Èû¶ûάÑǵ±¾ÖÀûÓøßͨÁãÈÕ·ì϶²¿ÊðNoviSpy¼äµýÈí¼þ

°ä²¼¹¦·ò 2024-12-18

1. Èû¶ûάÑǵ±¾ÖÀûÓøßͨÁãÈÕ·ì϶²¿ÊðNoviSpy¼äµýÈí¼þ


12ÔÂ16ÈÕ £¬Èû¶ûάÑǵ±¾Ö±»ÆØÀûÓøßͨÁãÈÕ·ì϶ £¬ÔÚAndroidÉ豸Éϲ¿ÊðÁËÒ»ÖÖÃûΪ¡°NoviSpy¡±µÄмäµýÈí¼þ £¬ÒԼල»î¶¯ÈËÊ¿¡¢¼ÇÕߺͿ¹ÒéÕß¡£Õâ´Î¹¥»÷Éæ¼°µÄ¸ßͨ·ì϶CVE-2024-43047µÈ £¬ÔÚ2024Äê10Ô±»Google Project ZeroÏóÕ÷ΪÁãÈÕ·ì϶ £¬²¢ÓÚ´ÎÔÂÔÚAndroidÉϵõ½½¨¸´¡£¹ú¼ÊÌØÉâ×éÖ¯°²È«³¢ÊÔÊÒÔÚ·ÖÎöÒ»Ãû¼ÇÕßµÄÊÖ»úʱ·¢ÏÖÁ˸üäµýÈí¼þ¡£¾Ý³Æ £¬Èû¶ûάÑǰ²È«ÐÅÏ¢¾ÖºÍ¾¯·½ÀûÓÃCellebrite½âËø¹¤¾ß £¬Í¨¹ý¸ßͨÁãÈÕ·ì϶½âËøÁËAndroidÊÖ»ú £¬²¢²¿ÊðÁËNoviSpy¡£¸Ã¼äµýÈí¼þÓëÈû¶ûάÑǰ²È«»ú¹¹°ó¶¨µÄ·þÎñÆ÷ͨѶ £¬ÒÑ×°ÖÃÔÚÈû¶ûάÑÇÊýʮ̨ÉõÖÁÊý°Ų̀AndroidÉ豸ÉÏ¡£¹È¸èµÄÍþв·ÖÎöÓ××éÓë¹ú¼ÊÌØÉâ×éÖ¯ºÏ×÷ £¬·¢ÏÖÁ˸ßͨDSPÇý¶¯·¨Ê½ÖеĶà¸ö·ì϶ £¬ÕâЩ·ì϶¿ÉÄܱ»ÓÃÓÚÈÆ¹ýAndroid°²È«»úÔì²¢ÔÚÄں˼¶±ð×°ÖÃNoviSpy¡£Ö»¹Ü¹È¸èÒÑÏò¸ß´«µÝ¸æÁËÕâЩÎÊÌâ £¬µ«²¿ÃÅ·ì϶µÄ²¹¶¡ÉÐδ°ä²¼¡£¸ßͨ°µÊ¾ £¬ÒÑÏò¿Í»§Ìṩ½¨¸´·¨Ê½ £¬²¢¼¤ÀøÓû§ÀûÓð²È«¸üС£


https://www.bleepingcomputer.com/news/security/new-android-novispy-spyware-linked-to-qualcomm-zero-day-bugs/


2. SRPÁª¹úÐÅÓþºÏ×÷ÉçÔâÍøÂç¹¥»÷ £¬24ÍòÓû§ÐÅÏ¢Òɱ»µÁ


12ÔÂ16ÈÕ £¬SRPÁª¹úÐÅÓþºÏ×÷Éç½üÈÕÔâ·êÍøÂç¹¥»÷ £¬³¬¹ý240,742È˵ÄÓ×ÎÒÐÅÏ¢¿ÉÄܱ»µÁ¡£SRPÁª¹úÐÅÓþºÏ×÷Éç³ÉÁ¢ÓÚ1960Äê £¬×ܲ¿Î»ÓÚÄÏ¿¨ÂÞÀ´ÄÉÖݱ±°Â¹Å˹Ëþ £¬Îª×ôÖÎÑÇÖݺÍÄÏ¿¨ÂÞÀ´ÄÉÖÝÔ¼200,000ÃûÓ×ÎÒÌṩ½ðÈÚ·þÎñ¡£¾Ý³Æ £¬¹¥»÷Õß×Ô2024Äê9ÔÂ5ÈÕÖÁ11ÔÂ4ÈÕÆÚ¼ä½Ó¼ûÁËÆäϵͳ £¬²¢¿ÉÄÜ»ñÈ¡ÁËÔ̺¬ÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢¼ÝÕÕºÅÂë¡¢Éç»á±£ÏÕºÅÂëºÍ²ÆÕþÐÅÏ¢µÈÔÚÄÚµÄÓ×ÎÒÎļþ¡£SRPÁª¹úÐÅÓþºÏ×÷ÉçÒÑÏòµÂ¿ËÈøË¹ÖݺÍÃåÒòÖݵÄ×ܼì²ì³¤°ì¹«Êһ㱨´ËÊ £¬²¢Ïò¿ÉÄÜÊÜÓ°ÏìµÄÓ×ÎÒ·¢ËÍÊéÃæÍ¨Öª £¬ÌṩһÄêµÄÃâ·ÑÉí·Ý±£»¤·þÎñ¡£Ö»¹ÜÉÐδ·¢ÏÖÐÅÏ¢±»ÀÄÓõÄÖ¤¾Ý £¬µ«ºÏ×÷É缤ÀøÊÜÓ°ÏìÕßÀûÓÃÌṩµÄÃâ·ÑÐÅÓþ¼à¿Ø¡£Õâ´ÎÍøÂç¹¥»÷¿ÉÄÜÓëÀÕË÷Èí¼þ×éÖ¯NitrogenÓйØ £¬¸Ã×éÖ¯Ðû³ÆÇÔÈ¡ÁËSRPÁª¹úÐÅÓþºÏ×÷ÉçÔ¼650GBµÄÊý¾Ý £¬²¢ÔÚÆä»ùÓÚTorµÄÐ¹Â©ÍøÕ¾ÉÏÏúÊÛ¡£


https://www.securityweek.com/srp-federal-credit-union-ransomware-attack-impacts-240000/


3. CISAÖÒ¸æWindowsÄں˷ì϶¼°Adobe ColdFusion·ì϶Õý±»»ý¼«ÀûÓÃ


12ÔÂ16ÈÕ £¬CISAÒÑÏòÃÀ¹úÁª¹ú»ú¹¹·¢³öÖÒ¸æ £¬ÒªÇó·À±¸Õë¶Ô¸ßÑϳÁÐÔWindowsÄں˷ì϶CVE-2024-35250µÄ³ÖÐø¹¥»÷¡£¸Ã·ì϶ÓÉDEVCORE×êÑÐÍŶӷ¢ÏÖ²¢Í¨¹ýÇ÷Ïò¿Æ¼¼µÄÁãÈÕ´òËã»ã±¨¸øÎ¢Èí £¬ÊÇÓÉÓÚ²»ÊÜÐÅÀµµÄÖ¸ÕëÈ¡µÞÒýÓÃÈõµãÔì³ÉµÄ £¬ÔÊÐí±¾µØ¹¥»÷ÕßÒԵ͸´ÔÓ¶È»ñµÃSYSTEMȨÏÞ¡£Î¢ÈíÔÚ6Ô°䲼Á˲¹¶¡ £¬µ«ËĸöÔºóGitHubÉϰ䲼Á˸ÅÏëÑéÖ¤·ì϶´úÂë £¬Åú×¢¸Ã·ì϶ÔÚ±»»ý¼«ÀûÓá£Í¬Ê± £¬CISA»¹Ôö³¤ÁËÁíÒ»¸öÑϳÁµÄAdobe ColdFusion·ì϶CVE-2024-20767 £¬¸Ã·ì϶ÓÉÓÚ½Ó¼û½ÚÔì²»µ±µ¼Ö £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¶ÁȡϵͳºÍÆäËûÃô¸ÐÎļþ¡£³¬¹ý145,000̨ColdFusion·þÎñÆ÷¶³öÔÚ»¥ÁªÍøÉÏ £¬×é³É³Á´ó·çÏÕ¡£CISA½«ÕâÁ½¸ö·ì϶Ôö³¤µ½ÆäÒÑÖª±»ÀûÓ÷ì϶Ŀ¼ÖÐ £¬²¢ÏóÕ÷Ϊ±»»ý¼«ÀûÓà £¬ÒªÇóÁª¹ú»ú¹¹ÔÚÈýÖÜÄÚ±£»¤ÆäÍøÂ硣ͬʱ £¬Ò²½¨Òé¸öÈË×éÖ¯ÓÅÏÈ»º½âÕâЩ·ì϶ÒÔ×èÖ¹ÔÚ½øÐеĹ¥»÷¡£Î¢Èí¶ÔÓÚCVE-2024-35250Ò°±íÀûÓõĸü¶à¾ßÌåÐÅÏ¢ÉÐδ°ä·¢ÆÀÂÛ¡£


https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/


4. BitterÍøÂç¼äµý×éÖ¯ÀûÓÃÐÂÐÍMiyaRAT¶ñÒâÈí¼þ¹¥»÷ÍÁ¶úÆä¹ú·À×éÖ¯


12ÔÂ17ÈÕ £¬ÍøÂç¼äµýÍþв×éÖ¯Bitter±»·¢ÏÖʹÓÃÐÂÐͶñÒâÈí¼þ¼Ò×åMiyaRAT¹¥»÷ÍÁ¶úÆä¹ú·À×éÖ¯¡£MiyaRATÓëBitter֮ǰʹÓõÄWmRAT¶ñÒâÈí¼þһ·±»²¿Êð¡£ProofpointÖ¸³ö £¬ÕâÖÖÐÂÐͶñÒâÈí¼þºÜ¿ÉÄÜÊÇÕë¶Ô¸ß¼ÛÖµÖ¸±êµÄ £¬²¢ÇÒ½öżȻ±»Ê¹Óá£Bitter×éÖ¯×Ô2013ÄêÒÔÀ´Ò»Ïò»îÔ¾ £¬ÖØÒªÕë¶ÔÑÇÖÞµ±¾ÖºÍ³ÁÒª×éÖ¯¡£ËûÃÇ´ÓÇ°ÔøÀûÓÃMicrosoft Office·ì϶ºÍ¼ÙÒâ±í½»»ú¹¹½øÐÐÍøÂç´¹µö¹¥»÷¡£Õâ´ÎÍÁ¶úÆäµÄ¹¥»÷ʼÓÚÒ»·âÔ̺¬±í¹úͶ×ÊÏîÄ¿ÒýÓյĵç×ÓÓʼþ £¬ÓʼþÖеÄRARѹËõÎļþÔ̺¬Á˼Ù×°³ÉPDFµÄ¿ì½Ý·½Ê½Îļþ £¬ÒÔ¼°Ç¶ÈëÔÚRARÎļþÖеı¸ÓÃÊý¾ÝÁ÷£¨ADS£©¡£Ò»µ©ÊÕ¼þÈË´ò¿ªLNKÎļþ £¬¾Í»á´¥·¢°µ²ØÔÚADSÖеÄPowerShell´úÂëÖ´ÐÐ £¬Í¬Ê±´´½¨Ò»¸ö´òË㹤×÷ÒÔ¶¨ÆÚÔËÐжñÒâºÅÁî¡£µ±WmRATÎÞ·¨ÓëºÅÁîºÍ½ÚÔì·þÎñÆ÷³ÉÁ¢Í¨Ñ¶Ê± £¬Bitter»áÏÂÔØMiyaRAT¡£ÕâÁ½ÖÖ¶ñÒâÈí¼þ¶¼ÊÇC++Ô¶³Ì½Ó¼ûľÂí£¨RAT£© £¬ÌṩÊý¾Ýй¶¡¢Ô¶³Ì½ÚÔì¡¢ÆÁÄ»½ØÍ¼µÈÖ°ÄÜ¡£MiyaRATÔ½·¢ÃÀÂú £¬ÓµÓиüÏȽøµÄÊý¾ÝºÍͨѶ¼ÓÃÜ¡£


https://www.bleepingcomputer.com/news/security/bitter-cyberspies-target-defense-orgs-with-new-miyarat-malware/


5. LedgerÍøÂç´¹µöÐÂȦÌ×£º¼Ù×°Êý¾Ýй¶ÇÔÈ¡¸´Ô­¶ÌÓï


12ÔÂ17ÈÕ £¬Ò»ÏîÕë¶ÔLedgerÓ²¼þ¼ÓÃÜÇ®±ÒÇ®°üµÄÍøÂç´¹µö»î¶¯ÔÚËÁŰ¡£¸Ã»î¶¯Í¨¹ý¼Ù×°³ÉÊý¾Ýй¶֪ͨµÄÓʼþ £¬ÓÕÆ­Óû§ÑéÖ¤Æä¸´Ô­¶ÌÓï £¬½ø¶øÇÔÈ¡Óû§µÄ¼ÓÃÜÇ®±Ò¡£LedgerÊÇÒ»¿îÓÃÓÚ´æ´¢¡¢ÖÎÀíºÍÏúÊÛ¼ÓÃÜÇ®±ÒµÄÓ²¼þÇ®°ü £¬Æä×ʽðÓÉ24×Ö¡¢12×Ö»ò18×ֵĸ´Ô­¶ÌÓï±£»¤¡£È»¶ø £¬¹¥»÷ÕßÀûÓÃÓû§¶ÔÊý¾Ýй¶µÄÓÇÓô £¬·¢ËÍ¿´ËÆÀ´×ÔLedger¹Ù·½µÄ´¹µöÓʼþ £¬ÒªÇóÓû§ÔÚ´¹µöÒ³ÃæÉÏÑéÖ¤¸´Ô­¶ÌÓï¡£ÕâЩÓʼþÏÖʵÉÏÊÇͨ¹ýSendGridµç×ÓÓʼþÓªÏúƽ̨·¢Ë͵Ä £¬´¹µöÒ³ÃæÔò¼Ù×°³ÉLedgerÍøÕ¾ £¬ÒªÇóÓû§ÊäÈ븴ԭ¶ÌÓï½øÐа²È«²é³­¡£Ò»µ©Óû§ÊäÈë £¬´¹µöÒ³Ãæ¾Í»á½«ËùÓÐÊäÈëµÄ¸´Ô­¶ÌÓï·¢Ë͵½ÍøÕ¾ºó¶Ë´æ´¢ £¬¹¥»÷Õß±ãÄÜÆëÈ«½Ó¼û²¢ÇÔÈ¡Óû§µÄ¼ÓÃÜÇ®±Ò×ʽð¡£Õë¶Ô´Ë»î¶¯ £¬Ledger³ÖÓÐÕßÓ¦Ìá¸ß¾¯Ìè £¬ÇÐÎðÔÚÖ°ºÎÀûÓûòÍøÕ¾ÉÏÊäÈ븴ԭ¶ÌÓï¡£µ±Éæ¼°¼ÓÃÜÇ®±ÒºÍ½ðÈÚ×ʲúʱ £¬ÇëʼÖÕÔÚä¯ÀÀÆ÷ÖÐÊäÈëÒª½Ó¼ûµÄÓòÃû¡£ÇëºöÂÔÈκÎÐû³ÆÀ´×ÔLedgerµÄµç×ÓÓʼþ £¬ÓÈÆäÊÇÐû³ÆÄúÊܵ½Êý¾Ýй¶ӰÏì»òÒªÇóÑéÖ¤¸´Ô­¶ÌÓïµÄÓʼþ¡£


https://www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets/


6. ˼¿ÆÊý¾ÝÔâй¶£º2.9GBÊý¾ÝÔÚBreach ForumsÆØ¹â


12ÔÂ16ÈÕ £¬ºÚ¿ÍÔÚBreach ForumsÉÏй¶ÁËÊôÓÚ˼¿Æ¹«Ë¾µÄ2.9GBÊý¾Ý £¬ÕâÊÇ4.5TBÊý¾Ý¼¯µÄÒ»²¿ÃÅ¡£¾ÝºÚ¿ÍÐû³Æ £¬ÕâЩÊý¾ÝÊÇ˼¿ÆÔÚ2024Äê10ÔÂδ½øÐÐÈκÎÃÜÂë±£»¤»ò°²È«ÈÏÖ¤µÄÇé¿ö϶³öµÄ¡£Õâ´Îй¶ÊÂÎñÓɳôÃûÔ¶ÑïµÄºÚ¿Í¼æÂÛ̳ËùÓÐÕßIntelBrokerÌáÒé £¬Ëû´ËÇ°ÔøÊÔͼÏúÊÛÔ̺¬À´×ÔVerizon¡¢AT&TºÍMicrosoftµÈ¹«Ë¾µÄÃô¸ÐÐÅÏ¢ÔÚÄÚµÄÊý¾Ý¼¯¡£Ë¼¿Æ¶Ô´ËÊÂ×÷³ö»ØÓ¦ £¬·ñ¶¨ÆäÖ÷ÌâϵͳÊܵ½¹¥»÷ £¬²¢½«ÎÊÌâ¹é×ïÓÚÃæÏò¹«¼ÒµÄDevHub×ÊÔ´ÅäÖÃÃýÎó¡£È»¶ø £¬IntelBroker¶ÔÖÅÒÔΪÆäÔÚ10ÔÂ18ÈÕ֮ǰ¶¼Äܹ»½Ó¼ûÕâЩÊý¾Ý £¬²¢ÌṩÁËÖ¤¾ÝÀ´Ö¤Ã÷ÆäÖ÷ÕÅ¡£Ð¹Â¶µÄÊý¾ÝÔ̺¬Ë¼¿Æ¶à¸ö³ÁÒª²úÆ·µÄÓйØÐÅÏ¢ £¬ÈçCisco ISE¡¢Cisco SASE¡¢Cisco WebexµÈ¡£´Ë±í £¬IntelBroker»¹ÒòÂÅ´ÎÊý¾Ýй¶ÊÂÎñ¶øÎÅÃû £¬Ô̺¬ÈëÇÖApple Inc.¡¢AMDÒÔ¼°Å·ÖÞÐ̾¯×éÖ¯µÈ¡£Õâ´Îй¶ÊÂÎñÔÙ´ÎÌáÐѸ÷×é֯Ҫά³Ö°²È«Êµ¼Ê²¢±£»¤Ãô¸ÐÊý¾Ý £¬¶øÔü×ÒµÄ4.5TBÊý¾Ý¼¯ÊÇ·ñ»á±»ÏúÊÛ¡¢Ð¹Â¶»ò½â¾öÈÔÓдý¹Û²ì¡£


https://hackread.com/hackers-leak-partial-cisco-data-4-5tb-exposed-records/