¶íÂÞ˹ÒÉËÆÊ¹ÓÃNTLMÐÂÎó²î¶ÔÎÚ¿ËÀ¼·¢¶¯ÍøÂç¹¥»÷
Ðû²¼Ê±¼ä 2024-11-151. ¶íÂÞ˹ÒÉËÆÊ¹ÓÃNTLMÐÂÎó²î¶ÔÎÚ¿ËÀ¼·¢¶¯ÍøÂç¹¥»÷
11ÔÂ14ÈÕ£¬£¬£¬£¬£¬£¬¿ËÈÕÒ»¸öÃûΪCVE-2024-43451µÄÐÂÇå¾²Îó²îÓ°ÏìÁËWindows NT LANÖÎÀíÆ÷£¨NTLM£©£¬£¬£¬£¬£¬£¬¸ÃÎó²î±»ÒÉËÆÓë¶íÂÞ˹ÓйصÄÐÐΪÕßʹÓÃΪÁãÈÕÎó²î£¬£¬£¬£¬£¬£¬¶ÔÎÚ¿ËÀ¼·¢¶¯ÍøÂç¹¥»÷¡£¡£¡£¡£¡£¡£´ËÎó²î±»ÃüÃûΪNTLM¹þϣй¶ÓÕÆÎó²î£¬£¬£¬£¬£¬£¬CVSSÆÀ·ÖΪ6.5£¬£¬£¬£¬£¬£¬¿É±»ÓÃÀ´ÇÔÈ¡Óû§µÄNTLMv2¹þÏ£¡£¡£¡£¡£¡£¡£Î¢ÈíÒÑʵʱÐÞ²¹Á˸ÃÎó²î£¬£¬£¬£¬£¬£¬²¢Ö¸³öÓû§Óë¶ñÒâÎļþ¾ÙÐÐ×îС½»»¥¶¼¿ÉÄÜ´¥·¢Îó²î¡£¡£¡£¡£¡£¡£ÒÔÉ«ÁÐÍøÂçÇå¾²¹«Ë¾ClearSky·¢Ã÷£¬£¬£¬£¬£¬£¬¸ÃÎó²îÒѱ»ÓÃÓÚÈö²¥¿ªÔ´Spark RAT¶ñÒâÈí¼þµÄ¹¥»÷Á´ÖУ¬£¬£¬£¬£¬£¬¶ñÒâÎļþÍйÜÔÚÎÚ¿ËÀ¼Õþ¸®¹Ù·½ÍøÕ¾ÉÏ¡£¡£¡£¡£¡£¡£¹¥»÷Á´Éæ¼°·¢ËÍÍøÂç´¹ÂÚµç×ÓÓʼþ£¬£¬£¬£¬£¬£¬ÌáÐÑÊÕ¼þÈ˵ã»÷ÏÝÚåURLÏÂÔØ°üÀ¨¶ñÒâ.URLÎļþµÄZIP´æµµ¡£¡£¡£¡£¡£¡£µ±Êܺ¦ÕßÓëURLÎļþ½»»¥Ê±£¬£¬£¬£¬£¬£¬¾Í»á´¥·¢Îó²î£¬£¬£¬£¬£¬£¬µ¼ÖÂÏÂÔØÆäËûÓÐÓøºÔØ£¬£¬£¬£¬£¬£¬°üÀ¨Spark RAT¡£¡£¡£¡£¡£¡£ÎÚ¿ËÀ¼ÅÌËã»úÓ¦¼±·´Ó¦Ð¡×é(CERT-UA)½«´Ë»î¶¯Óë¿ÉÄܵĶíÂÞ˹ÍþвÐÐΪÕßUAC-0194ÁªÏµÆðÀ´£¬£¬£¬£¬£¬£¬²¢ÖÒÑԳƣ¬£¬£¬£¬£¬£¬ÆóÒµÓëÔ¶³ÌÒøÐÐϵͳÐ×÷µÄ»á¼Æ´¦ÓÚ¸ßΣº¦Çø£¬£¬£¬£¬£¬£¬×ʽð¿ÉÄÜÔÚ¶Ìʱ¼äÄÚ±»µÁ¡£¡£¡£¡£¡£¡£
https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html
2. ¹þÂí˹¹ØÁªÍøÂç×éÖ¯WIRTEÕë¶ÔÒÔÉ«ÁÐʵÑ鯯ËðÐÔ¹¥»÷
11ÔÂ13ÈÕ£¬£¬£¬£¬£¬£¬¾ÝThe Hack News±¨µÀ£¬£¬£¬£¬£¬£¬Óë¹þÂí˹ÓйØÁªµÄÍøÂç¹¥»÷Õß½üÆÚרÃÅÕë¶ÔÒÔÉ«ÁÐʵÌå¾ÙÐÐÆÆËðÐÔ¹¥»÷¡£¡£¡£¡£¡£¡£Check PointµÄÆÊÎöÖ¸³ö£¬£¬£¬£¬£¬£¬ÕâЩ¹¥»÷ÓëÒ»¸öÃûΪWIRTEµÄ×éÖ¯Óйأ¬£¬£¬£¬£¬£¬¸Ã×éÖ¯×Ô2018Äê8ÔÂÒÔÀ´Ò»Ö±»îÔ¾ÓÚÖж«µØÇø£¬£¬£¬£¬£¬£¬Õë¶ÔÆÕ±éʵÌå·¢¶¯¹¥»÷¡£¡£¡£¡£¡£¡£WIRTEʹÓÃÖж«µÄµØÔµÕþÖÎÖ÷ÒªÊ±ÊÆºÍÕ½ÂÒ£¬£¬£¬£¬£¬£¬ÖÆ×÷¶ñÒâRARÎĵµ°²ÅÅHavocºóÆÚ¿ª·¢¿ò¼Ü£¬£¬£¬£¬£¬£¬»òʹÓÃÀàËÆµÄRARÎĵµ°²ÅÅIronWindÏÂÔØÆ÷¡£¡£¡£¡£¡£¡£ÕâЩѬȾÐòÁÐͨ¹ýÈö²¥´øÓÐÓÕÆÐÔµÄPDFÎĵµ£¬£¬£¬£¬£¬£¬Ê¹ÓÃÕýµ±µÄ¿ÉÖ´ÐÐÎļþ²àÔØ´øÓжñÒâÈí¼þµÄDLL¡£¡£¡£¡£¡£¡£ÔÚ2024Äê10ÔÂÕë¶ÔÒÔÉ«ÁÐÒ½ÔººÍÊÐÕþÕþ¸®µÈ¶à¸ö×éÖ¯µÄÍøÂç´¹ÂڻÖУ¬£¬£¬£¬£¬£¬ÉõÖÁ·ºÆðÁËð³äÍøÂçÇå¾²¹«Ë¾ESETÔÚÒÔÉ«ÁÐÏàÖúÉÌ·¢³öµÄ´¹ÂÚµç×ÓÓʼþ£¬£¬£¬£¬£¬£¬ÆäÖаüÀ¨ÁËа汾µÄSameCoin Wiper£¬£¬£¬£¬£¬£¬¸Ã°æ±¾³ýÁËÁýÕÖÎļþÍ⣬£¬£¬£¬£¬£¬»¹»áÐÞ¸ÄÊܺ¦ÕßϵͳÅä¾°ÏÔʾ¹þÂí˹¾üÊ·ÖÖ§Al-Qassam BrigadesµÄͼÏñ¡£¡£¡£¡£¡£¡£¾Ý³Æ£¬£¬£¬£¬£¬£¬¸Ã¹¥»÷×éÖ¯µÄWindows¼ÓÔØ³ÌÐòÑù±¾Ê±¼ä´Á±»¸ü¸ÄΪ¹þÂí˹¶ÔÒÔÉ«Áз¢¶¯Í»È»¹¥ÊƵÄÈÕÆÚ£¬£¬£¬£¬£¬£¬¶ø³õʼ»á¼ûǰÑÔÔòÊÇð³äÒÔÉ«Áйú¼ÒÍøÂç¾ÖµÄµç×ÓÓʼþ¡£¡£¡£¡£¡£¡£
https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html
3. Glove Stealer¶ñÒâÈí¼þ£º¿ÉÈÆ¹ýChrome App-Bound¼ÓÃÜÇÔÈ¡Cookie
11ÔÂ14ÈÕ£¬£¬£¬£¬£¬£¬Glove Stealer ÊÇÒ»¿îеĶñÒâÈí¼þ£¬£¬£¬£¬£¬£¬Äܹ»Èƹý Google Chrome µÄ App-Bound ¼ÓÃÜ£¬£¬£¬£¬£¬£¬ÇÔÈ¡ä¯ÀÀÆ÷ cookie¡£¡£¡£¡£¡£¡£¸Ã¶ñÒâÈí¼þÓÉ Gen Digital Çå¾²Ñо¿Ö°Ô±ÔÚÊÓ²ìÍøÂç´¹ÂڻʱÊ״η¢Ã÷£¬£¬£¬£¬£¬£¬ËûÃÇÒÔΪËüÏà¶Ô¼òÆÓ£¬£¬£¬£¬£¬£¬¿ÉÄÜ´¦ÓÚÔçÆÚ¿ª·¢½×¶Î¡£¡£¡£¡£¡£¡£Glove Stealer ʹÓÃÉç»á¹¤³ÌÕ½ÂÔÓÕÆÇ±ÔÚÊܺ¦Õß×°Ö㬣¬£¬£¬£¬£¬¿ÉÒÔ´Ó Firefox ºÍ»ùÓÚ Chromium µÄä¯ÀÀÆ÷£¨Èç Chrome¡¢Edge µÈ£©ÖÐÌáÈ¡ cookie£¬£¬£¬£¬£¬£¬ÒÔ¼°ÇÔÈ¡ä¯ÀÀÆ÷À©Õ¹³ÌÐòÖеļÓÃÜÇ®±ÒÇ®°ü¡¢2FA »á»°ÁîÅÆ¡¢ÃÜÂëÊý¾ÝµÈÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¡£±ðµÄ£¬£¬£¬£¬£¬£¬Ëü»¹ÄÜ´Ó 280 ¸öä¯ÀÀÆ÷À©Õ¹ºÍ 80 ¶à¸öÍâµØÓ¦ÓóÌÐòÖÐÇÔÈ¡Êý¾Ý¡£¡£¡£¡£¡£¡£ÎªÁËÈÆ¹ý Chrome µÄ App-Bound ¼ÓÃÜ£¬£¬£¬£¬£¬£¬Glove Stealer ʹÓÃÁËÒ»¸öÖ§³ÖÄ£¿£¿£¿£¿£¿£¿é£¬£¬£¬£¬£¬£¬Ê¹Óà Chrome µÄ IElevator Windows ЧÀÍÀ´½âÃܺͼìË÷¼ÓÃÜÃÜÔ¿£¬£¬£¬£¬£¬£¬µ«ÐèÒªÏÈ»ñÊÊÍâµØÖÎÀíԱȨÏÞ¡£¡£¡£¡£¡£¡£Ö»¹ÜÕâÖÖÒªÁìÔÚÊÖÒÕÉÏÏà¶Ô»ù´¡£¡£¡£¡£¡£¡£¬£¬£¬£¬£¬£¬µ«¶à¸öÐÅÏ¢ÇÔÈ¡¶ñÒâÈí¼þ²Ù×÷ÒѾÄܹ»ÈƹýеÄÇå¾²¹¦Ð§£¬£¬£¬£¬£¬£¬ÒÔÇÔȡϢÕùÃÜ Google Chrome cookie¡£¡£¡£¡£¡£¡£×Թȸè 7 Ô·ÝʵÑé App-Bound ¼ÓÃÜÒÔÀ´£¬£¬£¬£¬£¬£¬¹¥»÷´ÎÊý²¢Î´ïÔÌ£¬£¬£¬£¬£¬£¬·´¶øÓÐËùÔöÌí£¬£¬£¬£¬£¬£¬Í¨¹ýÖÖÖÖ·½·¨Ãé׼DZÔÚÊܺ¦Õß¡£¡£¡£¡£¡£¡£
https://www.bleepingcomputer.com/news/security/new-glove-infostealer-malware-bypasses-google-chromes-cookie-encryption/
4. ÈðÊ¿ÍøÂç»ú¹¹¾¯Ê¾£º¼ÙÆøÏóÓʼþÈö²¥¶ñÒâÈí¼þ͵ȡÃô¸ÐÐÅÏ¢
11ÔÂ15ÈÕ£¬£¬£¬£¬£¬£¬ÈðÊ¿Áª°îÍøÂçÇå¾²¾Ö£¨OFCS£©13ÈÕ·¢³öÖÒÑÔ£¬£¬£¬£¬£¬£¬³Æ¸Ã¹úÆøÏó»ú¹¹µÄ¡°¼ÙÐżþ¡±±»ÓÃÀ´Èö²¥¶ñÒâÈí¼þ¡£¡£¡£¡£¡£¡£ÕâЩÓʼþÉù³ÆÌṩһ¿îÐÂÌìÆøÓ¦ÓóÌÐòMeteoSwiss£¬£¬£¬£¬£¬£¬µ«°üÀ¨Ò»¸ö¶þάÂ룬£¬£¬£¬£¬£¬»áÖØ¶¨Ïòµ½Ú²ÆÕß¿ª·¢µÄ¶ñÒâÓ¦ÓóÌÐò¡£¡£¡£¡£¡£¡£É¨Ãè¶þάÂëºó£¬£¬£¬£¬£¬£¬ÊÖ»úÓû§»áÏÂÔØÃûΪ¡°Coper¡±ºÍ¡°Octo2¡±µÄ¶ñÒâÈí¼þ£¬£¬£¬£¬£¬£¬¸Ã³ÌÐòÊÔͼÇÔÈ¡°üÀ¨µç×ÓÒøÐÐÓ¦ÓóÌÐòÔÚÄÚµÄ383¶à¸öÒÆ¶¯Ó¦ÓóÌÐòµÄµÇ¼ÏêϸÐÅÏ¢¡£¡£¡£¡£¡£¡£ËäȻʹÓÃÏÖʵÌìϵÄÓÕ¶üÀ´Ñ¬È¾¶ñÒâÈí¼þµÄÇéÐβ¢²»³£¼û£¬£¬£¬£¬£¬£¬µ«²¢·ÇÎÅËùδÎÅ£¬£¬£¬£¬£¬£¬Î¢Èí´ËÇ°Ò²ÔøÔâÓöÀàËÆÊÂÎñ¡£¡£¡£¡£¡£¡£OFCSûÓÐ͸¶ÊÜÓ°ÏìµÄÈËÊý£¬£¬£¬£¬£¬£¬µ«ÌåÏÖð³äÓ¦ÓóÌÐòÄ£ÄâÁËÕæÕýµÄ¡°Alertswiss¡±Ó¦ÓóÌÐò£¬£¬£¬£¬£¬£¬½öÓ°Ï찲׿ÊÖ»ú¡£¡£¡£¡£¡£¡£½¨Òé×°ÖÃÁËð³äÓ¦ÓóÌÐòµÄÓû§½«×°±¸»Ö¸´³ö³§ÉèÖ㬣¬£¬£¬£¬£¬²¢±¨¸æ¸øOFCS¡£¡£¡£¡£¡£¡£¸Ã»ú¹¹ÒѾ×îÏÈʵÑé±£»£»£»£»¤²½·¥¡£¡£¡£¡£¡£¡£
https://therecord.media/malware-delivered-by-mail-swiss-cyber-agency
5. ÐÙÑÀÀû¹ú·À²É¹º»ú¹¹Ôâ¹ú¼ÊºÚ¿Í×éÖ¯¹¥»÷
11ÔÂ15ÈÕ£¬£¬£¬£¬£¬£¬ÐÙÑÀÀû¹ú·À²É¹º»ú¹¹£¨VB¨¹£©¿ËÈÕÔâµ½ÃûΪINC Ransomware»òINC RansomµÄ¹ú¼ÊÍøÂç·¸·¨×éÖ¯µÄ¹¥»÷¡£¡£¡£¡£¡£¡£¸Ã×éÖ¯Éù³Æ¿ÉÒÔ»á¼ûVB¨¹µÄÊý¾Ý£¬£¬£¬£¬£¬£¬²¢ÔÚ°µÍøÃÅ»§ÍøÕ¾ÉÏÐû²¼ÁËʾÀý½ØÍ¼¡£¡£¡£¡£¡£¡£ÐÙÑÀÀû¹ú·À²¿¾Ü¾øÍ¸Â¶¿ÉÄܵÄÐÅϢй¶ÇéÐΣ¬£¬£¬£¬£¬£¬µ«È·ÈÏÊÓ²ìÕýÔÚ¾ÙÐÐÖУ¬£¬£¬£¬£¬£¬²¢Ç¿µ÷VB¨¹²»´æ´¢Ãô¸ÐµÄ¾üÊÂÊý¾Ý¡£¡£¡£¡£¡£¡£È»¶ø£¬£¬£¬£¬£¬£¬×ÜÀíά¿ËÍС¤Å·¶û°àµÄÄ»Áų¤½«´Ë´ÎÏ®»÷¹é×ïÓÚ³ðÊÓµÄÍâ¹ú·Ç¹ú¼ÒºÚ¿Í×éÖ¯£¬£¬£¬£¬£¬£¬Ö¸³ö¿ÉÄܱ»»á¼ûµÄ×îÃô¸ÐÊý¾Ý°üÀ¨ÓйؾüʲɹºµÄÍýÏëºÍÊý¾Ý¡£¡£¡£¡£¡£¡£¾Ý±¨µÀ£¬£¬£¬£¬£¬£¬ºÚ¿ÍÈëÇÖÁ˸ûú¹¹µÄЧÀÍÆ÷£¬£¬£¬£¬£¬£¬ÏÂÔØ²¢¼ÓÃÜÁËËùÓÐÎļþ£¬£¬£¬£¬£¬£¬²¢Ðû²¼Á˰üÀ¨ÐÙÑÀÀû¾ü¶Ó¿ÕÖкͽµØÄÜÁ¦Êý¾ÝµÄÎļþ½ØÍ¼£¬£¬£¬£¬£¬£¬ÒÔ¼°±êÓС°·Ç¹ûÕæ¡±µÄÎļþ£¬£¬£¬£¬£¬£¬²¢Ë÷Òª500ÍòÃÀÔªÊê½ð¡£¡£¡£¡£¡£¡£ÐÙÑÀÀû¹ÙԱδ¾ÍÊÇ·ñÓëºÚ¿Í̸ÅнÒÏþ̸ÂÛ¡£¡£¡£¡£¡£¡£
https://therecord.media/hungary-defense-procurement-agency-hacked
6. Microsoft Power PagesÉèÖùýʧÖÂ700ÍòÌõ¼Í¼̻¶
11ÔÂ14ÈÕ£¬£¬£¬£¬£¬£¬Ñо¿Ö°Ô±·¢Ã÷£¬£¬£¬£¬£¬£¬Microsoft Power PagesÕâÒ»µÍ´úÂ빤¾ß±£´æ¶à¸öÉèÖùýʧʵÏÖµÄÎÊÌ⣬£¬£¬£¬£¬£¬¿ÉÄܵ¼ÖÂÉñÃØÊý¾Ý±»ÎÞÒâ»á¼û¡£¡£¡£¡£¡£¡£Power Pages±»ÆÕ±éÓ¦ÓÃÓÚÕþ¸®¡¢½ÌÓýºÍ˽ÈË×éÖ¯µÈÁìÓò£¬£¬£¬£¬£¬£¬µ«ÔÚһЩװÖÃÖУ¬£¬£¬£¬£¬£¬ÉèÖùýʧµ¼ÖÂÔ¼700ÍòÌõ¼Í¼̻¶¡£¡£¡£¡£¡£¡£ÎÊÌâÔ´ÓÚÓû§¶ÔÉèÖõÄÃ÷ȷȱ·¦£¬£¬£¬£¬£¬£¬¶ø·Ç΢Èí²úÆ·×Ô¼ºµÄÎÊÌâ¡£¡£¡£¡£¡£¡£Î¢ÈíÔÚDZÔÚÉèÖÃÎÊÌâʱ»á·¢³öÖÒÑÔ£¬£¬£¬£¬£¬£¬µ«ÎÞ·¨È·±£Óû§×÷³ö·´Ó¦¡£¡£¡£¡£¡£¡£ÏÖ´úÊÖÒÕʹµÃÃÅ»§¹¹½¨Ïà¶ÔÈÝÒ×£¬£¬£¬£¬£¬£¬µ«Çå¾²ÐÔºÍά»¤ÈÔÈ»ÖØ´ó£¬£¬£¬£¬£¬£¬µ¼ÖÂʵÑéºÍά»¤Ö®¼ä²»Æ¥Å䣬£¬£¬£¬£¬£¬Áè¼ÝÏà¹Ø¹«Ë¾ÄÜÁ¦¹æÄ£µÄ³õʼ»òзºÆðµÄ¹ýʧÉèÖᣡ£¡£¡£¡£¡£¿£¿£¿£¿£¿£¿ª·¢ÍŶӺÍÇå¾²ÍŶÓÖ®¼äµÄÁæØê¹ØÏµÒ²¼Ó¾çÁËÕâÒ»ÎÊÌâ¡£¡£¡£¡£¡£¡£AppOmni·¢Ã÷µÄÎÊÌâÒÑÏòÊÜÓ°Ï칫˾±¨¸æ²¢»ñµÃÐÞ¸´£¬£¬£¬£¬£¬£¬µ«Ò»Á¬±£´æµÄ¹ýʧÉèÖÃÎÊÌâÈÔÐè½â¾ö¡£¡£¡£¡£¡£¡£ÏÖ´úµÍ´úÂëÊÖÒÕʹµÃȱ·¦×¨ÒµÖªÊ¶µÄÓû§Äܹ»¿ª·¢ÖØ´óµÄ½â¾ö¼Æ»®£¬£¬£¬£¬£¬£¬Òò´ËÎÊÌâ¿ÉÄÜ»áÒ»Á¬±£´æ¡£¡£¡£¡£¡£¡£AppOmni½¨ÒéʹÓÃÄܹ»¼ì²â¹ýʧÉèÖõÄϵͳ¾ÙÐÐÒ»Á¬¼à¿Ø¡£¡£¡£¡£¡£¡£
https://www.securityweek.com/low-code-high-risk-millions-of-records-exposed-via-misconfigured-microsoft-power-pages/


¾©¹«Íø°²±¸11010802024551ºÅ