¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20181221

°ä²¼¹¦·ò 2018-12-21
1¡¢SandboxEscaperµÚÈý´ÎÔÚTwitterÉÏÅû¶δ½¨¸´µÄWindows 0day

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


×êÑÐÈËÔ±SandboxEscaperµÚÈý´ÎÔÚTwitterÉÏÅû¶δ½¨¸´µÄWindows 0day£¬ £¬ £¬£¬ £¬£¬²¢ÇÒ°ä²¼ÁËÓйØPoC¡£¡£¡£ ¡£¡£¡£¡£ ¡£Õâ¸öеķì϶´æÔÚÓÚWindowsµÄMsiAdvertiseProductÖ°ÄÜÖУ¬ £¬ £¬£¬ £¬£¬Æ¾¾Ý¸Ã×êÑÐÈËÔ±µÄ˵·¨£¬ £¬ £¬£¬ £¬£¬ÓÉÓÚûÓÐÕýÈ·ÑéÖ¤£¬ £¬ £¬£¬ £¬£¬¹¥»÷Õß¿ÉÀûÓøÃÖ°ÄÜвÆÈ×°Ö÷þÎñÒÔSYSTEMȨÏÞ¸´ÔìËÁÒâÎļþ²¢¶ÁÈ¡ÆäÄÚÈÝ£¬ £¬ £¬£¬ £¬£¬´Ó¶øµ¼ÖÂËÁÒâÎļþ¶ÁÈ¡·ì϶¡£¡£¡£ ¡£¡£¡£¡£ ¡£SandboxEscaper»¹ÔÚGithubÉϰ䲼Á˸÷ì϶µÄPoC£¬ £¬ £¬£¬ £¬£¬µ«¸ÃGithubÕË»§Ä¿Ç°Òѱ»É¾³ý¡£¡£¡£ ¡£¡£¡£¡£ ¡£SandboxEscaperÔøÔÚ2018Äê8Ô·ݺÍ10Ô·ݱðÀëÔÚTwitterÉÏÅû¶ÁËÁ½¸öWindows 0day¡£¡£¡£ ¡£¡£¡£¡£ ¡£

   

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2018/12/windows-zero-day-exploit.html


2¡¢McAfee³Æ×î½üµÄShamoon¹¥»÷»î¶¯ÒÉÓëÒÁÀÊAPT33ÓйØ

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website



ƾ¾ÝMcAfee³¢ÊÔÊÒ¶Ô×î½üµÄShamoon¹¥»÷»î¶¯µÄ·ÖÎö£¬ £¬ £¬£¬ £¬£¬×êÑÐÈËÔ±ÒÔΪÆä¹¤¾ß¡¢¼¼ÊõºÍ·¨Ê½£¨TTP£©Óë2016ÖÁ2017ÄêµÄShamoon v2ά³ÖÒ»Ö£¬ £¬ £¬£¬ £¬£¬2018ÄêµÄShamoon¹¥»÷»î¶¯¿ÉÄÜÓëÒÁÀʺڿÍ×éÖ¯APT33Óйأ¬ £¬ £¬£¬ £¬£¬µ«Ò²ÓпÉÄÜÊÇÆäËü¹¥»÷Õß¼Ù×°³ÉAPT33¡£¡£¡£ ¡£¡£¡£¡£ ¡£ÔÚ´ÓǰµÄ¼¸ÖÜÀ £¬ £¬£¬ £¬£¬Shamoon v3ͨ¹ýÇóÖ°Àà´¹µöÍøÕ¾¹¥»÷ʯÓÍ¡¢ÌìÈ»Æø¡¢ÄÜÔ´¡¢µçÐÅÆóÒµºÍµ±¾Ö»ú¹¹£¬ £¬ £¬£¬ £¬£¬ÕâЩÓÃÓÚÍøÂçÊܺ¦ÕßÍ´´¦µÄ³õ²½´¹µö¹¥»÷ËÆºõÔçÔÚ2018Äê8Ôµ׾ÍÒÑÆðÍ·¡£¡£¡£ ¡£¡£¡£¡£ ¡£ÔÚеÄ.Net°æ±¾µÄÊý¾Ý²Á³ýÆ÷ÖУ¬ £¬ £¬£¬ £¬£¬×êÑÐÈËÔ±·¢ÏÖÁËÔ̺¬Ò»¶Î¹ÅÀ¼¾­ÎĵÄASCII×Ö·û£¨Surah Masad, Ayat 1£¬ £¬ £¬£¬ £¬£¬´óÒâÎªÕæÖ÷±Ø½«³ÍÖΣ©¡£¡£¡£ ¡£¡£¡£¡£ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems/


3¡¢15¸öAndroid±ÚÖ½ÀûÓôæÔÚ¸æ°×ڲƭÐÐΪ£¬ £¬ £¬£¬ £¬£¬×ÜÏÂÔØÁ¿³¬¹ý22Íò´Î

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Ç÷Ïò¿Æ¼¼×êÑÐÈËÔ±ÔÚGoogle PlayÖмì²âµ½15¸öÉæ¼°¸æ°×ڲƭ»î¶¯µÄAndroid±ÚÖ½ÀûÓ㬠£¬ £¬£¬ £¬£¬ÕâЩÀûÓõÄ×ÜÌåÏÂÔØÁ¿³¬¹ý22.22Íò´Î¡£¡£¡£ ¡£¡£¡£¡£ ¡£Ò£²âÊý¾ÝÅú×¢Êܵ½Ï°È¾×î¶àµÄ¹ú¶È/µØÓòÊÇÒâ´óÀû¡¢Öйų́Íå¡¢ÃÀ¹ú¡¢µÂ¹úºÍÓ¡¶ÈÄáÎ÷ÑÇ¡£¡£¡£ ¡£¡£¡£¡£ ¡£GoogleĿǰÒÑ´ÓPlay StoreÖÐɾ³ýÁËÕâЩ¶ñÒâÀûÓᣡ£¡£ ¡£¡£¡£¡£ ¡£ÕâЩÀûÓÃ×ÔÉíÒ²ÓµÓкܸߵÄÓû§ºÃÆÀ£¬ £¬ £¬£¬ £¬£¬µ«×êÑÐÈËÔ±¸ß¶ÈÒÉ»óÕâЩÆÀÂÛÊǼٵģ¬ £¬ £¬£¬ £¬£¬Ö»ÊÇΪÁËÎüÒýÓû§ÏÂÔØ¡£¡£¡£ ¡£¡£¡£¡£ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://blog.trendmicro.com/trendlabs-security-intelligence/android-wallpaper-apps-found-running-ad-fraud-scheme/


4¡¢MiraiбäÖÖMioriͨ¹ýPHP¿ò¼ÜÖеÄRCE·ì϶´«²¼

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Ç÷Ïò¿Æ¼¼×êÑÐÈËÔ±·¢ÏÖIoT½©Ê¬ÍøÂçMiraiµÄÒ»¸ö±äÖÖMioriͨ¹ýPHP¿ò¼ÜThinkPHPÖеÄÔ¶³Ì´úÂëÖ´Ðзì϶´«²¼¡£¡£¡£ ¡£¡£¡£¡£ ¡£¸Ã·ì϶ÊÇ12ÔÂ11ÈÕÆØ¹âµÄÒ»¸öзì϶£¬ £¬ £¬£¬ £¬£¬Ó°ÏìÁËThinkPHP v5.0.23/5.1.31¼°Ö®Ç°µÄ°æ±¾¡£¡£¡£ ¡£¡£¡£¡£ ¡£Ò»µ©Óû§µÄLinux·þÎñÆ÷ϰȾÁËMiori£¬ £¬ £¬£¬ £¬£¬Ëü½«»á³ÉΪ½©Ê¬ÍøÂçµÄÒ»²¿ÃÅ£¬ £¬ £¬£¬ £¬£¬ÓÃÓÚÌáÒéDDoS¹¥»÷¡£¡£¡£ ¡£¡£¡£¡£ ¡£×êÑÐÈËÔ±»¹·¢ÏÖÁËÁí±íµÄÁ½¸öÒÑÖªµÄMirai±äÖÖIZ1H9ºÍAPEPͬÑùÀûÓø÷ì϶½øÐд«²¼¡£¡£¡£ ¡£¡£¡£¡£ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://blog.trendmicro.com/trendlabs-security-intelligence/with-mirai-comes-miori-iot-botnet-delivered-via-thinkphp-remote-code-execution-exploit/


5¡¢ÃÀ¹úºÍÓ¢¹úÔâ·êÐÂÒ»ÂÖ¶ñÒâÓʼþ¹¥»÷£¬ £¬ £¬£¬ £¬£¬ÖØÒªÕë¶Ô½ðÈÚ¹«Ë¾

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Menlo Labs·¢ÏÖÕë¶ÔÒøÐкͽðÈÚ·þÎñ¹«Ë¾µÄ¶ñÒâµç×ÓÓʼþ»î¶¯£¬ £¬ £¬£¬ £¬£¬¸Ã»î¶¯×Ô2018Äê8ÔÂÒÔÀ´Ò»Ïò»îÔ¾£¬ £¬ £¬£¬ £¬£¬ÖØÒªÕë¶ÔÃÀ¹úºÍÓ¢¹ú¡£¡£¡£ ¡£¡£¡£¡£ ¡£¸Ã»î¶¯ÖеĶñÒâpayloadÍйÜÔÚGoogleÔÆ·þÎñ£¨storage.googleapis.com£©ÉÏ£¬ £¬ £¬£¬ £¬£¬ÒÔÈÆ¹ý°²È«²úÆ·µÄ°²È«½ÚÔì¡£¡£¡£ ¡£¡£¡£¡£ ¡£µÚÒ»½×¶ÎµÄdropperÔ̺¬vbsÎļþºÍjarÎļþ£¬ £¬ £¬£¬ £¬£¬ÕâЩvbsÎļþ½øÐÐÁ˸߶ȻìºÏ£¬ £¬ £¬£¬ £¬£¬²¢ÇÒ¿ÉÄÜÊÇÓÉÒ»ÑùµÄ¹¤¾ß°ü´´½¨µÄ¡£¡£¡£ ¡£¡£¡£¡£ ¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies


6¡¢Î¢Èí°ä²¼´¹Î£°²È«¸üУ¬ £¬ £¬£¬ £¬£¬½¨¸´Ò»¸öÐÂIE 0day

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


΢Èí°ä²¼´¹Î£´ø±í¸üУ¬ £¬ £¬£¬ £¬£¬½¨¸´IEä¯ÀÀÆ÷ÖеÄÒ»¸ö¸ßΣ0day¡£¡£¡£ ¡£¡£¡£¡£ ¡£¸Ã·ì϶£¨CVE-2018-8653£©ÊÇÓɹȸèÍþв·ÖÎöÓ××éµÄ°²È«×êÑÐÔ±Clement Lecigne·¢Ïֵģ¬ £¬ £¬£¬ £¬£¬ÊÇIE JScript¾ç±¾ÒýÇæÖеÄÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©·ì϶£¬ £¬ £¬£¬ £¬£¬³É¹¦ÀûÓô˷ì϶µÄ¹¥»÷ÕßÄܹ»ÔÚµ±Ç°Óû§µÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£ ¡£¡£¡£¡£ ¡£¸Ã·ì϶ӰÏìÁËWindows Server 2008ÖеÄIE9£¬ £¬ £¬£¬ £¬£¬Windows Server 2012ÖеÄIE10ÒÔ¼°¶à¸öWindows°æ±¾ÖеÄIE 11¡£¡£¡£ ¡£¡£¡£¡£ ¡£ÓÉÓÚ´Ë·ì϶ÒÑÔÚÒ°±í±»»ý¼«ÀûÓ㬠£¬ £¬£¬ £¬£¬½¨ÒéÓû§¾¡¿ì×°ÖøüС£¡£¡£ ¡£¡£¡£¡£ ¡£

 

 Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2018/12/internet-explorer-zero-day.html


ÉêÃ÷£º±¾×ÊѶÓÉ8827Ì«Ñô¼¯ÍÅάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù