ簲ȫӦ¼±´òËã £¬²¢ÔÚ±í²¿×¨¼ÒµÄЭÖú϶ÔÊÂÎñ½øÐÐÁËÄÚ²¿µ÷²é £¬ÒÔÆÀ¹ÀºÍ¶ôÔìÍþв¡£Ö»¹ÜÕâ´Î¹¥»÷¶Ô¹«Ë¾µÄÐÅϢϵͳºÍÒµÎñÀûÓ÷¨Ê½Ôì³ÉÁËÓ°Ïì £¬µ«Newpark ResourcesµÄÔì×÷ºÍÏÖ³¡ÔËÓª¸ù»ùδÊÜÓ°Ïì £¬ÈÔ³ÖÐøÖ´Ðмȶ¨µÄÍ £»ú·¨Ê½¡£Ä¿Ç° £¬¹«Ë¾ÉÐδȷ¶¨Õâ´ÎÀÕË÷Èí¼þÊÂÎñµÄÈ«Êý³É±¾ºÍÓ°Ïì £¬µ«Ô¤¼Æ²»»á¶Ô²ÆÕþÇé¿ö»òÔËÓª²úÉú³Á´óÓ°Ïì¡£Newpark ResourcesûÓÐй©ÓйØÕâ´Î¹¥»÷µÄ¾ßÌåÐÅÏ¢ £¬Ô̺¬Ï°È¾ÆäϵͳµÄ¶ñÒâÈí¼þ¼Ò×å £¬Í¬Ê±Ò²Ã»ÓÐÀÕË÷Èí¼þ×éÖ¯Ðû³Æ¶ÔÕâ´Î°²È«·ìÏ¶ÕÆ¹Ü¡£½«À´ £¬ÈôÊÇÇé¿ö²úÉú±ä¶¯ £¬¸Ã¹«Ë¾½«¸üÐÂÓйØÐÅÏ¢Åû¶¡£


https://securityaffairs.com/170696/cyber-crime/newpark-resources-ransomware-attack.html


6. Veeam VBR·ì϶ÔÙÔâÀûÓà £¬FragÀÕË÷Èí¼þËÁŰ


11ÔÂ8ÈÕ £¬Veeam Backup & Replication (VBR) Èí¼þµÄÒ»¸ö¹Ø¼ü°²È«·ì϶£¨CVE-2024-40711£©×î½ü±»ÀûÓÃÀ´²¿ÊðFragÀÕË÷Èí¼þ £¬´Ëǰ¸Ã·ì϶Òѱ»AkiraºÍFogÀÕË÷Èí¼þ¹¥»÷ÕßÀûÓ᣸÷ì϶Óɲ»ÊÜÐÅÀµÊý¾Ý·´ÐòÁл¯ÈõµãÒýÆð £¬¿Éµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐС£VeeamÔÚ9ÔÂ4ÈÕ°ä²¼Á˰²È«¸üР£¬¶øwatchTowr LabsºÍCode WhiteÔÚÅû¶¸Ã·ìÏ¶Ê±ÍÆ³Ù·ÖÏí¸ü¶àϸ½Ú £¬ÒÔÔ¤·À±»ÀÕË÷Èí¼þÍÅ»ïÀÄÓá£È»¶ø £¬Sophos X-Ops·¢ÏÖ £¬ÕâЩÑÓ³¤²¢Î´ÄÜ×èÖ¹AkiraºÍFogÀÕË÷Èí¼þ¹¥»÷ £¬Í³Ò»Íþв»î¶¯¼¯ÈºÒ²Ê¹ÓÃÁ˸÷ì϶²¿ÊðFragÀÕË÷Èí¼þ¡£FragÀÕË÷Èí¼þÍÅ»ïÔÚ¹¥»÷ÖдóÁ¿Ê¹ÓÃÊÜϰȾϵͳÉÏÒÑÓеĺϷ¨Èí¼þ£¨LOLBins£© £¬Ê¹µÃ·ÀÓùÕßÄÑÒÔ¼ì²âµ½ËûÃǵĻ¡£Veeam°µÊ¾ £¬È«ÇòÓг¬¹ý550,000Ãû¿Í»§Ê¹ÓÃÆä²úÆ· £¬Ô̺¬È«Çò2,000Ç¿°ñµ¥ÖÐÔ¼74%µÄ¹«Ë¾ £¬Òò¶ø¸Ã·ì϶µÄÓ°ÏìÁìÓò¿í·º¡£


https://www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/