2017年12月第三周舆情周报

圣诞节临近，出现伪装成Facebook登录页面的钓鱼形式

https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/12/facebook-phishers-want-you-to-connect-with-facebook/

代码签名证书克隆攻击和防御

https://posts.specterops.io/code-signing-certificate-cloning-attacks-and-defenses-6f98657fc6ec

三种恶意软件针对MSSQL和MySQL服务器尝试攻击已达一年

https://www.bleepingcomputer.com/news/security/malware-trio-has-been-targeting-mssql-and-mysql-servers-all-year/

JexBoss - JBoss（和其他Java反序列化漏洞）验证和EXploitation工具

https://www.kitploit.com/2017/12/jexboss-jboss-and-others-java.html

Digmine加密货币僵尸网络通过Facebook Messenger传播

https://www.scmagazine.com/digmine-cryptocurrency-botnet-spreading-through-facebook-messenger/article/720451/

VenusLocker，现在已经把注意力转向了加密货币挖掘

https://www.scmagazine.com/venuslocker-ransomware-extortionists-switch-mo-pursue-monero-cryptomining/article/720255/

小型，有针对性的勒索攻击出现

https://www.darkreading.com/attacks-breaches/smalltargeted-ransomware-attacks-emerge/d/d-id/1330662

专家发现了一个新的GlobeImposter Ransomware活动

https://translate.hotcn.top/translate/page?u=https://securityaffairs.co/wordpress/67071/malware/globeimposter-ransomware-malspam-campaign.html

新的Facebook账户功能将帮助用户发现网络钓鱼

https://www.bleepingcomputer.com/news/security/new-facebook-account-feature-will-help-users-spot-phishing-attempts/

黑客使用DC警方监控系统发布Cerber Ransomware

https://www.bleepingcomputer.com/news/security/hackers-used-dc-police-surveillance-system-to-distribute-cerber-ransomware/

一周勒索软件回顾 | 15个勒索软件中8个变种4个在开发还有1个在攻击

https://toutiao.secjia.com/ransomware-weekly-4

无文件恶意软件攻击在2017年创下里程碑

https://www.darkreading.com/perimeter/fileless-malware-attacks-hit-milestone-in-2017/d/d-id/1330691?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

VMware发布了安全更新，以解决其ESXi，vCenter Server Appliance（vCSA），Workstation和Fusion产品中的四个漏洞

https://securityaffairs.co/wordpress/66997/security/vmware-code-execution-flaws.html

微软漏洞CVE-2017-11882被利用来提供Loki信息窃取器

https://www.scmagazine.com/microsoft-bug-cve-2017-11882-exploited-to-deliver-loki-information-stealer/article/720224/

华为路由器被利用来创建新的僵尸网络

https://blog.checkpoint.com/2017/12/21/huawei-routers-exploited-create-new-botnet/

VMWare两个高危任意代码执行漏洞CVE-2017-4941/33

https://toutiao.secjia.com/vmware-cve-2017-4941-33

伪装简历垃圾邮件，密码保护doc文档传播多种恶意软件

https://myonlinesecurity.co.uk/more-resume-malspam-with-password-protected-word-doc-attachments-continue-to-plague-us-delivering-a-variety-of-different-malware/

新移动木马变种Catelite bot 目标锁定 2200 金融机构

https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang

五名CTB-Locker / Cerber 相关人员被逮捕

https://www.forbes.com/sites/thomasbrewster/2017/12/20/ransomware-arrests-for-cerber-and-ctb-locker/#6afd6dbf315a

HEx-Men 组织攻击SQL server进行挖矿和DDos攻击，疑似来自中国

https://www.scmagazine.com/hex-men-trio-using-compromised-sql-servers-to-conduct-mining-ddos-attacks/article/719523/

Wordpress 验证 Captcha插件影响300k wordpress 站点

https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/

Google Chrome PDFium OpenJPEG Heap-based Buffer Overflow Vulnerability (CVE-2017-15408)

https://bugs.chromium.org/p/chromium/issues/detail?id=762374

白宫正式指责朝鲜发起WannaCry Ransomware疫情

https://www.bleepingcomputer.com/news/government/white-house-officially-blames-north-korea-for-wannacry-ransomware-outbreak/

超过 30 万安装量的 WordPress 插件被爆存在后门

https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-300-000-installations/

Python 刚刚修复了 webbrowser.py 的一个命令参数注入漏洞，攻击者可以通过 URL 向 BROWSER 环境变量注入命令参数（CVE-2017-17522）

https://bugs.python.org/issue32367

Apache Groovy 远程代码执行漏洞详情

https://www.zerodayinitiative.com/blog/2017/12/19/apache-groovy-deserialization-a-cunning-exploit-chain-to-bypass-a-patch

XBL IP黑名单由于Andromeda和Satori僵尸网络而增长了50％

https://www.bleepingcomputer.com/news/security/xbl-ip-blacklist-grows-50-percent-because-of-andromeda-and-satori-botnets/

嵌入式Web服务器GoAhead远程代码执行漏洞CVE-2017-17562分析与防护方案

https://toutiao.secjia.com/goahead-rce-cve-2017-17562

软件集成平台Jenkins爆出高危远程代码执行漏洞CVE-2017-1000353

https://toutiao.secjia.com/jenkins-rce-cve-2017-1000353

VMWare VNC漏洞

https://blog.talosintelligence.com/2017/12/vulnerability-spotlight-vmware-vnc.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29

来自卡巴斯基的专家发现了一个名为Loapi的Android恶意软件，其中包含一个非常积极的挖掘组件，可能会破坏您的电池

https://securityaffairs.co/wordpress/66943/malware/loapi-android-malware.html

2017年，韩国加密货币交易所Youbit在第二次入侵后关闭

https://securityaffairs.co/wordpress/66933/cyber-crime/youbit-cryptocurrency-exchange-shutdown.html

ImageMagick DoS漏洞三连发CVE-2017-17680/81/82

https://toutiao.secjia.com/imagemagick-dos-cve-2017-17680-81-82

假日购物季节，GratefulPOS、Emotet和Zeus Panda三个恶意软件运动活跃起来

https://www.bleepingcomputer.com/news/security/three-malware-campaigns-come-alive-for-the-holiday-shopping-season/

Python webbrowser.py远程代码执行漏洞CVE-2017-17522 失败还可DoS

https://toutiao.secjia.com/python-rce-cve-2017-17522

研究人员检测到 利用漏洞攻击网络没打补丁的windows Linux  服务器， 安装 挖矿程序

https://securityaffairs.co/wordpress/66829/cyber-crime/zealot-campaign-nsa-exploits.html

研究人员发现“Triton”和“Trisis”的恶意软件很可能是由伊朗开发的，并被用于针对沙特阿拉伯的一个组织

https://www.securityweek.com/iran-used-triton-malware-target-saudi-arabia-researchers

VB paper 有人发布著名勒索软件 Cerber的解密工具

https://www.virusbulletin.com/blog/2017/12/vb2017-paper-nine-circles-cerber/