2018年1月第2周舆情周报

FakeBank 恶意软件获取敏感的银行短信消息

https://www.scmagazine.com/fakebank-malware-accesses-sensitive-sms-banking-messages/article/736311/

MaMi Mac木马劫持DNS设置，安装root证书，攻击者可进行中间人攻击

https://www.securityweek.com/mami-mac-malware-hijacks-dns-settings

APT新动向 | 揭秘黄金鼠组织的三次攻击行动

https://www.freebuf.com/news/159750.html

iCloud艳照门黑客被FBI抓捕

https://thehackernews.com/2018/01/celebgate-fappening-hacker.html

一个挖矿样本的详细分析

https://secrary.com/ReversingMalware/CoinMiner/

儿童app里暗藏色情软件

https://www.hackread.com/android-apps-for-kids-with-pornographic-malware/

联想研究人员发现网络交换机的后门，隐藏的账户，很难被利用

https://www.bleepingcomputer.com/news/security/lenovo-discovers-and-removes-backdoor-in-networking-switches/

#malspam pushing #NanoCore #RAT 

https://malware-traffic-analysis.net/2018/01/12/index.html

虚假Spectre和Meltdown补丁，Smoke loader恶意软件

https://blog.malwarebytes.com/cybercrime/2018/01/fake-spectre-and-meltdown-patch-pushes-smoke-loader/

英特尔Broadwell和Haswell CPU在固件更新后遇到重新启动

https://www.bleepingcomputer.com/news/hardware/intel-broadwell-and-haswell-cpus-experiencing-reboots-after-firmware-updates/

2018年冬季奥运会被用作钓鱼攻击诱饵

https://www.scmagazine.com/2018-winter-olympics-being-used-as-phishing-attack-bait/article/735639/

Juniper Junos安全绕过漏洞CVE-2018-0009 多个版本受影响

https://toutiao.secjia.com/cve-2018-0009

WhatsApp的群组消息功能可能被攻击者破解

https://threatpost.com/whatsapp-downplays-damage-of-a-group-invite-bug/129387/

Ursnif恶意软件的新变种采用新的逃避技术—— “double process hollowing” 

https://securityaffairs.co/wordpress/67636/malware/process-hollowing-ursnif-malware.html

Cryptominer恶意软件通过恶意广告传播

https://www.scmagazine.com/researchers-spotted-malware-coin-miners-in-malvertising-campaigns/article/736315/

#Malspam pushing fake invoice delivers #AgentTesla #Keylogger

https://malwarebreakdown.com/2018/01/11/malspam-entitled-invoice-attched-for-your-reference-delivers-agent-tesla-keylogger/

Jackson-databind爆出远程代码执行漏洞CVE-2017-17485

https://toutiao.secjia.com/cve-2017-17485

苹果系统High Sierra 10.13.2又爆0Day漏洞 不用密码就修改你的设置

https://toutiao.secjia.com/high-sierra-10-13-0day

Campaign正在使用最近发布的WebLogic漏洞来部署Monero矿工

https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/

思科统一通信管理器爆出跨站脚本漏洞CVE-2018-0118 还没有补丁

https://toutiao.secjia.com/cve-2018-0118

SAP爆出内核身份验证绕过漏洞CVE-2018-2360 可执行未授权操作

https://toutiao.secjia.com/cve-2018-2360

微软office爆出内存破坏漏洞CVE-2018-0812 可执行任意代码也可DoS

https://toutiao.secjia.com/cve-2018-0802

VirusTotal宣布推出一款名为VirusTotal Graph的可视化工具，旨在帮助进行恶意软件分析

https://securityaffairs.co/wordpress/67572/malware/virustotal-graph.html

研究人员在西部数字存储设备中发现硬编码后门 

https://hotforsecurity.bitdefender.com/blog/researcher-finds-hardcoded-backdoor-in-western-digital-storage-devices-19417.html

新的加密货币挖掘恶意软件与朝鲜有联系

https://www.darkreading.com/attacks-breaches/new-cryptocurrency-mining-malware-has-links-to-north-korea/d/d-id/1330773?_mc=sm_dr&hootPostID=84b426c3671aee590247b40242dcd6c0

新时代下的网络安全新常态：2018中国网络安全十大趋势预测 

https://www.freebuf.com/articles/network/159145.html

2018年1月安卓安全公告，谷歌修复5个关键BUG和33个高危漏洞 

https://www.freebuf.com/news/159472.html

攻击者利用Google App script传播恶意软件 PoC已公开 

https://toutiao.secjia.com/google-app-script-phishing-attacks

Meltdown/Spectre 

https://react-etc.net/entry/exploiting-speculative-execution-meltdown-spectre-via-javascript

Spectre_Meltdown_vulnerabilities 

https://github.com/jfdelnero/TrucsEnVrac/tree/master/Spectre_Meltdown_vulnerabilities

针对平昌奥运会的鱼叉式网络钓鱼攻击 

https://securityaffairs.co/wordpress/67461/hacking/pyeongchang-olympic-games-hacking.html

Hijack 微软数字签名 

https://twitter.com/mattifestation/status/950103378360700935

专家发现一个zeus银行木马病毒通过一个合法的开发者的网站蔓延 

https://securityaffairs.co/wordpress/67475/malware/zeus-banking-trojan.html