11月11日每日安全热点 - 相煎何急蔓灵花针对巴基斯坦政府机构定向攻击

360安全客 安全资讯 66689 4

安全事件 Security Incident
Lyceum利用新恶意软件攻击中东和非洲的ISP和电信公司
https://www.prevailion.com/latest-targets-of-cyber-group-lyceum/
针对韩国国防和安全领域专家的攻击活动
https://blog.alyac.co.kr/4255?category=957259
Lazarus组织的NukeSped恶意软件分析报告
https://asec.ahnlab.com/ko/28527/
相煎何急,印APT组织蔓灵花针对巴基斯坦政府机构展开定向攻击
http://report.threatbook.cn/BT.pdf
谷歌广告用于窃取凭证和流失账户
https://heimdalsecurity.com/blog/google-ads-used-for-stealing-credentials-and-draining-accounts/
电子产品零售巨头MediaMarkt受到勒索软件攻击
https://www.bleepingcomputer.com/news/security/electronics-retail-giant-mediamarkt-hit-by-ransomware-attack/
Hive 勒索软件团伙攻击 MediaMarkt
https://heimdalsecurity.com/blog/hive-ransomware-gang-impacts-mediamarkt/
REvil勒索软件疑犯在全球警方打击行动中被捕
https://www.databreachtoday.com/revil-ransomware-suspects-snared-in-global-police-crackdown-a-17864
Robinhood遭到数据泄露和敲诈勒索
https://www.databreachtoday.com/robinhood-reveals-data-breach-extortion-shakedown-a-17869
WooCommerce Skimmer伪造结账页面
https://blog.sucuri.net/2021/11/woocommerce-skimmer-spoofs-checkout-page.html
Black Shadow 泄露以色列患者记录和数据
https://www.databreachtoday.com/black-shadow-group-leaks-israeli-patient-records-data-a-17866
攻击者使用已知的 Zoho 漏洞危害关键行业的公司
https://www.scmagazine.com/analysis/cyberespionage/campaign-used-known-zoho-bug-to-compromise-firms-across-critical-industries
上个月修补的Sitecore XP RCE漏洞现已被积极利用
https://www.bleepingcomputer.com/news/security/sitecore-xp-rce-flaw-patched-last-month-now-actively-exploited/
(完)