【安全日记】这些漏洞正侵害你的安全

百家 作者:绿盟科技 2017-07-04 10:11:31

 互联网安全威胁态势

1

CVE统计

最近一周CVE公告总数与前期相比数量减少。值得关注的高危漏洞如下:

2

威胁信息回顾

标题:New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

摘要:Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company’s latest and secure operating system, Windows 10.


标题:Siemens Patches Flaws in SIMATIC, XHQ Products

摘要:Siemens and ICS-CERT published advisories this week to alert users of improper authentication and privilege escalation vulnerabilities affecting some SIMATIC and XHQ products.


标题:Reading the 2016 Internet Crime Complaint Center (IC3) report

摘要:According to 2106 Internet Crime Complaint Center (IC3) report, 298,728 complaints were received in 2016 totaling more than $1.3 billion in financial loss.


标题:Svpeng Behind a Spike in Mobile Ransomware

摘要:The sting of mobile ransomware grew more painful in 2017 with attacks increasing a whopping 3.5 times in the first quarter compared to the same time a year ago. Behind those attacks were a quarter million Trojan installation packages targeting Android devices that sought to extort between $100 to $500 from victims.


标题:Petya:多家企业感染MBR勒索病毒 

摘要:北京时间6月27日,据国外社交媒体消息,乌克兰、俄罗斯两国的政府机构、机场、银行以及多家大型工业企业部分计算机系统遭受勒索病毒威胁,导致主机无法正常引导开机,严重影响了国家多个正常业务的运转;同时6月27日晚间,国内部分外企也确认有发现感染同样的勒索病毒。


标题:Google Gets Record-Breaking $2.7 Billion Fine for Manipulating Search Results 

摘要:Google has been hit with a record-breaking $2.7 billion (€2.42 billion) fine by the European antitrust officials for unfairly manipulating search results since 2008.


标题:Russian Gov is threatening to ban Telegram because it refused to comply data protection laws

摘要:Russia threatens to ban the Telegram instant messaging app because the company refused to be compliant with the country’s new data protection laws.


标题:Microsoft plugs another critical hole in Windows Defender

摘要:Microsoft patched a critical RCE vulnerability in its Malware Protection Engine that could have been exploited without any user interaction


标题:'Shadow Brokers'Threatens to Unmask A Hacker Who Worked With NSA

摘要:The Shadow Brokers, a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA.


(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)

漏洞研究

1

漏洞库统计

截止到2017年6月30日,绿盟科技漏洞库已收录总条目达到37017条。本周新增漏洞记录51条,其中高危漏洞数量4条,中危漏洞数量23条,低危漏洞数量24条。

● Siemens XHQ 访问绕过漏洞(CVE-2017-6866)

危险等级:中

BID:99247

cve编号:CVE-2017-6866

● Microsoft Malware Protection Engine远程代码执行漏洞(CVE-2017-8558)

危险等级:中

BID:99262

cve编号:CVE-2017-8558

● Linux Kernel 权限提升漏洞(CVE-2017-7518)

危险等级:中

BID:99263

cve编号:CVE-2017-7518

● GNU Debugger (GDB) 拒绝服务漏洞(CVE-2017-9778)

危险等级:中

BID:99244

cve编号:CVE-2017-9778

● EMC Avamar身份验证绕过及任意文件上传漏洞

危险等级:高

BID:99243

cve编号:CVE-2017-4990,CVE-2017-4989

● LAME缓冲区溢出漏洞(CVE-2017-9869)

危险等级:中

BID:99272

cve编号:CVE-2017-9869

● LAME栈缓冲区溢出漏洞(CVE-2017-9872)

危险等级:中

BID:99270

cve编号:CVE-2017-9872

● LAME堆缓冲区溢出漏洞(CVE-2015-9101)

危险等级:中

BID:99269

cve编号:CVE-2015-9101

● LAME拒绝服务漏洞(CVE-2015-9099)

危险等级:中

BID:99279

cve编号:CVE-2015-9099

● LAME拒绝服务漏洞(CVE-2015-9100)

危险等级:中

BID:99278

cve编号:CVE-2015-9100

……


(数据来源:绿盟科技安全研究部&产品规则组)

焦点漏洞

◆焦点漏洞

Microsoft Skype栈缓冲区溢出漏洞

◆NSFOCUS ID

36980

CVE ID 

CVE-2017-9948

◆受影响版本

Microsoft Skype 7.2,7.35,7.36

◆漏洞点评

Microsoft Skype是一款即时通讯软件,其具备IM所需的功能,比如视频聊天、多人语音会议等功能。Microsoft Skype 7.2, 7.35及7.36版本在实现上存在栈缓冲区溢出漏洞,此漏洞源于MSFTEDIT.DLL未正确处理带消息框的远程RDP剪切版内容。目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载更新。 


(数据来源:绿盟科技安全研究部&产品规则组)




请点击屏幕右上方“…”

关注绿盟科技公众号
NSFOCUS-weixin

↑↑↑长按二维码,下载绿盟云APP

关注公众号:拾黑(shiheibook)了解更多

[广告]赞助链接:

四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/

公众号 关注网络尖刀微信公众号
随时掌握互联网精彩
赞助链接