漏洞 Vulnerability CVE-2021-43267:Linux Kernel TIPC远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=d7c6812ad34259b0f388ac7ad7e87a62 安全事件 Security Incident 针对ManageEngine ADSelfService Plus的攻击活动分析 https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ BlackBerry发现3个威胁组织之间的关联 https://blogs.blackberry.com/en/2021/11/zebra2104 利用Microsoft Exchange ProxyShell漏洞部署Babuk勒索软件 https://www.bleepingcomputer.com/news/security/microsoft-exchange-proxyshell-exploits-used-to-deploy-babuk-ransomware/ 流行的“coa”NPM库被劫持以窃取用户密码 https://www.bleepingcomputer.com/news/security/popular-coa-npm-library-hijacked-to-steal-user-passwords/ 勒索失败后，伊朗黑客泄露以色列LGBTQ约会应用程序数据 https://www.hackread.com/ransom-fail-iranian-hackers-leak-israeli-lgbtq-dating-app-data/ Mekotio Banker凭借改进的隐形和古老的加密技术回归 https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/ 部落社区的赌场在勒索软件攻击中损失了数百万 https://securityaffairs.co/wordpress/124273/cyber-crime/ransomware-casinos-tribal-communities.html 攻击者从bZx DeFi平台窃取了价值5500万美元的加密货币 https://securityaffairs.co/wordpress/124266/cyber-crime/bzx-defi-platform-hacked.html DanaBot恶意软件活动激增 https://www.zscaler.com/blogs/security-research/spike-danabot-malware-activity 针对医疗技术供应商QRS的网络攻击导致32万名患者的数据被盗 https://www.scmagazine.com/analysis/breach/cyberattack-on-health-tech-vendor-qrs-leads-to-data-theft-tied-to-320k-patients