CleafyÔÚGoogle Play·¢ÏÖαװ³É¶þάÂëÓ¦ÓõÄTeaBot
Ðû²¼Ê±¼ä 2022-03-04CleafyÔÚGoogle Play·¢ÏÖαװ³É¶þάÂëÓ¦ÓõÄTeaBot
3ÔÂ1ÈÕ£¬CleafyÐû²¼³ÂËß³ÆÆäÔÚGoogle PlayÉ̵êÖз¢ÏÖÁËÒøÐÐľÂíTeaBot¡£¸ÃľÂíαװ³É¶þάÂëÓ¦Óá°QR Code & Barcode ¨C Scanner¡±£¬Òѱ»ÏÂÔØÁè¼Ý10000´Î¡£Óë֮ǰ²îÒìµÄÊÇ£¬¸Ã±äÌåÕë¶ÔµÄÄ¿±êÓ¦ÓÃÖÖÀàÔö¼Ó£¬ÏÖÒÑÄÒÀ¨Á˼ÒÍ¥ÒøÐÐÓ¦Óᢱ£ÏÕÓ¦ÓúͼÓÃÜÇ®°üµÈÓ¦Óá£ÔÚ²»µ½Ò»ÄêµÄʱ¼äÀTeaBotÕë¶ÔÄ¿±êµÄÊýÁ¿Ôö³¤ÁË500%ÒÔÉÏ£¬´Ó60¸öÔö¼Óµ½400¶à¸ö¡£Ä¿Ç°£¬TeaBotÖ÷ÒªÃÀ¹úÓû§£¬½üÆÚ»¹ÐÂÔöÁ˶íÓ˹Âå·¥¿ËÓïºÍÖÐÎİ汾£¬Õâ±íÃ÷¸Ã¶ñÒâÈí¼þÕýÔÚÃé׼ȫÇò¡£
https://www.bleepingcomputer.com/news/security/teabot-malware-slips-back-into-google-play-store-to-target-us-users/
CloudSEK³ÆÕë¶ÔÓ¡¶ÈµÄµöÓã¹¥»÷ÒÑÔì³ÉÉϰÙÍòÃÀÔªËðʧ
ÐÂ¼ÓÆÂÄþ¾²¹«Ë¾CloudSEKÔÚ3ÔÂ1ÈÕÅû¶ÁËÕë¶ÔÓ¡¶ÈµÄµöÓã¹¥»÷µÄϸ½ÚÐÅÏ¢¡£´Ë´Î¹¥»÷»î¶¯Éæ¼°200¶à¸öµöÓãÍøÕ¾£¬ÒԵ綯Æû³µÎªÓÕ¶ü£¬ÒÑÔì³É¸ß´ï1000000ÃÀÔªµÄËðʧ¡£Ó¡¶ÈÕþ¸®×î½üÍÆ³öÁËÐÂÕþ²ß£¬ÒÔ´Ù½ø¸Ã¹úµç¶¯Æû³µ£¨EV£©ÐÐÒµµÄÔö³¤¡£¹¥»÷Õßͨ¹ýÀûÓÃGoogle Ads¡¢Ê¹ÓÃÏà¹ØÒªº¦×ÖÒÔ¼°Ä£·ÂRevoltºÍAtherµÈÆ·ÅÆÀ´ÓÕʹĿ±ê½øÈëµöÓãÍøÕ¾£¬È»ºóÒªÇóËûÃÇÊäÈë¸öÈ˺ÍÒøÐп¨ÐÅÏ¢£¬×îÖÕÇÔȡĿ±êµÄÕË»§×ʽð¡£
https://cloudsek.com/whitepapers_reports/unearthing-the-million-dollar-scams-targeting-the-indian-electric-vehicle-industry-scams/
Malwarebytes·¢ÏÖÖ¼ÔÚÇÔȡ΢ÈíÓû§Æ¾¾ÝµÄµöÓã»î¶¯
3ÔÂ1ÈÕ£¬MalwarebytesÐû²¼Ò»·Ý³ÂËߣ¬ÏêÊöÁËÕë¶ÔMicrosoftÕÊ»§µÄµöÓã»î¶¯¡£¸Ã»î¶¯ÒÔ¡°MicrosoftÕÊ»§Òì³£µÇ¼»î¶¯¡±ÎªÖ÷Ì⣬Éù³Æ¼ì²âµ½À´×Ô¶íÂÞ˹/Ī˹¿ÆµÄÓû§¸Õ¸ÕÖØÐÂÉ豸µÇ¼ÕÊ»§¡£µ±ÊÕ¼þÈ˵ã»÷µöÓãÓʼþÖеġ°³ÂËßÓû§¡±ºó£¬±ã»áÏò¹¥»÷Õß·¢ËÍÒ»·â°üÂÞÔ¤Ìî³äÏûÏ¢µÄÓʼþ£¬Ö®ºó¿ÉÄܻᱻҪÇóÊäÈëµÇ¼ƾ֤ºÍÒøÐÐÐÅÏ¢µÈ¡£
https://blog.malwarebytes.com/scams/2022/03/unusual-sign-in-activity-mail-goes-phishing-for-microsoft-account-holders/
JFrogÐû²¼¹ØÓÚ¿ªÔ´¿âPJSIPÖÐ5¸öÄÚ´æËð»µÂ©¶´µÄ³ÂËß
JFrogÔÚ3ÔÂ1ÈÕÐû²¼Á˹ØÓÚPJSIPÖÐ5¸öÄÚ´æËð»µÂ©¶´µÄ³ÂËß¡£PJSIPÊÇÒ»¸ö¿ªÔ´¶àýÌåͨÐſ⣬ÌṩÁËIPµç»°Ó¦ÓÃʹÓõÄAPI¡£Â©¶´°üÂ޿ɵ¼ÖµĴúÂëÖ´ÐеĶÑÕ»Òç³ö©¶´£¨CVE-2021-43299¡¢CVE-2021-43300ºÍCVE-2021-43301£©£¬ÒÔ¼°¿Éµ¼Ö¾ܾø·þÎñµÄÔ½½ç¶Áȡ©¶´£¨CVE-2021-43302£©ºÍ»º³åÇøÒç³ö©¶´£¨CVE-2021-43303£©¡£ÕâЩ©¶´ÒÑͨ¹ý2ÔÂ24ÈÕÐû²¼µÄ²¹¶¡ÐÞ¸´¡£
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
GoogleÐû²¼Äþ¾²¸üУ¬ÐÞ¸´ChromeÖеÄ28¸ö©¶´
GoogleÓÚ3ÔÂ1ÈÕÍÆ³öChrome 99£¬ÐÞ¸´ÁË28¸öÄþ¾²Â©¶´¡£ÆäÖнÏΪÑÏÖØµÄ©¶´ÊÇANGLEÖеĶѻº³åÇøÒç³ö©¶´£¨CVE-2022-0789£©¡¢Cast UIÖеÄÊͷźóʹÓé¶´£¨CVE-2022-0790£©¡¢¶à¹¦Ð§¿òÖÐÊͷźóʹÓé¶´£¨CVE-2022-0791£©¡¢Blink½á¹¹ÖеÄÀàÐÍ»ìÏý©¶´£¨CVE-2022-0795£©ºÍANGLEÖÐÔ½½ç¶Áȡ©¶´£¨CVE-2022-0792£©µÈ¡£
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/02/google-releases-security-updates-chrome
ESETÐû²¼IsaacWiperºÍHermeticWizardµÄ·ÖÎö³ÂËß
ESETÔÚ3ÔÂ1ÈÕÐû²¼ÁËIsaacWiperºÍHermeticWizardµÄ·ÖÎö³ÂËß¡£IsaacWipeÊÇÒ»¸öеÄWiper£¬´æÔÚÓÚûÓÐAuthenticodeÇ©ÃûµÄWindows DLL»òEXEÖУ¬×îÔçµÄPE±àÒëʱ¼ä´ÁÊÇ2021Äê10ÔÂ19¡£ÓÚ2ÔÂ24ÈÕÔÚÎÚ¿ËÀ¼Õþ¸®»ú¹¹µÄÍøÂçÖб»·¢ÏÖ£¬ÉÐδȷ¶¨ÊÇ·ñÓëHermeticWiperÓйØÁª¡£HermeticWizardÊÇ×Ô½ç˵È䳿£¬ÓÃÓÚͨ¹ýWMIºÍSMBÔÚµ±µØÍøÂçÖÐÁ÷´«HermeticWiper¡£
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Äþ¾²¹¤¾ß
Searpy
ËÑË÷¹¤¾ß£¬¿ÉÓÃÓÚÊÕÂÞºÍËÝÔ´£¬Ö§³Öpy2ºÍpy3¡£
https://github.com/j3ers3/Searpy
CAPEv2
ÊÇÒ»¸ö¶ñÒâÈí¼þɳÏ䣬´ÓÈÎÒâ¶ñÒâÈí¼þ¼Ò×åÖÐÌáÈ¡ÅäÖûò½âѹpayload¡£
https://github.com/kevoreilly/CAPEv2
S1EM
S1EM ÊÇÒ»¸ö´øÓÐ SIRP ºÍ Threat Intel µÄ SIEM£¬Ò»¸öÍêÕûµÄÊý¾Ý°ü²¶×½£¬¶àºÏÒ»¡£
https://github.com/V1D1AN/S1EM
WMEye
ΪʹÓà WMI ºÍÔ¶³Ì MSBuild Ö´ÐÐÖ´ÐкáÏòÒÆ¶¯¶ø¿ª·¢µÄʵÑéÐÔ¹¤¾ß¡£
https://github.com/pwn1sher/WMEye
Äþ¾²·ÖÎö
Æ»¹ûÐû²¼ iOS 15.4 Beta 5
https://news.softpedia.com/news/apple-releases-ios-15-4-beta-5-534963.shtml
΢ÈíΪÖÐСÆóÒµÍÆ³öеĶ˵ãÄþ¾²½â¾ö·½°¸
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolling-out-new-endpoint-security-solution-for-smbs/
ASEC·¢ÏÖαװ³ÉMSIµÄMagniber·Ö·¢»î¶¯
https://asec.ahnlab.com/en/32226/
΢Èí£ºLSASSÍ߽⵼ÖÂWindowsÓò¿ØÖÆÆ÷ÖØÆô
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-domain-controller-restarts-caused-by-lsass-crashes/
Reality Winner µÄ Twitter ÕË»§±»ºÚ¿Í¹¥»÷ÒÔÕë¶Ô¼ÇÕß
https://www.bleepingcomputer.com/news/security/reality-winners-twitter-account-was-hacked-to-target-journalists/
VoIPmonitor ¼à¿ØÈí¼þÖз¢ÏÖµÄÑÏÖØÄþ¾²Â©¶´
https://thehackernews.com/2022/03/critical-security-bugs-uncovered-in.html