10月4日每日安全热点 - Magecart活动与Cobalt组织有重大联系

2019-10-04 11:00:53 360安全客安全资讯 138951 4

漏洞 Vulnerability

Notepad++ (x64) CVE-2019-16294 远程代码执行漏洞

https://0day.life/exploits/0day-940.html

IBM安全公告：IBM Security Key Lifecycle Manager受跨站点脚本（CVE-2019-4564）的影响

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-key-lifecycle-manager-is-affected-by-cross-site-scripting-cve-2019-4564/

IBM安全公告：IBM Java Runtime中的多个漏洞影响IBM Installation Manager和IBM Packaging Utility

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-7/

恶意软件 Malware

新的Android银行僵尸网络“ Geost”正在活跃

https://www.hackread.com/android-banking-trojan-geost-botnet/

安全事件 Security Incident

PKPLUG：疑似中国网络间谍组织

https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia/

安全资讯 Security Information

Avivore APT 攻击组织披露

https://www.computerweekly.com/news/252471769/New-threat-group-behind-Airbus-cyber-attacks-claim-researchers

阿拉巴马州医院系统因恶意软件攻击而暂停接收病人

http://feedproxy.google.com/~r/Securityweek/~3/j35z6VnX9-g/alabama-hospital-system-halts-admissions-amid-malware-attack

Royals起诉违反英国《数据保护法》的每日邮报

https://packetstormsecurity.com/news/view/30547/Royals-Sue-Daily-Mail-Over-U.K.-Data-Protection-Act-Violation.html

Magecart 攻击活动与Cobalt组织有重大联系

https://www.csoonline.com/article/3443049/cobalt-cybercrime-group-might-be-launching-magecart-skimming-attacks.html#tk.rss_all

安全研究 Security Research

在 A11 SoC 上通过寄存器调试内核

https://bugs.chromium.org/p/project-zero/issues/detail?id=1900

反间谍之旅：首款安卓远控木马工具分析

https://www.freebuf.com/articles/terminal/214201.html

PDF加密标准的弱点

https://nakedsecurity.sophos.com/2019/10/03/pdf-encryption-standard-weaknesses-uncovered/

（完）