安全事件 Security Incident Lyceum利用新恶意软件攻击中东和非洲的ISP和电信公司 https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/ 针对韩国国防和安全领域专家的攻击活动 https://blog.alyac.co.kr/4255?category=957259 Lazarus组织的NukeSped恶意软件分析报告 https://asec.ahnlab.com/ko/28527/ 相煎何急，印APT组织蔓灵花针对巴基斯坦政府机构展开定向攻击 http://report.threatbook.cn/BT.pdf 谷歌广告用于窃取凭证和流失账户 https://heimdalsecurity.com/blog/google-ads-used-for-stealing-credentials-and-draining-accounts/ 电子产品零售巨头MediaMarkt受到勒索软件攻击 https://www.bleepingcomputer.com/news/security/electronics-retail-giant-mediamarkt-hit-by-ransomware-attack/ Hive 勒索软件团伙攻击 MediaMarkt https://heimdalsecurity.com/blog/hive-ransomware-gang-impacts-mediamarkt/ REvil勒索软件疑犯在全球警方打击行动中被捕 https://www.databreachtoday.com/revil-ransomware-suspects-snared-in-global-police-crackdown-a-17864 Robinhood遭到数据泄露和敲诈勒索 https://www.databreachtoday.com/robinhood-reveals-data-breach-extortion-shakedown-a-17869 WooCommerce Skimmer伪造结账页面 https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html Black Shadow 泄露以色列患者记录和数据 https://www.databreachtoday.com/black-shadow-group-leaks-israeli-patient-records-data-a-17866 攻击者使用已知的 Zoho 漏洞危害关键行业的公司 https://www.scmagazine.com/analysis/cyberespionage/campaign-used-known-zoho-bug-to-compromise-firms-across-critical-industries 上个月修补的Sitecore XP RCE漏洞现已被积极利用 https://www.bleepingcomputer.com/news/security/sitecore-xp-rce-flaw-patched-last-month-now-actively-exploited/