X黑手网
X黑手网

SEC每日安全简报(2023.09.13)

威胁情报[CTI]

  1. 据DarkFeed统计,Cactus勒索软件组织每月平均受害者激增,主要目标国家:

    - USA:21

    - UK: 5

    - Canada: 4

    - France: 3

    - Switzerland: 2‍

    image

     

  2. Radis宣布了一项新服务,TaaS(威胁服务)。

    除了运作DDoS平台外,Tesla Bot还将包括数据窃取,勒索软件和渗透测试工具。

    image

     

  3. 黑客组织Sylhet Gang-SG声称再次瞄准印度基础设施发起攻击。

    image

     

  4. 黑客组织SiegedSec声称泄露了Ethereum Name Service,The-people fitness,The Masonry Society 10GB数据(真实性尚未得到证实)

    image

     

  5. 勒索软件组织NoEscape新增3名新受害者,分别是:

    - Altmann Dental GmbH & Co KG (http://altmanndental.de)

    - adSage (http://adsage.com)

    - International Joint Commission (http://ijc.org)

    image

     

  6. 勒索软件组织BlackByte新增1名新受害者,分别是

    - ALPS ALPINE (http://alpsalpine.com)

    image

     

[安全简报]

  • HackerOne

[Radancy] 赏金: $160.00

在管理面板中执行DOM XSS

https://hackerone.com/reports/1619445

[Apache Airflow] 赏金: $2,550

SSRF漏洞 (CVE-2023-37379)

https://hackerone.com/reports/2123113

  • PacketStorm

Equipment Rental Script 1.0 SQL Injection

https://packetstormsecurity.com/files/174619/Equipment-Rental-Script-1.0-SQL-Injection.html

Kolifa Download CMS 1.2 HTML Injection

https://packetstormsecurity.com/files/174618/Kolifa-Download-CMS-1.2-HTML-Injection.html

KALIMATAN GMS 1.0.0 Cross Site Scripting

https://packetstormsecurity.com/files/174617/KALIMATAN-GMS-1.0.0-Cross-Site-Scripting.html

Kylin CMS 1.3.0 SQL Injection

https://packetstormsecurity.com/files/174616/Kylin-CMS-1.3.0-SQL-Injection.html

Kaledo RD CMS 1.0 SQL Injection

https://packetstormsecurity.com/files/174608/Kaledo-RD-CMS-1.0-SQL-Injection.html

 

  • BleepingComputer

Adobe警告在攻击中利用关键的Acrobat和Reader零日漏洞

https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-acrobat-and-reader-zero-day-exploited-in-attacks/

免费下载管理器网站多年来将Linux用户重定向到恶意软件

https://www.bleepingcomputer.com/news/security/free-download-manager-site-redirected-linux-users-to-malware-for-years/

苹果向后移植BLASTPASS零日修复到旧款iPhone上

https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zero-day-fix-to-older-iphones/

Microsoft将在Windows更新中阻止第 3 方打印机驱动程序

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-block-3rd-party-printer-drivers-in-windows-update/

'Redfly'黑客入侵电力供应商网络6个月

https://www.bleepingcomputer.com/news/security/redfly-hackers-infiltrated-power-suppliers-network-for-6-months/

  • Malwarebytes Labs

重大网络攻击让美高梅酒店集团陷入困境

https://www.malwarebytes.com/blog/personal/2023/09/major-cyberattack-leaves-mgm-resorts-reeling

  • TheHackerNews

严重GitHub漏洞使4,000+个存储库暴露Repojacking攻击

https://thehackernews.com/2023/09/critical-github-vulnerability-exposes.html

复杂的网络钓鱼活动部署Agent Tesla,OriginBotnet和RedLine Clipper

https://thehackernews.com/2023/09/sophisticated-phishing-campaign.html

当心:MetaStealer恶意软件在最近的攻击中针对Apple macOS

https://thehackernews.com/2023/09/beware-metastealer-malware-targets.html

谷歌急于修补在野外利用的关键Chrome漏洞 - 立即更新

https://thehackernews.com/2023/09/google-rushes-to-patch-critical-chrome.html

  • DarkReading

米高梅度假村网络攻击阻碍拉斯维加斯大道运营

https://www.darkreading.com/attacks-breaches/mgm-resorts-cyberattack-hobbles-las-vegas-strip-operations

Microsoft修补了两个被积极利用的零日漏洞

https://www.darkreading.com/application-security/microsoft-patches-pair-of-actively-exploited-zero-days

  • SANS

Microsoft发布2023年9月补丁

https://isc.sans.edu/diary/rss/30214

© 版权声明
THE END
喜欢就支持一下吧
点赞10赞赏 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称常用语 夸夸
夸夸
还有吗!没看够!
表情代码图片

    暂无评论内容