2017年12月第一周舆情周报

发现"拿破仑"勒索软件的新版本

https://blog.malwarebytes.com/threat-analysis/2017/12/napoleon-ransomware/

内核漏洞利用：通过WARBIRD在Windows 10上提升权限

https://www.freebuf.com/vuls/155972.html

CVE-2017-11882漏洞分析

https://researchcenter.paloaltonetworks.com/2017/12/unit42-analysis-of-cve-2017-11882-exploit-in-the-wild/

新的电子邮件漏洞可能允许发件人欺骗

https://www.symantec.com/blogs/threat-intelligence/mailsploit-email-exploit-spoofing

勒索软件 利用Linux Samba漏洞 感染网络存储设备

https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/

Mozilla Firefox多个安全绕过漏洞CVE-2017-7843/44 失败还可DoS

https://toutiao.secjia.com/firefox-bypass-cve-2017-7843-44

Linux内核DoS漏洞CVE-2017-1000407 大批版本受影响

https://toutiao.secjia.com/linux-kernel-dos-cve-2017-1000407

RTF 漏洞分析

https://securityoversimplicity.wordpress.com/2017/11/23/not-all-she-wrote-part-3-rigged-rtf-documents/

网银木马利用 钓鱼邮件 .bat powershell 进行传播。

https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091

.GOTYA 勒索也出来解密工具了

https://twitter.com/demonslay335/status/937705779825700864 

cerber最新样本

https://twitter.com/clucianomartins/status/937298746827821057

联邦政府关闭运行时间最长的仙女座僵尸网络

https://thehackernews.com/2017/12/andromeda-botnet.html

技术支持诈骗恶意软件伪造死亡蓝屏

https://www.infosecurity-magazine.com/news/tech-support-scam-malware-fake/

RSA身份验证代理安全绕过漏洞CVE-2017-14377/14378 CVSS10分漏洞

https://toutiao.secjia.com/rsa-authentication-agent-bypass

谷歌正在打击不受欢迎和有害的Android应用

https://threatpost.com/google-cracks-down-on-nosy-android-apps/129081/

通过邮件传播的勒索下载

https://twitter.com/tmmalanalyst/status/937877705181216768

Necurs僵尸网络malspam推dridex

https://malware-traffic-analysis.net/2017/12/04/index2.html

在RSA Authentication SDK中发现了两个不同漏洞 

https://securityaffairs.co/wordpress/66325/hacking/rsa-authentication-sdk-flaws.html

Halloware Ransomware在黑暗的网上只售40美元 

https://www.bleepingcomputer.com/news/security/halloware-ransomware-on-sale-on-the-dark-web-for-only-40/?utm_content=buffer50c66&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

PayPal附属数据泄露事件高达160万个客户

https://thehackernews.com/2017/12/paypal-tio-data-breach.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29

新的Shadow BTCware Ransomware变种发布

https://www.bleepingcomputer.com/news/security/new-shadow-btcware-ransomware-variant-released/

2个新的基于.NET的Ransomware(Vortex、BUGWARE)使用开源代码

https://www.securityweek.com/new-net-based-ransomware-uses-open-source-code

CryptoMix勒索软件的新变种发布

https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/

NHS DMARC失败使医疗机构面临网络钓鱼

https://www.infosecurity-magazine.com/news/nhs-dmarc-fail-leaves-patients?utm_source=twitterfeed&utm_medium=twitter

Apache Struts S2-055反序列化漏洞CVE-2017-7525 2.5至2.5.14受影响

https://toutiao.secjia.com/apache-s2-055-cve-2017-7525

谷歌发现新的Tizi Android恶意软件

https://www.bleepingcomputer.com/news/security/google-discovers-new-tizi-android-spyware/

本周勒索软件概述

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-1st-2017-decryptors-btcware-and-more/

Linux邮件代理Exim远程代码执行漏洞CVE-2017-16943 4.88和4.89受影响

https://toutiao.secjia.com/exim-rce-cve-2017-16943

思科WebEx Meetings Server远程安全绕过漏洞CVE-2017-12363

https://toutiao.secjia.com/webex-bypass-cve-2017-12363

cURL/libcURL缓冲区溢出漏洞CVE-2017-8816 还可DoS 7.36.0到7.56.1受影响

https://toutiao.secjia.com/curl-bov-cve-2017-8816

在144个GooglePlay应用程序中发现新的Android恶意软件Grabos

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-grabos-exposed-millions-to-pay-per-install-scam-on-google-play/#sf174581529

ransomware:全盘文件加密为..doc后缀

https://malware-traffic-analysis.net/2017/11/30/index.html