11月12日每日安全热点 - 墨西哥出现Dridex银行恶意软件

2021-11-12 09:30:42 360安全客安全资讯 70446 4

漏洞 Vulnerability

CVE-2021-38294: Apache Storm 命令注入漏洞

https://seclists.org/oss-sec/2021/q4/44

Linux BusyBox 产品多个安全漏洞

https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/

安全事件 Security Incident

Clop团伙利用勒索软件攻击中的SolarWinds Serv-U漏洞

https://www.bleepingcomputer.com/news/security/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks/

泄露的Docker Hub帐户被滥用，被TeamTNT用于挖矿

https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html

伊朗黑客 Lyceum 瞄准电信，ISPS

https://www.zdnet.com/article/meet-lyceum-iranian-hackers-targeting-telecoms-isps/

DDoS攻击使Bandwidth.com损失近1200万美元

https://www.zdnet.com/article/ddos-attack-cost-bandwidth-com-nearly-12-million/

墨西哥出现Dridex银行恶意软件

https://www.databreachtoday.com/dridex-banking-malware-turns-up-in-mexico-a-17879

台湾政府每天面临500万次黑客攻击

https://securityaffairs.co/wordpress/124444/intelligence/taiwan-cyber-attack-from-china.html

研究人员发现PhoneSpy恶意软件在监视韩国公民

https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html

新安卓恶意软件的目标是Netflix、Instagram和Twitter用户

https://www.bleepingcomputer.com/news/security/new-android-malware-targets-netflix-instagram-and-twitter-users/

Medatixx遭到勒索软件攻击，客户需要尽快更改密码

https://heimdalsecurity.com/blog/medatixx-hit-with-ransomware-attack-customers-need-to-change-passwords-asap/

Kimsuky利用恶意博客向韩国智库人员分发恶意软件

https://blog.talosintelligence.com/2021/11/kimsuky-abuses-blogs-delivers-malware.html

朝鲜APT组织Lazarus对安全人员发起攻击

https://mp.weixin.qq.com/s/vCNvpQztti13NHosrZ90hQ

（完）