Matrix SEC每日安全简报（2023.09.23）

[威胁情报CTI]

1. 2个关于名称为"Sangfor SSL VPN.exe"的样本。

   
   

2. DDoS提供商Skynet瞄准了vxunderground，Apple，Telegram，Azure，Sucuri，StackPath和PlayStation等公司。还得到了AnonymousSudan的认可，telegram.com确实遭遇ddos攻击，现已恢复。

   
   

3. 一位用户发布了T-Mobile(t-mobile.com)的数据库。T-Mobile此前曾在2021年遭到泄露。

   
   

4. 一位用户正在出售Partido Revolucionario Instituciona (pri.org.mx) 数据。

   
   

5. 勒索软件组织ALPHV新增6名新受害者，分别是：

   - RUKO GmbH

   - Mole Valley Farmers

   - ENDE EP

   - Cosal

   - Arail Construction & Industrial Co. Ltd

   - Unique Engineering and Construction Public Company Limited

   
   

[安全简报]

• HackerOne

[LinkedIn]

允许招聘人员查看超出权限的求职者数据

https://hackerone.com/reports/560668

[Nord Security]

手动连接设置服务凭据的电子邮件验证绕过 赏金: $250.00

https://hackerone.com/reports/2049021

[Slack]

通过WebSocket向工作区成员提供哈希数据公开

https://hackerone.com/reports/1639600

• PacketStorm

Elasticsearch 8.5.3 Stack Overflow

https://packetstormsecurity.com/files/174807/Elasticsearch-8.5.3-Stack-Overflow.html

Taskhub 2.8.8 Cross Site Scripting

https://packetstormsecurity.com/files/174803/Taskhub-2.8.8-Cross-Site-Scripting.html

• CyberWarZone

域名仿冒如何使荷兰市政当局损失236,000欧元

https://cyberwarzone.com/how-typosquatting-cost-a-dutch-municipality-e236000/

• Mandiant

特殊外交:APT29 快速发展的外交网络钓鱼行动

https://www.mandiant.com/resources/blog/apt29-evolving-diplomatic-phishing

• Eclypsium

eclypsium发布一份《医疗机构面临的网络威胁》报告

https://eclypsium.com/wp-content/uploads/The-Threat-Landscape-for-Healthcare-Organizations.pdf

• Praetorian

DoubleQlik: 绕过 CVE-2023-41265 修复，实现未经身份验证的远程代码执行

https://www.praetorian.com/blog/doubleqlik-bypassing-the-original-fix-for-cve-2023-41265/

• SecurityWeek

Apple修补的3个0-day漏洞可能被间谍软件供应商用来入侵iPhone

https://www.securityweek.com/apple-patches-3-zero-days-likely-exploited-by-spyware-vendor-to-hack-iphones/

• BleepingComputer

达拉斯称勒索软件组织Royal使用被盗账户破坏其网络

https://www.bleepingcomputer.com/news/security/dallas-says-royal-ransomware-breached-its-network-using-stolen-account/

尼日利亚男子承认企图抢劫6万美元的BEC电子邮件

https://www.bleepingcomputer.com/news/security/nigerian-man-pleads-guilty-to-attempted-6-million-bec-email-heist/

最近修补的苹果，Chrome零日漏洞被间谍软件攻击所利用

https://www.bleepingcomputer.com/news/security/recently-patched-apple-chrome-zero-days-exploited-in-spyware-attacks/

T-Mobile否认新的数据泄露传闻，指出授权零售商

https://www.bleepingcomputer.com/news/security/t-mobile-denies-new-data-breach-rumors-points-to-authorized-retailer/

酒店黑客将客人重定向到假Booking.com窃取信息

https://www.bleepingcomputer.com/news/security/hotel-hackers-redirect-guests-to-fake-bookingcom-to-steal-cards/

• TheHackerNews

银行木马BBTok的新变种针对40多家拉丁美洲银行

https://thehackernews.com/2023/09/new-variant-of-banking-trojan-bbtok.html

如何解读2023年MITRE ATT&CK评估结果

https://thehackernews.com/2023/09/how-to-interpret-2023-mitre-att.html

伊朗APT OilRig瞄准以色列组织

https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html

在Atlassian产品和ISC BIND服务器中发现的高严重性漏洞

https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html

• DataBreaches

全国学生信息中心代表近900所受MOVEit漏洞影响的学校通知加利福尼亚州

https://www.databreaches.net/national-student-clearinghouse-notifies-california-on-behalf-of-almost-900-schools-affected-by-moveit-breach/

Nansen警告供应商安全事件暴露客户数据后潜在的网络钓鱼攻击

https://www.databreaches.net/nansen-warns-of-potential-phishing-attacks-following-vendor-security-incident-exposing-customer-data/

关于明尼苏达大学数据泄露的信息

https://www.databreaches.net/what-to-know-about-the-university-of-minnesotas-data-breach/

俄亥俄州社区学院数据盗窃泄露影响近300K

https://www.databreaches.net/ohio-community-college-data-theft-breach-affects-nearly-300k/