2017年12月第三周舆情周报

2017-12-25 来源:原创 作者:腾讯反病毒实验室
【文章摘要】2017年12月第三周舆情周报:安卓恶意软件,新敲诈样本,重大漏洞,其他安全事件等

圣诞节临近,出现伪装成Facebook登录页面的钓鱼形式

https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/12/facebook-phishers-want-you-to-connect-with-facebook/

代码签名证书克隆攻击和防御

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

三种恶意软件针对MSSQLMySQL服务器尝试攻击已达一年

https://www.bleepingcomputer.com/news/security/malware-trio-has-been-targeting-mssql-and-mysql-servers-all-year/

JexBoss - JBoss(和其他Java反序列化漏洞)验证和EXploitation工具

https://www.kitploit.com/2017/12/jexboss-jboss-and-others-java.html

Digmine加密货币僵尸网络通过Facebook Messenger传播

https://www.scmagazine.com/digmine-cryptocurrency-botnet-spreading-through-facebook-messenger/article/720451/

VenusLocker,现在已经把注意力转向了加密货币挖掘

https://www.scmagazine.com/venuslocker-ransomware-extortionists-switch-mo-pursue-monero-cryptomining/article/720255/

小型,有针对性的勒索攻击出现

https://www.darkreading.com/attacks-breaches/smalltargeted-ransomware-attacks-emerge/d/d-id/1330662

专家发现了一个新的GlobeImposter Ransomware活动

http://translate.hotcn.top/translate/page?u=http://securityaffairs.co/wordpress/67071/malware/globeimposter-ransomware-malspam-campaign.html

新的Facebook帐户功能将帮助用户发现网络钓鱼

https://www.bleepingcomputer.com/news/security/new-facebook-account-feature-will-help-users-spot-phishing-attempts/

黑客使用DC警方监控系统发布Cerber Ransomware

https://www.bleepingcomputer.com/news/security/hackers-used-dc-police-surveillance-system-to-distribute-cerber-ransomware/

一周勒索软件回顾 | 15个勒索软件中8个变种4个在开发还有1个在攻击

http://toutiao.secjia.com/ransomware-weekly-4

无文件恶意软件攻击在2017年创下里程碑

https://www.darkreading.com/perimeter/fileless-malware-attacks-hit-milestone-in-2017/d/d-id/1330691?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

VMware发布了安全更新,以解决其ESXivCenter Server AppliancevCSA),WorkstationFusion产品中的四个漏洞

http://securityaffairs.co/wordpress/66997/security/vmware-code-execution-flaws.html

微软漏洞CVE-2017-11882被利用来提供Loki信息窃取器

https://www.scmagazine.com/microsoft-bug-cve-2017-11882-exploited-to-deliver-loki-information-stealer/article/720224/

华为路由器被利用来创建新的僵尸网络

https://blog.checkpoint.com/2017/12/21/huawei-routers-exploited-create-new-botnet/

VMWare两个高危任意代码执行漏洞CVE-2017-4941/33

http://toutiao.secjia.com/vmware-cve-2017-4941-33

伪装简历垃圾邮件,密码保护doc文档传播多种恶意软件

https://myonlinesecurity.co.uk/more-resume-malspam-with-password-protected-word-doc-attachments-continue-to-plague-us-delivering-a-variety-of-different-malware/

新移动木马变种Catelite bot 目标锁定 2200 金融机构

https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang

五名CTB-Locker / Cerber 相关人员被逮捕

https://www.forbes.com/sites/thomasbrewster/2017/12/20/ransomware-arrests-for-cerber-and-ctb-locker/#6afd6dbf315a

HEx-Men 组织攻击SQL server进行挖矿和DDos攻击,疑似来自中国

https://www.scmagazine.com/hex-men-trio-using-compromised-sql-servers-to-conduct-mining-ddos-attacks/article/719523/

Wordpress 验证 Captcha插件影响300k wordpress 站点

https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/

Google Chrome PDFium OpenJPEG Heap-based Buffer Overflow Vulnerability (CVE-2017-15408)

https://bugs.chromium.org/p/chromium/issues/detail?id=762374

白宫正式指责朝鲜发起WannaCry Ransomware疫情

https://www.bleepingcomputer.com/news/government/white-house-officially-blames-north-korea-for-wannacry-ransomware-outbreak/

超过 30 万安装量的 WordPress 插件被爆存在后门

https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-300-000-installations/

Python 刚刚修复了 webbrowser.py 的一个命令参数注入漏洞,攻击者可以通过 URL 向 BROWSER 环境变量注入命令参数(CVE-2017-17522

https://bugs.python.org/issue32367

Apache Groovy 远程代码执行漏洞详情

https://www.zerodayinitiative.com/blog/2017/12/19/apache-groovy-deserialization-a-cunning-exploit-chain-to-bypass-a-patch

XBL IP黑名单由于AndromedaSatori僵尸网络而增长了50

https://www.bleepingcomputer.com/news/security/xbl-ip-blacklist-grows-50-percent-because-of-andromeda-and-satori-botnets/

嵌入式Web服务器GoAhead远程代码执行漏洞CVE-2017-17562分析与防护方案

http://toutiao.secjia.com/goahead-rce-cve-2017-17562

软件集成平台Jenkins爆出高危远程代码执行漏洞CVE-2017-1000353

http://toutiao.secjia.com/jenkins-rce-cve-2017-1000353

VMWare VNC漏洞

http://blog.talosintelligence.com/2017/12/vulnerability-spotlight-vmware-vnc.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29

来自卡巴斯基的专家发现了一个名为LoapiAndroid恶意软件,其中包含一个非常积极的挖掘组件,可能会破坏您的电池

http://securityaffairs.co/wordpress/66943/malware/loapi-android-malware.html

2017年,韩国加密货币交易所Youbit在第二次入侵后关闭

http://securityaffairs.co/wordpress/66933/cyber-crime/youbit-cryptocurrency-exchange-shutdown.html

ImageMagick DoS漏洞三连发CVE-2017-17680/81/82

http://toutiao.secjia.com/imagemagick-dos-cve-2017-17680-81-82

假日购物季节,GratefulPOSEmotetZeus Panda三个恶意软件运动活跃起来

https://www.bleepingcomputer.com/news/security/three-malware-campaigns-come-alive-for-the-holiday-shopping-season/

Python webbrowser.py远程代码执行漏洞CVE-2017-17522 失败还可DoS

http://toutiao.secjia.com/python-rce-cve-2017-17522

研究人员检测到 利用漏洞攻击网络没打补丁的windows Linux  服务器, 安装 挖矿程序

http://securityaffairs.co/wordpress/66829/cyber-crime/zealot-campaign-nsa-exploits.html

研究人员发现“Triton”和“Trisis”的恶意软件很可能是由伊朗开发的,并被用于针对沙特阿拉伯的一个组织

http://www.securityweek.com/iran-used-triton-malware-target-saudi-arabia-researchers

VB paper 有人发布著名勒索软件 Cerber的解密工具

https://www.virusbulletin.com/blog/2017/12/vb2017-paper-nine-circles-cerber/

电脑管家V12.11

4大安全能力再升级

详情>>

版本更新:2018.1.15