高级威胁分析
1、APT32混淆工具:混淆几种APT32混淆工具包。又得让一大波人高潮一把。
https://blog.viettelcybersecurity.com/apt32-deobfuscation-arsenal-deobfuscating-mot-vai-loai-obfucation-toolkit-cua-apt32-phan-1/
https://github.com/levanvn/APT32_Deobfuscate
2、vBulletinRCE漏洞CVE-2020-17496的在野利用
https://unit42.paloaltonetworks.com/cve-2020-17496/
3、Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic
https://threatpost.com/chinese-apt-sepulcher-malware-phishing-attacks/158871/
4、Evilnum组织,我差点不知道这个组织……
https://www.cybereason.com/blog/no-rest-for-the-wicked-evilnum-unleashes-pyvil-rat
技术分享
1、capa检测可执行文件,识别恶意软件,工具库+1
https://github.com/fireeye/capa/
https://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html
2、Cerberus银行木马研究报告。
https://github.com/ics-iot-bootcamp/cerberus_research
https://www.biznet.com.tr/wp-content/uploads/2020/08/Cerberus.pdf
3、使用Sysmon搜寻本地帐户和组
https://blog.menasec.net/2020/09/hunting-local-accounts-and-groups.html
4、TOOLS,谁看谁知道,不看不知道。
https://www.pcapanalysis.com/download-malware-samples/
5、使用YARA规则处理Windows事件记录
https://blog.dylan.codes/pwning-windows-event-logging/
6、子域名库
https://gist.github.com/cihanmehmet/5d7f6d6514b4c1c54c00ebf36d5f9e81
7、微软首次推出Deepfake检测工具,检测社交媒体传播的东西是否被篡改
https://www.welivesecurity.com/2020/09/03/microsoft-debuts-deepfake-detection-tool/
8、在野外QNAP NAS攻击
https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/
9、loader或者downloader技术,利用google DNS把恶意载荷下载到植入到目标中,这种单纯的TIP检测不出来
https://dns.google.com/resolve?name=dmarc.jqueryupdatejs.com&type=txt
https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-over-https-to-download-malware/
漏洞相关
1、WordPress“文件管理器”插件 RCE 0day
https://seravo.com/blog/0-day-vulnerability-in-wp-file-manager/
2、CVE-2020-3495,Cisco Jabber的Windows版本中存在严重的远程代码执行(RCE)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
3、MoFi路由器中未修补的后门
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
数据泄露相关
1、机翻:Telmate是美国监狱中被关押的囚犯用来与他们的朋友和亲人通信的一项服务,它已经公开了一个数据库,该数据库包含数以百万计的通话记录,私人消息以及有关囚犯及其联系方式的个人信息。该数据库无需密码或访问它的任何其他身份验证即可在Web上公开。
https://www.comparitech.com/blog/information-security/prison-phone-service-exposes-millions-inmate-records/
2、在线营销公司披露3800万美国公民记录.
https://cybernews.com/security/online-marketing-company-exposes-data-of-millions-americans/
网络战与网络情报
1、白宫发布了一项新指令,其中详细列出了保护太空系统免受网络威胁和网络攻击的建议和最佳实践。
https://www.whitehouse.gov/presidential-actions/memorandum-space-policy-directive-5-cybersecurity-principles-space-systems/
2、虚伪的声明
https://ge.usembassy.gov/u-s-embassy-statement-on-september-1-2020-cyberattack-against-georgian-ministry-of-health/#
3、Chinese Professors Among Six Defendants Charged with Economic Espionage and Theft of Trade Secrets for Benefit of People’s Republic of China
https://www.hackread.com/chinese-professor-jailed-for-economic-espionage/
https://www.justice.gov/opa/pr/chinese-professors-among-six-defendants-charged-economic-espionage-and-theft-trade-secrets
4、2020年零信任进度报告
https://www.cybersecurity-insiders.com/portfolio/2020-zero-trust-progress-report-pulse-secure/
5、联邦法官发现FBI和NSA违反了监视法或隐私权规则
https://www.washingtonpost.com/national-security/fbi-and-nsa-violated-surveillance-law-or-privacy-rules-a-federal-judge-found/2020/09/04/b215cf88-eec3-11ea-b4bc-3a2098fc73d4_story.html
6、CISA命令机构建立漏洞披露程序
https://www.cyberscoop.com/cisa-vulnerability-disclosure-directive-omb/
广告时间
360威胁情报中心TI新版上线
https://ti.360.cn
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论