2018年1月第3周舆情周报

网络抓包工具Wireshark再爆2个DoS漏洞CVE-2018-5334/5

https://toutiao.secjia.com/cve-2018-5334

据称，涉嫌恐怖FruitFly macOS恶意软件作者被捕

https://www.virusbulletin.com/blog/2018/01/alleged-author-creepy-fruitfly-macos-malware-arrested/

西部数据NAS设备被曝存在硬编码后门和未授权文件上传高危漏洞

https://www.freebuf.com/news/160039.html

黑客劫持BlackWallet的DNS服务器窃取400000美元

https://www.bleepingcomputer.com/news/security/hackers-hijack-dns-server-of-blackwallet-to-steal-400-000/

Mirai Okiru僵尸网络在历史上首次瞄准基于ARC的物联网设备

https://securityaffairs.co/wordpress/67742/malware/mirai-okiru-botnet.html

ARM漏洞靶场测试平台

https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html?m=1

出现针对拉丁美洲金融机构的磁盘擦除KillDisk的新变种

https://blog.trendmicro.com/trendlabs-security-intelligence/new-killdisk-variant-hits-financial-organizations-in-latin-america/

印第安纳州一家医院遭受SamSam勒索软件攻击，并已支付约5.5万美金的赎金

https://www.bleepingcomputer.com/news/security/hospital-pays-55k-ransomware-demand-despite-having-backups/

一款dropper木马通过KakaoTalk、facebook等社交网络传播

https://securingtomorrow.mcafee.com/mcafee-labs/north-korean-defectors-journalists-targeted-using-social-networks-kakaotalk/#sf179371573

ISC BIND9爆出DoS漏洞CVE-2017-3145 BIND9.0后所有版本受影响

https://toutiao.secjia.com/cve-2017-3145

加密货币挖矿恶意软件RubyMiner来袭 Linux和Windows服务器尽快打补丁

https://toutiao.secjia.com/rubyminer-cryptominer-malware

Skygofree Android间谍软件的背后可能是一家意大利IT公司

https://www.bleepingcomputer.com/news/security/italian-it-company-possibly-behind-new-skygofree-android-spyware/

Transmission BitTorrent客户端所有版本任意文件写漏洞CVE-2018-5702 PoC已公开

https://toutiao.secjia.com/cve-2018-5702

Andromeda详细分析

https://blog.avast.com/andromeda-under-the-microscope

黑客利用三个Microsoft Office缺陷传播Zyklon恶意软件

https://thehackernews.com/2018/01/microsoft-office-malware.html

勒索软件关闭了格林菲尔德的汉考克地区医院

https://www.scmagazine.com/ransomware-shuts-down-greenfields-hancock-regional-hospital/article/737081/

典当风暴准备对美国参议员，政治和奥运目标进行攻击

https://www.scmagazine.com/pawn-storm-aims-at-political-targets/article/736975/

Monero挖矿样本分析——32位程序注入64位进程

https://blog.malwarebytes.com/threat-analysis/2018/01/a-coin-miner-with-a-heavens-gate/

RubyMiner Monero Cryptominer仅在24小时内就影响了全球30％的网络

Check Point的安全研究人员已经发现了一个被称为RubyMiner的恶意软件家族，它瞄准了全球的网络服务器，试图利用他们的资源挖掘Monero的加密货币。

https://securityaffairs.co/wordpress/67865/malware/rubyminer-monero-cryptominer.html

Satori僵尸网络现在正在攻击以太坊采矿设备

https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/

Malspam推动Gozi-ISFB

https://isc.sans.edu/diary/23245

Skygofree恶意软件显示从未见过的监视功能

https://www.scmagazine.com/skygofree-malware-reminiscent-of-hacker-team/article/737303/

GhostTeam 安卓恶意软件偷取Facebook凭据

https://www.bleepingcomputer.com/news/security/ghostteam-android-malware-can-steal-facebook-credentials/

Nexflix用户遭受垃圾邮件攻击

https://www.informationsecuritybuzz.com/expert-comments/netflix-phishing-scam-targeting-users/

赛门铁克研究人员检测到 古老的中奖垃圾邮件转向 安卓

https://www.symantec.com/blogs/threat-intelligence/congratulations-you-won-scam-android

工控恶意软件Triton利用斯奈德设备的0day漏洞

https://www.securityweek.com/triton-malware-exploited-zero-day-schneider-electric-devices

Lookout 公司发布Dark Caracal 活动报告

https://www.lookout.com/info/ds-dark-caracal-ty

SaTori 新变种，不仅仅利用路由器，摄像头，IOT设备DDos，转向挖矿

https://arstechnica.com/information-technology/2018/01/in-the-wild-malware-preys-on-computers-dedicated-to-mining-cryptocurrency/