GandCrab×èÖ¹ÔËÓª£»£»£»£»£»£»Ê¹ÓÃRealtek SDK RCEÎó²îµÄ¹¥»÷»î¶¯¼¤Ôö£»£»£»£»£»£»Àí¹âTheta360ÒâÍâй¶1100ÍòÕÅÓû§ÕÕƬ

Ðû²¼Ê±¼ä 2019-06-03
1¡¢GandCrab×èÖ¹ÔËÓª£¬£¬ £¬£¬ £¬£¬¹¥»÷ÕßÐû²¼¹Ø±ÕRaaSЧÀÍ

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
ÀÕË÷Èí¼þGandCrabµÄ¿ª·¢ÕßÔÚºÚ¿ÍÂÛ̳ÉÏÐû²¼½«ÔÚÒ»¸öÔÂÄڹرÕÆäRaaS£¨ÀÕË÷Èí¼þ¼´Ð§ÀÍ£©ÓªÒµ£¬£¬ £¬£¬ £¬£¬×Ô2018Äê1ÔÂÕýʽÍƳöÒÔÀ´£¬£¬ £¬£¬ £¬£¬GandCrab RaaSÒ»Ö±ÔÚ¸ÃÂÛ̳ÉÏÐû´«×Ô¼ºµÄЧÀÍ¡£¡£¡£¡£¹¥»÷ÕßÌåÏÖËûÃÇÒѾ­¿¿¸ÃÀÕË÷Èí¼þ׬ȡÁËÁè¼Ý20ÒÚÃÀÔªµÄÊê½ð£¬£¬ £¬£¬ £¬£¬Òò´Ë¾öÒé¡°ÍËÐÝ¡±£¬£¬ £¬£¬ £¬£¬µ«ÕâÒ»Êý×ÖµÄÕæʵÐÔ´æÒÉ¡£¡£¡£¡£¹¥»÷Õß»¹ÌåÏÖ½«É¾³ýËùÓеĽâÃÜÃÜÔ¿£¬£¬ £¬£¬ £¬£¬Ê¹µÃÊܺ¦ÕßÎÞ·¨»Ö¸´Îļþ¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/

2¡¢Ê¹ÓÃLive Chat²å¼þµ¯´°¹¥»÷»î¶¯£¬£¬ £¬£¬ £¬£¬Ç±ÔÚÊܺ¦Õß´ïÊýÍò

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
ZScalerµÄThreatLabZÑо¿ÍŶӷ¢Ã÷¹¥»÷ÕßÕýÔÚÆð¾¢Ê¹ÓÃWP Live Chat²å¼þÖеÄXSSÎó²î£¬£¬ £¬£¬ £¬£¬ÏòWordPressÍøÕ¾×¢Èë¶ñÒâJavaScript´úÂëÒÔ¾ÙÐжñÒâÖض¨ÏòºÍµ¯´°¹¥»÷¡£¡£¡£¡£ÖÁÉÙÒÑÓÐ47¸öÍøÕ¾Êܵ½¹¥»÷£¬£¬ £¬£¬ £¬£¬ÕâÒ»ÊýÄ¿»¹ÔÚÔöÌí£¬£¬ £¬£¬ £¬£¬ÓÉÓڸòå¼þµÄ×°ÖÃÁ¿´ï5Íò£¬£¬ £¬£¬ £¬£¬Òò´ËDZÔÚÊܺ¦Õß¿É´ïÊýÍò¡£¡£¡£¡£¸Ã¶ñÒâJavaScript´úÂëÏòblackawardago[.]com·¢³öÇëÇ󣬣¬ £¬£¬ £¬£¬ºóÕßÈÏÕæÍÆË͵¯´°¹ã¸æºÍÐéᶩÔÄÐÂÎÅ¡£¡£¡£¡£Æ¾Ö¤¸ÃÓòÃûµÄWhoIs¼Í¼£¬£¬ £¬£¬ £¬£¬¸ÃЧÀÍÆ÷µÄIPµØµãλÓÚÓ¡¶È¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/wordpress-plugin-flaw-used-for-malicious-redirects-and-pop-ups/

3¡¢Ê¹ÓÃRealtek SDK RCEÎó²îµÄ¹¥»÷»î¶¯¼¤Ôö

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
NetScoutÑо¿ÍŶӷ¢Ã÷´Ó2019Äê4ÔÂβµ½2019Äê5ÔÂÉÏ°ëÔÂʱ´ú£¬£¬ £¬£¬ £¬£¬Ê¹ÓÃRealtek SDK RCEÎó²î£¨CVE-2014-8361£©µÄ¹¥»÷»î¶¯¼¤Ôö£¬£¬ £¬£¬ £¬£¬¹¥»÷ÊýÄ¿ÔÚ´Ëʱ´úÔöÌíÁË5043%¡£¡£¡£¡£ÕâЩ¹¥»÷Ö÷ÒªÀ´×Ô°£¼°£¬£¬ £¬£¬ £¬£¬Õë¶ÔÄϷǵØÇøµÄ·ÓÉÆ÷£¬£¬ £¬£¬ £¬£¬·Ö·¢µÄpayloadÖ÷ÒªÊÇHakai DDoS botµÄ±äÌ壬£¬ £¬£¬ £¬£¬¸Ã±äÌå¿ÉÓÃÓÚÌᳫ»ùÓÚHTTP¡¢TCP¡¢UDPµÄDDoS¹¥»÷¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.netscout.com/blog/asert/realtek-sdk-exploits-rise-egypt

4¡¢Àí¹âTheta360ÒâÍâй¶1100ÍòÕÅÓû§ÕÕƬ

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
vpnMonitorÑо¿Ö°Ô±Noam RotemºÍRan Locar·¢Ã÷Àí¹âµÄTheta360ÕÕƬ¹²ÏíϵͳÒâÍâй¶1100ÍòÕÅÓû§ÕÕƬ¡£¡£¡£¡£Ñо¿Ö°Ô±ÌåÏÖ¸ÃϵͳµÄÒ»¸öÊý¾Ý¿â¿É¹ûÕæ»á¼û£¬£¬ £¬£¬ £¬£¬µ¼ÖÂÊýǧÃûÓû§µÄÕÕƬй¶£¬£¬ £¬£¬ £¬£¬¸ÃÊý¾Ý¿â²¢Î´Ð¹Â¶Óû§µÄСÎÒ˽¼ÒÐÅÏ¢£¬£¬ £¬£¬ £¬£¬µ«Ñо¿Ö°Ô±ÔÚÐí¶à°¸ÀýÖз¢Ã÷ÁËÓû§µÄÐÕÃû¡¢Óû§Ãû¡¢ÕÕƬUUID¡¢Òþ˽ÉèÖõÈÐÅÏ¢¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.scmagazine.com/home/security-news/privacy-compliance/theta360-leak-exposes-11-million-photos-user-data/?

5¡¢Leicester×ãÇò¾ãÀÖ²¿¹ÙÍøÔâºÚ¿ÍÈëÇÖ£¬£¬ £¬£¬ £¬£¬¿Í»§Ö§¸¶ÐÅϢй¶

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
Leicester×ãÇò¾ãÀÖ²¿ÌåÏÖÆä¹ÙÍøhttps://shop.lcfc.com/ÔâºÚ¿ÍÈëÇÖ£¬£¬ £¬£¬ £¬£¬²¿·Ö¿Í»§µÄÖ§¸¶ÐÅϢй¶£¬£¬ £¬£¬ £¬£¬°üÀ¨ÐÅÓÿ¨ºÅÂë¡¢³Ö¿¨ÈËÐÕÃû¡¢ÓÐÓÃÆÚºÍCVVµÈ¡£¡£¡£¡£¸ÃÊÂÎñ±¬·¢ÔÚ4ÔÂ23ÈÕÖÁ5ÔÂ4ÈÕʱ´ú£¬£¬ £¬£¬ £¬£¬¸Ã¾ãÀÖ²¿ÔÚ·¢Ã÷¹¥»÷ºóÁ¬Ã¦Í¨ÖªÁËÐÅϢרԱ°ì¹«ÊÒºÍÏà¹ØÕþ¸®¡£¡£¡£¡£ÊÓ²ìÈÔÔÚ¾ÙÐÐÖУ¬£¬ £¬£¬ £¬£¬ÏÖÔÚÉв»ÇåÎú¹¥»÷µÄÏêϸÐÅÏ¢ºÍºÚ¿ÍÈëÇֵķ½·¨£¬£¬ £¬£¬ £¬£¬Ò²²»ÇåÎúÓм¸¶à¿Í»§Êܵ½Ó°Ïì¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://securityaffairs.co/wordpress/86479/data-breach/leicester-city-site-card-brech.html

6¡¢Ñо¿ÍŶÓÐû²¼Hidden BeeбäÌåµÄÆÊÎö±¨¸æ

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø
 
Malwarebytes LabsÑо¿ÍŶÓÐû²¼¹ØÓÚHidden BeeбäÌåµÄÆÊÎö±¨¸æ¡£¡£¡£¡£Hidden BeeÊÇÒ»¸ö¶ñÒâÍÚ¿óÈí¼þ£¬£¬ £¬£¬ £¬£¬ÓÉÓû§×é¼þºÍbootkit×é³É¡£¡£¡£¡£¸Ã±äÌ彫×Ô¼º×°ÖÃΪWindowsЧÀÍ£¬£¬ £¬£¬ £¬£¬²¢ÔÚÏÂÔØÏÂÒ»½×¶Î×é¼þºóɾ³ý´ËЧÀÍ£¬£¬ £¬£¬ £¬£¬È»ºó½«payload×¢Èësvchost.exe¡¢msdtc.exe¡¢dllhost.exeºÍWmiPrvSE.exeµÈÀú³Ì£¬£¬ £¬£¬ £¬£¬Æä°üÀ¨µÄ¶ñÒâÍÚ¿ó×é¼þÊÇCryptonight¡£¡£¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://blog.malwarebytes.com/threat-analysis/2019/05/hidden-bee-lets-go-down-the-rabbit-hole/