Matrix SEC每日安全简报（2023.09.26）

[威胁情报CTI]

1. Docker vs Kubernetes。

   
   

2. 勒索软件组织Ransomedvc新增1名新受害者，分别是：

   - 索尼(sony.com)

   早些时候，索尼被CL0P勒索软件组织添加受害者。
   

   Sample

   
   

3. 勒索软件组织NoEscape新增1名新受害者，分别是：

   - Leekes (leekes.co.uk) 130GB

   Leekes是位于威尔士的家居用品，家居装饰用品和相关物品零售商。

   
   

4. 勒索软件组织Rhysida新增1名新受害者，分别是：

   - 科威特财政部 (mof.gov.kw)

   其官网已经Down

   
   

[安全简报]

• HackerOne

[LinkedIn]

可以观看需要订阅的LinkedIn学习视频，而无需通过"共享功能"订阅

https://hackerone.com/reports/1809633

LinkedIn用户主电子邮件+全名可见性

https://hackerone.com/reports/878724

HTTP请求走私(CL.0)导致在没有用户交互的情况下将用户大量重定向到攻击者服务器

https://hackerone.com/reports/1943608

• PacketStorm

RoyalTSX 6.0.1 RTSZ File Handling Heap Memory Corruption

https://packetstormsecurity.com/files/174827/RoyalTSX-6.0.1-RTSZ-File-Handling-Heap-Memory-Corruption.html

OPNsense 23.1.11_1/23.7.3/23.7.4 Cross Site Scripting/Privilege Escalation

https://packetstormsecurity.com/files/174826/OPNsense-23.1.11_1-23.7.3-23.7.4-Cross-Site-Scripting-Privilege-Escalation.html

LogoBee CMS 0.2 Cross Site Scripting

https://packetstormsecurity.com/files/174815/LogoBee-CMS-0.2-Cross-Site-Scripting.html

Lamano LMS 0.1 Insecure Settings

https://packetstormsecurity.com/files/174814/Lamano-LMS-0.1-Insecure-Settings.html

• Portswigger

DOM 入侵者和直接评估与间接评估的情况

https://portswigger.net/blog/dom-invader-and-the-case-of-direct-eval-vs-indirect-eval

• The DFIR Report

在61小时内从屏幕连接到Hive勒索软件

https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/

• Socradar

由于云配置错误，超过400K存储桶和10.4B文件是公开的

https://socradar.io/over-400k-buckets-and-104b-files-are-public-due-to-cloud-misconfigurations/

• HackRead

Mixin Network在200亿美元加密黑客攻击后停止服务

https://www.hackread.com/mixin-network-loses-200m-crypto-hack/

900所美国学校受到MOVEit黑客攻击，暴露了学生数据

https://www.hackread.com/900-us-schools-moveit-hack-student-data-expose/

Deadglyph: 与中东隐形猎鹰APT相关的新后门

https://www.hackread.com/deadglyph-backdoor-stealth-falcon-apt-middle-east/

• BleepingComputer

Better OutcomesRegistry & Network(BORN)安大略儿童注册数据泄露影响3万人

https://www.bleepingcomputer.com/news/security/born-ontario-child-registry-data-breach-affects-34-million-people/

谷歌将于2024年1月停用Gmail基本HTML视图

https://www.bleepingcomputer.com/news/security/google-is-retiring-its-gmail-basic-html-view-in-january-2024/

Xenomorph Android恶意软件现在针对美国银行和加密钱包

https://www.bleepingcomputer.com/news/security/xenomorph-android-malware-now-targets-us-banks-and-crypto-wallets/

Mixin Network在200亿美元黑客攻击后暂停运营

https://www.bleepingcomputer.com/news/security/mixin-network-suspends-operations-following-200-million-hack/

• TheHackerNews

乌克兰军方利用无人机手册瞄准网络钓鱼活动

https://thehackernews.com/2023/09/ukrainian-military-targeted-in-phishing.html

从水坑到间谍软件: EvilBamboo

https://thehackernews.com/2023/09/from-watering-hole-to-spyware.html

• DataBreaches

AlphV声称已经打击了明尼苏达州MNGI

https://www.databreaches.net/alphv-claims-to-have-hit-mngi-digestive-health-developing/

25,000名香港人在消费者监管机构受到网络攻击后面临风险的个人数据，高于早前估计的8,000人

https://www.databreaches.net/personal-data-of-25000-hongkongers-at-risk-after-cyberattack-against-consumer-watchdog-up-from-earlier-estimate-of-8000/

• SANS

YARA 支持 .LNK 文件

https://isc.sans.edu/diary/rss/30244