ÃÀ¹ú×ÜͳǩÊ𡶸ÄÉÆ¹ú¶ÈÍøÂ簲ȫµÄÐÐÕþºÅÁî¡·£»£»£»£»£»Cisco¸üн¨¸´AnyConnect VPNÖдæÔÚ6¸öÔµÄ0day
°ä²¼¹¦·ò 2021-05-141.ÃÀ¹ú×ÜͳǩÊ𡶸ÄÉÆ¹ú¶ÈÍøÂ簲ȫµÄÐÐÕþºÅÁî¡·

ÃÀ¹ú×ÜͳÓÚ±¾ÖÜÈý£¨2021Äê5ÔÂ12ÈÕ£©Ç©ÊðÁË¡¶¸ÄÉÆ¹ú¶ÈÍøÂ簲ȫµÄÐÐÕþºÅÁî¡·¡£¡£¡£¡£¡£¸ÃÐÐÕþºÅÁîÊǼ̽ñÄê¶à¶àÕë¶ÔÃÀ¹úµÄÍøÂç¹¥»÷Ö®ºó°ä²¼µÄ£¬£¬£¬£¬£¬Ô̺¬12ÔµÄSolarWinds¹©¸øÁ´¹¥»÷ÒÔ¼°×î½üµÄÕë¶ÔColonial PipelineµÄDarkSideÀÕË÷Èí¼þ¹¥»÷¡£¡£¡£¡£¡£¸ÃºÅÁîÖ¼ÔÚÏÖ´ú»¯Áª¹úµ±¾Ö»ù´¡ÉèÊ©µÄÍøÂ簲ȫ·ÀÓù´ëÊ©¡¢´´½¨³ß¶È»¯µÄÊÂÎñÏìÓ¦ÊֲᲢ¼ÓÇ¿·þÎñÌṩÉÌÓë·¨Âɲ¿ÃÅÖ®¼äµÄ¹µÍ¨¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/biden-issues-executive-order-to-increase-us-cybersecurity-defenses/
2.Cisco¸üн¨¸´AnyConnect VPNÖдæÔÚ6¸öÔµÄ0day

˼¿Æ°ä²¼°²È«¸üУ¬£¬£¬£¬£¬½¨¸´ÁËÔÚAnyConnect VPNÖÐÒÑ´æÔÚ6¸öÔÂÖ®¾ÃµÄ0day£¬£¬£¬£¬£¬²¢ÌṩÁ˹«¿ª¿ÉÓõĸÅÏëÑéÖ¤·ì϶ÀûÓôúÂë¡£¡£¡£¡£¡£CiscoÓÚ2020Äê11ÔÂÅû¶Á˸÷ì϶£¨CVE-2020-3556£©£¬£¬£¬£¬£¬ µ«Ö»ÌṩÁË»º½â´ëÊ©²¢Î´°ä²¼°²È«¸üС£¡£¡£¡£¡£¸Ã·ì϶´æÔÚÓÚAnyConnectµÄ¹ý³Ì¼äͨѶ£¨IPC£©£¬£¬£¬£¬£¬ÔÊÐí¾¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÖ´ÐжñÒâ¾ç±¾¡£¡£¡£¡£¡£´Ë¿Ì£¬£¬£¬£¬£¬ÏÈǰ°ä²¼µÄ»º½â´ëÊ©ÒÀÈ»¿ÉÓ㬣¬£¬£¬£¬ÎÞ·¨Á¢¼´×°Öð²È«¸üеĿͻ§Äܹ»Í¨¹ýÇл»×Ô¶¯¸üÐÂÖ°ÄÜÀ´»º½â´Ë·ì϶¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/cisco-fixes-6-month-old-anyconnect-vpn-zero-day-with-exploit-code/
3.ÍÁ¶úÆä¿ÆÄáÑÇÊе±¾ÖÔâµ½¹¥»÷£¬£¬£¬£¬£¬100Íò¾ÓÃñµÄÐÅϢй¶

ÍÁ¶úÆä¿ÆÄáÑÇÊе±¾ÖµÄÍøÂçÔâµ½¹¥»÷£¬£¬£¬£¬£¬100Íò¾ÓÃñµÄÐÅϢй¶¡£¡£¡£¡£¡£¿£¿£¿£¿£¿£¿£¿ÆÄáÑÇÊÇÍÁ¶úÆä¿ÆÄáÑÇÊ¡µÄÊ׸®£¬£¬£¬£¬£¬³ÇÊÐÈ˶¡³¬¹ý100Íò£¬£¬£¬£¬£¬ÊÇÍÁ¶úÆä×Ú½Ì×îÊØ¾ÉµÄ´ó³ÇÊÐÖ®Ò»¡£¡£¡£¡£¡£Ä³ÊÐÕþ¹ÙԱ֤ʵÁËÕâ´Î¹¥»÷£¬£¬£¬£¬£¬µ«²¢Î´Ð¹Â©Æä¹æÄ££¬£¬£¬£¬£¬S?zc¨¹±¨Ö½Ôò³Æ£¬£¬£¬£¬£¬Ô¼ÓÐ100ÍòÈ˵ÄIDºÍÆäËûÓ×ÎÒÐÅÏ¢ÒѾй¶£¬£¬£¬£¬£¬ÖØÒªÉæ¼°ÄÇЩÏòÊÐÕþµ±¾Ö·¢Ë͹ýÓʼþµÄÈË¡£¡£¡£¡£¡£Ä¿Ç°£¬£¬£¬£¬£¬ÃûΪMaxim GorkiµÄµÄºÚ¿ÍÒÑÔÚ°µÍøÉϹ«¿ªÁËÕâЩÐÅÏ¢¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.dailysabah.com/turkey/investigations/cyberattack-steals-info-of-one-million-in-turkeys-konya
4.΢ÈíÅû¶Õë¶Ôº½¿Õº½ÌìÐÐÒµµÄÓã²æÊ½ÍøÂç´¹µö»î¶¯

΢ÈíÅû¶½üÆÚÕë¶Ôº½¿Õº½ÌìºÍÓÎÀÀÐÐÒµµÄÓã²æÊ½ÍøÂç´¹µö»î¶¯¡£¡£¡£¡£¡£Õâ´Î¹¥»÷ÖУ¬£¬£¬£¬£¬ºÚ¿Í¼Ù×°³Éº½¿Õ¡¢ÓÎÀÀºÍ»õÔ˹«Ë¾£¬£¬£¬£¬£¬Ê¹ÓÃÁËеļÓÔØ·¨Ê½Snip3£¬£¬£¬£¬£¬ÔÚÖ¸±êϵͳÖÐ×°ÖÃRevenge RAT¡¢AsyncRAT¡¢Agent TeslaºÍNetWire RATµÈpayload¡£¡£¡£¡£¡£ÎªÁËÈÆ¹ý¼ì²â£¬£¬£¬£¬£¬Snip3»¹Ê¹ÓÃÁ˹¥»÷¼¿Á©£¬£¬£¬£¬£¬Ô̺¬£ºÓÃ'remotesigned'²ÎÊýÖ´ÐÐPowerShell´úÂ룻£»£»£»£»Ê¹ÓÃPastebinºÍtop4top½øÐзֶΣ»£»£»£»£»ÔËÐеÄʱ³½ÔÚÖն˱àÒëRunPE¼ÓÔØ·¨Ê½¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/microsoft-threat-actors-target-aviation-orgs-with-new-malware/
5.×êÑÐÈËÔ±ÑÝʾÈôºÎʹÓÃÆ»¹ûFind My networkÇÔÊØÐÅÏ¢

×êÑÐÈËÔ±Fabian Br?unleinÑÝʾÁËÈôºÎʹÓÃÆ»¹ûµÄFind My networkÖ°ÄÜÇÔÊØÐÅÏ¢¡£¡£¡£¡£¡£¸ÃÖ°ÄÜÖØÒªÓÃÓÚ²éÕÒiOSºÍmacOSÉ豸£¬£¬£¬£¬£¬ÒÔ¼°×î½üµÄAirTagºÍÆäËûÌ×¼þ¡£¡£¡£¡£¡£Br?unleinʹÓûùÓÚopenhaystackµÄ¹Ì¼þµÄESP32΢½ÚÔìÆ÷À´¹ã²¥Ò»¸öÓ²±àÂëµÄȱʡÐÂÎÅ£¬£¬£¬£¬£¬²¢ÔÚÆä´®ÐнӿÚÉÏÕìÌýÐÂÊý¾Ý¡£¡£¡£¡£¡£×ó½üÆôÓÃÁ˸ÃÖ°ÄܵÄÉ豸½«½Ó¹ÜÕâЩÐźţ¬£¬£¬£¬£¬²¢×ª·¢µ½Æ»¹ûµÄ·þÎñÆ÷¡£¡£¡£¡£¡£µ«ÊÇÈôÊÇÏëÒª²é¿´ÕâЩ´«ÊäÐÅÏ¢£¬£¬£¬£¬£¬»¹Ðè×°ÖÃOpenHaystack²¢ÔËÐÐBr?unlein´´½¨µÄmacOSÀûÓÃDataFetcher¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://www.theregister.com/2021/05/12/apples_find_network/
6.Unit42°ä²¼ÓйØDarkSideÀÕË÷ÍÅ»ïµÄ·ÖÎö»ã±¨

Unit42°ä²¼ÁËÓйØDarkSideÀÕË÷ÍÅ»ïµÄ·ÖÎö»ã±¨¡£¡£¡£¡£¡£DarkSideÊÇÊÀ½çÉÏ×î³ÛÃûµÄºÚ¿Í×éÖ¯Ö®Ò»£¬£¬£¬£¬£¬½üÆÚÕë¶ÔÃÀ¹úÒ»¼ÒÖØÒªµÄ¹Ü·¹«Ë¾½øÐÐÁ˹¥»÷¡£¡£¡£¡£¡£ÓëÆäËûÀÕË÷Èí¼þÍÅ»ïÒ»Ñù£¬£¬£¬£¬£¬DarkSide×î½üҲѡȡÁËÀÕË÷Èí¼þ¼´·þÎñ£¨RaaS£©Ä£ÐÍ¡£¡£¡£¡£¡£¸ÃÍÅ»ïʹÓõŤ¾ßÔ̺¬£ººÏ·¨µÄÔ¶³Ì¼à¶½ºÍÖÎÀí£¨RMM£©¹¤¾ß£¬£¬£¬£¬£¬ÀýÈçAnyDeskºÍTeamViewer£»£»£»£»£»ÃÜÂëÖÎÀíµ±Ó㬣¬£¬£¬£¬ÀýÈçDashlaneºÍLastPass£»£»£»£»£»Æ¾Ö¤ÇÔÈ¡¹¤¾ßMimikatzµÈ¹¤¾ß¡£¡£¡£¡£¡£
ÔÎÄÁ´½Ó£º
https://unit42.paloaltonetworks.com/darkside-ransomware/


¾©¹«Íø°²±¸11010802024551ºÅ