2017年11月第五周舆情周报

2017-12-01 来源:原创 作者:腾讯反病毒实验室
【文章摘要】2017年11月第五周舆情周报:安卓恶意软件,新敲诈样本,重大漏洞,其他安全事件等

谷歌检测Android Tizi间谍软件,间谍流行的应用程序,如WhatsApp和电报

http://securityaffairs.co/wordpress/66116/malware/android-tizi-spyware.html


macOS 漏洞可以让你登录的管理员不需要密码

https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/


.fucku 结尾的勒索样本出来解密工具了

https://twitter.com/demonslay335/status/935622942737817601

 

macOS平台新的挖矿木马:OSX.CpuMeaner

https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/

 

目标针对东南亚的远程访问木马攻击:UBoatRAT

https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/

 

大规模的电子邮件运动传播SCARAB勒索

https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware


超过 400 000 电子邮件服务器可能受到严重 RCE 漏洞的影响

https://www.bleepingcomputer.com/news/security/no-patch-available-for-rce-bug-affecting-half-of-the-internets-email-servers/

 

世界上最大的僵尸网络Necurs6个小时内发出了1250万封垃圾邮件

http://www.ibtimes.co.uk/game-thrones-botnet-spewed-12-5m-booby-trapped-emails-6-hours-1649118?utm_campaign=soficalflowtwitter&utm_source=socialflowtwitter&utm_medium=articles

 

AV-Test6款儿童智能手表评估发现惊人漏洞

https://www.av-test.org/en/news/news-single-view/shock-around-the-clock-6-childrens-watches-in-the-test/

 

伪造的赛门铁克网站传播OSX.Proton密码窃取器

https://www.scmagazine.com/osxproton-spread-via-fake-symantec-blog/article/709695/

 

自我传播恶意软件利用Office内置机制

http://securityaffairs.co/wordpress/65942/hacking/self-replicating-malware-flaw.html

 

假勒索软件生成器

https://twitter.com/leotpsc/status/934628866856927232

 

修复wordpress pingback DDos攻击

http://josephfoulds.com/mitigating-wordpress-pingback-reflective-ddos-attacks/

 

DrWeb发现伪装libzlinux后门木马

https://news.drweb.com/show/?i=11593&lng=en

 

恶意软件分析工具汇总

https://github.com/wtsxDev/Malware-Analysis


GOLDEN SAML攻击技术伪造身份验证到云应用程序

http://securityaffairs.co/wordpress/66002/hacking/golden-saml-hacking.html


有史以来失败的最糟糕的7款恶意软件

https://medium.com/threat-intel/malware-fails-cybersecurity-d37fa1fc525

 

劫持比特币:对加密货币进行路由攻击

https://btc-hijack.ethz.ch/

 

德国信息安全研究人员在31个银行应用程序中发现严重问题,容易受到黑客的攻击

https://www.heise.de/security/meldung/31-lueckenhafte-Banking-Apps-Forscher-entlarven-App-TAN-Verfahren-abermals-als-unsicher-3900945.html

 

TEMPESTSDRSDR工具在电脑屏幕上通过无意窃听射频辐射

https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/



一个新的Mirai变种正在迅速传播,专家们在过去的60个小时内观察了大约100KIP地址,搜索有缺陷的ZyXEL PK5001Z路由器。

http://securityaffairs.co/wordpress/66012/malware/mirai-argentina.html

 

通过你的屏幕施法者攻击你的办公室

https://www.pentestpartners.com/security-blog/hacking-your-office-through-your-screen-caster/

 

Windows中的ASLR漏洞发布警告 (地址随机机制漏洞)

https://www.scmagazine.com/us-cert-issues-warning-on-aslr-vulnerability-in-windows/article/708805/

 

Google Play商店让数百万用户下载恶意软件的Android应用

http://www.ibtimes.com/google-play-store-let-millions-users-download-malware-laden-android-apps-2614780?sf173819016=1

 

144GooglePlay应用程序中发现新的Android恶意软件

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-grabos-exposed-millions-to-pay-per-install-scam-on-google-play/#sf173818493

 

systemd漏洞导致Linux上的拒绝服务

http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerability-leads-to-denial-of-service-on-linux/


电脑管家V12.10

最近文档全新功能上线

详情>>

版本更新:2017.11.27