MicrosoftÐû²¼²¹¶¡ÐÞ¸´86¸öÎó²î:IntezerÐû²¼ÆÊÎö±¨¸æ
Ðû²¼Ê±¼ä 2021-09-16¹È¸èÒòÀÄÓð²×¿µÄÊг¡Ö÷µ¼Ö°Î»±»º«¹ú·£¿£¿£¿î2070ÒÚº«Ôª
9ÔÂ14ÈÕ£¬£¬º«¹ú¹«ÕýÉÌҵίԱ»á¶Ô¹È¸è´¦ÒÔ2070ÒÚº«Ôª£¨Ô¼Îª1.77 ÒÚÃÀÔª£©µÄ·£¿£¿£¿î¡£¡£Ôµ¹ÊÔÓÉÊǹȸèÒòÀÄÓð²×¿ÔÚÒÆ¶¯²Ù×÷ϵͳÊг¡µÄÖ÷µ¼Ö°Î»£¬£¬ÆÈʹÖÇÄÜÊÖ»úÖÆÔìÉÌÖ»ÄÜʹÓÃAndroid²Ù×÷ϵͳ¡£¡£¸Ã»ú¹¹³Æ£¬£¬¹È¸èÒªÇóÖÆÔìÉ̱ØÐèÇ©Êð¡°·´Ë鯬»¯ÐÒ飨AFA£©¡±£¬£¬¸ÃÐÒéեȡʹÓÃAndroid²Ù×÷ϵͳµÄÐ޸İ汾£¬£¬¼´ËùνµÄ¡°Android·ÖÖ§¡±¡£¡£±¨µÀ³Æ£¬£¬¹È¸èµÄ¢¶ÏÐÐΪʹÆäÔÚ2019ÄêÒÆ¶¯²Ù×÷ϵͳÊг¡µÄ·Ý¶îÉÏÉýµ½ÁË97.7%¡£¡£
ÔÎÄÁ´½Ó£º
https://www.theregister.com/2021/09/14/south_korea_fines_google/
MicrosoftÐû²¼9Ô·ÝÐÇÆÚ¶þ²¹¶¡£¬£¬×ܼÆÐÞ¸´86¸öÎó²î
MicrosoftÓÚ9ÔÂ14ÈÕÐû²¼Á˱¾ÔµÄÐÇÆÚ¶þÇå¾²¸üУ¬£¬×ܼÆÐÞ¸´ÁË86¸öÎó²î¡£¡£´Ë´Î¸üÐÂÐÞ¸´ÁË2¸öÁãÈÕÎó²î£¬£¬°üÀ¨Windows MSHTMLÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-40444£©£¬£¬ÒÑÔÚÒ°Íâ·¢Ã÷ʹÓøÃÎó²îµÄ¹¥»÷»î¶¯£»£»£»£»£»£»ÒÔ¼°Windows DNSÌáȨÎó²î£¨CVE-2021-36968£©¡£¡£±ðµÄ£¬£¬»¹ÐÞ¸´ÁËAzure ¿ª·ÅʽÖÎÀí»ù´¡ÉèÊ©ÖеÄÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-38647£©ºÍWindows¾ç±¾ÒýÇæÄÚ´æËð»µÎó²î£¨CVE-2021-26435£©µÈ¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2021-patch-tuesday-fixes-2-zero-days-60-flaws/
GoogleÐÞ¸´ChromeÖеİüÀ¨2¸ö0dayÔÚÄÚµÄ11¸öÎó²î
GoogleÓÚ±¾ÖÜÒ»Ðû²¼Çå¾²¸üУ¬£¬ÐÞ¸´ÁËChromeÖаüÀ¨2¸ö0dayÔÚÄÚµÄ11¸öÎó²î¡£¡£ÕâÁ½¸ö0day»®·ÖΪV8 JavaScriptÒýÇæÖеÄÔ½½çдÈëÎó²î£¨CVE-2021-30632£©ºÍË÷ÒýÊý¾Ý¿âAPIÖеÄÊͷźóʹÓÃÎó²î£¨CVE-2021-30633£©¡£¡£Google³ÆÕâÁ½¸öÎó²îÒѱ»ÔÚҰʹÓ㬣¬¿ÉÊDz¢Î´¹ûÕæÓйع¥»÷»î¶¯µÄÏêϸÐÅÏ¢¡£¡£±ðµÄ£¬£¬»¹ÐÞ¸´ÁËSelection APIÖеÄÊͷźóʹÓÃÎó²î£¨CVE-2021-30625£©ºÍANGLEÖеÄÄÚ´æ»á¼ûÔ½½çÎó²î£¨CVE-2021-30626£©µÈ¡£¡£
ÔÎÄÁ´½Ó£º
https://securityaffairs.co/wordpress/122192/hacking/google-zero-day-10.html
GetHealthÒòÊý¾Ý¿âÉèÖùýʧй¶6000Íò¶àÌõÓû§¼Í¼
9ÔÂ13ÈÕ£¬£¬WebsitePlanet³ÆGetHealthµÄÊý¾Ý¿âй¶ÁË6000Íò¶àÌõÓû§¼Í¼¡£¡£2021Äê6ÔÂ30ÈÕ£¬£¬¸ÃÇå¾²ÍŶӷ¢Ã÷ÁËÒ»¸öûÓÐÃÜÂë±£»£»£»£»£»£»¤µÄÊý¾Ý¿â£¬£¬ÆäÖаüÀ¨ÁËÁè¼Ý6100ÍòÌõ¼Í¼£¬£¬ÀýÈçÓû§ÐÕÃû¡¢³öÉúÈÕÆÚ¡¢ÌåÖØ¡¢Éí¸ß¡¢ÐÔ±ðºÍGPSÈÕÖ¾µÈ¡£¡£¾Ì«¹ýÎö£¬£¬·¢Ã÷´ó²¿·ÖÊý¾ÝÔ´À´×ÔFitbitºÍAppleµÄHealthKit¡£¡£GetHealthÔÚ»ñµÃ֪ͨºóÁ¬Ã¦×ö³öÏìÓ¦£¬£¬ÔÚÊýСʱÄÚ½«¸ÃÊý¾Ý¿â±£»£»£»£»£»£»¤ÆðÀ´¡£¡£
ÔÎÄÁ´½Ó£º
https://www.zdnet.com/article/over-60-million-records-exposed-in-wearable-fitness-tracking-data-breach-via-unsecured-database/
Ò½ÁÆÊÖÒÕ¹«Ë¾Olympus³ÆÆäÔâµ½BlackMatterÀÕË÷¹¥»÷
Ò½ÁÆÊÖÒÕ¹«Ë¾OlympusÔÚÉÏÖÜÁùÐû²¼ÉùÃ÷£¬£¬³ÆÆäÔâµ½ÁËBlackMatterµÄÀÕË÷¹¥»÷¡£¡£ÉùÃ÷ÌåÏÖ£¬£¬¹¥»÷±¬·¢ÔÚ9ÔÂ8ÈÕ£¬£¬Ó°ÏìÁËÆäEMEA£¨Å·ÖÞ¡¢Öж«¡¢·ÇÖÞ£©ITϵͳ¡£¡£OlympusÒÑÔÝÍ£ÊÜÓ°Ïìϵͳ£¬£¬²¢ÔÚÈ·¶¨¹¥»÷Ôì³ÉµÄÓ°Ïì¹æÄ££¬£¬ÔÊÐí½«¾¡¿ìÐû²¼ÏêϸÐÅÏ¢¡£¡£BlackMatterÊÇÏà¶Ô½ÏеÄÀÕË÷ÔËÓªÍŻ£¬ÓÚ2021Äê7ÔÂ×îÏÈ»îÔ¾£¬£¬×î³õ±»ÒÔΪÊÇDarkSideµÄ¼ÌÈÎÕß¡£¡£
ÔÎÄÁ´½Ó£º
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-hits-medical-technology-giant-olympus/
IntezerÐû²¼ÓйØVermilion StrikeµÄÆÊÎö±¨¸æ
IntezerÓÚ9ÔÂ13ÈÕÐû²¼ÁËÓйØVermilion StrikeµÄÆÊÎö±¨¸æ¡£¡£2021Äê8Ô£¬£¬Ñо¿Ö°Ô±·¢Ã÷ÁËLinux°æ±¾µÄCobalt Strike BeaconµÄELFÑù±¾£¬£¬ÒÑÓÃÓÚÕë¶ÔÈ«ÇòµçÐŹ«Ë¾¡¢Õþ¸®»ú¹¹¡¢IT ¹«Ë¾¡¢½ðÈÚ»ú¹¹ºÍ×Éѯ¹«Ë¾¡£¡£ÆäÔÚÓëC2ͨѶʱʹÓÃÁËCobalt StrikeµÄC2ÐÒ飬£¬²¢¾ßÓÐÔ¶³Ì»á¼û¹¦Ð§£¬£¬ÀýÈçÉÏ´«Îļþ¡¢ÔËÐÐshellÏÂÁîºÍдÈëÎļþ¡£¡£
ÔÎÄÁ´½Ó£º
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/