360-CERT每日安全简报
Daily Security Briefing
2021-10-19 星期二
漏洞 Vulnerability
CVE-2021-32609: Apache Superset XSS漏洞安全更新
https://seclists.org/oss-sec/2021/q4/34
CVE-2021-21796: Nitro Pro PDF UAF漏洞安全更新
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1265
安全事件 Security Incident
以色列一家医院首次遭到重大勒索袭击
https://securityaffairs.co/wordpress/123350/hacking/israeli-hospital-ransomware-attack.html
DocuSign网络钓鱼活动的目标是低级别员工
https://www.bleepingcomputer.com/news/security/docusign-phishing-campaign-targets-low-ranking-employees/
厄瓜多尔的比钦查银行在遭受网络攻击后尚未恢复
https://securityaffairs.co/wordpress/123465/cyber-crime/ecuadors-banco-pichincha-cyberattack.html
MirrorBlast活动的目标是使用宏的金融部门
https://www.databreachtoday.com/mirrorblast-campaign-targets-finance-sector-using-macros-a-17745
AtomSilo勒索软件进入双重勒索联盟
https://www.zscaler.com/blogs/security-research/atomsilo-ransomware-enters-league-double-extortion
美国将价值52亿美元的比特币交易与勒索软件挂钩
https://www.bleepingcomputer.com/news/security/us-links-52-billion-worth-of-bitcoin-transactions-to-ransomware/
密苏里州起诉泄露数据的黑客
https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/
APT-C-48(CNC)组织攻击利用pub文件攻击活动分析
https://mp.weixin.qq.com/s/XbKjW7B2VrM877wBTRWr4g
Operation EICAR(APT-Q-28):针对证券金融行业的定向猎杀活动
https://mp.weixin.qq.com/s/F9fJCDeZZWlWDeyqpV_ltw
使用特定论文分发恶意文档的APT攻击活动
https://asec.ahnlab.com/ko/27760/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn