ÐÅÏ¢Çå¾²Öܱ¨-2021ÄêµÚ18ÖÜ

Ðû²¼Ê±¼ä 2021-05-06

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2021Äê04ÔÂ26ÈÕÖÁ05ÔÂ02ÈÕ¹²ÊÕ¼Çå¾²Îó²î66¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇApple macOS Big Sur WebKit CVE-2021-1817ÄÚ´æÆÆËð´úÂëÖ´ÐÐÎó²î£»Google Chrome ANGLE¶ÑÒç³ö´úÂëÖ´ÐÐÎó²î£»Cisco Adaptive Security Appliances Software CVE-2021-1504»º³åÇøÒç³öÎó²î£»PHP FilteredIterator·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î£»Vivotek VIVOTEK IP Camera OSÏÂÁî×¢ÈëÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǺڿÍÔÚ°µÍø¹ûÕæÓ¡¶ÈBigBasketÔ¼2000Íò¸öÓû§µÄÐÅÏ¢£»FacebookÅû¶½üÆÚ2¸ö°ÍÀÕ˹̹ºÚ¿ÍÍÅ»ïµÄÌع¤Ô˶¯£»µÂ¹úÁª°î¾¯Ô±¾ÖÖØÖÃEmotet £¬¸Ã¶ñÒâÈí¼þ½«×Ô¶¯Ð¶ÔØ£»AppleÇå¾²¸üР£¬ÐÞ¸´macOSÖб»ShlayerʹÓõÄ0day£»AzureÔÆÕÊ»§ÒòÉèÖùýʧй¶΢Èí¶à¿î²úÆ·µÄÔ´´úÂë¡£


ƾ֤ÒÔÉÏ×ÛÊö £¬±¾ÖÜÇå¾²ÍþвΪÖС£


> Ö÷ÒªÇå¾²Îó²îÁбí


1.Apple macOS Big Sur WebKit CVE-2021-1817ÄÚ´æÆÆËð´úÂëÖ´ÐÐÎó²î


Apple macOS Big Sur WebKit±£´æÄÚ´æÆÆËðÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇó £¬ÓÕʹÓû§ÆÊÎö £¬¿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://support.apple.com/zh-cn/HT212325


2.Google Chrome ANGLE¶ÑÒç³ö´úÂëÖ´ÐÐÎó²î


Google Chrome ANGLE±£´æ¶ÑÒç³öÎó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇó £¬ÓÕʹÓû§ÆÊÎö £¬¿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html


3.Cisco Adaptive Security Appliances Software CVE-2021-1504»º³åÇøÒç³öÎó²î


Cisco Adaptive Security Appliances Software HTTPSÇëÇó±£´æÊäÈëÑéÖ¤Îó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬¿É¾ÙÐоܾø·þÎñ¹¥»÷¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-vpn-dos-fpBcpEcD


4.PHP FilteredIterator·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


PHP FilteredIterator±£´æ·´ÐòÁл¯Îó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬¿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://github.com/WordPress/Requests/security/advisories/GHSA-52qp-jpq7-6c54


5.Vivotek VIVOTEK IP Camera OSÏÂÁî×¢ÈëÎó²î


Vivotek VIVOTEK IP Camera NTP Server configuration´¦Öóͷ£²ÎÊý±£´æÇå¾²Îó²î £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇó £¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§ÒâOSÏÂÁî¡£

https://www.meritlilin.com/assets/uploads/support/file/M00166-TW.pdf


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ºÚ¿ÍÔÚ°µÍø¹ûÕæÓ¡¶ÈBigBasketÔ¼2000Íò¸öÓû§µÄÐÅÏ¢


1.jpg


BigBasketÊÇÓ¡¶ÈµÄÔÚÏßÔÓ»õÅäËÍ·þÎñ £¬¿ÉÔÚÓû§ÔÚÏß¹ºÖÃÎïÆ·Ö®ºó½«ÆäÔËË͵ּÒÖС£4ÔÂ25ÈÕÇåÔç £¬ÖøÃûй¶Êý¾ÝÂô¼ÒShinyHunterÔÚ°µÍøÉÏÐû²¼ÁËÒ»¸ö¾Ý³ÆÊÇ´ÓBigBasket͵ȡµÄÊý¾Ý¿â £¬ÆäÖÐÓÐÁè¼Ý2000Íò¸öÓû§µÄ¼Í¼ £¬°üÀ¨µç×ÓÓʼþµØµã¡¢SHA1¹þÏ£ÃÜÂë¡¢µØµã¡¢µç»°ºÅÂëºÍÆäËûÀàÐ͵ÄÐÅÏ¢µÈ¡£±ðµÄ £¬¸ÃºÚ¿Í³ÆÆäÒѾ­Ê¹ÓÃSHA1Ëã·¨ÆƽâÁË200Íò¸öÃÜÂë £¬ÆäÖÐ70ÍòÃû¿Í»§Ê¹ÓÃÁË¡°password¡±×÷ΪÃÜÂë¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/


2¡¢FacebookÅû¶½üÆÚ2¸ö°ÍÀÕ˹̹ºÚ¿ÍÍÅ»ïµÄÌع¤Ô˶¯


2.jpg


Facebook½üÆÚ·¢Ã÷ÁË2¸ö»®·ÖÔÚ2019ÄêºÍ2020Äê×îÏÈ»îÔ¾µÄ°ÍÀÕ˹̹ºÚ¿ÍÍÅ»ïµÄÌع¤Ô˶¯¡£ÕâÁ½¸ö×éÖ¯Ö®¼äËƺõûÓÐÁªÏµ £¬µ«ËüÃǵÄÄ¿µÄËƺõÏà·´¡£ËûÃǾùʹÓÃÁËiOSÌع¤Èí¼þ £¬²¢ÒÔFacebookµÈÉ罻ýÌåƽ̨ΪÆðµã £¬ÓëÄ¿µÄ½¨ÉèÁªÏµ²¢ÌᳫÉç»á¹¤³Ì¹¥»÷ £¬ÓÕʹËûÃǽøÈë´¹ÂÚÒ³ÃæºÍÆäËû¶ñÒâÍøÕ¾¡£Ñо¿Ö°Ô±ÍƶÏÆäÖÐÖ®Ò»Óë°ÍÀÕ˹̹Çå¾²»ú¹¹ÓÐ¹Ø £¬ÔÚÍÁ¶úÆä¡¢ÒÁÀ­¿Ë¡¢Àè°ÍÄÛºÍÀû±ÈÑÇÒ²Óй¥»÷Ô˶¯¡£ÁíÒ»×éÓëArid ViperÓÐ¹Ø £¬Ö÷ÒªÕë¶Ô·¨ËþºÕÕþµ³³ÉÔ±¡¢Õþ¸®¹ÙÔ±¡¢Çå¾²²½¶ÓºÍѧÉú¡£


Ô­ÎÄÁ´½Ó£º

https://www.wired.com/story/palestine-hacking-ios-custom-spyware/


3¡¢µÂ¹úÁª°î¾¯Ô±¾ÖÖØÖÃEmotet £¬¸Ã¶ñÒâÈí¼þ½«×Ô¶¯Ð¶ÔØ


3.jpg


µÂ¹úÁª°î¾¯Ô±¾ÖBundeskriminalamtÖØÖÃÁËEmotet £¬¸Ã¶ñÒâÈí¼þ½«ÔÚËùÓÐÊÜѬȾµÄϵͳÖÐ×Ô¶¯Ð¶ÔØ¡£EmotetÊǽüÆÚ×îΣÏÕµÄÀ¬»øÓʼþ½©Ê¬ÍøÂçÖ®Ò» £¬Æä»ù´¡ÉèÊ©ÓÚ½ñÄê1Ô·ÝÓɶà¹úÖ´·¨²¿·ÖÍŽᵷ»Ù¡£ÔÚ´Ë´ÎÐж¯ÖÐ £¬µÂ¹ú¾¯·½ÈÏÕ濪·¢ºÍÍÆËÍжÔØÄ£¿é £¬ÆäΪÁËÍøÂçÖ¤¾ÝºÍÐÅÏ¢¶øÍƳÙÁ˸ÃжÔØÄ£¿éµÄÐû²¼¡£¸Ã»ú¹¹Í¨¹ýÆä¿ØÖƵÄC2·þÎñÆ÷ £¬½«32λEmotetLoader.dllÐÎʽµÄÐÂEmotetÄ£¿é·Ö·¢¸øËùÓÐÊÜѬȾµÄϵͳ £¬Ê¹ÕâЩϵͳÔÚ2021Äê4ÔÂ25ÈÕ×Ô¶¯Ð¶ÔظöñÒâÈí¼þ¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/emotet-malware-nukes-itself-today-from-all-infected-computers-worldwide/


4¡¢AppleÇå¾²¸üР£¬ÐÞ¸´macOSÖб»ShlayerʹÓõÄ0day


4.jpg


AppleÐû²¼Çå¾²¸üР£¬ÐÞ¸´macOS Big Sur 11.3ÖÐÒѱ»Ê¹ÓõÄ0day¡£Çå¾²ÍŶÓJamf·¢Ã÷ £¬´Ó2021Äê1ÔÂ×îÏȶñÒâÈí¼þShlayerʹÓÃÁËÒ»¸ö0day£¨CVE-2021-30657£© £¬À´ÈƹýAppleµÄÎļþ¸ôÀë¡¢GatekeeperºÍ¹«Ö¤Çå¾²¼ì²é £¬²¢ÏÂÔصڶþ½×¶ÎËùʹÓõÄpayload¡£±ðµÄ £¬´Ë´Î¸üл¹ÐÞ¸´ÁËiOS¡¢iPadOSºÍwatchOSÖеĶà¸ö0day £¬°üÀ¨WebKit StorageµÄÄÚ´æËð»µÎó²î£¨CVE-2021-30661£©¡¢Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2020-27930£©¡¢ÄÚºËÄÚ´æй¶Îó²î£¨CVE-2020-27950£©ºÍÄÚºËÌØȨÌáÉýÎó²î£¨CVE-2020-27932£©¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/apple-fixes-macos-zero-day-bug-exploited-by-shlayer-malware/


5¡¢AzureÔÆÕÊ»§ÒòÉèÖùýʧй¶΢Èí¶à¿î²úÆ·µÄÔ´´úÂë


5.jpg


vpnMentorÑо¿ÍŶӷ¢Ã÷Ò»¸öÉèÖùýʧµÄMicrosoft Azure BlobÔÆÕÊ»§Ð¹Â¶ÁË΢Èí¶à¿î²úÆ·µÄÔ´´úÂ롣й¶Êý¾ÝµÄ×ܾÞϸΪ63GB £¬°üÀ¨Áè¼Ý3800¸öÎļþ £¬Éæ¼°ÉÏ°Ù¼Ò¹«Ë¾µÄÈÚ×ÊÑݽ²¸åºÍ10-15ÖÖ²úÆ·µÄÔ´´úÂë £¬ÓÚ2021Äê1ÔÂ7ÈÕ±»·¢Ã÷²¢ÒÑÔÚ2021Äê2ÔÂ23ÈÕ»ñµÃ±£»¤¡£ÕâЩÎļþΪÖڶ๫˾ÏòMicrosoft Dynamics×ö³öµÄһϵÁÐÉÌÒµÐû´«ºÍ²úƷ˵Ã÷ £¬¿ÉÄÜÀ´×Ô΢Èí¹«Ë¾¡£


Ô­ÎÄÁ´½Ó£º

https://www.vpnmentor.com/blog/report-microsoft-dynamics-leak/