高级威胁分析
1、Operation North Star 攻击行动背后的细节故事。朝鲜牛逼炸了
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/
2、海莲花最新活动,针对东南亚国家的钓鱼和水坑攻击。
https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/
技术分享
1、勒索软件利用渗透工具cobalt-strike定向打击目标,技术分析,同时体现勒索软件定向攻击的特点以及渗透技术越来越高的特点。
https://www.advanced-intel.com/post/anatomy-of-attack-inside-bazarbackdoor-to-ryuk-ransomware-one-group-via-cobalt-strike
2、渗透工具:monkey
https://github.com/guardicore/monkey
3、伪装成tiktok的间谍软件
https://www.zscaler.com/blogs/security-research/tiktok-spyware
4、Windows XP,Server 2003源代码泄漏使物联网,OT设备易受攻击
https://unit42.paloaltonetworks.com/windows-xp-server-2003-source-code-leak/
5、一个新的蠕虫僵尸网络,具有通过GitHub和Pastebin传播shell功能,打算针对阿里云和腾讯云,
https://blogs.juniper.net/en-us/threat-research/gitpaste-12
漏洞相关
1、Google多个漏洞。
[$15000][1138911] High CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud on 2020-10-15
[$15000][1139398] High CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2020-10-16
[$5000][1133527] High CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks on 2020-09-29
[$1000][1125018] High CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri (halov) on 2020-09-04
[$TBD][1134107] High CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev on 2020-10-01
[$NA][1143772] High CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero on 2020-10-29
[$NA][1144489] High CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero on 2020-11-01
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
2、VM的洞
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
数据泄露
1、印度制药公司被勒索软件团伙攻击,数据泄露
https://www.businessinsider.in/tech/enterprise/news/lupin-reports-cybersecurity-breach-within-two-weeks-of-ransomware-hack-on-dr-reddys/articleshow/79061065.cms
2、gtihub上泄露的github 的源代码
https://arstechnica.com/information-technology/2020/11/githubs-source-code-was-leaked-on-github-last-night-sort-of/
https://resynth1943.net/articles/github-source-code-leak/
网络战与网络情报
1、英国年度安全审查报告
https://www.ncsc.gov.uk/news/annual-review-2020
https://www.ncsc.gov.uk/files/Annual-Review-2020.pdf
本文始发于微信公众号(ThreatPage全球威胁情报):今日威胁情报2020/11/6-8(第319期)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论