ÐÅÏ¢°²È«Öܱ¨-2021ÄêµÚ13ÖÜ

°ä²¼¹¦·ò 2021-03-29

> ±¾Öܰ²È«Ì¬ÊÆ×ÛÊö


2021Äê03ÔÂ22ÈÕÖÁ03ÔÂ28ÈÕ¹²ÊÕ¼°²È«·ì϶61¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇRusavtomatika Weintek EasyWeb cMT CVE-2021-27446´úÂë×¢Èë·ì϶£»XStream CVE-2021-21346·´ÐòÁл¯´úÂëÖ´Ðзì϶£»Foxit PhantomPDF U3DBrowserÄÚ´æ·ÛËé´úÂëÖ´Ðзì϶£»NETGEAR ProSAFE Network Management System MFileUploadControllerÎļþÉÏ´«·ì϶£»Apache SpamAssassin .cf×¢Èë·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊÇESET·¢ÏÖºÚ¿ÍÀûÓÃαÔìµÄClubhouse·Ö·¢BlackRock£»McAfeeÅû¶Զ³Ì¼à¿ØÈí¼þNetop Vision Pro´æÔÚ¶à¸ö·ì϶£»²®Ã÷º²Òé»áÔ±¹¤Òò²Ù×÷ʧÎ󹫿ª´óÁ¿ÈõÊÆÈºÌåµÄÓ×ÎÒÐÅÏ¢£»Kaspersky°ä²¼2020ÄêICSÐÐÒµµÄÌ¬ÊÆ·ÖÎö»ã±¨£»Î¢ÈíÖÒ¸æ½üÆÚ´¹µö»î¶¯ÒÑÇÔÈ¡40Íò¸öOWAºÍOffice 365Í´´¦¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾Öܰ²È«ÍþвΪÖС£


> ³ÁÒª°²È«·ì϶Áбí


1.Rusavtomatika Weintek EasyWeb cMT CVE-2021-27446´úÂë×¢Èë·ì϶


Rusavtomatika Weintek EasyWeb cMT´æÔÚ´úÂë×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬Äܹ»ROOT¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-21-082-01


2.XStream CVE-2021-21346·´ÐòÁл¯´úÂëÖ´Ðзì϶


XStream´æÔÚ·´ÐòÁл¯·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

http://x-stream.github.io/changes.html#1.4.16


3.Foxit PhantomPDF U3DBrowserÄÚ´æ·ÛËé´úÂëÖ´Ðзì϶


Foxit PhantomPDF U3DBrowser´æÔÚÄÚ´æ·ÛËé·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÎļþÒªÇó £¬ÓÕʹÓû§½âÎö £¬¿ÉʹÀûÓ÷¨Ê½±ÀÀ£»òÒÔÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-21-353/


4.NETGEAR ProSAFE Network Management System MFileUploadControllerÎļþÉÏ´«·ì϶


NETGEAR ProSAFE Network Management System MFileUploadController´æÔÚÊäÈëÑéÖ¤·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿ÉÉÏ´«Îļþ £¬²¢ÒÔÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-21-357/


5.Apache SpamAssassin .cf×¢Èë·ì϶


Apache SpamAssassin´æÔÚ.cf×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É×¢Èë¶ñÒâºÅÁî²¢Ö´ÐС£

https://s.apache.org/3r1wh


> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢ESET·¢ÏÖºÚ¿ÍÀûÓÃαÔìµÄClubhouse·Ö·¢BlackRock


1.jpg


ÉÏÖÜÎå £¬ESETµÄ×êÑÐÈËÔ±·¢ÏÖºÚ¿ÍÀûÓÃαÔìµÄAndroid°æClubhouse·Ö·¢BlackRock Trojan¡£ClubhouseÊÇÒôƵ̸ÌìÀûÓà £¬µ«Ä¿Ç°Ö»ÔÚiOSÊÜÆ­Ç°¿ÉÓà £¬ÉÐδ°ä²¼Android°æ±¾µÄClubhouse¡£BlackRock×î³õÓÚ2020Äê5Ô±»·¢ÏÖ £¬Ö¼ÔÚÇÔÈ¡Óû§ÔÚ¸÷À໥ÁªÍøÀûÓ㨳¬¹ý458¸ö£©ÉϵÄÐÅÏ¢¡£¸ÃľÂí¿ÉÄÜÀ¹½ØºÍ´Û¸ÄSMSÐÂÎÅ¡¢°µ²ØÍ¨Öª¡¢ÔÚÓû§ÔËÐÐɱ¶¾Èí¼þʱ½«Æä³Á¶¨Ïòµ½É豸Ö÷ÆÁÄ»ºÍÔ¶³ÌËø¶¨ÆÁÄ»¡£ 


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/fraudsters-jump-on-clubhouse-hype-to-push-malicious-android-app/


2¡¢McAfeeÅû¶Զ³Ì¼à¿ØÈí¼þNetop Vision Pro´æÔÚ¶à¸ö·ì϶


2.jpg


McAfeeÅû¶Զ³Ì¼à¿ØÈí¼þNetop Vision Pro´æÔÚ¶à¸ö¿ÉÓÃÀ´½Ù³ÖÖ¸±êµçÄԵķì϶¡£ÕâЩ·ì϶±ðÀëΪȨÏÞ·ÖÅä·ì϶£¨CVE-2021-27192£©¡¢Ä¬ÈÏȨÏÞÃýÎó£¨CVE-2021-27193£©¡¢ÒÔÃ÷ÎÄ´«ÊäµÄÃô¸ÐÐÅÏ¢£¨CVE-2021-27194£©ºÍÊÚȨÎÊÌ⣨CVE-2021-27195£©¡£ºÚ¿Í¿ÉÓÃÕâЩ·ì϶½øÐÐÌáȨºÍÖ´ÐÐÔ¶³Ì´úÂë £¬»ñµÃ¶ÔÖ¸±êϵͳµÄÆëÈ«½ÚÔìȨ²¢ÆôÓÃÍøÂçÉãÏñÍ·ºÍÂó¿Ë·ç¡£Ä¿Ç° £¬NetopÒѽ¨¸´²¿ÃÅ·ì϶¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/popular-remote-student-learning-program-found-to-be-riddled-with-security-holes/


3¡¢²®Ã÷º²Òé»áÔ±¹¤Òò²Ù×÷ʧÎ󹫿ª´óÁ¿ÈõÊÆÈºÌåµÄÓ×ÎÒÐÅÏ¢


3.jpg


²®Ã÷º²Òé»áÔÚ3ÔÂ19ÈÕÐÇÆÚÎ峯 £¬ÒòÔ±¹¤²Ù×÷ʧÎóµ¼Ö´óÁ¿ÈõÊÆÈºÌåµÄÓ×ÎÒÐÅÏ¢±»¹«¿ª¡£¾Ý³ÆÕâ´Îй¶µÄÊÇÓÐȨ»ñµÃÃâ·Ñ°Íʿͨ³©Ö¤µÄ¶ùͯµÄ¾ßÌåÐÅÏ¢¡£¸ÃÊаµÊ¾ £¬ÆäÔÚ·¢ÏÖй¶ºóÂíÉϲÉÈ¡ÁË´ëÊ© £¬Êý¾Ý»¹Î´±»ÏÂÔØ £¬²¢ÇÒÓÉÓÚ´ËÊÂÎñµÄ¹æÄ£ºÍÑϳÁÐÔÖÊ £¬ÏÖÒÑÍ¨ÖªÕÆ¹Ü¼à¶½µÄÐÅϢרԱ°ì¹«ÊÒ£¨ICO£©¡£


Ô­ÎÄÁ´½Ó£º

https://www.birminghammail.co.uk/news/midlands-news/details-vulnerable-kids-uploaded-birmingham-20217314


4¡¢Kaspersky°ä²¼2020ÄêICSÐÐÒµµÄÌ¬ÊÆ·ÖÎö»ã±¨


4.jpg


Kaspersky°ä²¼ÁË2020ÄêICSÐÐÒµµÄÌ¬ÊÆ·ÖÎö»ã±¨¡£¸Ã»ã±¨·ÖÎöÁËÓÃÓÚÉè¼Æ¡¢ÅäÖúÍÊØ»¤¹¤Òµ½ÚÔìÉ豸ºÍÈí¼þµÄÍÆËã»úËùÊܵ½µÄÍøÂçÍþв¡£»ã±¨Ö¸³ö £¬ÔÚ2020ÄêϰëÄê £¬ÔÚICS¹¤³ÌºÍ¼¯³ÉÐÐÒµÖÐ39.3£¥µÄÍÆËã»úÊܵ½Á˶ñÒâÈí¼þ¹¥»÷ £¬Óë2020ÄêÉϰëÄ꣨31.5£¥£©Ïà±Å×ÐËùÔö³¤ £¬ÆäÖй¹Öþ×Ô¶¯»¯¡¢Æû³µÔì×÷¡¢ÄÜԴʯÓͺÍÌìÈ»ÆøÐÐÒµÔâµ½µÄ¹¥»÷Ôö¶à¡£2020ÄêϰëÄê £¬Õë¶ÔÀ­¶¡ÃÀÖÞ¡¢Öж«¡¢ÑÇÖ޺ͱ±ÃÀµÄ¹¥»÷´ÎÊýÔö¶à £¬Õë¶Ô·ÇÖÞ¡¢¶íÂÞ˹ºÍÅ·Ö޵Ĺ¥»÷ÊýÁ¿ÓÐËùÏ÷¼õ¡£


Ô­ÎÄÁ´½Ó£º

https://ics-cert.kaspersky.com/reports/2021/03/17/threat-landscape-for-the-ics-engineering-and-integration-sector-2020/


5¡¢Î¢ÈíÖÒ¸æ½üÆÚ´¹µö»î¶¯ÒÑÇÔÈ¡40Íò¸öOWAºÍOffice 365Í´´¦


5.jpg


×ÔÈ¥Äê12ÔÂÒÔÀ´ £¬´¹µö»î¶¯ÒÑÇÔÈ¡40Íò¸öOWAºÍOffice 365Í´´¦¡£WMC GlobalÓÚÈ¥ÄêËêÊ×·¢Ïָô¹µö»î¶¯ £¬¼Ù×°³É¼Ù×°³ÉÊÓÆµ»áÒé·þÎñ¡¢°²È«½â¾ö¹æ»®ºÍ³ö²ú¹¤¾ßÀ´¹Æ»óÊܺ¦Õß¡£È¥Äê12Ô £¬ºÚ¿Í¼ÙÒâÁËOutlook Web AppÀ´ºýŪָ±êÓû§ÊäÈëÍ´´¦ £¬¶ø½ñÄê1Ô¸ÄΪ·ÂÕÕOffice 365À´ÇÔȡʹ´¦¡£´Ë±í £¬Î¢Èí·¢Ïָû»¹ÀûÓÃÁËAmazon Simple Email Service£¨SES£©ºÍAppspotÔÆÍÆËãÆ½Ì¨À´·¢ËÍÍøÂç´¹µöµç×ÓÓʼþ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsoft-warns-of-phishing-attacks-bypassing-email-gateways/