ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ49ÖÜ
Ðû²¼Ê±¼ä 2020-12-08> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö
2020Äê11ÔÂ30ÈÕÖÁ12ÔÂ06ÈÕ¹²ÊÕ¼Çå¾²Îó²î50¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇZeroshell cgi-bin kerbynet StartSessionSubmit×¢ÈëÎó²î£»Western Digital My Cloud OS devicesÉí·ÝÑéÖ¤ÈƹýÎó²î£»SourceCodester Car Rental Management System SQL×¢ÈëÎó²î£»Crux Linux Docker images root¿ÕÃÜÂëÎó²î£»HPE Edgeline Infrastructure ManagerÔ¶³Ì´úÂëÖ´ÐÐÎó²î¡£
±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇоƬ³§ÉÌAdvantechѬȾConti£¬±»ÀÕË÷1300ÍòÃÀÔª£»Carding Action 2020Ðж¯ÆÆ»ñÒ»Æð´ó¹æÄ£Õ©Æ°¸¼þ£»Cisco TalosÅû¶WebKitÖжà¸öÑÏÖصÄÎó²î£»Ñо¿ÍŶӷ¢Ã÷½©Ê¬ÍøÂçXantheʹÓÃDockerAPIѬȾLinux£»GitHubÐû²¼2020Äê¶ÈOctoverse̬ÊƵÄÆÊÎö±¨¸æ¡£
ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£
> Ö÷ÒªÇå¾²Îó²îÁбí
1.Zeroshell cgi-bin kerbynet StartSessionSubmit×¢ÈëÎó²î
Zeroshell cgi-bin kerbynet StartSessionSubmit±£´æÊäÈëÑéÖ¤Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£
https://blog.quake.so/post/zeroshell_linux_router_rce/
2.Western Digital My Cloud OS devicesÉí·ÝÑéÖ¤ÈƹýÎó²î
Western Digital My Cloud OS devicesÖÎÀíƽ̨±£´æÑéÖ¤ÈƹýÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§ÒâÏÂÁî¡£
https://www.westerndigital.com/support/productsecurity/wdc-20009-os5-firmware-5-06-115
3.SourceCodester Car Rental Management System SQL×¢ÈëÎó²î
Sourcecodester SourceCodester Car Rental Management System±£´æSQL×¢ÈëÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄSQLÇëÇ󣬲Ù×÷Êý¾Ý¿â£¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢»òÖ´ÐÐí§Òâ´úÂë¡£
https://github.com/BigTiger2020/Car-Rental-Management-System/blob/main/README.md
4.Crux Linux Docker images root¿ÕÃÜÂëÎó²î
Crux Linux Docker images±£´æROOT¿ÕÃÜÂëÎó²î£¬ÔÊÐíÍâµØ¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÌáÉýȨÏÞ¡£
https://github.com/koharin/koharin2/blob/main/CVE-2020-29389
5.HPE Edgeline Infrastructure ManagerÔ¶³Ì´úÂëÖ´ÐÐÎó²î
HPE Edgeline Infrastructure Manager±£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»òÖ´ÐÐí§Òâ´úÂë¡£
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04063en_us
> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö
1¡¢Ð¾Æ¬³§ÉÌAdvantechѬȾConti£¬±»ÀÕË÷1300ÍòÃÀÔª
¹¤Òµ×Ô¶¯»¯ºÍ¹¤ÒµÎïÁªÍø£¨IIoT£©Ð¾Æ¬ÖÆÔìÉÌAdvantechѬȾÀÕË÷Èí¼þConti£¬±»ÀÕË÷750 BTC£¨Ô¼Îª12600000ÃÀÔª£©¡£AdvantechÊÇIT²úÆ·Ï¢Õù¾ö¼Æ»®µÄÈ«ÇòÁìÏÈÖÆÔìÉÌ£¬²úÆ·°üÀ¨Ç¶ÈëʽPC¡¢ÍøÂç×°±¸¡¢IoT¡¢·þÎñÆ÷ºÍÒ½ÁƱ£½¡½â¾ö¼Æ»®¡£11ÔÂ26ÈÕ£¬ºÚ¿ÍÔÚÆäй¶ÍøÕ¾ÉÏÐû²¼ÁË3.03GB±»µÁÊý¾ÝÖеÄ2£¥£¬ÒÔ¼°Ò»¸ö°üÀ¨Á˱»µÁÎļþÁбíµÄÎı¾Îĵµ¡£ÏÖÔÚ£¬Advantech¹«Ë¾ÉÐδ¶Ô´ËʽÒÏþ̸ÂÛ¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/iiot-chip-maker-advantech-hit-by-ransomware-125-million-ransom/
2¡¢Carding Action 2020Ðж¯ÆÆ»ñÒ»Æð´ó¹æÄ£Õ©Æ°¸¼þ
ÍøÂçÇå¾²¹«Ë¾Group-IBÓëÅ·ÖÞµÄÐÙÑÀÀû¡¢Ó¢¹úºÍÒâ´óÀûÕþ¸®ÏàÖú£¬ÌᳫCarding Action 2020Ðж¯£¬ÆÆ»ñÒ»Æð´ó¹æÄ£ÐÅÓÿ¨ÉúÒâÕ©Æ°¸¼þ¡£¸ÃÔ˶¯Õë¶Ô¶à¸ö°µÍøÊг¡£¬ÔÚÐÅÓÿ¨ÉúÒâÊÐËÁºÍ°µÍøÉúÒâƽ̨ÉϲéÕÒÓëÉúÒâ±»µÁ¿¨ÏêϸÐÅÏ¢ÓйصÄÚ²ÆÕߣ¬Ö¼ÔÚ¼õÇáºÍ±ÜÃâ½ðÈÚ»ú¹¹ºÍ³Ö¿¨ÈËÔâÊÜËðʧ£¬ÏÖÔÚÔ¼×èÖ¹ÁË4000ÍòÅ·ÔªµÄËðʧ¡£¹ú¼ÊÐ̾¯×éÖ¯Ðû²¼¾Ð²¶ÁËÈýÃûÀ´×ÔÄáÈÕÀûÑǵÄÏÓÒÉÈË£¬¾ÝÐÅËûÃÇÊÇÒ»¸ö¹¥»÷ÁË150¸öÕþ¸®×éÖ¯ºÍ¹«Ë¾µÄÍÅ»ïµÄ³ÉÔ±¡£
ÔÎÄÁ´½Ó£º
https://www.hackread.com/authorities-disrupt-dark-web-credit-card-trading-scam/
3¡¢Cisco TalosÅû¶WebKitÖжà¸öÑÏÖصÄÎó²î
Cisco TalosÅû¶WebKitä¯ÀÀÆ÷ÒýÇæ±£´æ¶à¸öÑÏÖصÄÎó²î¡£ÕâЩÎó²îÓëWebKitµÄWebSocket¡¢AudioSourceProviderGStreamerºÍImageDecoderGStreamer¹¦Ð§Óйء£»®·ÖΪWebSocket´úÂëÖ´ÐÐÎó²î£¨CVE-2020-13543£©£¬¿Éͨ¹ý´¥·¢ÊͷźóʹÓÃÎó²îÀ´Ô¶³ÌÖ´ÐдúÂ룻ImageDecoderGStreamerÊͷźóʹÓÃÎó²î£¨CVE-2020-13584£©£¬¿Éµ¼ÖÂÔ¶³ÌÖ´ÐдúÂ룬ÒÔ¼°±»×·×ÙΪCVE-2020-13543µÄÎó²î¡£
ÔÎÄÁ´½Ó£º
https://www.securityweek.com/webkit-vulnerabilities-allow-remote-code-execution-malicious-websites
4¡¢Ñо¿ÍŶӷ¢Ã÷½©Ê¬ÍøÂçXantheʹÓÃDockerAPIѬȾLinux
Ñо¿ÍŶӷ¢Ã÷ÁËÒ»¸öÃûΪXantheµÄÃÅÂÞ±Ò¼ÓÃܽ©Ê¬ÍøÂ磬¿ÉʹÓÃÉèÖùýʧµÄDocker APIÀ´Ñ¬È¾Linuxϵͳ¡£¸Ã¶ñÒâÈí¼þ¿ÉʹÓöàÖÖÒªÁì¾ÙÐÐÈö²¥£¬ÈçÍøÂç¿Í»§¶ËÖ¤ÊéÒÔͨ¹ýSSHÈö²¥µ½Ä¿µÄÖ÷»ú¡£±ðµÄ£¬Xanthe¾ßÓÐËĸöÓÃÀ´Èƹý¼ì²â²¢ÔöÌí³¤ÆÚÐԵĸ½¼ÓÄ£¿é£¬»®·ÖΪÀú³ÌÒþ²ØÄ£¿é£¨libprocesshider.so£©£»½ûÓÃÆäËû¿ó¹¤ºÍÇå¾²·þÎñµÄshell¾ç±¾£¨xesa.txt£©£»ÓÃÓÚɾ³ýDockerÈÝÆ÷ÖеľºÕùÐÔDockerÄ¿µÄ¼ÓÃÜľÂíµÄshell¾ç±¾(fczyo)ºÍXMRig¶þ½øÖÆÎļþ£¨ÒÔ¼°JSONÉèÖÃÎļþconfig.json£©¡£
ÔÎÄÁ´½Ó£º
https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
5¡¢GitHubÐû²¼2020Äê¶ÈOctoverse̬ÊƵÄÆÊÎö±¨¸æ
GitHubÐû²¼ÁË2020Äê¶ÈOctoverse̬ÊƵÄÆÊÎö±¨¸æ¡£¸Ã±¨¸æÖ÷Ҫͳ¼ÆÁËÁè¼Ý5600ÍòÃû¿ª·¢Ö°Ô±ÔÚ2020Ä꽨ÉèµÄÁè¼Ý6000Íò¸öд洢¿â¡£Ñо¿·¢Ã÷£¬Óë2019ÄêÏà±È£¬ÏÖÔÚ94£¥µÄÏîÄ¿ÒÀÀµ¿ªÔ´×é¼þ£¬Æ½¾ùÓп¿½ü700¸öÒÀÀµÏJavaScriptÖÐÓÐ94£¥µÄ¿ªÔ´ÒÀÀµ¹Øϵ£¬¶øRubyºÍ.NETÖÐÓÐ90£¥µÄ¿ªÔ´ÒÀÀµ¹Øϵ¡£±ðµÄ£¬¿ªÔ´Èí¼þÖеĴó´ó¶¼Îó²î²¢²»ÊǶñÒâµÄ£¬Ïà·´£¬GitHub·¢³öµÄCVE¾¯±¨ÖÐÓÐ83£¥µÄÎó²îÊÇÓÉÈËΪ¹ýʧÒýÆðµÄ¡£
ÔÎÄÁ´½Ó£º
https://octoverse.github.com/