ÐÂÐÍMirai±äÖÖShadowV2½©Ê¬ÍøÂçÈ«Çò¹¥»÷ÎïÁªÍøÉ豸

°ä²¼¹¦·ò 2025-11-28

1. ÐÂÐÍMirai±äÖÖShadowV2½©Ê¬ÍøÂçÈ«Çò¹¥»÷ÎïÁªÍøÉ豸


11ÔÂ26ÈÕ £¬FortinetÆìÏÂFortiGuard Labs×êÑÐÈËÔ±ÔÚ10ÔÂAWS´ó¹æÄ£·þÎñÖÐ¶ÏÆÚ¼ä·¢ÏÖÃûΪ¡°ShadowV2¡±µÄÐÂÐÍ»ùÓÚMiraiµÄ½©Ê¬ÍøÂç¶ñÒâÈí¼þ £¬¸Ã¶ñÒâÈí¼þÀûÓÃD-Link¡¢TP-LinkµÈ¹©¸øÉÌÎïÁªÍøÉ豸µÄÖÁÉٰ˸öÒÑÖª·ì϶½øÐд«²¼ £¬Ô̺¬CVE-2009-2765¡¢CVE-2020-25506µÈ¡£ÖµÍ×ÌùÐĵÄÊÇ £¬²¿ÃÅ·ì϶ÈçCVE-2024-10914ºÍCVE-2024-10915Éæ¼°ÒÑÍ£²ú»ò²»ÊÜÖ§³ÖÉ豸 £¬D-LinkÃ÷È·°µÊ¾´ËÀàÉ豸½«²»ÔÙ»ñµÃ¹Ì¼þ¸üР£¬¼Ó¾çÁ˰²È«·çÏÕ¡£ShadowV2¹¥»÷Ö¸±êº­¸Çµ±¾Ö¡¢¿Æ¼¼¡¢Ôì×÷Òµ¡¢Íйܰ²È«·þÎñÌṩÉÌ£¨MSSP£©¡¢µçÐÅ¡¢½ÌÓýµÈÆß¸öÐÐÒµµÄ·ÓÉÆ÷¡¢NASºÍDVRÉ豸 £¬¹¥»÷ÁìÓò±é¼°±±ÃÀÖÞ¡¢ÄÏÃÀÖÞ¡¢Å·ÖÞ¡¢·ÇÖÞ¡¢ÑÇÖ޺ͰĴóÀûÑÇÁù´óÖÞ¡£¸Ã¶ñÒâÈí¼þ×Ô³ÆÎª¡°ShadowV2 Build v1.0.0 IoT°æ±¾¡± £¬ÓëMirai LZRD±äÖÖÀàËÆ £¬Í¨¹ý³õʼ½Ó¼û½×¶Î±»´«µÝ¸øÒ×Êܹ¥»÷µÄÉ豸 £¬¸Ã½×¶ÎʹÓÃÏÂÔØÆ÷¾ç±¾binary.sh £¬²¢Ñ¡È¡XOR±àÂëÅäÖÃÎļþϵͳõè¾¶¡¢Óû§´úÀí×Ö·û´®¡¢HTTP±êÓŵÈ £¬¾ß±¸Òñ±ÎÐÔ¡£Ö°ÄÜÉÏÖ§³ÖÕë¶ÔUDP¡¢TCPºÍHTTPºÍ̸µÄ¶àÖÖÉ¢²¼Ê½»Ø¾ø·þÎñ£¨DDoS£©¹¥»÷ÀàÐÍ £¬C2»ù´¡Éèʩͨ¹ý·¢ËͺÅÁî´¥·¢¹¥»÷¡£


https://www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/


2. OpenAI APIÓû§Êý¾ÝÒòMixpanelй¶ÊÂÎñÊÜÓ°Ïì


11ÔÂ27ÈÕ £¬½üÈÕ £¬OpenAIÏò²¿ÃÅChatGPT API¿Í»§´«µÝ £¬ÒòµÚÈý·½·ÖÎö·þÎñÉÌMixpanelÔâ·êÊý¾Ýй¶ £¬µ¼Ö²¿ÃÅAPIÓû§Éí·Ý¼ø±ðÐÅÏ¢±íй¡£¾ÝϤ £¬MixpanelΪOpenAIÌṩÊÂÎñ·ÖÎöÖ°ÄÜ £¬ÓÃÓÚ×·×ÙAPI²úƷǰ¶Ë½çÃæµÄÓû§½»»¥ÐÐΪ¡£Õâ´ÎÊÂÎñ½öÓ°Ïì¡°Ó벿ÃÅAPIÓû§ÓйصÄÓÐÏÞ·ÖÎöÊý¾Ý¡± £¬Î´²¨¼°ChatGPT»òÆäËû²úÆ·µÄͨ³£Óû§¡£OpenAIÃ÷È·°µÊ¾ £¬ÆäÖ÷Ìâϵͳδ±»ÈëÇÖ £¬Ì¸Ìì¼Í¼¡¢APIÒªÇó¡¢Ö§¸¶ÏêÇé¡¢ÃÜÂ롢ƾ֤¡¢APIÃÜÔ¿¼°µ±¾ÖÉí·ÝÖ¤¼þ¾ùδй¶¡£Ð¹Â¶ÄÚÈÝÖØÒªÔ̺¬APIÕË»§ÖеÄÃû³Æ¡¢¹ØÁªÓÊÏä¡¢ä¯ÀÀÆ÷ÌṩµÄ´ÖÂÔµØÀíµØÎ»£¨³ÇÊÐ/Ê¡/¹ú¶È£©¡¢²Ù×÷ϵͳºÍä¯ÀÀÆ÷ÀàÐÍ¡¢ÍƼöÆðÔ´ÍøÕ¾ÒÔ¼°×éÖ¯»òÓû§ID¡£ÓÉÓÚÎ´Éæ¼°Ãô¸Ðƾ֤ £¬Óû§ÎÞÐè³ÁÖÃÃÜÂë»òAPIÃÜÔ¿¡£MixpanelÅû¶ £¬Õâ´Î¹¥»÷Ô´ÓÚ11ÔÂ8ÈÕ·¢ÏֵĶÌÐÅ´¹µö»î¶¯ £¬Ó°ÏìÁìÓòÓÐÏÞ¡£OpenAIÔÚ11ÔÂ25ÈÕ»ñϤÊÜÓ°ÏìÊý¾Ý¼¯ÏêÇéºó £¬Òѽ«Mixpanel´Ó³ö²ú·þÎñÖÐÒÆ³ý £¬²¢Ö±½Ó֪ͨÓйØ×éÖ¯¡¢ÖÎÀíÔ±¼°Ó×ÎÒÓû§¡£


https://www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/


3. ³¯ÈÕÆ¡¾ÆÔâÀÕË÷Èí¼þ¹¥»÷ÖÂ200Íò¿Í»§Ô±¹¤Êý¾Ýй¶


11ÔÂ27ÈÕ £¬ÈÕ±¾×î´óÆ¡¾ÆÄðÔìÉ̳¯ÈÕ¼¯ÍſعÉÓÐÏÞ¹«Ë¾£¨¼ò³Æ³¯ÈÕ£©ÈÕ±¾·Ö¹«Ë¾9ÔÂ29ÈÕÔâ·êÀÕË÷Èí¼þ¹¥»÷ £¬µ¼ÖÂÔ¼200Íò¿Í»§¼°Ô±¹¤Ó×ÎÒÐÅϢй¶ £¬²¢ÑϳÁÇÖÈÅÆäÈÕ±¾¾³ÄÚÔËÓª¡£Õâ´Î¹¥»÷ÓÉ¡°÷è÷롱ÀÕË÷Èí¼þÍÅ»ïÖ´ÐÐ £¬¸Ã×éÖ¯Ðû³Æ¶ÔÊÂÎñÕÆ¹Ü £¬²¢Ð¹Â¶ÁË27GBµÄ±»µÁÊý¾Ý £¬Ô̺¬ºÏͬ¡¢Ô±¹¤ÐÅÏ¢¡¢²ÆÕþÊý¾ÝµÈ9323¸öÎļþ¡£¾Ý³¯ÈÕÅû¶ £¬¹¥»÷Õßͨ¹ý¼¯ÍÅ×ܲ¿ÍøÂçÉ豸·¸·¨ÈëÇÖÊý¾ÝÖÐÐÄÍøÂç £¬²¿ÊðÀÕË÷Èí¼þ¼ÓÃܶą̀·þÎñÆ÷¼°²¿ÃÅÔ±¹¤Åä·¢PCÉ豸µÄÊý¾Ý¡£Ð¹Â¶Êý¾ÝÉæ¼°152.5ÍòÃûÔøÁªÏµ¿Í·þµÄÈËÔ±£¨º¬ÐÕÃû¡¢µØÖ·¡¢µç»°¡¢ÓÊÏ䣩¡¢11.4ÍòÃû±í²¿ÁªÏµÈË£¨º¬ÐÕÃû¡¢µØÖ·¡¢µç»°£©¡¢10.7ÍòÃûÔ±¹¤£¨º¬µ®ÉúÈÕÆÚ¡¢ÐÔ±ð¡¢ÁªÏµ·½Ê½£©¼°16.8ÍòÃûÔ±¹¤¾ìÊô£¨º¬ÐÕÃû¡¢µ®ÉúÈÕÆÚ¡¢ÐԱ𣩡£ÖµµÃÇìÐÒµÄÊÇ £¬¿Í»§²ÆÕþÐÅÏ¢£¨ÈçÐÅÓþ¿¨Êý¾Ý£©Î´±»ÇÔÈ¡¡£Õâ´Î¹¥»÷µ¼Ö³¯ÈÕÈÕ±¾·Ö¹«Ë¾¶©µ¥´¦Öᢷ¢»õ¡¢ºô½ÐÖÐÐļ°¿Í·þ̨ҵÎñÖжÏ £¬ÆäËû¹ú¼Ê·Ö֧δÊÜÓ°Ïì¡£½ØÖÁ11ÔÂ27ÈÕ £¬¹«Ë¾ÒÑÈ·Èϲ¿ÃÅÔ±¹¤PC¼°Êý¾ÝÖÐÐÄ·þÎñÆ÷´æ´¢µÄÓ×ÎÒÐÅÏ¢¿ÉÄÜй¶ £¬µ«Î´·¢ÏÖÊý¾Ý±»¹«¿ª°ä²¼¡£


https://securityaffairs.com/185126/data-breach/asahi-says-crooks-stole-data-of-approximately-2m-customers-and-employees.html


4. Bloody Wolf APT×éÖ¯ÀûÓúϷ¨Ô¶³ÌÈí¼þ·¢Æð¹¥»÷


11ÔÂ28ÈÕ £¬ÍøÂ簲ȫ×êÑÐÈËÔ±·¢ÏÖ £¬Bloody Wolf¸ß¼¶³ÖÐøÍþв£¨APT£©×éÖ¯Õýͨ¹ýºÏ·¨Ô¶³Ì½Ó¼ûÈí¼þÉøÈëµ±¾ÖÖ¸±ê £¬ÌáÒéÁìÓò²»ÐÝÀ©´óµÄÍøÂç¹¥»÷¡£×Ô2023Äêµ×»îÔ¾ÒÔÀ´ £¬Bloody Wolf²»ÐݸĽø¼¼Êõ¡£2025Äê6ÔÂÆð £¬¸Ã×éÖ¯ÔÚ¼ª¶û¼ªË¹Ë¹Ì¹³ÖÐø·¢Õ¹»î¶¯ £¬²¢ÓÚ10Ô³õ½«ÁìÓòÀ©´óÖÁÎÚ×ȱð¿Ë˹̹¡£¹¥»÷Õß¼ÙÒâ˾·¨²¿ £¬Í¨¹ý·¢ËÍÕæÇÐPDFÎĵµ¡¢Î±ÔìÓòÃû¼°ÓÕµ¼Êܺ¦Õß×°ÖÃJavaÒԲ鿴¡°°¸¼þ×ÊÁÏ¡±µÄÖ¸ÁîÖ´Ðй¥»÷ £¬Ç¶Èë¶ÌÐÅÏ¢ÓªÔìºÏ·¨ÐÔ¼ÙÏó¡£ÎÚ×ȱð¿Ë˹̹µÄ»ù´¡ÉèÊ©»¹ÅäÖÃÁ˵ØÀíΧÀ¸Ö°ÄÜ £¬¾³±íÓû§±»³Á¶¨ÏòÖÁºÏ·¨µ±¾ÖÍøÕ¾ £¬±¾µØÓû§ÔòÊÕµ½¶ñÒâJARÎļþ¡£Ï°È¾Á´ÖÐ £¬Êܺ¦ÕßÏÂÔØJARÎļþºó £¬¼ÓÔØÆ÷»á»ñÈ¡ÆäËû×é¼þ²¢×îÖÕ×°ÖÃNetSupport RAT¡£ÕâЩ¼ÓÔØÆ÷ʹÓÃJava 8¹¹½¨ £¬½öº¬Ò»¸öÀàÇÒδ»ìºÏ £¬¿É×Ô¶¯Ö´ÐÐHTTP»ñÈ¡¶þ½øÔìÎļþ¡¢Ôö³¤ÓƾÃÐÔ¡¢´´½¨´òË㹤×÷¼°ÏÔʾÐéαÃýÎóÐÅÏ¢µÈ¹¤×÷¡£ÆäÄÚÖÃÆô¶¯Ï޶ȼÆÊýÆ÷£¨ÉèΪ3´Î£© £¬´æ´¢ÓÚÓû§ÅäÖÃÎļþĿ¼ £¬Ï÷¼õ±»°ÑÎÈ·çÏÕ¡£


https://www.infosecurity-magazine.com/news/bloody-wolf-expands-central-asia/


5. »ªË¶½¨¸´¸ßΣ·ì϶ £¬¾¯ÌèWrtHug¹¥»÷Í£²ú·ÓÉÆ÷


11ÔÂ27ÈÕ £¬»ªË¶°ä²¼Ð°æ¹Ì¼þ½¨¸´ÁË9¸ö°²È«·ì϶ £¬ÆäÖÐ×îÑϳÁµÄÊDZàºÅΪCVE-2025-59366µÄ¸ßΣÉí·ÝÑéÖ¤ÈÆ¹ý·ì϶ £¬¸Ã·ì϶ӰÏìËùÓÐÆôÓÃAiCloudÖ°ÄܵÄ·ÓÉÆ÷É豸¡£AiCloudÊÇ»ªË¶Â·ÓÉÆ÷ÄÚÖõÄÔ¶³Ì½Ó¼ûÖ°ÄÜ £¬¿ÉʵÏÖÓ×ÎÒÔÆ·þÎñÆ÷¡¢Ô¶³ÌýÌåÁ÷´«ÊäºÍÔÆ´æ´¢·þÎñ¡£»ªË¶°²È«²¼¸æÖ¸³ö £¬¸Ã·ì϶¿Éͨ¹ýSambaÖ°ÄܵÄÒâ±í¸±×÷Óô¥·¢ £¬¹¥»÷Õß¿ÉÄÜδ¾­ÊÚȨִÐÐÌØ¶¨Ö°ÄÜ¡£Õâ´Î½¨¸´Éæ¼°¶à¸ö¹Ì¼þ°æ±¾ÏµÁÐ £¬Ô̺¬3.0.0.4_386¡¢3.0.0.4_388¼°3.0.0.6_102ϵÁÐ £¬¾ù½¨¸´ÁËCVE-2025-59366¼°ÆäËû8¸ö·ì϶¡£»ªË¶Ç¿ÁÒ½¨ÒéÓû§Á¢¼´¸üÐÂÖÁ2025Äê10Ô°䲼µÄ×îй̼þ¡£¶ÔÓÚÒÑÖÕ³¡Ö§³ÖµÄÍ£²ú·ÓÉÆ÷ÐͺÅ £¬»ªË¶ÌṩÁËһʱ»º½â½¨Ò飺Ϊ·ÓÉÆ÷µÇ¼ÕË»§ºÍWiFiÉèÖøßÇ¿¶ÈΨһÃÜÂ룻½ûÓÃËùÓÐÃæÏò»¥ÁªÍøµÄ·þÎñ £¬ÈçAiCloud¡¢¹ãÓòÍøÔ¶³Ì½Ó¼û¡¢¶Ë¿Úת·¢¡¢¶¯Ì¬ÓòÃû½âÎö¡¢VPN·þÎñÆ÷¡¢·Ç¾üÊÂÇø¡¢¶Ë¿Ú´¥·¢ºÍFTPµÈÖ°ÄÜ¡£½üÆÚ £¬ÃûΪ¡°Operation WrtHug¡±µÄÐÂÐ͹¥»÷»î¶¯ÒÑÓ°ÏìÈ«ÇòÊýÍǫ̀¹ýÆÚ»òÍ£²úµÄ»ªË¶Â·ÓÉÆ÷ £¬»ªË¶Ç¿µ÷ £¬Óû§Ó¦¸ß¶ÈÆ÷³Á¹Ì¼þ¸üкͰ²È«ÅäÖà £¬ÒÔ·À±¸´ËÀ๥»÷¡£


https://securityaffairs.com/185109/iot/new-asus-firmware-patches-critical-aicloud-vulnerability.html


6. ¶ñÒâChromeÀ©´óCrypto Copilot°µÖÐÇÔÈ¡¼ÓÃÜÂòÂôÓöÈ


11ÔÂ27ÈÕ £¬ÍøÂ簲ȫ¹«Ë¾Socket¸æ·¢ £¬Ò»¿îÃûΪCrypto CopilotµÄChromeÀ©´ó·¨Ê½ÊµÎª¶ñÒâÈí¼þ £¬ÔÚÿ±Ê¼ÓÃÜÇ®±ÒÂòÂôÖаµÖÐÊÕÈ¡0.05%»ò¸ü¸ßµÄ°µ²ØÓöÈ¡£¸ÃÀ©´óÐû³Æ¿ÉÈÃÓû§ÔÚXƽֱ̨½ÓÂòÂô¼ÓÃÜÇ®±Ò £¬Óë½çÃæÎ޷켯³É £¬µ«ÏÖʵͨ¹ý¸ß¶È»ìºÏµÄ´úÂëÔÚÂòÂôÖÐ×¢Èë¶î±íתÕË £¬½«×ʽð×ªÒÆÖÁ¹¥»÷Õß½ÚÔìµÄÇ®°ü¡£ÀýÈç £¬ÂòÂô³¬¹ý2.6 SOL£¨Ô¼371ÃÀÔª£©Ê± £¬»áÊÕÈ¡0.0013 SOL£¨Ô¼0.19ÃÀÔª£©µÄÓöÈ £¬ÇÒChromeÉ̵êδ¹«¿ªÅû¶ÊÕ·ÑÂß¼­¡£Socket×êÑÐÈËÔ±Ö¸³ö £¬¸ÃÀ©´óÀûÓÃRaydiumÇø¿éÁ´»¥»»Ö°ÄÜ £¬ÔÚÓû§ÊðÃûǰÔö³¤°µ²ØÓöÈ £¬Í¨¹ýÓ²±àÂë²ÎÊýÍÆËãÓöȲ¢Ç¶ÈëͳһÂòÂôÖÐ £¬Óû§Èô²»·¢Õ¹Ç®°üÖ¸ÁîÁбíÔòÄÑÒÔ¾õ²ì¡£Ö»¹ÜÓû§»ùÊý½ÏÓ× £¬µ«¶ñÒâÐÐΪÒѳÖÐø³¬Ò»Äêδ±»·¢ÏÖ £¬¿ÉÄÜ´æÔÚÀàËÆÄ£Ê½µÄÀ©´ó·¨Ê½¡£¹¥»÷Õßͨ¹ý¶à¸ö±í²¿·þÎñ·ÂÕպϷ¨¹¤¾ß £¬µ«ºó¶ËÍøÕ¾ÎÞ·¨ÔËÐÐ £¬ÏÔʾÆä¿ÉÄֻܲʿª·¢»ò´¦ÓÚ²âÊԽ׶Ρ£¸ÃÀ©´ó·¨Ê½ÓÉÍøÃûΪsjclark76µÄ´´½¨Õß°ä²¼ £¬Éϴθüй¦·òΪ2024Äê6ÔÂ18ÈÕ £¬½ØÖÁ»ã±¨Ê±ÈԿɽӼû¡£


https://cybernews.com/security/malicious-chrome-extension-skims-crypto-with-every-trade/