12月31日每日安全热点 - 攻击者利用HP iLO rootkit擦除伊朗组织的服务器

2021-12-31 09:30:47 360安全客安全资讯 70561 4

漏洞 Vulnerability

CVE-2021-44145：Apache NiFi XML外部实体注入(XXE)漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-44145

CVE-2021-43855：Wiki.js 跨站脚本漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-43855

CVE-2021-43856：Wiki.js 跨站脚本漏洞

https://nvd.nist.gov/vuln/detail/CVE-2021-43856

安全事件 Security Incident

被log4j黑客攻击的金融公司ONUS拒绝支付赎金导致200万客户数据泄露

https://www.bleepingcomputer.com/news/security/fintech-firm-hit-by-log4j-hack-refuses-to-pay-5-million-ransom/

LastPass用户主密码已被泄露

https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/

三星Galaxy商店中存在大量风险软件

https://www.bleepingcomputer.com/news/security/riskware-android-streaming-apps-found-on-samsungs-galaxy-store/

与中国国家支持的黑客相关的新恶意软件Flagpro

https://www.bleepingcomputer.com/news/security/new-flagpro-malware-linked-to-chinese-state-backed-hackers/

RedLine恶意软件将窃取浏览器中保存的密码

https://www.bleepingcomputer.com/news/security/redline-malware-shows-why-passwords-shouldnt-be-saved-in-browsers/

AQUATIC PANDA利用Log4Shell漏洞攻击学术机构

https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/

攻击者利用HP iLO rootkit擦除伊朗组织的服务器

https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

（完）