Matrix SEC每日安全简报（2023.09.21）

[威胁情报CTI]

1. CobaltStrike更新4.9版本。

   
   

2. 澳大利亚网络大会计划暂定于2023年10月17日星期二在墨尔本召开。

   
   

3. TransUnion发表声明，在黑客USDoD发布泄露数据后，立即展开了彻底的调查，没有发现任何迹象表明系统被入侵和数据泄露，并且与所谓的泄露数据内容和格式不匹配。

   
   

4. CoDC入侵哥伦比亚信息技术和通信部(mintic.gov.co)

   
   

5. 黑客组织SiegedSec泄露PeerBerry数据。

   
   

[安全简报]

• HackerOne

[Mozilla Core Services]

Bugzilla登录页面上超过速率限制会暴露速率限制

https://hackerone.com/reports/1989901

在bugzilla.mozilla.org的注释编辑功能的存储型XSS漏洞

https://hackerone.com/reports/2111291

IDOR - 代表其他用户发送消息

https://hackerone.com/reports/1888545

[curl]

idn.c中的空指针

https://hackerone.com/reports/2171309

• PacketStorm

Lamano CMS 2.0 Cross Site Request Forgery

https://packetstormsecurity.com/files/174772/Lamano-CMS-2.0-Cross-Site-Request-Forgery.html

WordPress Theme My Login 2FA Brute Force

https://packetstormsecurity.com/files/174765/WordPress-Theme-My-Login-2FA-Brute-Force.html

• cobaltstrike

CobaltStrike更新4.9版本，更新内容如下:

- 后渗透功能更新

- 无需反射加载即可导出Beacon

- 支持Callback

- Beacon数据存储

- Beacon用户数据

- WinHTTP支持

- HTTP(S)监听的主机配置文件支持

- 客户端之间通信

- BOF更新

- Sleep延迟更新

- System Call更新

- 版本授权迭代兼容性

https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader

• CyberConference

澳大利亚网络大会计划暂定于2023年10月17日星期二在墨尔本召开

https://cyberconference.com.au/images/pages/program/pdf/AISA-CYBERCON-2023-MELBOURNE-Full-Program.pdf

• CISA

cisa发布了一份Snatch勒索软件组织的报告

https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf

• CERT-FR

法国CERT发布了一份《FIN12:拥有多个勒索软件的犯罪组织》报告

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-007.pdf

• Barracuda

梭子鱼网络发布电子邮件收件箱规则操纵警告

https://blog.barracuda.com/2023/09/20/threat-spotlight-attackers-inbox-rules-evade-detection

• Businesswire

联盟报告揭示勒索软件卷土重来

https://www.businesswire.com/news/home/20230920444160/en/Cyber-Insurance-Claims-Frequency-and-Severity-Both-Increased-For-Businesses-in-1H-2023-Coalition-Report-Finds

• BleepingComputer

P2PInfect僵尸网络活动激增600倍，具有更隐蔽的恶意软件变种

https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/

T-Mobile应用程序故障让用户看到其他人的帐户信息

https://www.bleepingcomputer.com/news/security/t-mobile-app-glitch-let-users-see-other-peoples-account-info/

TransUnion否认被黑客入侵，链接将数据泄露给第三方

https://www.bleepingcomputer.com/news/security/transunion-denies-it-was-hacked-links-leaked-data-to-3rd-party/

Free Download Manager(FDM)发布脚本检查Linux恶意软件

https://www.bleepingcomputer.com/news/security/free-download-manager-releases-script-to-check-for-linux-malware/

Signal在其E2EE消息传递协议中添加了抗量子加密(PQC)

https://www.bleepingcomputer.com/news/security/signal-adds-quantum-resistant-encryption-to-its-e2ee-messaging-protocol/

• TheHackerNews

芬兰当局捣毁臭名昭著的PIILOPUOTI暗网毒品市场

https://thehackernews.com/2023/09/finnish-authorities-dismantle-notorious.html

Nagios XI网络监控软件中暴露的关键安全漏洞

https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html

新一波恶意npm包威胁Kubernetes配置和SSH密钥

https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html

GitLab针对关键漏洞发布紧急安全补丁

https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html

趋势科技(Trend Micro)针对关键安全漏洞发布紧急修复程序

https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html

• Malwarebytes Labs

DoppelPaymer勒索软件组织嫌疑人已经确认

https://www.malwarebytes.com/blog/news/2023/09/doppelpaymer-ransomware-group-suspects-identified

• DataBreaches

加拿大机场的中断是由DDoS攻击引起的

https://www.databreaches.net/outage-at-canadian-airports-was-from-a-ddos-attack/

芒特迪瑟特岛医院再次遭到数据泄露，但仍未透露泄露了哪些数据

https://www.databreaches.net/mount-desert-island-hospital-updates-its-breach-disclosure-again-but-still-doesnt-reveal-what-data-were-leaked/

学校是勒索软件团伙最针对的行业

https://www.databreaches.net/schools-are-the-most-targeted-industry-by-ransomware-gangs/

• SANS

什么是正常的?DNS TTL值

https://isc.sans.edu/diary/rss/30234