KasperskyÅû¶Õë¶Ô¶íÂÞ˹¹¤¿ØÐÐÒµºÍÕþ¸®»ú¹¹µÄ¹¥»÷

Ðû²¼Ê±¼ä 2023-10-26
1¡¢KasperskyÅû¶Õë¶Ô¶íÂÞ˹¹¤¿ØÐÐÒµºÍÕþ¸®»ú¹¹µÄ¹¥»÷


KasperskyÔÚ10ÔÂ24ÈÕÅû¶ÁËÕë¶Ô¶íÂÞ˹¹¤¿ØÐÐÒµºÍÕþ¸®»ú¹¹µÄ¹¥»÷Ô˶¯¡£Ñо¿Ö°Ô±ÓÚ6ÔÂÊ״μì²âµ½¸ÃÔ˶¯ £¬¶øÔÚ8ÔÂÖÐÑ®·¢Ã÷ÁËа汾µÄºóÃÅ £¬¸ÃºóÞßÓиüÖØ´óµÄÈƹý¹¦Ð§ £¬Åú×¢¹¥»÷ÕýÔÚ¾ÙÐÐÓÅ»¯¡£¹¥»÷ʼÓÚÒ»¸ö°üÀ¨¶ñÒâARJÎļþµÄÓʼþ £¬ÆäÖÐÓÐÒ»¸öÓÕ¶üPDFÎĵµºÍÒ»¸öNSIS¾ç±¾ £¬¸Ã¾ç±¾ÓÃÓÚ»ñÈ¡Ö÷Òªpayload²¢Æô¶¯Ëü¡£Kaspersky³Æ £¬Í³Ò»´¹ÂÚÔ˶¯»¹Èö²¥ÁËÁ½¸öÃûΪNetrunnerºÍDmcservµÄºóÃÅ £¬ÕâЩÊǾßÓвî±ðC2·þÎñÆ÷ÉèÖõÄÏàͬ¶ñÒâÈí¼þ¡£


https://securelist.ru/ataki-na-industrialnyj-i-gosudarstvennyj-sektory-rf/108229/


2¡¢·¨¹úÖ°ÒµÇò¶ÓASVELÔâµ½NoEscape¹¥»÷32GBÊý¾Ýй¶


¾ÝýÌå10ÔÂ24ÈÕ±¨µÀ £¬·¨¹úÖ°ÒµÀºÇò¶ÓLDLC ASVEL(ASVEL)Ôâµ½ÁËÀÕË÷ÍÅ»ïNoEscapeµÄ¹¥»÷¡£NoEscapeÔÚ10ÔÂ9ÈÕ½«¸ÃÇò¶Ó¼ÓÈëÆäÍøÕ¾ £¬LDLC ASVELÓÚ10ÔÂ12ÈÕͨ¹ýýÌåÊÕµ½Í¨Öª¡£¹¥»÷ÕßÉù³ÆÇÔÈ¡ÁË32GBÊý¾Ý £¬°üÀ¨ÇòÔ±µÄСÎÒ˽¼Ò×ÊÁÏ¡¢»¤ÕÕºÍÉí·ÝÖ¤ £¬Óë²ÆÎñ¡¢Ë°ÎñºÍÖ´·¨ÊÂÎñÏà¹ØµÄÎļþ £¬ÒÔ¼°±£ÃÜЭÒé¡¢ÌõÔ¼ºÍÉñÃØÐżþµÈ¡£ÀÕË÷ÍÅ»ïÍþвÈôÊDz»½»Êê½ð £¬¾Í»áÔÚ10ÔÂ20ÈÕ֮ǰÐû²¼ÕâЩÊý¾Ý¡£ÏÖÔÚ £¬ASVELÒѱ»´ÓNoEscapeµÄÍøվɾ³ý £¬Åú×¢¶þÕß¿ÉÄÜÕýÔÚ¾ÙÐÐ̸ÅС£


https://www.bleepingcomputer.com/news/security/asvel-basketball-team-confirms-data-breach-after-ransomware-attack/


3¡¢Redcliffe LabsµÄ7TBÊý¾Ýй¶ӰÏìÔ¼1200Íò»¼Õß


ýÌå10ÔÂ25ÈÕ³Æ £¬Ó¡¶È±±·½°îŵÒÁ´ïµÄÒ½Áƹ«Ë¾Redcliffe LabsµÄ7TBÒ½ÁÆÊý¾Ýй¶ £¬Ó°ÏìÁËÔ¼1200Íò»¼Õß¡£×î³õ £¬Ñо¿Ö°Ô±·¢Ã÷ÁËÒ»¸ö²»ÊÜÃÜÂë±£»¤µÄÊý¾Ý¿â £¬×ܾÞϸΪ7TB £¬°üÀ¨Ô¼12347297Ìõ¼Í¼ £¬¾­ÊÓ²ìÕâЩÊý¾Ý¼¯ÊôÓÚRedcliffe Labs¡£ÆäÖÐ £¬³ýÁËÓдó×Ú»¼ÕßСÎÒ˽¼ÒºÍÒ½ÁÆÊý¾ÝÖ®Íâ £¬»¹°üÀ¨¸Ã¹«Ë¾Òƶ¯Ó¦ÓóÌÐòµÄ¿ª·¢Îļþ¡£ÏÖÔÚ £¬¸ÃÊý¾Ý¿âÒѱ»±£»¤ÆðÀ´ £¬Éв»ÇåÎú¹ûÕæÁ˶à¾Ã¡£


https://www.hackread.com/database-mess-up-7tb-healthcare-data-leak/


4¡¢ÎÚ¿ËÀ¼NCS§³§³³ÆSmokeloader¶ñÒâÈí¼þ¹¥Ô˶¯¼¤Ôö 


10ÔÂ25ÈÕ±¨µÀ³Æ £¬ÎÚ¿ËÀ¼¹ú¼ÒÍøÂçÇ徲Эµ÷ÖÐÐÄ(NCS§³§³)³Æ £¬Ê¹ÓöñÒâÈí¼þSmokeloaderµÄ¹¥»÷Ô˶¯¼¤Ôö¡£NCS§³§³Ñо¿ÏÔʾ £¬×Ô5ÔÂÒÔÀ´ £¬¶ñÒâÈí¼þÔËÓªÍÅ»ïÕë¶ÔÎÚ¿ËÀ¼µÄʵÌåÌᳫÁË´ó¹æÄ£´¹ÂÚ¹¥»÷ £¬Ö¼ÔÚÈëÇÖϵͳ²¢ÇÔÊØÐÅÏ¢¡£ÔÚ×î½üµÄÔ˶¯ÖÐ £¬ºÚ¿ÍʹÓÃSmokeloader¹¥»÷Õþ¸®»ú¹¹ºÍ½ðÈÚʵÌå £¬ÌØÊâÊÇ»á¼ÆÐÐÒµ¡£ËûÃÇͨ¹ý½ðÈÚÖ÷ÌâµÄ´¹ÂÚÓʼþÀ´ÓÕʹĿµÄÏÂÔضñÒâÈí¼þ £¬È»ºóÇÔÊØÐÅÏ¢¡£±ðµÄ £¬¹¥»÷Õß»¹»áÆÆËð»ã¿îÁ÷³Ì £¬Í¨¹ýÌæ»»Õýµ±ÕÊ»§µÄÏêϸÐÅÏ¢À´½«×ʽðÖض¨Ïòµ½×Ô¼ºµÄÕÊ»§ £¬ÕâÍ»ÏÔÁ˹¥»÷Õßһֱת±äµÄÕ½ÂÔ¡£


https://therecord.media/surge-in-smokeloader-malware-attacks-targeting-ukrainian-financial-gov-orgs


5¡¢Salt Security¹ûÕæ¹ØÓÚOAuthЭÒéʵÏÖAPIµÄÎó²î


10ÔÂ24ÈÕ £¬Salt SecurityÐû²¼ÁËеÄÑо¿ £¬Õ¹ÏÖÁËGrammarly¡¢VidioºÍBukalapakµÈÔÚÏßƽ̨µÄOAuthЭÒéʵÏÖÖÐAPIµÄÎó²î¡£ÕâЩÎó²îÓпÉÄÜй¶Óû§Æ¾Ö¤²¢µ¼ÖÂÕÊ»§±»ÍêÈ«½ÓÊÜ £¬´Ó¶øÓ°ÏìÊýÊ®ÒÚÓû§ £¬ÏÖÒÑ»ñµÃ½â¾ö¡£¸ÃÑо¿ÖÐ×îÍ»³öµÄÒ»µãÊÇ £¬OAuth×÷Ϊsocial-login±³ºóµÄÖ÷ÒªÊÖÒÕ £¬×Åʵ±»Éè¼ÆµÃºÜºÃ £¬Ã»ÓÐÏÔ×ÅÎÊÌâ¡£²»¹ý £¬Ñо¿Ö°Ô±·¢Ã÷µÄ´ó´ó¶¼ÎÊÌⶼÓëʹÓÃOAuthµÄ¸÷·½ÓÃÀ´ÊµÏÖOAuthµÄ·½·¨ÓйØ¡£


https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts


6¡¢NCC GroupÐû²¼2023Äê9Ô·ÝÍþв̬ÊƵÄÆÊÎö±¨¸æ


10ÔÂ24ÈÕ £¬NCC GroupÐû²¼ÁË2023Äê9Ô·ÝÍþв̬ÊƵÄÆÊÎö±¨¸æ¡£¼Ì8Ô·ݵÄÏà¶ÔÇå¾²ºó £¬9Ô·ݵÄÀÕË÷Ô˶¯µÖ´ïÁËب¹ÅδÓеÄˮƽ £¬¶à´ï514¸öÄ¿µÄÔâµ½¹¥»÷ £¬½Ï2022Äêͬ±ÈÔöÌí153%¡£Ö÷ÒªµÄ¹¥»÷ÍÅ»ïÊÇLockBit 3.0£¨Ìᳫ79´Î¹¥»÷£©¡¢LostTrust£¨53´Î£©ºÍBlackCat£¨47´Î£©¡£±±ÃÀµØÇøÔâµ½µÄ¹¥»÷×î¶à£¨Õ¼50%£© £¬Æä´ÎÊÇÅ·ÖÞ£¨30%£©ºÍÑÇÖÞ£¨9%£©¡£Õë¶ÔÒ½ÁƱ£½¡ÐÐÒµµÄÀÕË÷¹¥»÷´ó·ùÔöÌí £¬½Ï8Ô»·±ÈÔöÌí86%¡£


https://newsroom.nccgroup.com/news/ncc-group-monthly-threat-pulse-september-2023-474190