npmɾ³ý¶ñÒâÈí¼þ°ü£»£»£»£»£» £»³¬¹ý4.3Íǫ̀Squid·þÎñÆ÷Ò×Êܹ¥»÷£»£»£»£»£» £»Bitdefender½¨¸´ÌáȨ·ì϶

°ä²¼¹¦·ò 2019-08-23

1.²¨ÌØÀ¼¹«Á¢Ñ§ÌÃÒòBECÚ¿Æ­Ëðʧ290ÍòÃÀÔª


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


¶íÀÕ¸ÔÖݲ¨ÌØÀ¼¹«Á¢Ñ§ÌÃÔâBECÚ¿Æ­290ÍòÃÀÔª£¬ £¬ £¬£¬£¬Ä¿Ç°È«ÊýËðʧÒѱ»×·»Ø¡£¡£¡£¡£¡£ ¡£¡£¡£Æ¾¾Ý¸ÃÑ§ÇøÒµÎñÓëÔËÓª¸±×ܼàClaire HertzµÄÃèÊö£¬ £¬ £¬£¬£¬µ±Ñ§ÌÃÔÚÐÇÆÚÎå·¢ÏÖÕâ±ÊڲƭÂòÂôʱ£¬ £¬ £¬£¬£¬Á¢¿Ì×ñÑ­»¥ÁªÍø·¸×﷨ʽ֪ͨÁËFBIºÍ½ÌÓýίԱ»á£¬ £¬ £¬£¬£¬²¢ÆðÍ·µ÷²éÂòÂôµÄ·½Ê½¼°Ô­Òò¡£¡£¡£¡£¡£ ¡£¡£¡£ÒøÐкÍFBIÔÚÕâ±Ê×ʽðÍÑÀëڲƭÕßµÄÕË»§Ö®Ç°¶³½áÁË×ʽ𡣡£¡£¡£¡£ ¡£¡£¡£¸ÃѧÌöÔÔÚÉó²éËùÓеÄÖ§¸¶·¨Ê½ºÍÄÚ²¿½ÚÔìÁ÷³Ì£¬ £¬ £¬£¬£¬²¢¶Ô²ÆÕþÈËÔ±½øÐа²È«Åàѵ¡£¡£¡£¡£¡£ ¡£¡£¡£


   Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/portland-public-schools-recovers-29-million-lost-in-bec-scam/


2.¹¥»÷µÂÖÝ´¦Ëùµ±¾ÖµÄºÚ¿ÍÀÕË÷250ÍòÃÀÔªÊê½ð


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


ÉÏÖܵ¿ËÈøË¹Öݶà¸ö´¦Ëùµ±¾ÖÔâµ½ÀÕË÷Èí¼þ¹¥»÷£¬ £¬ £¬£¬£¬Æ¾¾ÝÐÅÏ¢×ÊÔ´²¿£¨DIR£©Åû¶µÄÐÂϸ½Ú£¬ £¬ £¬£¬£¬ÊÜÓ°ÏìµÄ´¦ËùµÐÔÖÊýÁ¿Îª22¸ö£¬ £¬ £¬£¬£¬²¢ÇÒÓÐÖ¤¾ÝÅú×¢¹¥»÷ÕßÊÇͨ¹ýÖÎÀí·þÎñÌṩÉÌ£¨MSP£©À´Ö´Ðй¥»÷µÄ¡£¡£¡£¡£¡£ ¡£¡£¡£¸Ã²¿ÃŲ¢Î´Åû¶Êܹ¥»÷µÄÊÐÕòÃû³Æ£¬ £¬ £¬£¬£¬µ«ÓÐÁ½¸öÊÐÈ·ÈÏÔâµ½Á˹¥»÷£¬ £¬ £¬£¬£¬Ò»¸öÊDz©¸ñÊУ¬ £¬ £¬£¬£¬ÁíÒ»¸öÊÇKeeneÊС£¡£¡£¡£¡£ ¡£¡£¡£KeenÊг¤Gary Heinrich°µÊ¾¹¥»÷ÕßÀÕË÷250ÍòÃÀÔªµÄÊê½ðÀ´»»È¡½âÃÜÃÜÔ¿¡£¡£¡£¡£¡£ ¡£¡£¡£


  Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/


3.npm´æ´¢¿âɾ³ý¿ÉÇÔÈ¡µÇ¼ÃÜÂëµÄ¶ñÒâÈí¼þ°ü


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


ÔÚ½Óµ½ReversingLabs×êÑÐÔ±Tomislav PericinµÄ»ã±¨ºó£¬ £¬ £¬£¬£¬npm´ÓÆä´æ´¢¿âÖÐɾ³ýÁ˶ñÒâÈí¼þ°übb-builder¡£¡£¡£¡£¡£ ¡£¡£¡£¸ÃÈí¼þ°üÔÚWindows²Ù×÷ϵͳÉϲ¿ÊðÁËÒ»¸ö¿ÉÖ´ÐÐÎļþ£¬ £¬ £¬£¬£¬½«Ãô¸ÐÐÅÏ¢·¢Ë͵½Ô¶³Ì·þÎñÆ÷¡£¡£¡£¡£¡£ ¡£¡£¡£npm½¨Òé·£º¡°´æ´¢ÔÚ¸ÃÍÆËã»úÉϵÄËùÓлúÃܺÍÃÜÔ¿Ó¦Á¢¼´×ªÒÆÖÁÆäËüÍÆËã»ú¡±¡£¡£¡£¡£¡£ ¡£¡£¡£Pericin³Æbb-builderÒѾ­±»Ôö³¤µ½npm³¤´ïÒ»ÄêµÄ¹¦·ò£¬ £¬ £¬£¬£¬ËüµÄÿ´Î¸üж¼Ôö³¤ÁËеÄÖ°ÄÜ£¬ £¬ £¬£¬£¬ÀýÈ罫ʹ´¦Ìá½»¸ø×÷ÕßµÄWeb·þÎñÆ÷¡¢¸ü¸Ä±»µÁÊý¾ÝµÄ´æ´¢µØÎ»¡¢½¨¸´ÃýÎóÒÔ¼°ÔÚÊý¾Ý·¢Ë͵½Ô¶³ÌÍÆËã»úºóɾ³ýËü¡£¡£¡£¡£¡£ ¡£¡£¡£bb-builderµÄÿÖÜÏÂÔØÁ¿ºÜÉÙ£¬ £¬ £¬£¬£¬×î»îÔ¾µÄʱÆÚÊÇ6ÔÂ19ÈÕÖÁ25ÈÕ£¬ £¬ £¬£¬£¬ÆäʱµÄÏÂÔØÁ¿´ï×î¸ßµã78´Î¡£¡£¡£¡£¡£ ¡£¡£¡£

  

Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/


4.³¬¹ý4.3Íǫ̀佨²¹Squid·þÎñÆ÷Ò×Êܹ¥»÷


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Squid 4.0.23µ½4.7´æÔÚÒ»¸ö¶Ñ»º³åÇøÒç¶Âí½Å£¬ £¬ £¬£¬£¬¸Ã·ì϶¿Éµ¼Ö´úÂëÖ´Ðкͻؾø·þÎñ¹¥»÷¡£¡£¡£¡£¡£ ¡£¡£¡£¸Ã·ì϶±»±êʶΪCVE-2019-12527£¬ £¬ £¬£¬£¬ÆäCVSSµÃ·ÖΪ8.8·Ö¡£¡£¡£¡£¡£ ¡£¡£¡£Squid¿ª·¢ÍŶÓÔÚ7ÔÂ9Èհ䲼а汾4.8½¨¸´Á˸÷ì϶£¬ £¬ £¬£¬£¬Ö»¹Ü¸Ã·ì϶ÒÑÔÚ7Ô·ݱ»½¨¸´£¬ £¬ £¬£¬£¬µ«ShodanÉÏÈÔ¿É·¢ÏÖ31576¸öÔËÐа汾4.7µÄSquid·þÎñÆ÷£¬ £¬ £¬£¬£¬×ܹ²Óг¬¹ý4.3Íǫ̀佨²¹µÄ·þÎñÆ÷Ò×Êܹ¥»÷¡£¡£¡£¡£¡£ ¡£¡£¡£


  Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/unpatched-squid-servers-exposed-to-dos-code-execution-attacks/


5.Bitdefender½¨¸´ÆäÃâ·Ñɱ¶¾Èí¼þÖеÄÌáȨ·ì϶


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Bitdefender½¨¸´ÁËÃâ·Ñɱ¶¾Èí¼þ2020ÖеÄÌáȨ·ì϶¡£¡£¡£¡£¡£ ¡£¡£¡£¸Ã·ì϶±»±êʶΪCVE-2019-15295£¬ £¬ £¬£¬£¬ÆðÒòÊÇ´ÓÊÜÐÅÀµµØÎ»¼ÓÔØDLLʱ²»×ãÑéÖ¤¡£¡£¡£¡£¡£ ¡£¡£¡£SafeBreach LabsµÄPeleg Hadar°µÊ¾£¬ £¬ £¬£¬£¬BitdefenderµÄ°²È«·þÎñ£¨vsserv.exe£©ºÍ¸üзþÎñ£¨updatesrv.exe£©ÊÇÒÔÓµÓÐSYSTEMȨÏÞµÄÒÑÊðÃû¹ý³ÌÆô¶¯µÄ£¬ £¬ £¬£¬£¬ËüÃÇÊÔͼ´ÓPATH»·¾³±äÁ¿ÖмÓÔØDLLÎļþ£¨'RestartWatchDog.dll'£©¡£¡£¡£¡£¡£ ¡£¡£¡£ÆäÖÐÒ»¸öµØÎ»ÊÇc:/python27£¬ £¬ £¬£¬£¬Òò¶ø¹¥»÷Õß¿Éͨ¹ý×Ô¼ºµÄDLLÀûÓÃBitdefenderµÄÊðÃû¹ý³Ì½øÐÐÌáȨ¡£¡£¡£¡£¡£ ¡£¡£¡£


  Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/bitdefender-fixes-privilege-escalation-bug-in-free-antivirus-2020/


6.PokerTracker¹ÙÍø±»Ö²ÈëÐÅÓþ¿¨ÐÅÏ¢ÇÔÈ¡¾ç±¾


8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


Poker Tracker¹ÙÍøÔâµ½ÈëÇÖ²¢±»Ö²ÈëÁËMagecart¾ç±¾£¬ £¬ £¬£¬£¬¸Ã¾ç±¾×¨ÓÃÓÚÇÔÈ¡¿Í»§µÄÖ§¸¶ÐÅÏ¢¡£¡£¡£¡£¡£ ¡£¡£¡£MalwarebytesÓÚ8ÔÂ8ÈÕ¼ì²âµ½ÁËÕâÒ»¹¥»÷»î¶¯£¬ £¬ £¬£¬£¬×êÑÐÈËÔ±µ÷²éºó·¢ÏÖ¶ñÒâ¾ç±¾ÊÇ´Óajaxclick[.]com»ñÈ¡µÄ£¬ £¬ £¬£¬£¬´Ë±í£¬ £¬ £¬£¬£¬PokerTracker×ÓÓòÃûpt4.pokertracker.comÒ²±»Ï°È¾¡£¡£¡£¡£¡£ ¡£¡£¡£Ï°È¾µÄÔ­Òò»òÐíÊÇPokerTracker.comʹÓÃÁ˹ýÆÚµÄÈí¼þ°æ±¾£ºDrupal 6.3.x£¬ £¬ £¬£¬£¬×îа汾Ϊ8.6.17¡£¡£¡£¡£¡£ ¡£¡£¡£


  Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/pokertrackercom-hacked-to-inject-payment-card-stealing-script/