[威胁情报CTI]
APT28攻击乌克兰关键能源基础设施。
据称,FBI Oklahoma City已被黑客入侵(未知真假)。
来自印度尼西亚的黑客组织将在G20峰会在2023年9月9日至10日以代号#OPINDIA向印度发动网络攻击。
一名论坛用户正在出售SnapNHD (snapnhd.com)378GB数据。
一名论坛用户正在出售华盛顿市大都会俱乐部(metroclub.com)2.1TB数据,但是此前ransomed将华盛顿市大都会俱乐部列为受害者名单。
勒索软件组织Cactus新增5名新受害者,分别是:
- Seymours (seymours-estates.co.uk)
- Groupe Promotrans (promotrans.fr)
- MINEMAN Systems (mineman.com)
- Maxxd Trailers (maxxdtrailers.com)
- Marfrig Global Foods (marfrig.com.br)
勒索软件组织PLAY新增6名新受害者,分别是:
- Precisely (precisely.com)
- Kikkerland Design (kikkerland.com)
- MA micro automation (micro-automation.de)
- Master Interiors (masterinteriors.com)
- Bordelon Marine (bordelonmarine.com)
- Majestic Spice (majesticspice.com)
[安全简报]
PacketStorm
SolarView Compact 6.00 Remote Command Execution
https://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html
WordPress Newsletter 7.8.9 Cross Site Scripting
https://packetstormsecurity.com/files/174536/WordPress-Newsletter-7.8.9-Cross-Site-Scripting.html
Microsoft Windows Privilege Escalation
https://packetstormsecurity.com/files/174528/Microsoft-Windows-Privilege-Escalation.html
OpenCart CMS 4.0.2.2 Brute Force
https://packetstormsecurity.com/files/174525/OpenCart-CMS-4.0.2.2-Brute-Force.html
Cleaning Business Software 1.0 Cross Site Scripting
https://packetstormsecurity.com/files/174521/Cleaning-Business-Software-1.0-Cross-Site-Scripting.html
Event Booking Calendar 4.0 Cross Site Scripting
https://packetstormsecurity.com/files/174520/Event-Booking-Calendar-4.0-Cross-Site-Scripting.html
Firefox 117 Denial Of Service
https://packetstormsecurity.com/files/174516/Firefox-117-Denial-Of-Service.html
Cinema Booking System 1.0 Cross Site Scripting
https://packetstormsecurity.com/files/174514/Cinema-Booking-System-1.0-Cross-Site-Scripting.html
JZDCMS 1.3 Cross Site Scripting
https://packetstormsecurity.com/files/174513/JZDCMS-1.3-Cross-Site-Scripting.html
Infinity Market Classified Ads Script 1.6.2 Cross Site Scripting
https://packetstormsecurity.com/files/174511/Infinity-Market-Classified-Ads-Script-1.6.2-Cross-Site-Scripting.html
ImgHosting 1.3 SQL Injection
https://packetstormsecurity.com/files/174510/ImgHosting-1.3-SQL-Injection.html
Malwarebytes Labs
Mac用户成为新的恶意广告活动的目标
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
BleepingComputer
Rockstar在Steam上销售的《Midnight Club II》被发现是破解版
https://www.bleepingcomputer.com/news/gaming/rockstar-games-reportedly-sold-games-with-razor-1911-cracks-on-steam/
密歇根大学(UMICH)要求在网络攻击后重置密码
https://www.bleepingcomputer.com/news/security/university-of-michigan-requires-password-resets-after-cyberattack/
Flipper Zero可用于发起iOS蓝牙垃圾邮件攻击
https://www.bleepingcomputer.com/news/security/flipper-zero-can-be-used-to-launch-ios-bluetooth-spam-attacks/
黑客从Windows崩溃转储中窃取了Microsoft签名密钥
https://www.bleepingcomputer.com/news/microsoft/hackers-stole-microsoft-signing-key-from-windows-crash-dump/
Mirai变种感染低成本Android电视盒进行DDoS攻击
https://www.bleepingcomputer.com/news/security/mirai-variant-infects-low-cost-android-tv-boxes-for-ddos-attacks/
CyberNews
LADbible Group 泄露内部数据
https://cybernews.com/security/ladbible-group-leaks-internal-data/
LastPass再次受到抨击,因为用户被盗的加密密钥丢失
https://cybernews.com/crypto/crypto-heist-lastpass-blamed/
美国联合航空公司因软件故障而停飞
https://cybernews.com/news/united-airlines-grounded-by-software-glitch/
Security Lab
Notepad++多个缓冲区溢出漏洞分析
CVE-2023-40031
CVE-2023-40036
CVE-2023-40164
CVE-2023-40166
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
Microsoft
Storm-0558密钥获取重大技术调查结果
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
黑海洋 - WIKI
Windows 12 网页版-在线预先体验Windows 12
https://blog.upx8.com/3821
SANS
安全相关 DNS 记录
https://isc.sans.edu/diary/rss/30194
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...