10月25日每日安全热点 - 客户服务公司Atento遭受网络攻击

2021-10-25 09:30:23 360安全客安全资讯 22624 4

漏洞 Vulnerability

CVE-2021-34362: QNAP 媒体插件命令注入漏洞安全更新

https://www.qnap.com/en/security-advisory/qsa-21-44

CVE-2021-22965: Pulse Connect Secure安全更新

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44899/

安全事件 Security Incident

YouTube创建者账户被窃取cookie的恶意软件劫持

https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/

政治主题攻击者使用旧的 MS Office 漏洞传播多个 RAT

https://www.bleepingcomputer.com/news/security/political-themed-actor-using-old-ms-office-flaw-to-drop-multiple-rats/

Lyceum APT返回，这次目标是突尼斯公司

https://threatpost.com/lyceum-apt-tunisian-firms/175579/

在Windows、Linux和macOS设备上运行Cryptominer时发现恶意NPM包

https://thehackernews.com/2021/10/malicious-npm-packages-caught-running.html

客户服务公司Atento遭受网络攻击

https://www.zdnet.com/article/customer-services-firm-atento-hit-by-cyberattack/

RAT恶意软件通过网络和种子在韩国传播

https://www.bleepingcomputer.com/news/security/rat-malware-spreading-in-korea-through-webhards-and-torrents/

（完）