威胁情报[CTI]
臭名昭著的黑客组织KittenSec的管理员,被称为"pushfs",正在退出他们的业务。该组织与SiegedSec有隶属关系,有趣的是,SiegedSec的管理员此前曾宣布退出黑客组织。
一名论坛用户出售巴西最大电话运营商Claro的网络邮件系统的访问权限。
勒索软件组织Alphv新增2名新受害者,分别是:
- hollandspecial(hollandspecial.com) 116 GB
- MGM Resorts International
勒索软件组织CL0P新增1名新受害者,分别是:
- Shen Milsom & Wilke LLC (http://smwllc.com)
勒索软件组织ThreeAM新增6名新受害者。
[安全简报]
HackerOne
[8x8]
没有保护的Atlantis服务器https://132.226.█.█
https://hackerone.com/reports/1895783
PacketStorm
Academy LMS 6.2 SQL Injection
https://packetstormsecurity.com/files/174681/Academy-LMS-6.2-SQL-Injection.html
Academy LMS 6.2 Cross Site Scripting
https://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html
Italia Mediasky CMS 2.0 Cross Site Scripting
https://packetstormsecurity.com/files/174655/islamnt-CMS-2.1.0-Add-Administrator.html
Italia Mediasky CMS 2.0 Cross Site Request Forgery
https://packetstormsecurity.com/files/174670/Italia-Mediasky-CMS-2.0-Cross-Site-Request-Forgery.html
Chrome Read-Only Property Overwrite
https://packetstormsecurity.com/files/174669/Chrome-Read-Only-Property-Overwrite.html
SCMagazine
针对数千组织的全球密码暴力破解攻击
https://www.scmagazine.com/news/global-password-spray-attacks-target-thousands-of-organizations
TheGuardian
谁是最新一波英国勒索软件攻击的幕后黑手?
https://www.theguardian.com/technology/2023/sep/14/who-is-behind-latest-wave-of-ransomware-attacks
Gizmodo
凯撒娱乐(Caesars Entertainment)证实在最近的第二次赌场袭击中遭到黑客攻击
https://gizmodo.com/caesars-confirms-hack-in-second-recent-casino-attack-1850837915
SecurityWeek
"NLBrute"恶意软件背后的俄罗斯黑客被引渡认罪
https://www.securityweek.com/extradited-russian-hacker-behind-nlbrute-malware-pleads-guilty/
五角大楼的 2023 年网络战略侧重于帮助盟友
https://www.securityweek.com/pentagons-2023-cyber-strategy-focuses-on-helping-allies/
加州与谷歌就位置隐私诉讼达成和解,赔偿93万美元
https://www.securityweek.com/california-settles-with-google-over-location-privacy-practices-for-93-million/
BleepingComputer
Retool 将漏洞归咎于Google Authenticator MFA云同步功能
https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/
Google将Chromebook的安全更新支持延长至10年
https://www.bleepingcomputer.com/news/security/google-extends-security-update-support-for-chromebooks-to-10-years/
ORBCOMM勒索软件攻击导致货运车队管理中断
https://www.bleepingcomputer.com/news/security/orbcomm-ransomware-attack-causes-trucking-fleet-management-outage/
TikTok因侵犯儿童隐私而被罚款3.68亿美元
https://www.bleepingcomputer.com/news/technology/tiktok-slapped-with-368-million-fine-over-child-privacy-violations/
Bing Chat AI宕机,影响Windows Copilot等
https://www.bleepingcomputer.com/news/microsoft/bing-chat-ai-is-down-affecting-windows-copilot-and-more/
Malwarebytes Labs
欧洲刑警组织揭露网络犯罪策略
https://www.malwarebytes.com/blog/news/2023/09/europol-publishes-report-discussing-observed-methodologies-and-threats
TheHackerNews
自动化威胁情报收集与人类之间的相互依赖
https://thehackernews.com/2023/09/the-interdependence-between-automated.html
谷歌同意在加州的位置隐私诉讼中达成93万美元的和解
https://thehackernews.com/2023/09/google-agrees-to-93-million-settlement.html
DDoS 2.0:物联网引发了新的DDoS警报
https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html
NodeStealer 恶意软件现在针对多个浏览器上的Facebook企业账户
https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html
网络犯罪分子结合网络钓鱼和EV证书来传递勒索软件有效负载
https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html
DarkReading
攻击者声称Okta代理参与了美高梅的数据泄露
https://www.darkreading.com/application-security/okta-flaw-involved-mgm-resorts-breach-attackers-claim
Microsoft: 'Peach Sandstorm'网络攻击的目标是国防、制药组织
https://www.darkreading.com/dr-global/mideast-retailers-scam-facebook-pages-investment-opportunities
第三方供应商失手后,大曼彻斯特警方遭到黑客攻击
https://www.darkreading.com/endpoint/greater-manchester-police-hack-third-party-supplier-fumble