2017年11月第四周舆情周报

Lazarus APT使用Android应用程序来瞄准韩国的三星用户

https://securityaffairs.co/wordpress/65854/apt/lazarus-apt-android.html

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group

苹果最新的安全更新修复plug-n-hack MacOS包含USB攻击

https://www.bleepingcomputer.com/news/apple/apples-latest-macos-security-update-contained-fix-for-plug-n-hack-usb-attack/

qkG勒索：自我复制，文件加密勒索

https://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/

 

HP为补丁提供50个企业级打印机型号以及风险分析

https://threatpost.com/hp-to-patch-bug-impacting-50-enterprise-printer-models/128984/

https://securityaffairs.co/wordpress/65892/hacking/hp-printers-hacking.html

 

Terdot Trojan喜欢社交媒体

https://blog.malwarebytes.com/threat-analysis/malware-threat-analysis/2017/11/terdot-trojan-likes-social-media/

https://labs.bitdefender.com/2017/11/terdot-zeus-based-malware-strikes-back-with-a-blast-from-the-past/

HANCITOR MALSPAM - 现在查看ICEDID银行TROJAN（不是ZEUS熊猫银行）

https://malware-traffic-analysis.net/2017/11/21/index2.html

macOS恶意软件通过假赛门铁克博客传播 

https://www.securityweek.com/macos-malware-spread-fake-symantec-blog

 

BankBot Trojan再次绕过Google为Play商店执行的安全检查 

https://securityaffairs.co/wordpress/65808/malware/bankbot-trojan-play-store.html

Uber遭受了大规模的数据泄露，付10万美元赎金后与黑客“和解”

https://nakedsecurity.sophos.com/2017/11/22/uber-suffered-massive-data-breach-then-paid-hackers-to-keep-quiet/

 

新的Cryptomix Ransomware的第二个变种在几天内发布

https://securityaffairs.co/wordpress/65716/malware/cryptomix-ransomware-2.html

https://twitter.com/campuscodi/status/931643419281289217

https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/

趋势科技的安全专家最近观察到一种新型的EMOTET银行木马，它实现了新的规避功能

https://securityaffairs.co/wordpress/65693/malware/emotet-evasion-techniques.html

使用Meterpreter来攻击Windows

https://www.coengoedegebure.com/hacking-windows-with-meterpreter/

 

PHP的本地文件包含（LFI）和远程执行代码（RCE）漏洞

https://rawsec.ml/en/local-file-inclusion-remote-code-execution-vulnerability/

 

分析KaiXin Exploit Kit

https://www.nao-sec.org/2017/11/analyzing-kaixin-exploit-kit.html

 

Terdot银行业务木马成长为复杂的威胁

https://www.bleepingcomputer.com/news/security/terdot-banking-trojan-grows-into-a-sophisticated-threat/

 

Google修正Android的WPA2漏洞 

https://blog.avira.com/wpa2-wifi-krack/

 

在144个Android应用上发现Grabos恶意软件 

https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/?utm_campaign=Consumer&utm_source=twitter&utm_medium=spredfast&utm_content=#sf173329560

 

外媒称中国的国家漏洞数据库CNNVD增加漏洞数据速度快于美国，中国13天，美国需33天，但重要漏洞发布较慢 

https://www.bleepingcomputer.com/news/security/china-delays-vulnerability-disclosure-process-on-important-bugs/

 

德国禁止孩子的Smartwatches智能手表, 将他们归类为非法间谍设备 

https://www.bbc.com/news/technology-42030109 

 

数百种类似于乌克兰的Moxa设备电网攻击易受远程攻击 

https://www.securityweek.com/moxa-nport-devices-vulnerable-remote-attacks

 

勒索软件开始通过远程桌面入侵

https://twitter.com/SecurityWeek/status/931550136777494529

https://www.securityweek.com/ransomware-targets-smbs-rdp-attacks

 

亚马逊Smart Lock安全流程存在漏洞

https://twitter.com/MalwarePatrol/status/931570176042196992

https://www.v3.co.uk/v3-uk/news/3021310/security-flaw-in-amazon-smart-locks-would-leave-targets-exposed-to-rogue-couriers

 

目前很热的EMOTET木马家族分析

https://twitter.com/SecurityWeek/status/931591831762202628

https://www.securityweek.com/emotet-trojan-variant-evades-malware-analysis

 

GIBON 勒索木马会在攻击时统计攻击时间

https://twitter.com/McAfee/status/931599094073774083

https://securingtomorrow.mcafee.com/business/gibon-ransomware-created-benchmark-response-time/?utm_source=RR&utm_medium=Twitter#sf170467758

 

卡巴发现NSA工作人员电脑感染恶意软件

https://thehackernews.com/2017/11/kaspersky-nsa-malware.html

 

超过三款Android恶意软件家族侵入谷歌Play商店

https://www.scmagazine.com/three-more-android-malware-families-invade-google-play-store/article/707693/

勒索+点击欺诈：一种新的混合攻击

https://www.netskope.com/blog/ransomware-click-fraud-new-blended-attack/

2018年工控安全预测 8个方向直击工业控制系统要害

https://toutiao.secjia.com/2018-ics-predictions

 

漏洞相关：

思科Web安全防火墙WSA安全绕过漏洞CVE-2017-12303 可未授权访问

https://toutiao.secjia.com/web-security-appliance-bypass

 

OpenStack Swauth爆出身份验证绕过漏洞CVE-2017-16613 可未授权操作

https://toutiao.secjia.com/openstack-abypass-cve-2017-16613

 

CVE-2017-11882相关漏洞样本信息

https://twitter.com/anyrun_app

 

cve-2017-11826攻击者利用与政治主题的RTF文档

https://blog.fortinet.com/2017/11/22/cve-2017-11826-exploited-in-the-wild-with-politically-themed-rtf-document

 

Samba任意代码执行漏洞CVE-2017-14746 可执行任意代码 失败了还可DoS 

https://toutiao.secjia.com/samba-ace-cve-2017-14746

 

英特尔宣布固件存在漏洞 数百万计算机可能被远程劫持 

https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/?comments=1

 

IOS及IOS XE软件再次爆出跨站脚本漏洞CVE-2017-12304 可以执行任意代码

https://toutiao.secjia.com/ios-xe-xss-cve-2017-12304

 

12款思科产品出现未授权访问漏洞CVE-2017-12337 可拿设备Root权限

https://toutiao.secjia.com/cisco-uav-cve-2017-12337

 

blueborne RCE Android 6.0.1（cve-2017-0781）

https://jesux.es/exploiting/blueborne-android-6.0.1-english/

 

Foscam C1室内高清摄像机的多个漏洞分析

https://bobao.360.cn/learning/detail/4703.html

 

Linkedin IP闭包漏洞

https://twitter.com/TheHackersNews/status/931774220564131840