3月27日,Zhiniang Peng 和Chen Wu发布了关于IIS 6.0 WebDAV远程代码执行的漏洞信息(CVE-2017-7269,CNNVD-201703-1151)。该漏洞源于Microsoft Windows Server 2003 R2的IIS 6.0 中WebDAV 服务下ScStoragePathFromUrl函数存在缓冲区溢出漏洞。如果一个PROPFIND请求中包含以”If: <http://”开头的超长头部,将触发一个缓冲区溢出漏洞,攻击者可以利用此漏洞远程执行任意代码,此利用方法和2016年7-8月份爆出的方法一致。
In the wee hours of March 21, Apache Struts 2 released a security bulletin, announcing a remote code execution (RCE) vulnerability in the Jakarta Multipart parser, which has been assigned CVE-2017-5638.
IBM’s X-Force security team recently discovered an updated version of Dridex, called Dridex v4. Dridex is one of the most popular banking trojans. It was first spotted in 2014 when it was viewed as the successor of GameOver ZeuS (GoZ) because it uses GoZ-related techniques. An important improvement in Dridex v4 is that it evades detection antivirus software by introducing the AtomBoming technique for malicious code injection.
Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution.
Apache Struts2的Jakarta Multipart parser插件存在远程代码执行漏洞,漏洞编号为CVE-2017-5638。攻击者可以在使用该插件上传文件时,修改HTTP请求头中的Content-Type值来触发该漏洞,导致远程执行代码。
The banking trojan “Shifu” was discovered by the IBM counter fraud platform in April, 2015. Built based on the Shiz source code, this trojan employs techniques adopted by multiple notorious trojans such as Zeus, Gozi, and Dridex.
Recently, some hacker organizations have turned their eyes to ransom attacks targeting certain products. As of last week, hacker organizations had taken control of and wiped data from at least 34,000 MongoDB databases, asking for a ransom to return the stolen files.
春节前,有超过34000多台存在安全风险的MongoDB数据库遭到了勒索攻击,数据库数据被攻击者擦除并索要赎金,在收到赎金后攻击者才会返还服务器中的数据;紧接着,2017年1月18日,在短短几个小时内又有数百台ElasticSearch服务器受到了勒索攻击,服务器中的数据被擦除,并被索要赎金。
绿盟科技发布金融行业安全月刊201701期,该月刊为绿盟科技金融事业部主办的面向金融行业客户的信息安全类刊物。安全月刊分政策解读、行业研究、漏洞聚焦以及产品动态4个栏目,主要介绍最新安全动态、国家及行业政策(要求)落地指导、前沿技术以及安全解决方案等内容。
“师傅”网银木马在2015年4月被IBM反欺诈平台发现,它是基于Shiz源代码进行构建的,并且借鉴了包括Zeus、Gozi和Dridex等在内的多个著名木马的相关技术。该木马曾主要以日本境内14家银行为攻击目标,随后2015年9月22日开始,“师傅”木马开始在英国出现,并且至少攻击了十余家银行。2017年1月6日,researchcenter.paloaltonetworks.com网站刊文称,“师傅”木马的作者在2016年对其进行了改进,早期的“师傅”通过利用CVE-2015-0003来获得被入侵主机的系统权限,现在改为使用编号CVE-2016-0167的Windows提权漏洞来达到同样目的。