2018年2月第1周舆情周报

来势汹汹的Android僵尸网络在曝光16个月后依然兴盛
https://arstechnica.com/information-technology/2018/01/menacing-android-botnet-still-thrives-16-months-after-coming-to-light/

黑客准备冬季奥运与有针对性的网络钓鱼攻击
https://www.cybertalk.org/2018/01/09/hackers-prepare-winter-olympics-targeted-phishing-attack/

众所周知的威胁集团DRAGONFISH（或Lotus Blossom）正在分发一种新的Elise恶意软件
https://www.accenture.com/t20180127T003755Z__w__/us-en/_acnmedia/PDF-46/Accenture-Security-Dragonfish-Threat-Analysis.pdf

与伊朗有联系的APT OilRig以新的RGDoor后门为目标IIS Web服务器
https://securityaffairs.co/wordpress/68317/apt/oilrig-rgdoor-backdoor.html

超过2000个WordPress网站已经被恶意脚本感染，可以同时提供键盘记录和加密货币矿工CoinHive
https://securityaffairs.co/wordpress/68334/malware/wordpress-sites-keylogger.html

骗子创造了28个假广告代理商，以掩盖大规模的恶意广告运动

https://www.bleepingcomputer.com/news/security/crooks-created-28-fake-ad-agencies-to-disguise-massive-malvertising-campaign/

新的网络钓鱼骗局结合了联邦快递和谷歌驱动器引诱受害者
https://www.scmagazine.com/new-phishing-scam-combines-fedex-and-google-drive-to-lure-victims/article/739575/

TopHat活动针对中东，利用恶意软件利用Google+，Pastebin和bit.ly
https://www.scmagazine.com/middle-east-hit-with-tophat-campaign-exploiting-popular-third-party-services/article/739907/

视频 | 联想指纹识别软件Fingerprint Manager硬编码密码漏洞CVE-2017-3762 影响9个系列
https://toutiao.secjia.com/cve-2017-3762

FriedEx：BitPaymer勒索Dridex作者的又一作品
https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/

趋势科技发现恶意广告活动滥用Google的DoubleClick来交付Coinhive Miner
https://securityaffairs.co/wordpress/68285/hacking/coinhive-malvertising-campaign.html

骗子制造SpriteCoin cryptocurrency诱惑下载勒索软件
https://www.scmagazine.com/crooks-fabricate-spritecoin-cryptocurrency-as-lure-to-download-ransomware/article/738973/

使用英特尔SGX偷窃比特币
https://www.blackhat.com/asia-18/briefings/schedule/index.html#when-good-turns-evil-using-intel-sgx-to-stealthily-steal-bitcoins-9918

隐藏寻找使用对等通信捕获的物联网僵尸网络
https://www.scmagazine.com/hide-n-seek-used-custom-built-peer-to-peer-communication-to-exploit-victims/article/739293/

Ransomware的一周 - 2018年1月26日 - SamSam＆Hack攻击
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-26th-2018-samsam-and-hack-attacks/

PLOUTUS.D恶意软件变种用于美国的自动取款机累积奖金攻击
https://threatpost.com/ploutus-d-malware-variant-used-in-u-s-based-atm-jackpotting-attacks/129686/

V8 引擎 UAF 漏洞导致远程代码执行（CVE-2017-15399）
https://bugs.chromium.org/p/chromium/issues/detail?id=776677

利用恶意种子生成网站 iotaseed.io 从 IOTA 加密货币网站偷 400 万美金
https://thatoddmailbox.github.io/2018/01/28/iotaseed.html

iOS、webOS、tvOS 的 bluetoothd 服务被发现两个严重的漏洞（CVE-2018-4087/CVE-2018-4095）
https://blog.zimperium.com/new-crucial-vulnerabilities-apples-bluetoothd-daemon/

CVE-2017-8570首次公开的野外样本及漏洞分析
https://mp.weixin.qq.com/s/dMqovzZ70SJgdnfAZtcZMg

IOTA 加密货币用户被钓鱼攻击损失400万

https://www.bleepingcomputer.com/news/security/iota-cryptocurrency-users-lose-4-million-in-clever-phishing-attack/

Cisco发布安全RCE和Dos漏洞建议

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

Necurs僵尸网络正在推广Swisscoin

https://www.freebuf.com/news/161197.html 

Fortinet发现华硕路由器的漏洞

https://blog.fortinet.com/2018/01/30/fortiguard-labs-discovers-vulnerability-in-asus-router

Jackpooting ATM攻击已经出现在美国

https://nakedsecurity.sophos.com/2018/01/30/secret-service-warning-jackpotting-atm-attacks-reach-the-us/ 

黑客利用企业软件Kaseya的漏洞部署门罗比挖矿

https://www.scmagazine.com/hackers-exploit-flaw-in-enterprise-software-to-deploy-monero-cryptominer/article/740362/ 

Oracle MICROS POS安全绕过漏洞CVE-2018-2636 PoC已公开

https://toutiao.secjia.com/cve-2018-2636 

荷兰银行，税务机构遭到大规模DDos攻击

https://www.bleepingcomputer.com/news/security/dutch-banks-tax-agency-under-ddos-attacks-a-week-after-big-russian-hack-reveal/ 

阿尔卡特手机默认相册app被替换成spyware

https://www.androidpolice.com/2018/01/29/default-gallery-app-alcatel-phones-replaced-spamware-users-angry/ 

2年的恶意软软件Vermin传染到乌克兰

https://www.scmagazine.com/two-year-old-malware-campaign-plagues-ukrainians-with-vermin-quasar-rats/article/740534/

wannamine，复杂的加密矿工的通过NSA 永恒之蓝传播

https://securityaffairs.co/wordpress/68518/malware/wannamine-nsa-eternalblue.html

恶意的Chrome扩展在Chrome网络商店发现，Form Droidclub Botnet

https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/

新的Adobe Flash 0day发现在野外

https://www.bleepingcomputer.com/news/security/new-adobe-flash-zero-day-spotted-in-the-wild/

Smominru僵尸网络感染了超过500,000台Windows机器

https://www.bleepingcomputer.com/news/security/smominru-botnet-infected-over-500-000-windows-machines/

DDG：挖掘僵尸网络针对数据库服务器

https://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server-en/

TRICKBOT的快速测试驱动器（现在有一个单一的模块）

https://malware-traffic-analysis.net/2018/02/01/index.html

日本第二大加密货币交易平台Coincheck遭黑客窃取了价值约5亿美元的数字货币，日当局介入调查 
https://www.v3.co.uk/v3-uk/news/3025935/japanese-authorities-warned-coincheck-about-serious-security-flaws-before-thieves-stole-usd530-million

思科修复DoS漏洞CVE-2018-0136，攻击者可以通过发送IPv6数据包来利用这个漏洞 
https://www.scmagazine.com/cisco-update-eliminates-dos-vulnerability-in-aggregation-services-router-operating-system/article/741021/

谷歌表示在2017年从Play商店中删除了超过70万个不良或恶意应用，比2016年上涨了70％。 
https://www.bleepingcomputer.com/news/security/google-removed-over-700-000-malicious-android-apps-from-the-play-store-in-2017/

全球已经有超过50万台设备被Smominru矿工病毒劫持，目前已经挖到了近9000个门罗币（价值约合360万美元） 
https://threatpost.com/massive-smominru-cryptocurrency-botnet-rakes-in-millions/129726/

BeeToken公司的客户被钓鱼邮件骗取100万美元以太币 
https://www.scmagazine.com/phishing-attacks-net-initial-coin-offering-investors-second-time-this-week/article/741031/

黑客冒充FBI互联网犯罪投诉中心发送钓鱼邮件 
https://www.scmagazine.com/phishing-emails-impersonate-fbis-internet-crime-complaint-center/article/741763/

Adobe Flash Player 0 day CVE-2018-4878，下周发送补丁 
https://www.scmagazine.com/attackers-exploiting-critical-adobe-flash-player-zero-day-bug-no-patch-until-next-week/article/741462/

发现攻击中东地区的RGDoor IIS后门病毒 
https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/