ºÚ¿ÍÇÔÈ¡³¬¹ý2.18ÒÚWords With FriendsÍæ¼ÒÊý¾Ý£»£»£»£»£»£»£»GAOÈ·ÈÏÃÀ¹úµçÍøÃæ¶Ô³Á´óÍøÂ簲ȫ·çÏÕ
°ä²¼¹¦·ò 2019-09-30
ºÚ¿ÍGnosticplayers´ÓÒÆ¶¯Éç½»ÓÎÏ·¹«Ë¾Zynga Inc¿ª·¢µÄWords With FriendsÖÐÇÔÈ¡Á˳¬¹ý2.18ÒÚÌõÍæ¼Ò¼Í¼¡£¡£¡£¡£¡£¡£GnosticplayersÔøÔÚ2ÔÂÖÁ4ÔÂÆÚ¼äÏúÊÛÁË´Ó45¼Ò¹«Ë¾ÇÔÈ¡µÄ½ü10ÒÚÌõÓû§ÐÅÏ¢£¬£¬£¬£¬£¬£¬£¬£¬ÕâÒ»´ÎËû¶Ô×¼ÁËÃÀ¹úÉç½»ÓÎÏ·¿ª·¢ÉÌZynga¡£¡£¡£¡£¡£¡£Æ¾¾ÝGnosticplayers·ÖÏíµÄ¼Í¼£¬£¬£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¼¯Ô̺¬Óû§µÄÐÕÃû¡¢µç×ÓÓʼþµØÖ·¡¢µÇ¼ID¡¢¼ÓÑιþÏ£ÃÜÂë¡¢ÃÜÂë³ÁÖÃÁîÅÆ¡¢µç»°ºÅÂë¡¢Facebook IDÒÔ¼°ZyngaÕÊ»§ID¡£¡£¡£¡£¡£¡£ÊÜÓ°ÏìµÄÓû§Îª2019Äê9ÔÂ2ÈÕ֮ǰװÖò¢×¢²á¸ÃÓÎÏ·µÄAndroidºÍiOSÍæ¼Ò¡£¡£¡£¡£¡£¡£ZyngaÈ·ÈÏÁËÕâÒ»ÊÂÎñ£¬£¬£¬£¬£¬£¬£¬£¬µ«°µÊ¾Ã»ÓвÆÕþÐÅϢй¶¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/91850/data-breach/zynga-game-data-breach.html2.ÐÂWhiteShadowÏÂÔØÆ÷ÀûÓÃSQL Server·Ö·¢¶ñÒâÈí¼þ
Proofpoint×êÑÐÍŶӷ¢ÏÖжñÒâÈí¼þÏÂÔØÆ÷WhiteShadowÀûÓù¥»÷Õß½ÚÔìµÄMicrosoft SQL ServerÀ´·Ö·¢¶ñÒâÈí¼þ¡£¡£¡£¡£¡£¡£WhiteShadowÒÔÒ»×éOfficeºêµÄ´ó¾Ö³öÏÖ£¬£¬£¬£¬£¬£¬£¬£¬ÖØÒªÍ¨¹ýÔ̺¬¶ñÒâURL»ò¶ñÒ⸽¼þµÄÀ¬»øÓʼþ·Ö·¢¡£¡£¡£¡£¡£¡£×Ô8Ô·ݸÃÏÂÔØÆ÷³õ´Î±»·¢ÏÖÒÔÀ´£¬£¬£¬£¬£¬£¬£¬£¬×êÑÐÍŶÓÒѾ·¢ÏÖÁ˽ü12¸öÀûÓøÃÏÂÔØÆ÷µÄ¶ñÒâ»î¶¯¡£¡£¡£¡£¡£¡£´óÎÞÊý¶ñÒâ»î¶¯¶¼·Ö·¢Á˶ñÒâÈí¼þCrimson£¬£¬£¬£¬£¬£¬£¬£¬ÆäËüpayloadÒ²Ô̺¬Agent Tesla¡¢AZORult¡¢Nanocore¡¢njRat¡¢Orion Logger¡¢Remcos¼°Formbook RATsµÈ¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/new-whiteshadow-downloader-uses-mssql-servers-for-malware-delivery/3.×êÑÐÍŶӰ䲼NodeJSÎÞÎļþ¶ñÒâÈí¼þDivergentµÄ·ÖÎö»ã±¨
˼¿ÆTalos°ä²¼¹ØÓÚÎÞÎļþ¶ñÒâÈí¼þDivergentµÄ·ÖÎö»ã±¨¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þʹÓÃNodeJS¼°ºÏ·¨¿ªÔ´¹¤¾ßWinDivertÀ´Ö´Ðв¿ÃÅÖ°ÄÜ¡£¡£¡£¡£¡£¡£ÔÚ¶ñÒâÈí¼þ¼Ò×åÖУ¬£¬£¬£¬£¬£¬£¬£¬ÀûÓÃNodeJS²¢²»³£¼û¡£¡£¡£¡£¡£¡£DivergentµÄÖØÒªÖ÷ÕÅÊǽøÐеã»÷ڲƣ¬£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»ÀûÓÃËüÀ´Õë¶Ô¹«Ë¾ÍøÂç¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þÓëÁíÒ»ÖÖÊ¢ÐеÄÎÞÎļþ¶ñÒâÈí¼þ¼Ò×åKovterÓµÓкܶàÀàËÆÖ®´¦£¬£¬£¬£¬£¬£¬£¬£¬Ô̺¬¶¼ÒÀÀµÓÚ×¢²á±íÀ´ÅäÖúʹ洢Êý¾Ý¡¢Ô¤·À¶Ô´ÅÅÌÉϵÄÎļþ½øÐд«Í³µÄɨÃè¡¢ÒÀ¸½PowerShell×ÔÐÐ×°Öõȡ£¡£¡£¡£¡£¡£×êÑÐÈËÔ±ÉÐÎÞ·¨È·¶¨Æä·Ö·¢»úÔì¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://blog.talosintelligence.com/2019/09/divergent-analysis.html4.×êÑÐÈËÔ±·¢ÏÖ½©Ê¬ÍøÂçChameleonµÄÐÂÀ¬»øÓʼþº£³±
Trustwave×êÑÐÈËÔ±¹Û²ìµ½À´×Ôͳһ½©Ê¬ÍøÂçµÄÀ¬»øÓʼþ»î¶¯Ðº£³±£¬£¬£¬£¬£¬£¬£¬£¬ÓÉÓڸù¥»÷»î¶¯Ê±Ê±¸ü¸ÄÆäµç×ÓÓʼþÄ£°å£¬£¬£¬£¬£¬£¬£¬£¬Òò¶ø±»³ÆÎªChameleon£¨±äÉ«Áú£©¡£¡£¡£¡£¡£¡£×Ô8ÔÂ14ÈÕÒÔÀ´£¬£¬£¬£¬£¬£¬£¬£¬×êÑÐÈËÔ±ÆðÍ·¹Û²ìµ½¸Ã½©Ê¬ÍøÂç·¢Ë͵ÄÀ¬»øÓʼþ£¬£¬£¬£¬£¬£¬£¬£¬ÓʼþÖ÷ÌâÔ̺¬ÐéαµÄ¹¤×÷»úÓö¡¢Î±ÔìµÄGoogle¸öÈËÐÂÎÅ¡¢ÐéαµÄÓÊÏäÕË»§¾¯±¨¡¢ÐéαµÄ¿ìµÝ֪ͨµÈ¡£¡£¡£¡£¡£¡£ÕâЩÀ¬»øÓʼþÖÐǶÈëµÄ´óÎÞÊý¶ñÒâURLËÆºõ¶¼ÊÇÊÜϰȾµÄWordPressÍøÕ¾£¬£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÀûÓÃÕâÐ©ÍøÕ¾ÉϵÄjs½«Óû§³Á¶¨ÏòÖÁ¶ñÒâÍøÕ¾¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/tracking-the-chameleon-spam-campaign/
5.ÃÀWallenpaupack AreaÑ§Çø³ÉΪÀÕË÷Èí¼þ¹¥»÷µÄ×îÐÂÊܺ¦Õß
ÃÀ¹úWallenpaupack AreaÑ§ÇøÔâ·êÀÕË÷Èí¼þ¹¥»÷£¬£¬£¬£¬£¬£¬£¬£¬µ¼ÖÂѧÌñ»ÆÈÔÚ9ÔÂ5ÈչعØÁË3000Ì¨ÍÆËã»ú¡£¡£¡£¡£¡£¡£ÕâÊǸÃÑ§ÇøÔÚ½ñÄê¶ÈÔâ·êµÄµÚ¶þ´Î³Á´óÍøÂç¹¥»÷¡£¡£¡£¡£¡£¡£WallenpaupackÐÅÏ¢·þÎñ²¿×ܼàSteven Nalesnik°µÊ¾£¬£¬£¬£¬£¬£¬£¬£¬ÎªÕû¸öÑ§Çø·þÎñµÄÁ½Ì¨ÖÐÑë·þÎñÆ÷ÔÚÕâ´Î¹¥»÷ÖÐÊܵ½Ó°Ï죬£¬£¬£¬£¬£¬£¬£¬µ«¾¯³¤Silsby°µÊ¾¸ÃÑ§ÇøºÜÐÒÔË£¬£¬£¬£¬£¬£¬£¬£¬ÏÕЩËùÓб»¼ÓÃܵÄÎļþ¶¼Óб¸·Ý¡£¡£¡£¡£¡£¡£¸ÃÑ§ÇøµÄ¼¼ÊõÍŶÓÔÚÖÂÁ¦¸´ÔϵͳµÄÕý³£ÔËÓª¡£¡£¡£¡£¡£¡£Silsby»¹Ö¸³ö¼¼ÊõÍŶӯÀ¹ÀÒÔΪѧÉúºÍÔ±¹¤µÄÐÅϢûÓÐÊÕµ½ÇÖº¦¡£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
http://www.spamfighter.com/News-22436-Wallenpaupack-Area-School-District-became-victim-of-a-ransomware-attack.htm
6.GAOÈ·ÈÏÃÀ¹úµçÍøÃæ¶Ô³Á´óÍøÂ簲ȫ·çÏÕ
ÃÀ¹úµ±¾ÖÎÊÔð¾Ö£¨GAO£©ÔÚÒ»·Ýл㱨ÖÐÈ·ÈÏÃÀ¹úµçÍøÃæ¶Ô³Á´óÍøÂ簲ȫ·çÏÕ£¬£¬£¬£¬£¬£¬£¬£¬²¢ÇÒÔ½À´Ô½ÈÝÒ×Ôâµ½¹¥»÷Õߺͷ¸×OÍŵÄÍøÂç¹¥»÷¡£¡£¡£¡£¡£¡£GAOÉó²éÁËÃÀ¹úµçÍøµÄÍøÂ簲ȫÐÔ£¬£¬£¬£¬£¬£¬£¬£¬·ÖÎöÁËÄÜÔ´²¿£¨DOE£©½â¾öÍøÂ簲ȫ·çÏÕʱ²ÉÈ¡µÄÕ½Êõ£¬£¬£¬£¬£¬£¬£¬£¬²¢ÆÀ¹ÀÁËFERCºË×¼µÄ³ß¶È£¬£¬£¬£¬£¬£¬£¬£¬×îÖÕÈ·ÈÏÁ˵çÍøÖпɱ»ÀûÓõĹؼü×é¼þºÍÁ÷³Ì£¬£¬£¬£¬£¬£¬£¬£¬Ô̺¬Ô½À´Ô½¶àµØÊ¹ÓÃIoTÉ豸¡¢ÀûÓÃGPSͬ²½µçÍøÔËÓªµÈ¡£¡£¡£¡£¡£¡£GAO»¹È·ÈÏÁËÍøÂç¹¥»÷¶ÔÃÀ¹úµçÍøÔì³ÉµÄDZÔÚÓ°Ï죬£¬£¬£¬£¬£¬£¬£¬Ô̺¬Ôì³É¿í·ºµÄµçÁ¦Öжϡ£¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.gao.gov/assets/710/701079.pdf


¾©¹«Íø°²±¸11010802024551ºÅ