4G·ÓÉÆ÷¶à¸öÎó²î£¬£¬£¬²¨¼°ÖÐÐË¡¢Netgear¼°TP-LINK£»£»£»iOSͨѶ¼Ò×ÔâSQLite¹¥»÷£»£»£»¼ÑÄܵ¥·´Ïà»ú¶à¸öÎó²î

Ðû²¼Ê±¼ä 2019-08-13
1¡¢¼ÑÄܵ¥·´Ïà»ú±£´æ¶à¸öÎó²î£¬£¬£¬Ò×ÔâÀÕË÷Èí¼þ¹¥»÷

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

CheckPointÑо¿Ö°Ô±Eyal Itkin·¢Ã÷¼ÑÄÜÊýÂëÏà»ú¹Ì¼þÖб£´æ6¸öÇå¾²Îó²î£¬£¬£¬ÕâЩÎó²î¿Éͨ¹ýUSB¼°WiFiʹÓ㬣¬£¬ÔÊÐí¹¥»÷ÕßÈëÇÖ²¢½ÓÊÜÏà»ú¡£¡£Æ¾Ö¤¼ÑÄÜÐû²¼µÄͨ¸æ£¬£¬£¬ÊÜÓ°ÏìµÄ²úÆ·°üÀ¨EOSϵÁе¥·´¼°ÎÞ·´Ïà»ú¡¢PowerShot SX740 HS¡¢SX70 HSÒÔ¼°G5X Mark II¡£¡£ÕâЩÎó²îÓë¼ÑÄܵÄͼƬ´«ÊäЭÒ飨PTP£©µÄʵÏÖÓйØ£¬£¬£¬¹¥»÷Õß¿Éͨ¹ýÎÞÏß¹¥»÷µÄ·½·¨Ïò¼ÑÄÜÏà»úÖ²ÈëÀÕË÷Èí¼þ¡£¡£¼ÑÄÜÏÖÔÚ½öΪEOS 80DÐû²¼ÁËÐÞ¸´²¹¶¡¡£¡£


Ô­ÎÄÁ´½Ó£ºhttps://thehackernews.com/2019/08/dslr-camera-hacking.html


2¡¢iOSͨѶ¼Ò×ÔâSQLite¹¥»÷£¬£¬£¬¿Éµ¼ÖÂÓ¦ÓñÀÀ£»£»£»òÇÔÈ¡ÃÜÂë


ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

Æ»¹ûiOSµÄͨѶ¼ӦÓÃÒ×ÔâSQLite¹¥»÷¡£¡£Æ¾Ö¤Check PointÑо¿Ö°Ô±µÄ±íÊö£¬£¬£¬¸Ã¹¥»÷ÒÀÀµÓÚSQLiteÖеÄÒ»¸öÒÑÖªÎó²î£¬£¬£¬¸ÃÎó²îÔÚ·¢Ã÷4ÄêºóÈÔδÐÞ¸´£¨±»±ê¼ÇΪ²»Ö÷ÒªµÄ£©¡£¡£ÔÚÌæ»»ÁËiOSͨѶ¼ӦÓÃÖеÄÒ»¸ö×é¼þºó£¬£¬£¬Ñо¿Ö°Ô±¿ÉʹÓøÃÎó²îÔÚiPhone»òiPadÉÏÔËÐжñÒâ´úÂë¡£¡£³öÓÚÑÝʾµÄÄ¿µÄ£¬£¬£¬Ñо¿Ö°Ô±Ö»ÊÇÈÃÓ¦ÓÃÍ߽⣬£¬£¬µ«ËûÃÇÌåÏÖ¿ÉʹÓöñÒâ³ÌÐòÇÔÈ¡Óû§µÄÃÜÂë¡£¡£


Ô­ÎÄÁ´½Ó£ºhttps://appleinsider.com/articles/19/08/10/apples-ios-contacts-app-claimed-to-be-vulnerable-to-sqlite-hack


3¡¢4G·ÓÉÆ÷¶à¸öÎó²î£¬£¬£¬²¨¼°ÖÐÐË¡¢Netgear¼°TP-LINK

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

Ñо¿Ö°Ô±ÔÚDEF CON´ó»áÉÏÅû¶ÁË4G·ÓÉÆ÷ÖеĶà¸öÇå¾²Îó²î£¬£¬£¬ÊÜÓ°ÏìµÄÆ·ÅÆ°üÀ¨ÖÐÐË¡¢Netgear¼°TP-LINK¡£¡£ÖÐÐËMF920ÖеÄÎó²î°üÀ¨ÐÅϢй¶Îó²î£¨CVE-2019-3411£¬£¬£¬CVSS7.5£©ºÍ´úÂëÖ´ÐÐÎó²î£¨CVE-2019-3412£¬£¬£¬CVSS9.8£©¡£¡£Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷ÖеÄÎó²î°üÀ¨CSRFÎó²î£¨CVE-2019-14526£©¼°Post-AuthÏÂÁî×¢ÈëÎó²î£¨CVE-2019-14527£©¡£¡£TP-LINK M7350ÖеÄÎó²î°üÀ¨Pre-AuthÏÂÁî×¢È루CVE-2019-12103£©ÒÔ¼°Post-AuthÏÂÁî×¢È루CVE-2019-12103£©¡£¡£


Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/


4¡¢Cloud Atlasй¥»÷»î¶¯£¬£¬£¬Ö÷ÒªÕë¶Ô¶íÂÞ˹¡¢ÎÚ¿ËÀ¼¼°ÖÐÑÇ

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

ÔÚ2019Äê1ÔÂÖÁ7ÔÂʱ´ú£¬£¬£¬¿¨°Í˹»ùÑо¿Ö°Ô±·¢Ã÷ÓëÍøÂçÌع¤×éÖ¯Cloud AtlasÓйصĶà¸ö´¹Âڻ£¬£¬£¬ÕâЩ´¹ÂÚ¹¥»÷Ö÷ÒªÕë¶Ô¶íÂÞ˹¡¢ÎÚ¿ËÀ¼ÒÔ¼°ÖÐÑǵØÇø¡£¡£×Ô2018ÄêÒÔÀ´£¬£¬£¬Cloud AtlasһֱûÓиü»Ú¸ÄTTPS£¨Õ½ÂÔ¡¢¹¤¾ßºÍÁ÷³Ì£©¡£¡£ÆäÖ÷ÒªpayloadÊÇÄ£¿£¿£¿£¿ £¿é»¯ºóÃÅPowerShower£¬£¬£¬¸ÃºóÃÅ¿ÉÎüÊÕPowerShell¼°VBSÖ¸Áî²¢Ö´ÐС£¡£ÔÚÐµĹ¥»÷»î¶¯ÖУ¬£¬£¬¸Ã×éÖ¯»¹ÊÍ·ÅÁËÁíÒ»¸öºóÃÅVBShower¡£¡£


Ô­ÎÄÁ´½Ó£ºhttps://securelist.com/recent-cloud-atlas-activity/92016/


5¡¢Ð´¹ÂڻʹÓÃAWSÍйܴ¹ÂÚÍøÕ¾£¬£¬£¬ÀÄÓÃÔÆ´æ´¢³ÉΪ³±Á÷

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

ProofpointÑо¿Ö°Ô±·¢Ã÷Ò»¸öÕë¶ÔDocuSignÆ·ÅƵĴ¹ÂÚÓʼþ¹¥»÷£¬£¬£¬¹¥»÷ÕßÀÄÓÃAWSµÄЧÀÍÀ´ÍйÜÆä´¹ÂÚÉÏ°¶Ò³£¨landing page£©¡£¡£Ëæ×ÅÔ½À´Ô½¶àµÄ¹¥»÷ÕßʹÓÃDropbox¡¢Google DriveµÈÏûºÄ¼¶ÔÆ´æ´¢ÍйÜÆä¶ñÒâpayload£¬£¬£¬´¹ÂÚÕßÒ²Ô½À´Ô½¶àµØÀÄÓÃËüÃÇÍйÜÆä´¹ÂÚ¹¤¾ß°ü¡£¡£Æ¾Ö¤ProofpointµÄ·¢Ã÷£¬£¬£¬2019ÄêһЩ´¹ÂÚÕß×îÏÈתÏòʹÓÃAWS¡¢AzureµÈÆóÒµ¼¶¹«¹²ÔÆ´æ´¢¡£¡£

Ô­ÎÄÁ´½Ó£ºhttps://www.bleepingcomputer.com/news/security/microsoft-office-phishers-move-to-enterprise-aws-landing-pages/

6¡¢ÐÂÔ¶¿ØľÂíSaefko£¬£¬£¬Ö÷Ҫͨ¹ýuÅ̾ÙÐÐÈö²¥

ÈËÉú¾ÍÊDz©-×ðÁú¿­Ê±Öйú¹ÙÍø

ZscalerÑо¿Ö°Ô±·¢Ã÷Ò»¸öеÄÔ¶¿ØľÂíSaefkoÕýÔÚ°µÍøÉϳöÊÛ£¬£¬£¬¸ÃľÂí°üÀ¨¶àÖÖ¹¦Ð§£¬£¬£¬Ö÷Ҫͨ¹ýuÅÌÈö²¥¡£¡£Saefko¿ÉÇÔÈ¡ChromeµÄÀúÊ·ä¯ÀÀ¼Í¼£¬£¬£¬½«Êý¾Ý·¢Ë͸øC&CЧÀÍÆ÷ÒÔ¼°ÎüÊÕ²¢Ö´ÐÐC&CµÄÏÂÁî¡£¡£ÕâЩÏÂÁî°üÀ¨ÆÁÄ»½Øͼ¡¢¼üÅ̼ͼ¡¢Â¼ÖÆÊÓƵ¡¢ÏÂÔز¢Ö´ÐÐÆäËüpayloadµÈ¡£¡£ÆäÇÔÈ¡µÄÐÅÏ¢Ö÷Òª°üÀ¨ÐÅÓÿ¨ÐÅÏ¢¡¢ÓÎÏ·Õ˺š¢¼ÓÃÜÇ®±Ò¡¢É罻ýÌåÍùÀ´ÒÔ¼°¹ºÎï¼Í¼µÈ¡£¡£


Ô­ÎÄÁ´½Ó£ºhttps://www.securityweek.com/saefko-multi-layered-rat-can-spread-usb-drives