ºÚ¿ÍÀûÓÃGoogleÔÆ´¹µö¹¥»÷ÇÔÈ¡Office 365ƾ֤£»£»£»£»£»£»ºÚ¿ÍÈëÇÖTwilioÔÆ´æ´¢ÏµÍ³²¢Åú¸ÄJavaScript SDK¸±±¾
°ä²¼¹¦·ò 2020-07-231.ºÚ¿ÍÀûÓÃGoogleÔÆÌáÒé´¹µö¹¥»÷£¬£¬£¬£¬£¬£¬ÇÔÈ¡Office 365ƾ֤
Check Point×êÑÐÈËÔ±·¢ÏÖ£¬£¬£¬£¬£¬£¬ºÚ¿ÍÀûÓÃGoogleÔÆÌáÒé´¹µö¹¥»÷£¬£¬£¬£¬£¬£¬Ö¼ÔÚÇÔÈ¡Office 365ƾ֤¡£¡£¡£¡£¡£ËûÃÇÀûÓÃGoogleÔÆÓ²ÅÌÍйܶñÒâPDFÎĵµ£¬£¬£¬£¬£¬£¬²¢ÀûÓÃGoogleµÄstorage.googleapis[.]comÍйÜÍøÂç´¹µöÒ³Ãæ¡£¡£¡£¡£¡£Check Point·¢ÏÖ¶ñÒâPDF¿´ÆðÀ´ÏñÒ»¸öÄܹ»Í¨¹ý»ùÓÚwebµÄºÏ×÷ƽ̨½Ó¼ûSharePointÌṩÄÚÈݵÄÃÅ»§£¬£¬£¬£¬£¬£¬Ò»µ©Óû§µã»÷Access DocumentÁ´½Ó£¬£¬£¬£¬£¬£¬ÍøÂç´¹µöÒ³Ãæ¾Í»áÒªÇóÌá½»Office 365Í´´¦»ò×éÖ¯IDµÇ¼µÄÐÅÏ¢¡£¡£¡£¡£¡£ÓÉÓÚÒ³ÃæÊǴӺϷ¨ÆðÔ´¼ÓÔØµÄ£¬£¬£¬£¬£¬£¬²¢ÇÒÔÚÁ÷³ÌʵÏÖʱ¸Ã´¹µöÍøÕ¾Ò²»á½»¸¶Õý°æPDFÎĵµ£¬£¬£¬£¬£¬£¬Òò¶øÊܺ¦ÕߺÜÄÑ·¢ÏÖ¸ÃȦÌס£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-google-cloud-services-to-steal-office-365-logins/
2.ºÚ¿ÍÈëÇÖTwilioÔÆ´æ´¢ÏµÍ³²¢Åú¸ÄJavaScript SDK¸±±¾
Twilio֤ʵ£¬£¬£¬£¬£¬£¬ÓкڿÍÈëÇÖÁËÆäÔÆ´æ´¢ÏµÍ³£¬£¬£¬£¬£¬£¬²¢Åú¸ÄÁËÆä¿Í»§Ê¹ÓõÄJavaScript SDKµÄ¸±±¾¡£¡£¡£¡£¡£TwilioÚ¹ÊÍ£¬£¬£¬£¬£¬£¬ÓÐÈ˽øÈëÁËTwilioµÄAmazon Web Services S3´æ´¢Í°£¬£¬£¬£¬£¬£¬²¢´Û¸ÄÁËTaskRouter v1.20 SDK£¬£¬£¬£¬£¬£¬ÔÚÆäÖвÎÓëÁËÒ»¶Î·Ç¶ñÒâ´úÂ룬£¬£¬£¬£¬£¬Ö¼ÔÚ×·×ÙÊÇ·ñÅú¸Ä³É¹¦¡£¡£¡£¡£¡£¾ßÌåÀ´Ëµ£¬£¬£¬£¬£¬£¬ºÚ¿Í½«´úÂëÔö³¤µ½TaskRouter.js v1.20 SDKµÄĩ⣬£¬£¬£¬£¬£¬¸ÃSDKÏòhxxps://gold.platinumus.top/track/awswrite?q=dmn·¢³öHTTP GETÒªÇ󣬣¬£¬£¬£¬£¬²¢×ñѸÃÒªÇóÔÚHTMLÖзµ»ØµÄURL¡£¡£¡£¡£¡£¸Ã¹«Ë¾½²»°È˰µÊ¾£¬£¬£¬£¬£¬£¬ËûÃÇÔÚ·¢ÏÖ¸ÃÊÂÎñºó¾ÍÁ¢¿Ì¹Ø¹ØÁËÅäÖÃÃýÎóµÄS3´æ´¢Í°£¬£¬£¬£¬£¬£¬²¢ÉóºËÁËËùÓÐS3´æ´¢Í°¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
3.Èí¼þ¹«Ë¾MacKievÔÆ·þÎñÆ÷ÅäÖÃÃýÎóй¶25GBÓû§Êý¾Ý
ÍøÂ簲ȫ¹«Ë¾WizCaseµÄ×êÑÐÈËÔ±·¢ÏÖÈí¼þ¹«Ë¾MacKievÔÆ·þÎñÆ÷ÅäÖÃÃýÎ󣬣¬£¬£¬£¬£¬Ð¹Â¶25GBÓû§Êý¾Ý£¬£¬£¬£¬£¬£¬¸Ã¹«Ë¾ÖÎÀí×ųÛÃûµÄÈí¼þFamily Tree Maker£¨Ò²³ÆÎªFTM£©¡£¡£¡£¡£¡£Õâ´Îй¶µÄÊý¾Ý¿âÔ̺¬Ô¼Äª25GBµÄÊý¾Ý£¬£¬£¬£¬£¬£¬¸ÃÊý¾Ý¿â»¹»áÓëAncestry.comµÄÓû§Êý¾Ý½øÐÐͬ²½¡£¡£¡£¡£¡£Õâ´Îй¶µÄÊý¾ÝÔ̺¬IPµØÖ·¡¢¹¦·ò´Á¼Ç¡¢µç×ÓÓʼþµØÖ·¡¢Í˿Óû§Ö§³ÖÐÅÏ¢¡¢ÄÚ²¿ÏµÍ³Óû§±êʶ¡¢¶©ÔÄÀàÐͺÍ״̬¡¢¼¼·¨Êõ¾Ý£¨ÀýÈçÃýÎóÈÕÖ¾£©¡¢Óû§µØÎ»Êý¾Ý£¨Ô̺¬µØÀíµØÎ»×ø±êºÍ³ÇÊУ©¡£¡£¡£¡£¡£¾Ý×êÑÐÈËÔ±³Æ£¬£¬£¬£¬£¬£¬¸Ãй©ÊÂÎñ¿ÉÄÜ»áÓ°ÏìԼĪ60000ÃûMacKievÓû§¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.hackread.com/software-firm-leaks-ancestry-com-user-data/
4.ºÚ¿Í¹¥»÷Dunzo²¢ÔÚShinyHunter¹«¿ª11.2GBµÁÈ¡µÄÊý¾Ý
¹È¸èÔÞÖúµÄ±íÂô·þÎñ¹«Ë¾Dunzo°µÊ¾ÆäÔâµ½Á˹¥»÷£¬£¬£¬£¬£¬£¬²¢Ð¹Â¶ÁËÒ»¸öÔ̺¬¿Í»§¼Í¼µÄÊý¾Ý¿â¡£¡£¡£¡£¡£ÓÉÓÚDunzoûÓÐй©ÊÜÓ°ÏìÓû§µÄÊýÁ¿£¬£¬£¬£¬£¬£¬Òò¶øÉÐδȷ¶¨Êý¾Ýй¶µÄÁìÓò£¬£¬£¬£¬£¬£¬µ«ÊÇ£¬£¬£¬£¬£¬£¬¸Ã¹«Ë¾°µÊ¾²ÆÕþÊý¾ÝºÍÐÅÓþ¿¨ÐÅÏ¢²¢Î´Ð¹Â¶¡£¡£¡£¡£¡£Ä¿Ç°£¬£¬£¬£¬£¬£¬±»µÁµÄ11.2GBÊý¾Ý±»ºÚ¿Í·ÅÔÚShinyHunter£¬£¬£¬£¬£¬£¬×ܹ²Óг¬¹ý800ÍòÐеÄÐÅÏ¢£¬£¬£¬£¬£¬£¬Ô̺¬Óû§Ãû¡¢¹ú¶È¡¢É豸¡¢È«Ãû¡¢°ÂÉñÃØÔ¿¡¢µç×ÓÓʼþµØÖ·¡¢ÃÜÂëÉ¢ÁÓ×¢µç»°ºÅÂë¡¢ÁîÉ̱êÂë¡¢²ÎÓëÈÕÆÚºÍµÚÒ»¸ö/×îºóÒ»¸öµØÎ»µÈ¡£¡£¡£¡£¡£¸Ã¹«Ë¾°µÊ¾ËûÃǵļ¼ÊõÍŶÓÒѾѸËÙ½â¾öÁ˸ÃÎÊÌ⣬£¬£¬£¬£¬£¬½¨¸´ÁË·ì϶²¢Ôö³¤ÁËÐµİ²È«ºÍ̸²ã¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.hackread.com/google-delivery-service-dunzo-hacked-data-leaked/
5.Skybox°ä²¼»ã±¨£¬£¬£¬£¬£¬£¬Ô¤²â2020Ä꽫ÓÐ2Íò¶à¸öзì϶
Skybox Security°ä²¼»ã±¨£¬£¬£¬£¬£¬£¬½ØÖÁ2020ÄêÉϰëÄêÒѾ»ã±¨ÁË9000¶à¸öзì϶£¬£¬£¬£¬£¬£¬¶øÆäÔ¤¼ÆÕûÄ꽫ÓÐ20000¶à¸öзì϶¡£¡£¡£¡£¡£»ã±¨Ö¸³ö£¬£¬£¬£¬£¬£¬COVID-19ŤתÁË×éÖ¯¼°ÆäÔ±¹¤µÄ¹¤×÷·½Ê½£¬£¬£¬£¬£¬£¬¼¯Öвû·¢ÎªÒƶ¯·ì϶Ôö³¤ÁË50£¥£¬£¬£¬£¬£¬£¬ÕâÍ»ÏÔÁ˹«Ë¾ÍøÂçÓëÓ×ÎÒÍøÂçÖ®¼ä½çÏÞÍÌ͵ÄΣÏÕ£»£»£»£»£»£»ÀÕË÷Èí¼þÔÚCOVID-19´óÊ¢ÐÐÆÚ¼ä·¢×÷£¬£¬£¬£¬£¬£¬ÐÂÑù±¾ÊýÁ¿Ôö³¤ÁË72£¥£»£»£»£»£»£»¶Ô¹Ø¼ü»ù´¡ÉèÊ©£¨Ô̺¬Ò½ÁƱ£½¡¹«Ë¾ºÍ×êÑг¢ÊÔÊÒ£©µÄ¹¥»÷¼Ó¾ç¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.helpnetsecurity.com/2020/07/22/vulnerability-reports-2020/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
6.A10 Networks°ä²¼2020ÄêQ2 DDoS¹¥»÷Ç÷Ïò·ÖÎö»ã±¨
A10 Networks°ä²¼2020ÄêQ2 DDoS¹¥»÷Ç÷Ïò·ÖÎö»ã±¨£¬£¬£¬£¬£¬£¬·¢ÏÖÑÇÖÞÊÇDDoS½©Ê¬ÍøÂç»î¶¯µÄÖØÒªÆðÔ´£¬£¬£¬£¬£¬£¬ÖØÒªÊ¹Óø÷Àà·Å´ó¹¥»÷¡£¡£¡£¡£¡£ÔÚ2020ÄêµÚ¶þ¼¾¶È£¬£¬£¬£¬£¬£¬470Íò¶à¸öÀ´×ÔÃÀ¹ú¡¢Öйú¡¢º«¹ú¡¢¶íÂÞ˹ºÍÓ¡¶ÈÕâÎå¸ö¹ú¶È/µØÓòµÄIP±»ÓÃÓÚÌáÒéÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷£¬£¬£¬£¬£¬£¬ÆäÖдóÎÞÊýʹÓÃÁËportmapºÍ̸½øÐзŴ󹥻÷¡£¡£¡£¡£¡£¸Ã»ã±¨Ö¸³ö£¬£¬£¬£¬£¬£¬ÔÚ´óÎÞÊýÇé¿öÏ£¬£¬£¬£¬£¬£¬DDoS½©Ê¬ÍøÂç¿Í»§¶Ë£¨»òÎÞÈË»ú£©ÊÇÔÚÊÜËðµÄIoTÉ豸ÉϳÉÁ¢µÄ£¬£¬£¬£¬£¬£¬ÓÃÓÚ´´½¨´ËÀàIoT½©Ê¬ÍøÂçµÄ×î³£¼û·ì϶ÊÇÕë¶Ô¶³ötelnetÏνӵÄÉ豸Öеķì϶£¬£¬£¬£¬£¬£¬Netgear·ÓÉÆ÷ÖÐ佨²¹µÄ·ì϶ÒÔ¼°Êý×ÖÊÓÆµÂ¼Ïñ»úÖеݲȫÐÔÎÊÌâ¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.darkreading.com/threat-intelligence/ddos-botnets-are-entrenched-in-asia-and-amplification-attacks-set-records/d/d-id/1338415?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple


¾©¹«Íø°²±¸11010802024551ºÅ