漏洞 Vulnerability CVE-2021-38294: Apache Storm 命令注入漏洞 https://seclists.org/oss-sec/2021/q4/44 Linux BusyBox 产品多个安全漏洞 https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ 安全事件 Security Incident Clop团伙利用勒索软件攻击中的SolarWinds Serv-U漏洞 https://www.bleepingcomputer.com/news/security/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks/ 泄露的Docker Hub帐户被滥用，被TeamTNT用于挖矿 https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html 伊朗黑客 Lyceum 瞄准电信，ISPS https://www.zdnet.com/article/meet-lyceum-iranian-hackers-targeting-telecoms-isps/ DDoS攻击使Bandwidth.com损失近1200万美元 https://www.zdnet.com/article/ddos-attack-cost-bandwidth-com-nearly-12-million/ 墨西哥出现Dridex银行恶意软件 https://www.databreachtoday.com/dridex-banking-malware-turns-up-in-mexico-a-17879 台湾政府每天面临500万次黑客攻击 https://securityaffairs.co/wordpress/124444/intelligence/taiwan-cyber-attack-from-china.html 研究人员发现PhoneSpy恶意软件在监视韩国公民 https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html 新安卓恶意软件的目标是Netflix、Instagram和Twitter用户 https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/ Medatixx遭到勒索软件攻击，客户需要尽快更改密码 https://heimdalsecurity.com/blog/medatixx-hit-with-ransomware-attack-customers-need-to-change-passwords-asap/ Kimsuky利用恶意博客向韩国智库人员分发恶意软件 https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html 朝鲜APT组织Lazarus对安全人员发起攻击 https://mp.weixin.qq.com/s/vCNvpQztti13NHosrZ90hQ