ºÚ¿ÍÄܹ»½Ó¼û³¬¹ý120Íǫ̀ҽÁÆÉ豸µÄÃô¸ÐÊý¾Ý

°ä²¼¹¦·ò 2025-08-11

1. ºÚ¿ÍÄܹ»½Ó¼û³¬¹ý120Íǫ̀ҽÁÆÉ豸µÄÃô¸ÐÊý¾Ý


8ÔÂ7ÈÕ £¬Å·ÖÞÍøÂ簲ȫ¹«Ë¾Modat½üÆÚ×êÑнÒʾ £¬È«ÇòÁìÓòÄÚ³¬¹ý120Íǫ̀ÅäÖÃÃýÎóµÄÁªÍøÒ½ÁÆÉ豸¼°ÏµÍ³Òò°²È«·ì϶¶³öÓÚ»¥ÁªÍø £¬ÎªºÚ¿ÍÇÔÈ¡»¼ÕßÃô¸ÐÊý¾ÝÉõÖÁ´Û¸ÄÒ½ÁƼͼÌṩÁ˿ɳËÖ®»ú ¡£ÕâЩÒ×Êܹ¥»÷É豸º­¸Ç70ÓàÖÖÀàÐÍ £¬Ô̺¬MRI¡¢CT¡¢X¹â»ú¡¢DICOM²é¿´Æ÷¡¢ÑªÒº¼ì²âϵͳ¼°Ò½ÔºÖÎÀíϵͳµÈ¹Ø¼üÒ½ÁÆÉèÊ© ¡£¹¥»÷Õß¿Éͨ¹ýÍøÂçÖ±½Ó½Ó¼û»¼ÕߵĻúÃÜҽѧӰÏñ¡¢ÑªÒº¼ì²âÁ˾ּ°ÉúÎïÌØµãÊý¾Ý £¬²¿ÃÅϵͳÉõÖÁÔÊÐíÅú¸Äº¹Çà¼Í¼ £¬¿ÉÄܵ¼ÖÂÕï¶ÏÁ˾ֱ»¶ñÒâ´Û¸Ä ¡£×êÑÐÏÔʾ £¬ÃÀ¹ú£¨17.4Íǫ̀£©¡¢ÄÏ·Ç£¨17.2Íǫ̀£©ºÍ°Ä´óÀûÑÇ£¨11.1Íǫ̀£©ÊǶ³öÉ豸×î¶àµÄ¹ú¶È £¬°ÍÎ÷¡¢µÂ¹ú¡¢Ó¢¹úµÈÁù¹úÉ豸ÊýÁ¿Ò²³¬¹ý7Íǫ̀ £¬ÈÕ±¾¼°ÆäËûµØÓòÔòº±¼ûÍǫ̀É豸´¦ÓÚ·çÏÕ״̬ ¡£·ì϶³ÉÒòÖØÒªÔ̺¬É豸δÉèÖÃÉí·ÝÑéÖ¤¡¢Ê¹Óóö³§Ä¬ÈÏÃÜÂë»òÈõÃÜÂë £¬ÒÔ¼°ÔËÐÐ佨²¹µÄ¹ýÆÚÈí¼þ ¡£²¿ÃÅÉ豸ÉõÖÁÊôÓÚÒÑÖÕ³¡Ö§³ÖµÄÒÅÁôϵͳ £¬³Ö¾Ã²»×㰲ȫ¸üР¡£×êÑÐÈËԱͨ¹ýModat Magnifyƽ̨ɨÃè²¢¼ø±ð³öÕâЩÉ豸 £¬½ØÍ¼Ö¤¾ÝÏÔʾ £¬¹¥»÷Õ߿ɻñÈ¡»¼ÕßÐÔÃüÌåÕ÷¡¢ÄÔ²¿¼°Ðز¿É¨ÃèͼÏñµÈ¸ßÃô¸ÐÐÅÏ¢ £¬²¿ÃÅϵͳ¼Í¼ÉõÖÁ×·ÒäÖÁ¶àÄêǰ ¡£


https://cybernews.com/security/million-medical-devices-exposed-to-hackers/


2. ÐÂÐÍEDRɱÊÖ¹¤¾ß±»°Ë´óÀÕË÷ÍÅ»ïѡȡ


8ÔÂ7ÈÕ £¬¾ÝSophos°²È«ÍŶÓ×êÑÐ £¬Ò»ÖÖ±»ÊÓΪRansomHub¿ª·¢µÄ"EDRKillShifter"ÑÝ±ä°æµÄÐÂÐÍEDRɱÊÖ¹¤¾ß £¬ÒÑÔڰ˸ö·ÖÆçÀÕË÷Èí¼þÍÅ»ïµÄ¹¥»÷Öб»·¢ÏÖ £¬Éæ¼°RansomHub¡¢Blacksuit¡¢Medusa¡¢Qilin¡¢Dragonforce¡¢Crytox¡¢LynxºÍINC×éÖ¯ ¡£¸Ã¹¤¾ßµÄÖ÷ÌâÖ°ÄÜÊÇÔ®ÊÖ¹¥»÷Õ߹عر»¹¥ÆÆÏµÍ³Éϵݲȫ²úÆ· £¬Îª²¿ÊðÀÕË÷Èí¼þÓÐÐ§ÔØºÉ¡¢ÌáÉýȨÏÞ¡¢ºáÏòÒÆ¶¯¼°Òñ±Î¼ÓÃÜÉ豸´´ÔìǰÌá ¡£¼¼Êõ²ãÃæ £¬¸Ã¹¤¾ßѡȡ¸ß¶È»ìºÏµÄ¶þ½øÔìÎļþ £¬ÔËÐÐʱ×ÔÎÒ½âÂë²¢×¢ÈëºÏ·¨ÀûÓ÷¨Ê½ÖÐ ¡£Æä¹Ø¼ü»úÔìÊÇËÑË÷Ó²±àÂëÔÚ¿ÉÖ´ÐÐÎļþÖеÄËæ»úÎå¸ö×Ö·ûÃû³ÆµÄÊý×ÖÊðÃûÇý¶¯·¨Ê½ £¬Ò»µ©·¢ÏÖ±ã¼ÓÔØ¶ñÒâÄÚºËÇý¶¯ £¬Í¨¹ý"×Ô´øÒ×Êܹ¥»÷µÄÇý¶¯·¨Ê½"£¨BYOVD£©¹¥»÷»ñÈ¡ÄÚºËȨÏÞ £¬½ø¶øÖÕÖ¹ÓëAV/EDRÓйصĹý³Ì¼°·þÎñ ¡£ÖµÍ×ÌùÐĵÄÊÇ £¬¸ÃÇý¶¯³£¼Ù×°³ÉºÏ·¨Îļþ £¬µ«¼¤»îºó»áÖ±½Ó¶óɱָ±ê°²È«¹¤¾ß ¡£Æä¸²¸ÇµÄ³§ÉÌÁìÓò¿í·º £¬Ô̺¬Sophos¡¢Microsoft Defender¡¢¿¨°Í˹»ù¡¢ÈüÃÅÌú¿Ë¡¢Ç÷Ïò¿Æ¼¼¡¢SentinelOne¡¢Cylance¡¢McAfee¡¢F-Secure¡¢HitmanProºÍWebrootµÈÖ÷Á÷°²È«²úÆ· ¡£


https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/


3. È«Çò×î´ó·¸·¨IPTVƽ̨Rare Breed TVÔâACEÈ¡µÞ


8ÔÂ7ÈÕ £¬´´ÒâÓëÓéÀÖÁªÃË£¨ACE£©½üÈÕ°ä·¢³É¹¦¹Ø¹ØÈ«Çò×î´ó·¸·¨IPTV·þÎñÌṩÉÌRare Breed TV £¬²¢ÓëÆäÔËÓªÉÌ´ï³É²ÆÕþºÍ½âºÍ̸ ¡£×ܲ¿Î»ÓÚ±±¿¨ÂÞÀ´ÄÉÖݵÄRare Breed TVÊÇÊý×ÖµÁ°æÁìÓòµÄ¾ÞÍ· £¬Ðû³ÆÕ¼Óг¬¹ý28,000¸öÖ±²¥ÆµÂ·¼°100,000²¿µçÓ°ºÍµçÊÓ¾çµÄ·¸·¨×ÊÔ´¿â £¬ÆäÊÓÆµµã²¥Æ½Ì¨¸üÔ̺¬14,000¸öδ¾­ÊÚȨµÄ½ÚÄ¿ £¬³Ö¾Ãͨ¹ýÿÔÂ15.99ÃÀÔªÖÁÕûÄê79.99ÃÀÔªµÄ¶©ÔÄģʽIJÀû ¡£ACE×÷ΪÓÉÈ«Çò50Óà¼ÒÓ°ÊÓÓéÀÖ¾ÞÍ·×é³ÉµÄ·´µÁ°æÁªÃË £¬ÆäÖÎÀíίԱ»áº­¸ÇÑÇÂíÑ·¡¢µÏÊ¿Äá¡¢Netflix¡¢»ªÄÉÐֵܵȶ¥¼¶¹«Ë¾ ¡£Õâ´ÎÐж¯ÖÐ £¬ACEͨ¹ý˾·¨õè¾¶Ëø¶¨Rare Breed TV±³ºóµÄ°Ñ³ÖÕß £¬ÆÈʹÆäÓÀÔ¶¹Ø¹Ø·¸·¨Æ½Ì¨²¢Ö§¸¶¾Þ¶îÅâ³¥½ð ¡£Ö»¹ÜÔÚÉêÃ÷°ä²¼Ê± £¬Rare Breed TVÍøÕ¾ÈÔÁÙʱÔÚÏß £¬µ«ACEÇ¿µ÷ÔËÓªÉÌÒѳÐŵÖÕ³¡ÇÖȨÐÐΪ £¬²¢½«¹²Í¬ºóÐøµ÷²é ¡£


https://www.bleepingcomputer.com/news/technology/massive-illegal-iptv-service-provider-rare-breed-tv-taken-offline/


4. ¸çÂ×±ÈÑÇ´óѧÔâ·ê´ó¹æÄ£Êý¾Ýй¶ £¬½ü87ÍòÈËÃô¸ÐÐÅÏ¢ÔâÇÔ


8ÔÂ8ÈÕ £¬ÃÀ¹ú¸çÂ×±ÈÑÇ´óѧ½üÈÕÅû¶һ·³Á´óÍøÂ簲ȫÊÂÎñ £¬Ô¼868,969ÃûÏÖÈμ°Ç°ÈÎѧÉú¡¢Ô±¹¤¡¢ÉêÇëÈ˼°¾ìÊôµÄÓ×ÎÒÐÅÏ¢ÔÚ2025Äê5ÔÂ16ÈÕµÄÍøÂç¹¥»÷Öб»µÁ ¡£×÷Ϊ³£´ºÌÙÃËУ֮һ £¬¸ÃУռÓÐ35,000ÓàÃûѧÉúºÍ20,000ÃûÔ±¹¤ £¬2024ÄêÔ¤Ëã´ï66ÒÚÃÀÔª ¡£ÊÂÎñÔ´ÓÚ6ÔÂ24ÈÕ²¿ÃÅϵͳÒì³£ÖÐ¶Ï £¬¾­±í²¿ÍøÂ簲ȫר¼ÒЭÖúµ÷²éºó £¬Ñ§ÌÃÈ·ÈÏδ¾­ÊÚȨµÄµÚÈý·½½Ó¼ûÁËÆäÍøÂç²¢ÇÔÈ¡Îļþ ¡£Ö»¹ÜºÚ¿ÍÔøÐû³Æ»ñÈ¡460GBÊý¾Ý £¬µ«Ð£·½ÉêÃ÷δ֤ʵ¾ßÌåÊý¾ÝÁ¿ £¬½öÃ÷ȷй¶ÐÅÏ¢º­¸ÇÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢Éç»á°²È«ºÅÂë¡¢ÁªÏµ·½Ê½¡¢Ñ§Êõº¹Çà¡¢²ÆÕþÔöÔ®¼Í¼¡¢±£ÏÕÐÅÏ¢¼°½¡¿µÊý¾ÝµÈÃô¸ÐÄÚÈÝ ¡£ÖµµÃÇìÐÒµÄÊÇ £¬´ÓÊôµÄÅ·ÎÄҽѧÖÐÐÄ»¼Õ߼ͼδÊܲ¨¼° ¡£¸çÂ×±ÈÑÇ´óѧÒÑÏòÃåÒòÖÝ×ܼì²ì³¤°ì¹«ÊÒÌá½»Õýʽ֪ͨ £¬²¢Í¨¹ýÃÀ¹úÓÊÕþ·þÎñ֪ͨÊÜÓ°Ïì¸ö±ð ¡£Îª½µµÍ·çÏÕ £¬¸ÃУ½«Í¨¹ýKroll¹«Ë¾ÌṩΪÆÚÁ½ÄêµÄÃâ·ÑÐÅÓþ¼à¿Ø¡¢Ú²Æ­Õ÷ѯ¼°Éí·Ý͵ÇÔ¸´Ô­·þÎñ ¡£


https://www.bleepingcomputer.com/news/security/columbia-university-data-breach-impacts-nearly-870-000-students-applicants-employees/


5. RubyGems¹©¸øÁ´Ôâ¶ñÒâÈí¼þ¹¥»÷£º60¸öÇÔÃÜ×é¼þÏÂÔØ³¬27.5Íò´Î


8ÔÂ9ÈÕ £¬×Ô2023Äê3ÔÂÆð £¬Ò»³¡Õë¶ÔRuby¿ª·¢ÕߵĴó¹æÄ£¹©¸øÁ´¹¥»÷ÔÚRubyGemsƽ̨³ÖÐø·¢½Í ¡£°²È«»ú¹¹SocketÅû¶ £¬60¸ö¼Ù×°³ÉºÏ·¨¹¤¾ßµÄ¶ñÒâRuby×é¼þ£¨gem£©±»ÏÂÔØ³¬¹ý27.5Íò´Î £¬Æäͨ¹ýÇÔÈ¡¿ª·¢ÕßÕË»§Æ¾Ö¤Ö´ÐÐÍøÂç´¹µö £¬³ÉΪ½üÄêÀ´×îÑϳÁµÄ¿ªÔ´Éú̬°²È«ÊÂÎñÖ®Ò» ¡£ÕâЩ¶ñÒâ×é¼þÓɶà¸ö¹ØÁªÕË»§£¨Èçzon¡¢nowonµÈ£©ÒÔ±ðºÅ´ó¾Ö°ä²¼ £¬·ÂÕÕWordPress¡¢Telegram¡¢NaverµÈÖ÷Á÷ƽ̨µÄ×Ô¶¯»¯¹¤¾ß¶¨Ãû£¨Èçwp_posting_duo¡¢tg_send_zonµÈ£© £¬²¢½¨ÉèÐéαͼÐνçÃæ£¨GUI£©ÓÕµ¼Óû§ÊäÈëÃô¸ÐÐÅÏ¢ ¡£¹¥»÷Õßͨ¹ýÓ²±àÂëµÄC2·þÎñÆ÷ÇÔÈ¡Ã÷ÎÄÓû§ÃûÃÜÂë¡¢É豸MACµØÖ·¼°Èí¼þ°üʹÓÃÊý¾Ý £¬²¿ÃÅ×é¼þÉõÖÁαÔìAPIÏìÓ¦ºýŪÓû§ ¡£SocketÔÚ¶íÓï°µÍøÊг¡·¢ÏÖÀ´×Ômarketingduo.co.krµÄ±»µÁƾ֤ÈÕÖ¾ £¬Ö¤Êµ¹¥»÷ÕßÒѽ«Êý¾ÝÓÃÓÚ·¸·¨ÂòÂô ¡£RubyGems×÷ΪRuby˵»°µÄ¹Ù·½°üÖÎÀíÆ÷ £¬ÆäÉú̬°²È«ÐÔÔÚÕâ´ÎÊÂÎñÖж³ö³Á´óÒþ»¼ ¡£Ö»¹ÜSocketÒÑÏò¹Ù·½ÍŶӾٱ¨È«Êý60¸ö¶ñÒâ×é¼þ £¬µ«½ØÖÁ»ã±¨°ä²¼Ê±ÈÔÓÐ16¸öδ±»ÏÂ¼Ü ¡£


https://www.bleepingcomputer.com/news/security/60-malicious-ruby-gems-downloaded-275-000-times-steal-credentials/


6. WinRARÁãÈÕ·ì϶Ôâ¶íÂÞ˹ºÚ¿Í×éÖ¯ÀûÓÃ


8ÔÂ8ÈÕ £¬½üÆÚ £¬Ò»¸ö±àºÅΪCVE-2025-8088µÄWinRARĿ¼±éÀú·ì϶±»ÆØ¹â £¬¸Ã·ì϶Òѱ»¹¥»÷ÕßÀûÓÃΪÁãÈÕ·ì϶ÌáÒéÍøÂç´¹µö¹¥»÷ £¬ÓÃÓÚ´«²¼Óë¶íÂÞ˹¹ØÁªµÄRomCom¶ñÒâÈí¼þ ¡£¾Ý°²È«³§ÉÌESETÅû¶ £¬¸Ã·ì϶´æÔÚÓÚWinRAR 7.13°æ±¾Ö®Ç°µÄËùÓÐWindowsƽ̨²úÆ·ÖÐ £¬Ô̺¬RAR¡¢UnRAR½âѹ¹¤¾ß¼°UnRAR.dll¿â £¬¶øLinux/UnixºÍAndroid°æ±¾²»ÊÜÓ°Ïì ¡£·ì϶µÄÖ÷Ìâ˼ÔìÔÚÓÚ £¬¹¥»÷Õß¿Éͨ¹ý»ú¹Ø¶ñÒâRARѹËõ°ü £¬ÈƹýWinRARĬÈϵĽâѹõè¾¶ÏÞ¶È £¬½«ÎļþÖ±½ÓÌáÈ¡ÖÁWindowsϵͳµÄ×Ô¶¯ÔËÐÐĿ¼ ¡£µ±Êܺ¦ÕßÏ´εǼϵͳʱ £¬ÕâЩ±»Ö²ÈëµÄ¿ÉÖ´ÐÐÎļþ½«×Ô¶¯ÔËÐÐ £¬´Ó¶øÊµÏÖÔ¶³Ì´úÂëÖ´ÐУ¨RCE£© ¡£ESET×êÑÐÈËÔ±Peter Stry?ekÖ¸³ö £¬Ä¿Ç°¸Ã·ì϶Òѱ»ÓÃÓÚÓã²æÊ½ÍøÂç´¹µö¹¥»÷ £¬Í¨¹ýÔ̺¬¶ñÒâRARÎļþµÄÓʼþ¸½¼þ´«²¼RomComºóÃÅ·¨Ê½ ¡£ÖµÍ×ÌùÐĵÄÊÇ £¬WinRAR¹Ù·½ÒÑÔÚ7.13°æ±¾Öн¨¸´´Ë·ì϶ £¬µ«ÒòÆä²»×ã×Ô¶¯¸üлúÔì £¬Óû§ÐèÊÖ¶¯´Ó¹ÙÍøÏÂÔØ×îÐÂ×°Öðü ¡£


https://www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/