安全事件 Security Incident 当心BrazKing Android恶意软件升级和攻击银行 https://gbhackers.com/beware-brazking-android-malware-upgraded-attack-banks/ 数据窃取恶意软件影响超过900万台运行华为appgallery的Android设备 https://heimdalsecurity.com/blog/data-stealing-malware-impacts-android-devices-cynos-version/ APT C-23黑客使用新安卓间谍软件变种瞄准中东用户 https://thehackernews.com/2021/11/apt-c-23-hackers-using-new-android.html Wi-Fi管理软件公司泄露数百万巴西人的数据 https://www.zdnet.com/article/millions-of-brazilians-exposed-in-wi-fi-management-software-firm-leak/ 专家披露了一个针对新的Windows零日本地特权提升问题的漏洞 https://securityaffairs.co/wordpress/124909/hacking/windows-zero-day-exploit.html BazarLoader将受损安装程序、ISO添加到攻击向量中 https://www.trendmicro.com/en_us/research/21/k/bazarloader-adds-compromised-installers-iso-to-arrival-delivery-vectors.html 专家警告imunif360安全平台存在RCE漏洞 https://securityaffairs.co/wordpress/124922/security/imunify360-rce.html 恶意软件正试图利用新的Windows Installer zero day进行攻击 https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ Lazarus又作妖，近期疑似利用漏洞文档针对韩国航空业展开定向攻击 https://mp.weixin.qq.com/s/ZMnO3Q6MAxafmOOO2cQMfw 新伊朗威胁组织利用CVE-2021-40444漏洞监视讲波斯语的受害者 https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/ 深度剖析MuddyWater武器库之POWERSTATS后门 https://mp.weixin.qq.com/s/NAyf-l3cs4jzOjxn2EI0KQ 针对中东电信公司的攻击活动 https://www.telsy.com/possible-grunt-covenant-attack-to-telco-company-in-middle-east/