Matrix SEC每日安全简报（2023.09.20）

[威胁情报CTI]

1. 继vxunderground邀请Lockbit用DDOS攻击自己的网站后，Anonymous Sudan也对其发起DDOS攻击。

2. 据称iOS17已被越狱，但也有说假的"每次看到这张照片只更改iPhone的名称"。

3. Indian Cyber Force声称对孟加拉国多个网站发起DDOS攻击:

   - Evercare Hospitals Bangladesh

   - Bangladesh Specialized Hospital

   - Criminal Investigation Department

   - Bangladesh Election Commission

4. 勒索软件组织Play新增6名新受害者。

[安全简报]

• PacketStorm

Apache Airflow 1.10.10 Remote Code Execution

https://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html

Lexmark Device Embedded Web Server Remote Code Execution

https://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

https://packetstormsecurity.com/files/174761/WordPress-Essential-Blocks-4.2.0-Essential-Blocks-Pro-1.1.0-PHP-Object-Injection.html

Taskhub 2.8.7 SQL Injection

https://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html

Packers And Movers Management System 1.0 SQL Injection

https://packetstormsecurity.com/files/174758/Packers-And-Movers-Management-System-1.0-SQL-Injection.html

Super Store Finder 3.7 Remote Command Execution

https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html

Lamano CMS 2.0 SQL Injection

https://packetstormsecurity.com/files/174707/Lamano-CMS-2.0-SQL-Injection.html

Lacabane 1.0 SQL Injection

https://packetstormsecurity.com/files/174706/Lacabane-1.0-SQL-Injection.html

Free And Open Source Inventory Management System 1.0 SQL Injection

https://packetstormsecurity.com/files/174705/Free-And-Open-Source-Inventory-Management-System-1.0-SQL-Injection.html

• GoogleProjectZero

分析野外安卓漏洞

https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html

• Sucuri Blog

如何查找和修复日本SEO垃圾邮件

https://blog.sucuri.net/2023/09/how-to-find-fix-japanese-seo-spam.html

• BadSectorLabs

上周安全信息

https://blog.badsectorlabs.com/last-week-in-security-lwis-2023-09-19.html

• unit42

伪造的CVE-2023-40477概念验证下载VenomRAT分析

https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

• HackRead

伪造的PoC脚本用于诱骗研究人员下载VenomRAT

https://www.hackread.com/fake-poc-script-researchers-download-venomrat/

诈骗分子利用卫星直播延迟获得投注优势

https://www.hackread.com/crooks-exploited-satellite-tech-betting-scheme/

• BleepingComputer

诈骗者冒充Celsius以破产索赔代理进行网络钓鱼攻击

https://www.bleepingcomputer.com/news/security/claimants-in-celsius-crypto-bankruptcy-targeted-in-phishing-attack/

趋势科技(Trend Micro)修复了攻击中使用的端点保护零日漏洞

https://www.bleepingcomputer.com/news/security/trend-micro-fixes-endpoint-protection-zero-day-used-in-attacks/

黑客上周入侵了国际刑事法院(ICC)的系统

https://www.bleepingcomputer.com/news/security/hackers-breached-international-criminal-courts-systems-last-week/

GitLab敦促用户针对关键漏洞安装安全更新

https://www.bleepingcomputer.com/news/security/gitlab-urges-users-to-install-security-updates-for-critical-pipeline-flaw/

Microsoft将于2026年10月开始停用Exchange Web服务

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-start-retiring-exchange-web-services-in-october-2026/

黑客使用新的HTTPSnoop恶意软件攻击电信供应商

https://www.bleepingcomputer.com/news/security/hackers-backdoor-telecom-providers-with-new-httpsnoop-malware/

• TheHackerNews

ShroudedSnooper的HTTPSnoop恶意软件攻击中东电信公司

https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html

阿塞拜疆成为新一轮基于Rust的恶意软件攻击目标

https://thehackernews.com/2023/09/operation-rusty-flag-azerbaijan.html

新XWorm变种的代码内部

https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html

Earth Lusca新的SprySOCKS Linux后门攻击政府

https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

Microsoft AI研究人员意外暴露了38TB的机密数据

https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

近12,000个Juniper网络防火墙容易受到最近披露的RCE漏洞的攻击

https://thehackernews.com/2023/09/over-12000-juniper-firewalls-found.html

Transparent Tribe使用虚假的YouTube Android应用程序传播CapraRAT恶意软件

https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html

• Malwarebytes Labs

元宇宙的隐私风险

https://www.malwarebytes.com/blog/personal/2023/09/the-privacy-perils-of-the-metaverse

• SecurityBoulevard

8Base 勒索软件网站的幕后黑手是谁?

https://securityboulevard.com/2023/09/whos-behind-the-8base-ransomware-website/

LockBit的分支在勒索软件攻击中使用RMM软件

https://securityboulevard.com/2023/09/lockbit-affiliates-use-rmm-software-in-ransomware-attacks/

• DataBreaches

WeLeakInfo.to的客户将收到荷兰警方的消息

https://www.databreaches.net/customers-of-weleakinfo-to-will-receive-a-message-from-the-dutch-police/

以色列心理健康中心遭受网络攻击

https://www.databreaches.net/israeli-mental-health-center-in-jerusalem-hit-with-cyberattack/

• SANS

针对旧版Adobe Experience Manager漏洞的模糊扫描

https://isc.sans.edu/diary/rss/30230