威胁情报[CTI]
恶意软件研究人员在8月发现41种新的勒索软件
勒索软件组织Rhysida新增1名新受害者,分别是:
- IT-Center Syd(itcsyd.dk)
[安全简报]
HackerOne
[Internet Bug Bounty]
通过process.binding绕过依赖关系策略 (CVE-2023-32559)
https://hackerone.com/reports/2120719
Argocd的Web终端会话不会过期 Bounty $2,540
https://hackerone.com/reports/2123094
[Nextcloud]
CVE-2023-39952
https://hackerone.com/reports/1808079
BleepingComputer
谷歌推出Privacy Sandbox,利用Chrome浏览历史记录投放广告
https://www.bleepingcomputer.com/news/google/google-rolls-out-privacy-sandbox-to-use-chrome-browsing-history-for-ads/
Microsoft Teams网络钓鱼攻击推送DarkGate恶意软件
https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-pushes-darkgate-malware/
DataBreaches
法院批准针对2020年加拿大税务局网络攻击针对联邦政府的集体诉讼
https://www.databreaches.net/court-certifies-class-action-lawsuit-against-federal-government-over-2020-canada-revenue-agency-cyberattack/
明尼苏达州就业和经济发展部:安全事件可能导致一些求职者的联系信息被泄露
https://www.databreaches.net/minnesota-department-of-employment-and-economic-development-security-incident-may-have-resulted-in-some-job-seekers-contact-info-being-compromised/
TheHackerNews
网络犯罪分子在加密货币挖矿攻击中将合法的高级安装程序工具武器化
https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html
SANS
创建PowerShell函数来调用第三方API来扩展蜜罐信息
https://isc.sans.edu/diary/rss/30204