Facebookδ¾Óû§Ðí¿ÉÉÏ´«150ÍòÓû§ÓʼþÁªÏµÈË£»£»£»£»£»£»£»APT34ʹÓõŤ¾ßй¶£»£»£»£»£»£»£»TA505¹¥»÷È«Çò½ðÈÚ»ú¹¹
°ä²¼¹¦·ò 2019-04-19
ÔÚÖÜÈý°ä²¼µÄÒ»·ÝÉêÃ÷ÖУ¬£¬£¬£¬£¬£¬£¬£¬Facebook°µÊ¾×Ô2016Äê5ÔÂÒÔÀ´¸Ã¹«Ë¾¡°ÎÞÒâ¼ä¡±ÔÚδ¾Óû§Ðí¿ÉµÄÇé¿öÏÂÏò·þÎñÆ÷ÉÏ´«Á˶à´ï150ÍòÓû§µÄµç×ÓÓʼþÁªÏµÈË¡£¡£¡£¡£¡£¡£¡£¡£ÕâÊÇFacebook½üÆÚÃæ¶ÔµÄһϵÁÐÒþÖÔÓйØÎÊÌâºÍÕùÒéÖеÄ×îÐÂÊÂÎñ¡£¡£¡£¡£¡£¡£¡£¡£Facebook°µÊ¾ÒÑÔÚÒ»¸öÔÂǰÖÕ³¡ÁË¿ÉÒɵĵç×ÓÓʼþÑéÖ¤¹ý³Ì£¬£¬£¬£¬£¬£¬£¬£¬²¢ÏòÓû§±£ÕÏδ·ÖÏíÕâЩÁªÏµÈËÐÅÏ¢¼°ÒѾÆðͷɾ³ýÕâЩÁªÏµÈË¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2019/04/facebook-email-database.html2¡¢¶íÂÞ˹·¸×ïÍÅ»ïTA505й¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬£¬ÖØÒªÕë¶ÔÈ«Çò½ðÈÚ»ú¹¹
CyberInt×êÑÐÍŶӷ¢ÏÖ¶íÂÞ˹·¸×ïÍÅ»ïTA505µÄй¥»÷»î¶¯£¬£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÀûÓÃÔ¶¿ØÄ¾ÂíÕë¶ÔÈ«ÇòµÄ½ðÈÚ»ú¹¹¡£¡£¡£¡£¡£¡£¡£¡£TA505×Ô2015ÄêÒÔÀ´Ò»Ïò»îÔ¾£¬£¬£¬£¬£¬£¬£¬£¬ÆäʹÓõĶñÒ⹤¾ß¶à¶à£¬£¬£¬£¬£¬£¬£¬£¬Ô̺¬ÒøÐÐľÂíDridex¡¢Ô¶¿ØÄ¾ÂítRAT¡¢FlawedAmmy RAT¼°ÀÕË÷Èí¼þPhiladelphia¡¢GlobeImposterºÍLocky¡£¡£¡£¡£¡£¡£¡£¡£ÔÚ×î½üµÄ¹¥»÷»î¶¯ÖÐTA505ÖØÒªÊ¹ÓÃÁËÄ£¿£¿£¿£¿£¿é»¯µÄtRat¡¢ServHelperºÍRMSºóÃÅ£¬£¬£¬£¬£¬£¬£¬£¬Ö¸±êÁìÓòÔ̺¬ÖÇÀû¡¢Ó¡¶È¡¢Òâ´óÀû¡¢ÂíÀά¡¢°Í»ù˹̹ºÍº«¹úµÄ½ðÈÚ»ú¹¹ÒÔ¼°ÃÀ¹úµÄÁãÊÛÉÌ¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/84072/hacking/russian-ta505-financial-attacks.html3¡¢ÐÂDNS½Ù³Ö¹¥»÷Sea Turtle£¬£¬£¬£¬£¬£¬£¬£¬ÖØÒªÕë¶ÔÖж«µØÓò
˼¿ÆTalosÅû¶ÐÂDNS½Ù³Ö¹¥»÷Sea Turtle£¬£¬£¬£¬£¬£¬£¬£¬¸Ã¹¥»÷»î¶¯×îÔçÆðÍ·ÓÚ2017Äê1Ô£¬£¬£¬£¬£¬£¬£¬£¬²¢Ò»Ïò»îÔ¾µ½½ñÄêµÚÒ»¼¾¶È£¬£¬£¬£¬£¬£¬£¬£¬ÖØÒªÕë¶ÔÖж«ºÍ±±·ÇµØÓòµÄ¹«¹²ºÍ˽Ӫ²¿ÃÅ¡£¡£¡£¡£¡£¡£¡£¡£ÔÚÕâ´Î¹¥»÷ÖУ¬£¬£¬£¬£¬£¬£¬£¬ÖÁÉÙÓÐ13¸ö·ÖÆç¹ú¶ÈµÄ40¸ö·ÖÆç×éÖ¯Êܵ½ÈëÇÖ¡£¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±¸ß¶È×Ô¸ºµØÒÔΪÕâÏî¹¥»÷»î¶¯ÊÇÓÉÏȽøµÄ¡¢¹ú¶ÈÔÞÖúµÄ¹¥»÷Õß½øÐе쬣¬£¬£¬£¬£¬£¬£¬¸Ã¹¥»÷ÕßÖ¼ÔÚ×·Çó¶ÔÃô¸ÐÍøÂçºÍϵͳµÄ³ÖÐø½Ó¼û¡£¡£¡£¡£¡£¡£¡£¡£¸Ã¹¥»÷»î¶¯µÄÖØÒªÖ¸±êÊǹú¶È°²È«»ú¹¹¡¢±í½»²¿ºÍÄÜÔ´×éÖ¯£¬£¬£¬£¬£¬£¬£¬£¬´ÎÒªÖ¸±êÊÇDNS×¢²áÉÌ¡¢µçÐŹ«Ë¾ºÍ»¥ÁªÍø·þÎñÌṩÉÌ¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.infosecurity-magazine.com/news/dns-hijackers-target-middle-east-1-1/4¡¢ÒÁÀÊAPT34ʹÓõļäµý¹¤¾ßÔ´ÂëÔÚTelegramÉÏй¶
×Ô3ÔÂÖÐÑ®ÒÔÀ´£¬£¬£¬£¬£¬£¬£¬£¬TelegramÓû§Lab DookhteganÔÚTelegramƵ·ÉÏй¶ÁËÒÁÀÊ·¸×ïÍÅ»ïAPT34µÄÍøÂç¼äµý¹¤¾ßÔ´Âë¡£¡£¡£¡£¡£¡£¡£¡£AlphabetµÄ°²È«×¨¼ÒChronicle֤ʵÁËÕâЩ¹¤¾ßµÄÕæÊµÐÔ¡£¡£¡£¡£¡£¡£¡£¡£ÕâÁù¸öºÚ¿Í¹¤¾ßÔ̺¬Glimpse¡¢PoisonFrog¡¢HyperShell¡¢HighShell¡¢Fox PanelºÍWebmask¡£¡£¡£¡£¡£¡£¡£¡£³ý´ËÖ®±í£¬£¬£¬£¬£¬£¬£¬£¬Dookhtegan»¹Ð¹Â¶ÁË66ÃûÊܺ¦ÕßµÄÊý¾Ý¼°APT34´Óǰ¹¥»÷»î¶¯µÄÓйØÊý¾Ý£¬£¬£¬£¬£¬£¬£¬£¬Ô̺¬ÔøÍйܹýWeb shellµÄIPµØÖ·¡¢ÓòÃûµÈ¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/source-code-of-iranian-cyber-espionage-tools-leaked-on-telegram/5¡¢Drupal°ä²¼°²È«¸üУ¬£¬£¬£¬£¬£¬£¬£¬½¨¸´Ö÷Ìâ×é¼þÖеĶà¸ö·ì϶
¿ªÔ´ÄÚÈÝÖÎÀíϵͳDrupal°ä²¼°²È«¸üУ¬£¬£¬£¬£¬£¬£¬£¬½¨¸´Ö÷Ìâ×é¼þÖеĶà¸ö·ì϶£¬£¬£¬£¬£¬£¬£¬£¬Ô̺¬jQuery 3.4.0Öн¨¸´µÄÒ»¸ö·ì϶£¨¸Ã·ì϶ÉÐδ±»·ÖÅäCVE±àºÅ£©¼°Symfony PHP×é¼þÖеĿçÕ¾¾ç±¾·ì϶£¨CVE-2019-10909£©¡¢Ô¶³Ì´úÂëÖ´Ðзì϶£¨CVE-2019-10910£©ºÍÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶£¨CVE-2019-1091£©¡£¡£¡£¡£¡£¡£¡£¡£½¨ÒéÓû§¾¡¿ì¸üÐÂÖÁDrupal 8.6.15¡¢Drupal 8.5.15»òDrupal 7.66¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://thehackernews.com/2019/04/drupal-security-update.html6¡¢µç×ÓÉÌÎñƽ̨Shopify APIй¶ÊýǧÉ̼ҵÄÊÕÈëÐÅÏ¢
Fathi·¢ÏÖµç×ÓÉÌÎñƽ̨ShopifyµÄÒ»¸öAPIй¶ÁËÊýǧÉ̼ҵÄÊÕÈëÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£¡£¸ÃAPIÊôÓÚShopify Exchange App£¬£¬£¬£¬£¬£¬£¬£¬Õý±¾ÓÃÓÚÄÚ²¿»ñÈ¡ÏúÊÛÊý¾Ý²¢ÏÔʾÔÚͼ±íÖС£¡£¡£¡£¡£¡£¡£¡£×êÑÐÈËÔ±·¢ÏÖ¸ÃAPI´æÔÚ·ì϶£¬£¬£¬£¬£¬£¬£¬£¬ÎÞÐèÌØÈ¨»òÓû§½»»¥¼´¿É»ñÈ¡É̼ҵÄÏúÊÛÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬£¬¹²ÓÐ12100¼ÒÉÌ»§Êܵ½Ó°Ï죬£¬£¬£¬£¬£¬£¬£¬ÆäÖÐ×êÑÐÈËÔ±»ñÈ¡µ½Á˳¬¹ý8700·ÝÏúÊÛºÍÁ÷Á¿Êý¾Ý¡£¡£¡£¡£¡£¡£¡£¡£ShopifyÒѾ½¨²¹ÁËÕâ¸ö·ì϶¡£¡£¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://threatpost.com/shopify-flaw-exposed-merchant-revenue-traffic/143902/ÉêÃ÷£º±¾×ÊѶÓÉ8827Ì«Ñô¼¯ÍÅάËûÃü°²È«Ó××é·ÒëºÍÕû¶Ù


¾©¹«Íø°²±¸11010802024551ºÅ