Ï£À°×ÔÈ»ÆøÔËÓªÉÌDESFAÔâµ½Ragnar LockerµÄÀÕË÷¹¥»÷

Ðû²¼Ê±¼ä 2022-08-24
1¡¢Ï£À°×ÔÈ»ÆøÔËÓªÉÌDESFAÔâµ½Ragnar LockerµÄÀÕË÷¹¥»÷

      

¾ÝýÌå8ÔÂ22ÈÕ±¨µÀ £¬Ï£À°×î´óµÄ×ÔÈ»ÆøÔËÓªÉÌDESFAÔâµ½ÍøÂç¹¥»÷ºóITϵͳÖÐÖ¹¡£DESFAÚ¹ÊͳÆ £¬¹¥»÷ÕßÊÔͼÈëÇÖÆäÍøÂç £¬²¿·ÖÎļþºÍÊý¾Ý¿ÉÄÜÒѱ»»á¼û £¬ÆäÍ£ÓÃÁËÐí¶àÔÚÏß·þÎñÒÔ±£»¤¿Í»§Êý¾Ý¡£DESFAÏòÏûºÄÕß°ü¹Ü £¬´ËÊÂÎñ²»»áÓ°Ïì×ÔÈ»ÆøµÄ¹©Ó¦ £¬ËùÓÐÊäÈëºÍÊä³öµã¾ùÕý³£ÔËÐС£ÉÏÖÜÎå £¬Ragnar LockerÉù³Æ¶Ô´Ë´Î¹¥»÷ÈÏÕæ £¬ÔÚÆäÊý¾Ý¹ûÕæÍøÕ¾Ðû²¼Ò»·Ý±»µÁÊý¾ÝµÄÁбíºó £¬»¹ÌåÏÖËûÃÇÔÚDESFAµÄϵͳÉÏ·¢Ã÷Á˶à¸öÇå¾²Îó²î¡£


https://therecord.media/greek-gas-operator-refuses-to-negotiate-with-ransomware-group-after-attack/


2¡¢VMware Carbon Black¿Éµ¼ÖÂWindows·ºÆðBSODÎÊÌâ

      

¾Ý8ÔÂ23ÈÕ±¨µÀ £¬VMware Carbon Black¶ËµãÇå¾²½â¾ö¼Æ»®µÄ²¿·Ö°æ±¾¿ÉÄܵ¼ÖÂWindows·ºÆðBSODÎÊÌâ¡£ÎÊÌâÔ´ÓÚµ±ÈÕ°²Åŵ½Carbon Black Cloud Sensor 3.6.0.1979-3.8.0.398µÄ¹æÔò¼¯ £¬Ëü»áµ¼ÖÂ×°±¸Íß½âÔÚÆô¶¯Ê±ÏÔʾÀ¶ÆÁ £¬²¢¾Ü¾ø»á¼û¡£ÔÚÊÜÓ°ÏìµÄϵͳÉÏ £¬¹ýʧ±»Ê¶±ðΪ"PFN_LIST_CORRUPT"¡£Carbon BlackºÍAVÊðÃû°ü8.19.22.224Ö®¼äËƺõ±£´æ³åÍ» £¬VMwareÏÖÔÚÕýÔÚ¶Ô´ËʾÙÐÐÊÓ²ì £¬²¢»Ø¹öÓÐÎÊÌâµÄ¹æÔò¼¯¡£


https://www.bleepingcomputer.com/news/security/vmware-carbon-black-causing-bsod-crashes-on-windows/


3¡¢LockBitµÄÊý¾Ý¹ûÕæÍøÕ¾Ôâµ½À´×ÔEntrustµÄDDoS¹¥»÷

      

ýÌå8ÔÂ22ÈÕ³Æ £¬LockBitµÄÊý¾Ý¹ûÕæÍøÕ¾Ôâµ½ÁËÇå¾²¹«Ë¾EntrustµÄDDoS¹¥»÷¡£LockBitÔÚ6Ô·ݹ¥»÷ÁËEntrust £¬²¢ÓÚÉÏÖÜÎåÍíÉÏ×îÏȹûÕæ¸Ã¹«Ë¾µÄÊý¾Ý¡£´Ë´Îй¶°üÀ¨30½Øͼ £¬Éæ¼°Ö´·¨Îļþ¡¢ÓªÏúµç×Ó±í¸ñºÍ»á¼ÆÊý¾Ý¡£Ñо¿Ö°Ô±³Æ £¬ÔÚй¶ºó²»¾Ã £¬¸ÃÍÅ»ïµÄTorÊý¾Ý¹ûÕæÍøÕ¾ÒòDDoS¹¥»÷¶øÎÞ·¨»á¼û¡£±ðµÄ £¬¹¥»÷Õß»¹ÔÚHTTPSÇëÇóÖÐÌí¼ÓÁËÒ»ÌõÐÂÎÅ £¬ÒªÇóËûÃÇɾ³ýEntrustµÄÊý¾Ý¡£Cisco³Æ¹¥»÷ΪÿÃëÀ´×Ô1000¶ą̀·þÎñÆ÷µÄ400¸öÇëÇó £¬EntrustÉÐδ¶Ô´ËÊÂ×ö³ö»Ø¸´¡£


https://www.bleepingcomputer.com/news/security/lockbit-ransomware-blames-entrust-for-ddos-attacks-on-leak-sites/


4¡¢ÐµÄGAIROSCOPE¹¥»÷Ä£×Ó¿É´ÓÆø϶ϵͳÖÐÇÔÊØÐÅÏ¢

      

ýÌå8ÔÂ22ÈÕ±¨µÀ £¬Ñо¿Ö°Ô±·¢Ã÷ʹÓÃMEMSÍÓÂÝÒdz¬Éù²¨Òþ²ØͨµÀÇÔÈ¡Êý¾ÝµÄGAIROSCOPE¹¥»÷Ä£×Ó¡£ÓëÆäËüÕë¶ÔÆø϶ϵͳµÄ¹¥»÷Ò»Ñù £¬GAIROSCOPEÐèÒªÒÀÀµ¹¥»÷Õßͨ¹ý±»Ñ¬È¾µÄUSB¡¢Ë®¿Ó¹¥»÷»ò¹©Ó¦Á´¹¥»÷µÈÕ½ÂÔÀ´ÈëÇÖÄ¿µÄÍøÂç²¢Èö²¥¶ñÒâÈí¼þ £¬»¹ÐèҪʹÓöñÒâÓ¦ÓÃѬȾԱ¹¤µÄÊÖ»ú¡£±»Ñ¬È¾µÄÊÖʱ»úÔÚÎïÀí¾àÀëºÜ½üµÄµØ·½¼ì²âµ½´«Êä £¬²¢Í¨¹ý×°±¸ÄÚÖõÄÍÓÂÝÒÇ´«¸ÐÆ÷¾ÙÐмàÌý £¬Ëæºó½«Êý¾Ý±»½âµ÷Ï¢ÕùÂë £¬Í¨¹ýWi-Fi´«Êä¸ø¹¥»÷Õß¡£


https://thehackernews.com/2022/08/new-air-gap-attack-uses-mems-gyroscope.html


5¡¢Ñо¿ÍŶӷ¢Ã÷LinuxÄÚºËÖб£´æ8ÄêµÄÎó²îDirtyCred 

      

8ÔÂ22ÈÕ±¨µÀ³Æ £¬Ñо¿ÍŶӷ¢Ã÷LinuxÄÚºËÖб£´æ8ÄêµÄDirtyCred £¬ÏñDirtyPipeÒ»ÑùÁîÈËÑá¶ñ¡£DirtyCredÊÇÒ»¸öÄÚºËʹÓÿ´·¨ £¬Ëü½«·ÇÌØȨÄÚºËƾ֤ÓëÌØȨƾ֤½»Á÷À´ÌáÉýÌØȨ¡£DirtyCredûÓÐÁýÕÖÄں˶ÑÉϵÄÈκÎÒªº¦Êý¾Ý×ֶΠ£¬¶øÊÇÀÄÓöÑÄÚ´æÖØÓûúÖÆÀ´»ñµÃÌØȨ¡£DirtyCredʹÓÃÁËÊͷźóʹÓÃÎó²î£¨CVE-2022-2588£© £¬¸ÃÎó²î±£´æÓÚLinuxÄÚºËÖÐnet/sched/ls_route.c¹ýÂËÆ÷ʵÏÖµÄroute4_change¡£


https://thehackernews.com/2022/08/as-nasty-as-dirty-pipe-8-year-old-linux.html


6¡¢Ó¢¹úijÆû³µ¾­ÏúÉÌÔâµ½ÀÕË÷¹¥»÷ºó½¹µãϵͳÎÞ·¨»Ö¸´

      

¾ÝýÌå8ÔÂ22ÈÕ³Æ £¬Ó¢¹úÆû³µ¾­ÏúÉÌHoldcroft Motor GroupÔâµ½ÁËÀÕË÷¹¥»÷¡£¹¥»÷±¬·¢ÔÚ7ÔÂ28ÈÕ £¬¸Ã¹«Ë¾µÄIT»ù´¡ÉèÊ©Êܵ½ÁËÑÏÖصÄÓ°Ïì £¬ÄÚ²¿´æ´¢ÇøÓòµÄÊý¾Ýɥʧ¡£¾­ÓÉÊÓ²ì £¬È·Èϲ¿·ÖÔ±¹¤µÄСÎÒ˽¼ÒÐÅÏ¢ÒѾ­Ð¹Â¶¡£¸Ã¹«Ë¾µÄÉùÃ÷ÌåÏÖ £¬ËûÃÇÒѾ­Ïë·¨½â¾öÁ˴󲿷ֵĻá¼ûÎÊÌâ £¬µ«Ò»Ð©½¹µãϵͳÒѱ»Ëð»µÎÞ·¨»Ö¸´»ò±»ÓÀÊÀɾ³ý¡£¼øÓÚÆû³µ¾­ÏúÉÌ´¦Öóͷ£ÁË´ó×Ú¿Í»§µÄСÎÒ˽¼ÒºÍ²ÆÎñÐÅÏ¢ £¬¸ÃÐÐÒµÔâµ½ÀÕË÷¹¥»÷µÄÇ÷ÊÆÉÏÉý¡£


https://www.infosecurity-magazine.com/news/car-dealership-hit-by-major/