网络安全动态 一周速览 2024.10.12 - 2024.10.18

网络安全动态 一周速览

2024.10.12 - 2024.10.18

1.香港数据中心冷却系统爆炸致一人受伤 

Source:https://www.sohu.com/a/816872873_121124371

2.全球最大的音乐公司环球音乐集团承认发生数据泄露，数百名客户信息被盗

Source:https://www.ithome.com/0/800/939.htm

3.Dark Angels勒索软件攻击Windows、Linux和ESXi系统

Source:https://cybersecuritynews.com/dark-angels-ransomware-windows-linux-esxi/#google_vignette

4. CISA警告黑客滥用F5 BIG-IP Cookie进行内部服务器映射

Source:https://www.bleepingcomputer.com/news/security/cisa-hackers-abuse-f5-big-ip-cookies-to-map-internal-servers/

5.Nvidia推出新容器安全应用，强化AI驱动的网络安全

Source:https://www.chinaz.com/ainews/12461.shtml

6.EDRSilencer工具被用于绕过安全检测的攻击

Source:https://www.bleepingcomputer.com/news/security/edrsilencer-red-team-tool-used-in-attacks-to-bypass-security/

7.攻击者滥用合法代码签名证书绕过检测

Source:https://cybersecuritynews.com/hackers-abuse-genuine-code-signing-certificates/

8.Snaphunt招聘平台泄露数十万份简历，求职者数据面临风险

Source:https://cybernews.com/security/snaphunt-data-leak/

9.Game Freak遭遇重大网络攻击，未来宝可梦游戏信息泄露

Source:https://thecyberexpress.com/game-freak-cyberattack/

10.DDoS攻击导致全球最大数字图书馆互联网档案馆宕机

Source:https://thecyberexpress.com/internet-archive-cyberattack-confirmed/

11.丹麦运动模拟器公司泄露110TB用户数据

Source:https://cybernews.com/security/trackman-data-leak/

12.Telekopye网络骗子瞄准住宿预订平台用户

Source:https://www.infosecurity-magazine.com/news/telekopye-target-bookingcom-airbnb/

13.GoldenJackal APT组织入侵欧洲隔离网络系统

Source:https://www.helpnetsecurity.com/2024/10/09/goldenjackal-air-gapped-systems-compromise/

14.黑客控制扫地机器人追逐宠物并辱骂用户

Source:https://www.theverge.com/2024/10/12/24268508/hacked-ecovacs-deebot-x2-racial-slurs-chase-pets

15.思科数据泄露：黑客声称窃取源代码和敏感信息

Source:https://www.freebuf.com/news/412837.html

16.GitHub与Telegram Bot被滥用，新型钓鱼攻击激增

Source:https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html

17.国产操作系统应急响应手册正式发布

Source:https://www.secrss.com/articles/71084

18.OpenAI证实威胁行为者利用ChatGPT编写恶意软件

Source:https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/

19.微软警告客户一个月的安全日志丢失风险

Source:https://www.bleepingcomputer.com/news/security/microsoft-warns-it-lost-some-customers-security-logs-for-a-month/

20.BianLian勒索软件攻击波士顿儿童健康医师集团

Source:https://www.bleepingcomputer.com/news/security/bianlian-ransomware-claims-attack-on-boston-childrens-health-physicians/

21.Globe Life遭黑客勒索，客户数据面临泄露风险

Source:https://www.bleepingcomputer.com/news/security/hackers-blackmail-globe-life-after-stealing-customer-data/

1.Akira与Fog勒索软件利用Veeam远程代码执行漏洞攻击

Source:https://www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/

2.VMware NSX漏洞允许黑客执行任意命令

Source:https://cybersecuritynews.com/vmware-nsx-hacks/

3.攻击者利用CosmicSting漏洞每小时入侵3到5个网站

Source:https://cybersecuritynews.com/3-to-5-websites-hacked-per-hour/

4.SolarWinds Web Help Desk漏洞被用于攻击

Source:https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/

5.Kubernetes Image Builder漏洞可导致SSH root权限访问

Source:https://www.bleepingcomputer.com/news/security/critical-kubernetes-image-builder-flaw-gives-ssh-root-access-to-vms/

6.超过87,000台FortiOS设备面临远程代码执行攻击风险

Source:https://cybersecuritynews.com/87000-fortios-rce-attacks/#google_vignette

7.Jetpack修复自2016年以来的严重信息泄露漏洞

Source:https://www.bleepingcomputer.com/news/security/jetpack-fixes-critical-information-disclosure-flaw-existing-since-2016/

8.GitLab严重漏洞或导致任意CI/CD管道执行

Source:https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html

9.ScarCruft利用IE零日漏洞大规模攻击部署RokRAT恶意软件

Source:https://www.bleepingcomputer.com/news/security/malicious-ads-exploited-internet-explorer-zero-day-to-drop-malware/

10.Jetpack插件修复严重漏洞，影响2700万个网站

Source:https://thecyberexpress.com/jetpack-vulnerability/

11.Apache CloudStack修复关键安全漏洞，发布新版本

Source:https://securityonline.info/apache-cloudstack-patches-critical-security-flaws-in-latest-release/