漏洞 Vulnerability Red Hat Enterprise Linux 8 Samba 更新 https://access.redhat.com/errata/RHSA-2021:5082 安全事件 Security Incident GOautodial漏洞使呼叫中心网络安全处于危险状态 https://portswigger.net/daily-swig/goautodial-vulnerabilities-put-call-center-network-security-on-the-line 12个恶意的NPM包劫持Discord的服务器 https://gbhackers.com/dozen-of-malicious-npm-packages-caught-hijacking-discord-servers/ 160万个WordPress网站遭到大规模攻击 https://www.databreachtoday.com/massive-attack-targets-16-million-wordpress-sites-a-18106 XE集团暴露了长达八年的黑客攻击和信用卡盗窃 https://www.bleepingcomputer.com/news/security/xe-group-exposed-for-eight-years-of-hacking-credit-card-theft/ 新的’Karakurt’网络犯罪团伙专注于数据盗窃和敲诈勒索 https://securityaffairs.co/wordpress/125518/cyber-crime/karakurt-cybercrime-gang.html 严重的Apache Log4j漏洞威胁企业应用 https://www.databreachtoday.com/severe-apache-log4j-vulnerability-threatens-enterprise-apps-a-18101 新的基于Mirai的活动目标是未修补的TP链路路由器 https://www.databreachtoday.com/new-mirai-based-campaign-targets-unpatched-tp-link-router-a-18098 澳大利亚ACSC警告Conti赎金软件对抗本地组织的攻击 https://securityaffairs.co/wordpress/125491/cyber-crime/australian-acsc-conti-ransomware-alert.html 沃尔沃汽车公司遭遇数据泄露 https://securityaffairs.co/wordpress/125500/data-breach/volvo-cars-cyber-attack.html 报告剖析Conti勒索软件对爱尔兰HSE的攻击 https://www.databreachtoday.com/report-dissects-conti-ransomware-attack-on-irelands-hse-a-18102 澳大利亚政府工作人员数据被第三方泄露 https://www.databreachtoday.com/australian-government-staff-data-leaked-in-3rd-party-breach-a-18096 发现新的Yanluowang勒索软件有代码签名，终止与数据库相关的进程 https://www.trendmicro.com/en_us/research/21/l/yanluowang-ransomware-code-signed-terminates-database-processes.html SideCopy APT在最近的攻击中使用了新的战术 https://www.databreachtoday.com/report-sidecopy-apt-used-new-tactics-in-recent-attacks-a-18087 恶意Notepad++安装程序推送恶意软件 https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/ ALPHV BlackCat-今年最先进的勒索软件 https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/ 富士通将日本政府数据泄露锁定在被盗的ProjectWEB帐户上 https://www.bleepingcomputer.com/news/security/fujitsu-pins-japanese-govt-data-breach-on-stolen-projectweb-accounts/ 南澳大利亚政府雇员的数据被泄露 https://www.zdnet.com/article/south-australian-government-employee-data-taken-in-frontier-software-ransomware-attack/ Cox透露黑客冒充技术支持人员后数据泄露 https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/