Matrix SEC每日安全简报(2023.09.10)
2023-9-10 11:14:14 Author: Matrix SEC(查看原文) 阅读量:8 收藏

威胁情报[CTI]

  1. 恶意软件研究人员在8月发现41种新的勒索软件

  2. 勒索软件组织Rhysida新增1名新受害者,分别是:

    - IT-Center Syd(itcsyd.dk)

[安全简报]

  • HackerOne

[Internet Bug Bounty]

通过process.binding绕过依赖关系策略 (CVE-2023-32559)

https://hackerone.com/reports/2120719

Argocd的Web终端会话不会过期 Bounty $2,540

https://hackerone.com/reports/2123094

[Nextcloud]

CVE-2023-39952

https://hackerone.com/reports/1808079

  • BleepingComputer

谷歌推出Privacy Sandbox,利用Chrome浏览历史记录投放广告

https://www.bleepingcomputer.com/news/google/google-rolls-out-privacy-sandbox-to-use-chrome-browsing-history-for-ads/

Microsoft Teams网络钓鱼攻击推送DarkGate恶意软件

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-pushes-darkgate-malware/

  • DataBreaches

法院批准针对2020年加拿大税务局网络攻击针对联邦政府的集体诉讼

https://www.databreaches.net/court-certifies-class-action-lawsuit-against-federal-government-over-2020-canada-revenue-agency-cyberattack/

明尼苏达州就业和经济发展部:安全事件可能导致一些求职者的联系信息被泄露

https://www.databreaches.net/minnesota-department-of-employment-and-economic-development-security-incident-may-have-resulted-in-some-job-seekers-contact-info-being-compromised/

  • TheHackerNews

网络犯罪分子在加密货币挖矿攻击中将合法的高级安装程序工具武器化

https://thehackernews.com/2023/09/cybercriminals-weaponizing-legitimate.html

  • SANS

创建PowerShell函数来调用第三方API来扩展蜜罐信息

https://isc.sans.edu/diary/rss/30204


文章来源: http://mp.weixin.qq.com/s?__biz=Mzk0NDUzMjU0NA==&mid=2247484526&idx=1&sn=e982045e13fef529396f8fd2bf6d48a6&chksm=c3227941f455f05758d6536e06e9cc9322cf342e076db5c7b50b92cd949d783b09d29df5c369&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh