Matrix SEC每日安全简报(2023.09.16)
2023-9-16 12:6:8 Author: Matrix SEC(查看原文) 阅读量:8 收藏

威胁情报[CTI]

  1. 臭名昭著的黑客组织KittenSec的管理员,被称为"pushfs",正在退出他们的业务。该组织与SiegedSec有隶属关系,有趣的是,SiegedSec的管理员此前曾宣布退出黑客组织。


  2. 一名论坛用户出售巴西最大电话运营商Claro的网络邮件系统的访问权限

  3. 勒索软件组织Alphv新增2名新受害者,分别是

    - hollandspecial(hollandspecial.com) 116 GB

    - MGM Resorts International

  4. 勒索软件组织CL0P新增1名新受害者,分别是

    - Shen Milsom & Wilke LLC (http://smwllc.com)

  5. 勒索软件组织ThreeAM新增6名新受害者

[安全简报]

  • HackerOne

[8x8]

没有保护的Atlantis服务器https://132.226.█.█

https://hackerone.com/reports/1895783

  • PacketStorm

Academy LMS 6.2 SQL Injection

https://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html

Academy LMS 6.2 Cross Site Scripting

https://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html

Italia Mediasky CMS 2.0 Cross Site Scripting

https://packetstormsecurity.com/files/174655/islamnt-CMS-2.1.0-Add-Administrator.html

Italia Mediasky CMS 2.0 Cross Site Request Forgery

https://packetstormsecurity.com/files/174670/Italia-Mediasky-CMS-2.0-Cross-Site-Request-Forgery.html

Chrome Read-Only Property Overwrite

https://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html

  • SCMagazine

针对数千组织的全球密码暴力破解攻击

https://www.scmagazine.com/news/global-password-spray-attacks-target-thousands-of-organizations

  • TheGuardian

谁是最新一波英国勒索软件攻击的幕后黑手?

https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks

  • Gizmodo

凯撒娱乐(Caesars Entertainment)证实在最近的第二次赌场袭击中遭到黑客攻击

https://gizmodo.com/caesars-confirms-hack-in-second-recent-casino-attack-1850837915

  • SecurityWeek

"NLBrute"恶意软件背后的俄罗斯黑客被引渡认罪

https://www.securityweek.com/extradited-russian-hacker-behind-nlbrute-malware-pleads-guilty/

五角大楼的 2023 年网络战略侧重于帮助盟友

https://www.securityweek.com/pentagons-2023-cyber-strategy-focuses-on-helping-allies/

加州与谷歌就位置隐私诉讼达成和解,赔偿93万美元

https://www.securityweek.com/california-settles-with-google-over-location-privacy-practices-for-93-million/

  • BleepingComputer

Retool 将漏洞归咎于Google Authenticator MFA云同步功能

https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/

Google将Chromebook的安全更新支持延长至10年

https://www.bleepingcomputer.com/news/security/google-extends-security-update-support-for-chromebooks-to-10-years/

ORBCOMM勒索软件攻击导致货运车队管理中断

https://www.bleepingcomputer.com/news/security/orbcomm-ransomware-attack-causes-trucking-fleet-management-outage/

TikTok因侵犯儿童隐私而被罚款3.68亿美元

https://www.bleepingcomputer.com/news/technology/tiktok-slapped-with-368-million-fine-over-child-privacy-violations/

Bing Chat AI宕机,影响Windows Copilot等

https://www.bleepingcomputer.com/news/microsoft/bing-chat-ai-is-down-affecting-windows-copilot-and-more/

  • Malwarebytes Labs

欧洲刑警组织揭露网络犯罪策略

https://www.malwarebytes.com/blog/news/2023/09/europol-publishes-report-discussing-observed-methodologies-and-threats

  • TheHackerNews

自动化威胁情报收集与人类之间的相互依赖

https://thehackernews.com/2023/09/the-interdependence-between-automated.html

谷歌同意在加州的位置隐私诉讼中达成93万美元的和解

https://thehackernews.com/2023/09/google-agrees-to-93-million-settlement.html

DDoS 2.0:物联网引发了新的DDoS警报

https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html

NodeStealer 恶意软件现在针对多个浏览器上的Facebook企业账户

https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html

网络犯罪分子结合网络钓鱼和EV证书来传递勒索软件有效负载

https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html

  • DarkReading

攻击者声称Okta代理参与了美高梅的数据泄露

https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim

Microsoft: 'Peach Sandstorm'网络攻击的目标是国防、制药组织

https://www.darkreading.com/dr-global/mideast-retailers-scam-facebook-pages-investment-opportunities

第三方供应商失手后,大曼彻斯特警方遭到黑客攻击

https://www.darkreading.com/endpoint/greater-manchester-police-hack-third-party-supplier-fumble


文章来源: http://mp.weixin.qq.com/s?__biz=Mzk0NDUzMjU0NA==&mid=2247484614&idx=1&sn=eb1921da6ffa48ae4de2cfb8b3f2847d&chksm=c32279e9f455f0ffddb7fed157203b6630666ddf8e27f01a178a5366cb55e0a755dddc75da10&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh