¡¶Î¬ËûÃü¡·ÖðÈÕ°²È«¼òѶ20190307

°ä²¼¹¦·ò 2019-03-07
1¡¢¹È¸è½¨¸´Chrome 0day£¬£¬£¬£¬£¬ £¬½¨ÒéÓû§¾¡¿ì¸üÐÂ

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

°²È«×êÑÐÔ±Clement LecigneÔÚ2ÔÂÄ©Ïò¹È¸è»ã±¨ÁËChromeÖеÄÒ»¸ö0day£¬£¬£¬£¬£¬ £¬¸Ã·ì϶¿ÉÔÊÐíÔ¶³Ì¹¥»÷ÕßÔÚÓû§µÄÍÆËã»úÉÏÖ´ÐÐËÁÒâ´úÂë²¢ÆëÈ«½ÚÔìÍÆËã»ú ¡£¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶£¨CVE-2019-5786£©Ó°ÏìÁËËùÓÐÖ÷Á÷ƽ̨ÉϵÄChrome°æ±¾£¬£¬£¬£¬£¬ £¬Ô̺¬Windows¡¢macOSºÍLinux ¡£¡£¡£¡£¡£¡£¡£¡£Chrome°²È«ÍŶӰµÊ¾ÎÊÌâÊÇÓÉChromeµÄFileReader×é¼þÖеÄuse-after-free·ì϶µ¼ÖµÄ£¬£¬£¬£¬£¬ £¬µ«Î´Åû¶Èκμ¼Êõϸ½Ú ¡£¡£¡£¡£¡£¡£¡£¡£¹È¸è»¹ÖÒ¸æ³Æ¸Ã·ì϶ÒÑÔÚÒ°±í±»»ý¼«ÀûÓà ¡£¡£¡£¡£¡£¡£¡£¡£½¨ÒéÓû§¾¡¿ì×°ÖÃChrome¸üÐÂ72.0.3626.121 ¡£¡£¡£¡£¡£¡£¡£¡£

   

Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2019/03/update-google-chrome-hack.html

2¡¢ÂÞ¿ËΤ¶û×Ô¶¯»¯½¨¸´RSLinxÖеÄDoS/RCE·ì϶

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

ÂÞ¿ËΤ¶û×Ô¶¯»¯ÎªÆäRSLinx ClassicÈí¼þ°ä²¼²¹¶¡£¬£¬£¬£¬£¬ £¬½¨¸´ÁËÒ»¸ö¿Éµ¼ÖÂDoSÒÔ¼°RCEµÄ¸ßΣ·ì϶£¨CVE-2019-6553£© ¡£¡£¡£¡£¡£¡£¡£¡£RSLinx ClassicÊÇ×°ÖÃ¿í·ºµÄͨѶÈí¼þ£¬£¬£¬£¬£¬ £¬ÓÃÓÚ½«Allen Bradley PLCÏνӵ½±à³Ì¡¢Êý¾Ý²É¼¯ºÍÅäÖÃÀûÓà ¡£¡£¡£¡£¡£¡£¡£¡£Tenable×êÑÐÈËÔ±·¢ÏָòúƷʹÓõÄDLLÖдæÔÚÒ»¸öÊäÈëÑéÖ¤ÎÊÌ⣬£¬£¬£¬£¬ £¬¿Éµ¼Ö»º³åÇøÒç³ö ¡£¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿Éͨ¹ýÏò¶Ë¿Ú44818·¢ËͶñÒâÊý¾Ý°üÀ´´¥·¢´Ë·ì϶ ¡£¡£¡£¡£¡£¡£¡£¡£¸Ã·ì϶µÄCVSSÆÀ·ÖΪ10·Ö ¡£¡£¡£¡£¡£¡£¡£¡£ÂÞ¿ËΤ¶û°µÊ¾¸Ã·ì϶ӰÏìÁËRSLinx Classic 4.10.00¼°Ö®Ç°µÄ°æ±¾ ¡£¡£¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/rockwell-automation-patches-critical-dosrce-flaw-rslinx-software

3¡¢¹È¸è°ä²¼3ÔÂAndroid°²È«¸üУ¬£¬£¬£¬£¬ £¬½¨¸´45¸ö·ì϶

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

¹È¸è°ä²¼3Ô·ݵÄAndroid°²È«¸üУ¬£¬£¬£¬£¬ £¬¹²½¨¸´¿ò¼Ü¡¢Ã½Ìå¿ò¼Ü¡¢ÏµÍ³¡¢Äں˼°¸ßͨ×é¼þÖеÄ45¸ö·ì϶ ¡£¡£¡£¡£¡£¡£¡£¡£ÆäÖÐ×îΪÑϳÁµÄ·ì϶ÊÇýÌå¿ò¼ÜÖеĸßΣRCE·ì϶£¨CVE-2019-1989ºÍCVE-2019-1990£©£¬£¬£¬£¬£¬ £¬Ô¶³Ì¹¥»÷ÕßÄܹ»ÀûÓø÷ì϶ÔÚÌØÈ¨¹ý³ÌµÄ¸ßµÍÎÄÖÐÖ´ÐÐËÁÒâ´úÂë ¡£¡£¡£¡£¡£¡£¡£¡£ÆëÈ«·ì϶ÁбíÇë²Î¿¼ÒÔÏÂÁ´½Ó ¡£¡£¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://news.softpedia.com/news/android-security-patch-for-march-2019-now-rolling-out-with-45-security-fixes-525184.shtml

4¡¢×êÑÐÅú×¢2018Äê²úÉú12449ÆðÊý¾Ýй¶ÊÂÎñ£¬£¬£¬£¬£¬ £¬±È2017ÄêÔö³¤424%

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

ƾ¾ÝÍþвµý±¨¹«Ë¾4IQµÄÒ»·Ýл㱨£¬£¬£¬£¬£¬ £¬2018ÄêÒÑÈ·ÈϵÄÊý¾Ýй¶ÊÂÎñµÄÊýÁ¿´ï12449Æð£¬£¬£¬£¬£¬ £¬Óë2017ÄêÏà±ÈÔö³¤424%£¬£¬£¬£¬£¬ £¬ÆäÖÐ47%µÄÊÂÎñÓëÃÀ¹úºÍÖйúµÄ¹«Ë¾ÓÐ¹Ø ¡£¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾Í³¼ÆµÄÊÇÒÑÈ·ÈϵÄÊý¾Ýй¶ÊÂÎñ£¬£¬£¬£¬£¬ £¬¹ÌÈ»ÊÂÎñµÄÊýÁ¿ÔÚ2018Äê´ó·ùÌáÉý£¬£¬£¬£¬£¬ £¬µ«¾ùÔÈй¶¹æÄ£Ôò½µÂäÖÁ216884±Ê¼Í¼£¬£¬£¬£¬£¬ £¬±È2017ÄêÒªÓ×4.7±¶ ¡£¡£¡£¡£¡£¡£¡£¡£´Ë±í£¬£¬£¬£¬£¬ £¬2018ÄêÓÐ149ÒÚ±»µÁµÄԭʼÉí·Ý¼Í¼ÔÚ°µÍøÉϽøÐд«²¼£¬£¬£¬£¬£¬ £¬µ«Ö»ÓÐ36ÒÚÊÇеĺÍÕæÊµµÄ ¡£¡£¡£¡£¡£¡£¡£¡£

 

 Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/12-449-data-breaches-confirmed-in-2018-a-424-percent-increase-over-the-previous-year/

5¡¢Chafer APTй¥»÷»î¶¯£¬£¬£¬£¬£¬ £¬Õë¶ÔÍÁ¶úÆäµ±¾Ö»ú¹¹

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

Palo Alto Networks×êÑÐÍŶӷ¢ÏÖÒÁÀÊAPT×éÖ¯ChaferÔÚ2018Äê11ÔÂÕë¶ÔÍÁ¶úÆäµ±¾ÖµÄ¹¥»÷»î¶¯ÖÐʹÓÃÁËеĻùÓÚPythonµÄºóÃÅMechaFlounder ¡£¡£¡£¡£¡£¡£¡£¡£ÔÚÕâ´Î¹¥»÷»î¶¯ÖУ¬£¬£¬£¬£¬ £¬¹¥»÷ÕßʹÓÃÁËÓë֮ǰһÑùµÄ»ù´¡ÉèÊ©£¬£¬£¬£¬£¬ £¬Ô̺¬ÓòÃûwin10-update[.]com¼°ÓÃÓÚ·Ö·¢¶ñÒâÈí¼þµÄIPµØÖ·185.177.59 ¡£¡£¡£¡£¡£¡£¡£¡£MechaFlounderÊÇChaferʹÓõÄÊ׸ö»ùÓÚPythonµÄ¶ñÒâÈí¼þ£¬£¬£¬£¬£¬ £¬Ö§³Ö³£¼ûµÄºóÃźÅÁ£¬£¬£¬£¬ £¬Ô̺¬ÓëC&C·þÎñÆ÷ͨѶ¡¢ÉÏ´«ºÍÏÂÔØÎļþ¡¢ÔËÐкÅÁîºÍÀûÓ÷¨Ê½µÈ ¡£¡£¡£¡£¡£¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/82004/breaking-news/chafer-apt-python-backdoor.html

6¡¢À­Ê²´óѧҽÁÆÖÐÐÄ4.5Íò»¼ÕßµÄÒ½ÁÆÐÅϢй¶

8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website

ÃÀ¹úÀ­Ê²´óѧҽÁÆÖÐÐÄÓÚ1ÔÂ22ÈÕ²úÉú´ó¹æÄ£Êý¾Ýй¶ÊÂÎñ£¬£¬£¬£¬£¬ £¬²¨¼°Ô¼4.5ÍòÃû»¼Õß ¡£¡£¡£¡£¡£¡£¡£¡£Ð¹Â¶µÄÐÅÏ¢Ô̺¬»¼ÕßµÄÐÕÃû¡¢µØÖ·¡¢ÉúÈÕ¡¢Éç»á°²È«ºÅÂë¡¢Ò½ÁƱ£ÏÕÐÅÏ¢ºÍÒ½ÁÆÐÅÏ¢ ¡£¡£¡£¡£¡£¡£¡£¡£ÔÚ·¢ÏÖй¶ÊÂÎñºó£¬£¬£¬£¬£¬ £¬¸ÃÒ½ÁÆÖÐÐĶôÖÆÁËIT¹©¸øÉ̵ĺÏͬ£¬£¬£¬£¬£¬ £¬²¢ÆðÍ·½øÐÐÄÚ²¿µ÷²é ¡£¡£¡£¡£¡£¡£¡£¡£´Ë±í£¬£¬£¬£¬£¬ £¬¸ÃÒ½ÁÆÖÐÐÄ»¹ÎªÊÜÓ°ÏìµÄ»¼ÕßÃâ·ÑÌṩÁËÒ»ÄêµÄÐÅÓþ±£»£» £»£»£»¤·þÎñ ¡£¡£¡£¡£¡£¡£¡£¡£

 

 Ô­ÎÄÁ´½Ó£º

https://cyware.com/news/close-to-45000-patients-affected-in-rush-data-breach-84af30ec

ÉêÃ÷£º±¾×ÊѶÓÉ8827Ì«Ñô¼¯ÍÅάËûÃü°²È«Ó××é·­ÒëºÍÕû¶Ù