漏洞 Vulnerability CVE-2021-45046: Log4j 2 远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=fc08131e1735eb44a99798f464f51579 CVE-2021-42550: Logback 远程代码执行 https://jira.qos.ch/browse/LOGBACK-1591 国家资助的黑客滥用SlackAPI窃取航空公司数据 https://www.bleepingcomputer.com/news/security/state-sponsored-hackers-abuse-slack-api-to-steal-airline-data/ Phorpiex僵尸网络以新的技巧回归，使其更难被破坏 https://www.bleepingcomputer.com/news/security/phorpiex-botnet-returns-with-new-tricks-making-it-harder-to-disrupt/ 为了更快的攻击，Emotet再次开始投掷Cobalt Strike https://www.bleepingcomputer.com/news/security/emotet-starts-dropping-cobalt-strike-again-for-faster-attacks/ 美国CISA命令联邦机构在12月24日前修复Log4Shell https://securityaffairs.co/wordpress/125623/security/cisa-log4shell-actions.html 新的无文件恶意软件使用Windows注册表作为存储，以逃避检测 https://thehackernews.com/2021/12/new-fileless-malware-uses-windows.html APT-C-53（Gamaredon）内网后渗透攻击技战术分析 https://mp.weixin.qq.com/s/OfDTcrTVAgjACeh0Z5wi7w Aggah针对乌克兰、立陶宛和意大利的信息窃取行动 https://yoroi.company/research/serverless-infostealer-delivered-in-est-european-countries/