10月23日每日安全热点 - 美国政府泄漏的军事人员数据179G

2019-10-23 10:00:20 360安全客安全资讯 76215 4

漏洞 Vulnerability

winrar外部实体注入

https://cxsecurity.com/issue/WLB-2019100142

ThinkCMF框架上的任意内容包含漏洞

https://www.freebuf.com/vuls/217586.html

恶意软件 Malware

gustuffv勒索软件分析

https://blog.talosintelligence.com/2019/10/gustuffv2.html

Remcos RAT的新变种攻击分析

https://www.secpulse.com/archives/116213.html

Spelevo EK利用Flash Player漏洞下发勒索软件

https://securityintelligence.com/news/spelevo-ek-exploits-flash-player-vulnerability-to-deliver-maze-ransomware/

安全研究 Security Research

美国政府泄漏的军事人员数据，179G

https://threatpost.com/government-military-personnel-data-leaked/149386/

勒索软件利用恶意文档和PowerShell加密文件

https://www.bromium.com/ransomware-goes-fileless-uses-malicious-documents-and-powershell-to-encrypt-files/

McAfee ATR分析Sodinokibi aka REvil勒索软件

https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-crescendo/

LazarusAPT组织攻击样本分析

https://blog.alyac.co.kr/2388

Magecart Group 5与Carbanak APT之间的关联分析

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hunting-threats-on-twitter

如何使用社交媒体收集威胁情报

https://www.thanassis.space/myowncpu.html

Microsoft Defender ATP的防病毒程序揭示Astaroth攻击

https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

（完）