TI.360.CN
高级威胁分析
1、【牛逼报告】来自recordedfuture的报告,研究攻击者恶意远控C2节点和网络基础相关情报。价值极高的报告
https://www.recordedfuture.com/2020-adversary-infrastructure-report/
https://go.recordedfuture.com/hubfs/reports/cta-2021-0107.pdf
2、Earth Wendigo的新活动,该活动一直针对台湾的多个组织-自2019年5月以来,旨在通过将JavaScript后门注入台湾广泛使用的Webmail系统中,从目标组织中窃取电子邮件。
https://www.trendmicro.com/en_us/research/21/a/earth-wendigo-injects-javascript-backdoor-to-service-worker-for-.html
3、Retrohunting APT37:朝鲜APT使用VBA自解码技术注入RokRat
https://blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/
4、APT-C-41 ,StrongPity APT借助新的基础架构扩展了全球覆盖范围
https://cybleinc.com/2020/12/31/strongpity-apt-extends-global-reach-with-new-infrastructure/
5、朝鲜APT 组织利用私人股票投资工具做软件供应链攻击
https://blog.alyac.co.kr/3489
6、TA551攻击分析。没啥亮点
https://unit42.paloaltonetworks.com/ta551-shathak-icedid/
7、FIN7 JSSLOADER的演变
https://blog.morphisec.com/the-evolution-of-the-fin7-jssloader
技术分享
1、NSA 分享工具,看看哪些TLS有问题。
https://github.com/nsacyber/Mitigating-Obsolete-TLS
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2462345/nsa-releases-eliminating-obsolete-transport-layer-security-tls-protocol-configu/
漏洞相关
0、PsExec中的本地特权升级0day
https://blog.0patch.com/2021/01/local-privilege-escalation-0day-in.html
1、罗克韦尔自动化RSLinx中的拒绝服务漏洞
https://blog.talosintelligence.com/2021/01/vuln-spotlight-denial-rockwell-automation-jan-2021.html
2、致远OA 文件上传漏洞通告
https://cert.360.cn/warning/detail?id=dd60abf4d293b5031d11e17a38a6b547
3、FortiWeb 多个高危漏洞安全通告
https://cert.360.cn/warning/detail?id=6a0e456cd5ec4a25f7f61a036de7e9a7
4、CVE-2020-17518/17519:Apache Flink 目录遍历漏洞
https://cert.360.cn/warning/detail?id=b985a81d0fbcfd531a686a4c2d56d489
5、配合物理攻击工具,CVE-2021-3011,该漏洞会影响Google Titan和YubiKey硬件安全密钥中使用的芯片,以绕过2FA程序。
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
数据泄露
1、日产git源码泄露
https://www.zdnet.com/article/nissan-source-code-leaked-online-after-git-repo-misconfiguration/
网络战与网络情报
1、Dutch policy debate on 5G spectrum is in deadlock: telco’s and military intelligence have opposing legitimate interests in 3.5GHz band
https://blog.cyberwar.nl/2018/06/dutch-policy-debate-on-5g-spectrum-is-in-deadlock-telcos-and-military-intelligence-have-opposing-legitimate-interests-in-3-5ghz-band/
2、SolarWinds对拉脱维亚网络空间的影响
https://cert.lv/lv/2021/01/apjomiga-incidenta-solarwinds-ietekme-uz-latvijas-kibertelpu
https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure
3、SolarWinds Compromise: Cyber Unified Coordination Group Forms and Points Finger at Russia
https://news.clearancejobs.com/2021/01/06/solarwinds-compromise-cyber-unified-coordination-group-forms-and-points-finger-at-russia/
4、美国国务卿蓬佩奥(Mike Pompeo)本周批准了网络空间安全和新兴技术局(CSET)的成立。
5、英国创建的国家网络部队(NCF)
https://www.iiss.org/blogs/analysis/2020/11/uk-national-cyber-force
6、你看看那人家这办事儿态度!学习了!
https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html
7、美国DOD对供应链安全的持续手段,将供应链下游公司的安全要求纳入了与美国国防部的合同中。
https://www.nextgov.com/cybersecurity/2021/01/cmmc-dramatic-year-pentagons-contractor-cybersecurity-program/171084/
本文始发于微信公众号(ThreatPage全球威胁情报):今日威胁情报2021/1/6-9(第337期)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论