OilRig 利用 Windows 内核漏洞针对阿联酋和海湾地区开展间谍活动

今日安全资讯速递

OilRig 利用 Windows 内核漏洞针对阿联酋和海湾地区开展间谍活动

https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html

CISA 警告威胁组织利用 F5 BIG-IP Cookies 进行网络侦察

https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html

网络攻击袭击了伊朗政府网站和核设施

https://securityaffairs.com/169693/cyber-warfare-2/cyber-attack-hit-iranian-nuclear-facilities.html

俄罗斯法院网站遭亲乌克兰黑客攻击后瘫痪

https://therecord.media/russian-court-websites-down-attack-claimed-pro-ukraine-group

GitHub、Telegram 机器人和 ASCII QR 码在新一波网络钓鱼攻击中被滥用

https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html

神奇宝贝开发商 Game Freak 遭黑客攻击；数十年数据泄露

https://hackread.com/teraleak-pokemon-developer-game-freak-hacked-data-leak/

3100 万用户受到互联网档案馆黑客攻击的影响

https://www.securityweek.com/31-million-users-affected-by-internet-archive-hack/

网络犯罪分子利用 Unicode 在电子商务平台中隐藏蒙古文窃取器

https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html

Akira 和 Fog 勒索软件利用关键的 Veeam RCE 漏洞

https://www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/

地下勒索软件声称攻击卡西欧并泄露被盗数据

https://www.bleepingcomputer.com/news/security/underground-ransomware-claims-attack-on-casio-leaks-stolen-data/

富达向 77,000 名客户通报数据泄露事件：

https://www.darkreading.com/cyberattacks-data-breaches/fidelity-notifies-77k-customers-data-breach

GitLab 警告存在严重的任意分支管道执行漏洞

https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-arbitrary-branch-pipeline-execution-flaw/

CISA 称关键的 Fortinet RCE 漏洞现已被利用于攻击

https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/

Palo Alto Networks 警告防火墙劫持漏洞存在公开漏洞

https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-firewall-hijack-bugs-with-public-exploit/

Firefox 131 更新修复0day漏洞（CVE-2024-9680）

https://www.securityweek.com/firefox-131-update-patches-exploited-zero-day-vulnerability/

CISA警告 Fortinet FortiOS 漏洞可能遭利用

https://www.securityweek.com/organizations-warned-of-exploited-fortinet-fortios-vulnerability/

专家警告 Linear eMerge E3 系统存在未修补的严重漏洞

https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html

macOS Sequoia 和 iOS 18 中的 iPhone Mirroring 功能可能会将员工的私人应用程序暴露给企业 IT 环境

https://www.securityweek.com/iphone-mirroring-exposes-employees-personal-applications/

Ivanti 警告客户，更多 CSA 零日漏洞正被用于攻击

https://www.securityweek.com/ivanti-warns-customers-of-more-csa-zero-days-exploited-in-attacks/

ICS 补丁日：西门子、施耐德、菲尼克斯电气、CERT@VDE 发布安全公告

https://www.securityweek.com/ics-patch-tuesday-advisories-published-by-siemens-schneider-phoenix-contact-certvde/

研究人员发现工业 MMS 协议库中存在重大安全漏洞

https://thehackernews.com/2024/10/researchers-uncover-major-security.html