今日威胁情报2020/11/6-8(第319期)

admin 2020年11月8日13:44:00评论115 views字数 2400阅读8分0秒阅读模式

今日威胁情报2020/11/6-8(第319期)


高级威胁分析
今日威胁情报2020/11/6-8(第319期)


1、Operation North Star 攻击行动背后的细节故事。朝鲜牛逼炸了

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/


2、海莲花最新活动,针对东南亚国家的钓鱼和水坑攻击。

https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/



技术分享
今日威胁情报2020/11/6-8(第319期)


1、勒索软件利用渗透工具cobalt-strike定向打击目标,技术分析,同时体现勒索软件定向攻击的特点以及渗透技术越来越高的特点。

https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike


2、渗透工具:monkey

今日威胁情报2020/11/6-8(第319期)

https://github.com/guardicore/monkey


3、伪装成tiktok的间谍软件

https://www.zscaler.com/blogs/security-research/tiktok-spyware


4、Windows XP,Server 2003源代码泄漏使物联网,OT设备易受攻击

https://unit42.paloaltonetworks.com/windows-xp-server-2003-source-code-leak/


5、一个新的蠕虫僵尸网络,具有通过GitHub和Pastebin传播shell功能,打算针对阿里云和腾讯云,

今日威胁情报2020/11/6-8(第319期)

https://blogs.juniper.net/en-us/threat-research/gitpaste-12


漏洞相关
今日威胁情报2020/11/6-8(第319期)


1、Google多个漏洞。

[$15000][1138911] High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15

[$15000][1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2020-10-16
[$5000][1133527] High CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks on 2020-09-29
[$1000][1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04
[$TBD][1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev on 2020-10-01
[$NA][1143772] High CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29
[$NA][1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html


2、VM的洞

https://www.vmware.com/security/advisories/VMSA-2020-0023.html


数据泄露
今日威胁情报2020/11/6-8(第319期)


1、印度制药公司被勒索软件团伙攻击,数据泄露

https://www.businessinsider.in/tech/enterprise/news/lupin-reports-cybersecurity-breach-within-two-weeks-of-ransomware-hack-on-dr-reddys/articleshow/79061065.cms


2、gtihub上泄露的github 的源代码

https://arstechnica.com/information-technology/2020/11/githubs-source-code-was-leaked-on-github-last-night-sort-of/

https://resynth1943.net/articles/github-source-code-leak/


网络战与网络情报
今日威胁情报2020/11/6-8(第319期)


1、英国年度安全审查报告

https://www.ncsc.gov.uk/news/annual-review-2020

https://www.ncsc.gov.uk/files/Annual-Review-2020.pdf



今日威胁情报2020/11/6-8(第319期)


今日威胁情报2020/11/6-8(第319期)

本文始发于微信公众号(ThreatPage全球威胁情报):今日威胁情报2020/11/6-8(第319期)

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2020年11月8日13:44:00
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   今日威胁情报2020/11/6-8(第319期)http://cn-sec.com/archives/181150.html

发表评论

匿名网友 填写信息