漏洞 Vulnerability
CVE-2021-38294: Apache Storm 命令注入漏洞
https://seclists.org/oss-sec/2021/q4/44
Linux BusyBox 产品多个安全漏洞
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
安全事件 Security Incident
Clop团伙利用勒索软件攻击中的SolarWinds Serv-U漏洞
https://www.bleepingcomputer.com/news/security/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks/
泄露的Docker Hub帐户被滥用,被TeamTNT用于挖矿
https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html
伊朗黑客 Lyceum 瞄准电信,ISPS
https://www.zdnet.com/article/meet-lyceum-iranian-hackers-targeting-telecoms-isps/
DDoS攻击使Bandwidth.com损失近1200万美元
https://www.zdnet.com/article/ddos-attack-cost-bandwidth-com-nearly-12-million/
墨西哥出现Dridex银行恶意软件
https://www.databreachtoday.com/dridex-banking-malware-turns-up-in-mexico-a-17879
台湾政府每天面临500万次黑客攻击
https://securityaffairs.co/wordpress/124444/intelligence/taiwan-cyber-attack-from-china.html
研究人员发现PhoneSpy恶意软件在监视韩国公民
https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html
新安卓恶意软件的目标是Netflix、Instagram和Twitter用户
https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/
Medatixx遭到勒索软件攻击,客户需要尽快更改密码
https://heimdalsecurity.com/blog/medatixx-hit-with-ransomware-attack-customers-need-to-change-passwords-asap/
Kimsuky利用恶意博客向韩国智库人员分发恶意软件
https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html
朝鲜APT组织Lazarus对安全人员发起攻击
https://mp.weixin.qq.com/s/vCNvpQztti13NHosrZ90hQ
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论