ÐÂÎ÷À¼´¢ÐîÒøÐÐÔâµ½¹¥»÷£¬£¬ £¬£¬£¬£¬ £¬£¬Ãô¸ÐÐÅÏ¢»òÒÑй¶£»£»£»£»£»£»PysaÔÚ°µÍø¹«¿ª´ÓÓ¢¹ú¹þ¿ËÄáÒé»áµÁÈ¡µÄÊý¾Ý

°ä²¼¹¦·ò 2021-01-11

1.ÐÂÎ÷À¼´¢ÐîÒøÐÐÔâµ½¹¥»÷£¬£¬ £¬£¬£¬£¬ £¬£¬Ãô¸ÐÐÅÏ¢»òÒÑй¶


1.jpg


λÓÚ»ÝÁé¶ÙµÄÐÂÎ÷À¼´¢ÐîÒøÐÐÓÚÖÜÈÕÐû³ÆÆäÔâµ½¹¥»÷¡£ ¡£¡£¡£¡£¡£¡£¡£¾ÝϤ£¬£¬ £¬£¬£¬£¬ £¬£¬¸ÃÒøÐÐÓÃÀ´¹²ÏíºÍ´æ´¢Ãô¸ÐÐÅÏ¢µÄµÚÈý·½Îļþ¹²Ïí·þÎñµÄÊý¾ÝϵͳÔâµ½·ÛË飬£¬ £¬£¬£¬£¬ £¬£¬ºÚ¿Í¿ÉÄÜÒѾ­½Ó¼ûÁËÆäÖеÄóÒ׺ÍÓ×ÎÒÃô¸ÐÐÅÏ¢¡£ ¡£¡£¡£¡£¡£¡£¡£Ä¿Ç°£¬£¬ £¬£¬£¬£¬ £¬£¬¸ÃϵͳÒѱ»ÍÑ»ú±£»£»£»£»£»£»¤£¬£¬ £¬£¬£¬£¬ £¬£¬Ö±µ½ÒøÐÐʵÏÖÆä³õ´ëÊ©²éΪֹ²Å»á¸´Ô­¡£ ¡£¡£¡£¡£¡£¡£¡£¸ÃÒøÐаµÊ¾ÆäÔÚÈ·¶¨Ð¹Â¶ÐÅÏ¢µÄÁìÓò£¬£¬ £¬£¬£¬£¬ £¬£¬²¢ÇһؾøÐ¹Â©ÓйØÕâ´Î¹¥»÷¸ü¶àµÄϸ½Ú¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/new-zealand-central-bank-hit-cyber-attack


2.·É»úÔì×÷ÉÌDFJÊý¾Ýй¶£¬£¬ £¬£¬£¬£¬ £¬£¬»òÓÉÀÕË÷Èí¼þ¹¥»÷ËùÖÂ


2.png


·É»úÔì×÷ÉÌDassault Falcon Jet£¨DFJ£©ÓÚ2020Äê12ÔÂ6ÈÕ·¢ÏÔìäÔâµ½Á˹¥»÷¡£ ¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾ÖØÒªÉè¼ÆºÍÔì×÷¾üÓ÷ɻú¡¢¹«Îñ»úºÍÌ«¿Õϵͳ¡£ ¡£¡£¡£¡£¡£¡£¡£¾ÝϤ£¬£¬ £¬£¬£¬£¬ £¬£¬¹¥»÷ÕßÔÚ6ÔÂ6ÈÕÖÁ12ÔÂ7ÈÕÖ®¼äÒ»ÏòÄܹ»½Ó¼û¸Ã¹«Ë¾µÄϵͳ£¬£¬ £¬£¬£¬£¬ £¬£¬¿ÉÄÜй¶ÁËÆäÔ±¹¤µÄÐÕÃû¡¢Ó×ÎҺ͹«Ë¾ÓʼþµØÖ·¡¢ÓʼĵØÖ·¡¢IDºÅ¡¢¼ÝÊ»ÅÆÕպ𢻤ÕÕÐÅÏ¢¡¢½ðÈÚÕʺš¢Éç»á±£Ïպ𢵮ÉúÈÕÆÚ¡¢¹¤×÷µØÖ·¡¢Ð½³êºÍ¸£ÀûµÈÐÅÏ¢¡£ ¡£¡£¡£¡£¡£¡£¡£LeMagIT³Æ´ËÊÂÎñÊÇRagnar LockerËùΪ£¬£¬ £¬£¬£¬£¬ £¬£¬µ«DFJÉÐδȷ¶¨¡£ ¡£¡£¡£¡£¡£¡£¡£Ä¿Ç°£¬£¬ £¬£¬£¬£¬ £¬£¬¸Ã¹«Ë¾ÔÚ¸´Ô­ºÍ³Á½¨ÊÜÓ°ÏìµÄϵͳ¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/dassault-falcon-jet-reports-data-breach-after-ransomware-attack/


3.PysaÔÚ°µÍø¹«¿ª´ÓÓ¢¹ú¹þ¿ËÄáÒé»áµÁÈ¡µÄÊý¾Ý


3.png


ºÚ¿Í×éÖ¯PysaÔÚ°µÍø¹«¿ª´ÓÓ¢¹ú¹þ¿ËÄáÒé»áµÁÈ¡µÄÊý¾Ý¡£ ¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß³ÆÐ¹Â¶Êý¾ÝÊÇ´Ó2020Äê10ÔÂÕë¶Ô¸ÃÒé»áµÄÀÕË÷Èí¼þ¹¥»÷ÖлñµÃµÄ£¬£¬ £¬£¬£¬£¬ £¬£¬Ô̺¬ÁËÊÐÕþ¾Ö¹¤×÷ÈËÔ±ºÍ¾ÓÃñµÄÓ×ÎÒÐÅÏ¢£¬£¬ £¬£¬£¬£¬ £¬£¬ÀýÈçPhotoID¡¢Ô±¹¤Êý¾ÝºÍ»¤ÕÕÐÅÏ¢µÈ³ÁÒªÊý¾Ý¡£ ¡£¡£¡£¡£¡£¡£¡£¸ÃÒé»á°µÊ¾£¬£¬ £¬£¬£¬£¬ £¬£¬´ËÊÂÎñ¶Ô¹þ¿ËÄáµÄ¾ø´óÎÞÊý¾ÓÃñºÍÆóÒµ²»»áÓйý¶àµÄÓ°Ï죬£¬ £¬£¬£¬£¬ £¬£¬²¢ÇÒÆäÔÚÓëNCSC¡¢¹ú¶È·¸×ï¾Ö¡¢ÐÅϢרԱ°ì¹«ÊÒ¡¢Â׶ؾ¯Ô±ÌüºÍÆäËûר¼ÒºÏ×÷£¬£¬ £¬£¬£¬£¬ £¬£¬À´²é³­²¢ÏàʶÊÂÎñµÄÓ°Ïì¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/data-stolen-council-online/


4.Recorded Future°ä²¼2020ÄêºÚ¿Í»ù´¡ÉèÊ©µÄ·ÖÎö»ã±¨


4.png


Recorded Future°ä²¼ÁË2020ÄêºÚ¿Í»ù´¡ÉèÊ©µÄ·ÖÎö»ã±¨¡£ ¡£¡£¡£¡£¡£¡£¡£¸Ã¹«Ë¾È¥Äê×·×ÙÁË10000¶à¸ö¶ñÒâC£¦C·þÎñÆ÷£¬£¬ £¬£¬£¬£¬ £¬£¬Éæ¼°µ½80¶àÖÖ¶ñÒâÈí¼þ¡£ ¡£¡£¡£¡£¡£¡£¡£×êÑз¢ÏÖ£¬£¬ £¬£¬£¬£¬ £¬£¬×÷Ϊ¶ñÒâÈí¼þ²Ù×÷µÄÒ»²¿ÃÅ£¬£¬ £¬£¬£¬£¬ £¬£¬¿ªÔ´°²È«¹¤¾ßµÄʹÓóÊÉÏÉýÇ÷Ïò£¬£¬ £¬£¬£¬£¬ £¬£¬³ö¸ñÊǽø¹¥ÐÔ°²È«¹¤¾ß£¨Ò²³ÆÎªOST£¬£¬ £¬£¬£¬£¬ £¬£¬ºì¶Ó¹¤¾ß»òÉøÈ룩µÄʹÓᣠ¡£¡£¡£¡£¡£¡£¡£ÔÚÕâÐ©ÉøÈë²âÊÔ¹¤¾ß°üÖУ¬£¬ £¬£¬£¬£¬ £¬£¬Cobalt Strike£¨Õ¼13.5£¥£©ºÍMetasploit£¨Õ¼10.5£¥£©ÏÖÒѳÉΪÍйܶñÒâC£¦C·þÎñÆ÷ʹÓÃ×î¿í·ºµÄÁ½Ïî¼¼Êõ¡£ ¡£¡£¡£¡£¡£¡£¡£´Ë±í£¬£¬ £¬£¬£¬£¬ £¬£¬C£¦C·þÎñÆ÷µÄ¾ùÔÈÊÙÃüΪ54.8Ì죬£¬ £¬£¬£¬£¬ £¬£¬33£¥µÄ·þÎñÆ÷¶¼ÍйÜÔÚÃÀ¹ú¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://www.recordedfuture.com/2020-adversary-infrastructure-report/


5.Check Point°ä²¼2020Äê12ÔÂÈ«ÇòÍþвָÊýµÄ»ã±¨


5.png


Check Point°ä²¼ÁË2020Äê12ÔÂÈ«ÇòÍþвָÊýµÄ»ã±¨¡£ ¡£¡£¡£¡£¡£¡£¡£¸Ã»ã±¨Ö¸³ö£¬£¬ £¬£¬£¬£¬ £¬£¬2020Äê9ÔºÍ2020Äê10Ô£¬£¬ £¬£¬£¬£¬ £¬£¬EmotetʼÖÕ´¦ÓÚÈ«ÇòÍþвָÊýÖ®Ê×£¬£¬ £¬£¬£¬£¬ £¬£¬ÔÚ½ÚÈÕÆÚ¼äÿÌìÕë¶Ô³¬¹ý100000¸öÓû§ÌáÒéÀ¬»øÓʼþ¹¥»÷£¬£¬ £¬£¬£¬£¬ £¬£¬Ó°ÏìÁËÈ«Çò7£¥µÄ×éÖ¯¡£ ¡£¡£¡£¡£¡£¡£¡£´Ë±í£¬£¬ £¬£¬£¬£¬ £¬£¬MVPower DVRÔ¶³ÌÖ´ÐдúÂëÊDZ»ÀûÓÃ×î¶àµÄ·ì϶£¬£¬ £¬£¬£¬£¬ £¬£¬Ó°ÏìÁËÈ«Çò42£¥µÄ×éÖ¯£¬£¬ £¬£¬£¬£¬ £¬£¬Æä´ÎÊÇHTTP±êÍ·Ô¶³ÌÖ´ÐдúÂë·ì϶£¨CVE-2020-13756£©£¬£¬ £¬£¬£¬£¬ £¬£¬Ó°ÏìÁËÈ«Çò42£¥µÄ×éÖ¯¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://blog.checkpoint.com/2021/01/07/december-2020s-most-wanted-malware-emotet-returns-as-top-malware-threat/


6.CISA°ä²¼Õë¶Ô΢ÈíÔÆµÄ¹¥»÷»î¶¯µÄ¾¯±¨


6.png


CISA°ä²¼ÁËÕë¶Ô΢ÈíÔÆµÄAPT¹¥»÷»î¶¯µÄ¾¯±¨¡£ ¡£¡£¡£¡£¡£¡£¡£CISA·¢ÏÖºÚ¿ÍÒÑͨ¹ýÃÜÂë²Â²â¡¢ÃÜÂëÅçÍ¿ºÍÀûÓò»°²È«µÄÖÎÀí»ò·þÎñƾ֤½øÐй¥»÷£¬£¬ £¬£¬£¬£¬ £¬£¬¶ø·ÇSolarWinds Orion²úÆ·¡£ ¡£¡£¡£¡£¡£¡£¡£ÆäÄܹ»´ÓÊܺ¦ÍøÂçÖÐÌáÉýȨÏÞ£¬£¬ £¬£¬£¬£¬ £¬£¬²¢Ê¹ÓÃWindowsÖÎÀí¹¤¾ß£¨WMI£©µÈ±¾»úWindows¹¤¾ßºÍ¼¼ÊõÀ´Ã¶¾ÙMicrosoft Active Directory½áºÏ·þÎñ£¨ADFS£©Ö¤ÊéÊðÃûÖ°ÄÜ£¬£¬ £¬£¬£¬£¬ £¬£¬Î±ÔìÉí·ÝÑéÖ¤ÁîÅÆ£¨OAuth£©£¬£¬ £¬£¬£¬£¬ £¬£¬ÒÔÏò·þÎñÌṩÕß·¢³öÉêÃ÷£¬£¬ £¬£¬£¬£¬ £¬£¬¶øºóºáÏòǨáãµ½Microsoft Cloud»·¾³¡£ ¡£¡£¡£¡£¡£¡£¡£CISAÌṩÁËÔ̺¬Æä¿ª·¢µÄ¹¤¾ßSparrowÔÚÄÚµÄ3ÖÖ¿ªÔ´¹¤¾ßµÄÖ¸ÄÏ£¬£¬ £¬£¬£¬£¬ £¬£¬ÒÔÔ®ÊÖ×é֯ʹÓÃÕâЩ¹¤¾ßÀ´¼ì²âºÍÓ¦¶ÔAPT×éÖ¯µÄ¹¥»÷»î¶¯¡£ ¡£¡£¡£¡£¡£¡£¡£


Ô­ÎÄÁ´½Ó£º

https://us-cert.cisa.gov/ncas/current-activity/2021/01/08/cisa-releases-new-alert-post-compromise-threat-activity-microsoft