【安全日记】这些漏洞正侵害你的安全
互联网安全威胁态势
CVE统计
最近一周CVE公告总数与前期相比数量减少。值得关注的高危漏洞如下:
2
威胁信息回顾
标题:New GhostHook Attack Bypasses Windows 10 PatchGuard Protections
摘要:Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company’s latest and secure operating system, Windows 10.
标题:Siemens Patches Flaws in SIMATIC, XHQ Products
摘要:Siemens and ICS-CERT published advisories this week to alert users of improper authentication and privilege escalation vulnerabilities affecting some SIMATIC and XHQ products.
标题:Reading the 2016 Internet Crime Complaint Center (IC3) report
摘要:According to 2106 Internet Crime Complaint Center (IC3) report, 298,728 complaints were received in 2016 totaling more than $1.3 billion in financial loss.
标题:Svpeng Behind a Spike in Mobile Ransomware
摘要:The sting of mobile ransomware grew more painful in 2017 with attacks increasing a whopping 3.5 times in the first quarter compared to the same time a year ago. Behind those attacks were a quarter million Trojan installation packages targeting Android devices that sought to extort between $100 to $500 from victims.
标题:Petya:多家企业感染MBR勒索病毒
摘要:北京时间6月27日,据国外社交媒体消息,乌克兰、俄罗斯两国的政府机构、机场、银行以及多家大型工业企业部分计算机系统遭受勒索病毒威胁,导致主机无法正常引导开机,严重影响了国家多个正常业务的运转;同时6月27日晚间,国内部分外企也确认有发现感染同样的勒索病毒。
标题:Google Gets Record-Breaking $2.7 Billion Fine for Manipulating Search Results
摘要:Google has been hit with a record-breaking $2.7 billion (€2.42 billion) fine by the European antitrust officials for unfairly manipulating search results since 2008.
标题:Russian Gov is threatening to ban Telegram because it refused to comply data protection laws
摘要:Russia threatens to ban the Telegram instant messaging app because the company refused to be compliant with the country’s new data protection laws.
标题:Microsoft plugs another critical hole in Windows Defender
摘要:Microsoft patched a critical RCE vulnerability in its Malware Protection Engine that could have been exploited without any user interaction
标题:'Shadow Brokers'Threatens to Unmask A Hacker Who Worked With NSA
摘要:The Shadow Brokers, a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA.
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
漏洞研究
1
漏洞库统计
截止到2017年6月30日,绿盟科技漏洞库已收录总条目达到37017条。本周新增漏洞记录51条,其中高危漏洞数量4条,中危漏洞数量23条,低危漏洞数量24条。
● Siemens XHQ 访问绕过漏洞(CVE-2017-6866)
危险等级:中
BID:99247
cve编号:CVE-2017-6866
● Microsoft Malware Protection Engine远程代码执行漏洞(CVE-2017-8558)
危险等级:中
BID:99262
cve编号:CVE-2017-8558
● Linux Kernel 权限提升漏洞(CVE-2017-7518)
危险等级:中
BID:99263
cve编号:CVE-2017-7518
● GNU Debugger (GDB) 拒绝服务漏洞(CVE-2017-9778)
危险等级:中
BID:99244
cve编号:CVE-2017-9778
● EMC Avamar身份验证绕过及任意文件上传漏洞
危险等级:高
BID:99243
cve编号:CVE-2017-4990,CVE-2017-4989
● LAME缓冲区溢出漏洞(CVE-2017-9869)
危险等级:中
BID:99272
cve编号:CVE-2017-9869
● LAME栈缓冲区溢出漏洞(CVE-2017-9872)
危险等级:中
BID:99270
cve编号:CVE-2017-9872
● LAME堆缓冲区溢出漏洞(CVE-2015-9101)
危险等级:中
BID:99269
cve编号:CVE-2015-9101
● LAME拒绝服务漏洞(CVE-2015-9099)
危险等级:中
BID:99279
cve编号:CVE-2015-9099
● LAME拒绝服务漏洞(CVE-2015-9100)
危险等级:中
BID:99278
cve编号:CVE-2015-9100
……
(数据来源:绿盟科技安全研究部&产品规则组)
焦点漏洞
◆焦点漏洞
Microsoft Skype栈缓冲区溢出漏洞
◆NSFOCUS ID
36980
◆CVE ID
CVE-2017-9948
◆受影响版本
Microsoft Skype 7.2,7.35,7.36
◆漏洞点评
Microsoft Skype是一款即时通讯软件,其具备IM所需的功能,比如视频聊天、多人语音会议等功能。Microsoft Skype 7.2, 7.35及7.36版本在实现上存在栈缓冲区溢出漏洞,此漏洞源于MSFTEDIT.DLL未正确处理带消息框的远程RDP剪切版内容。目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载更新。
(数据来源:绿盟科技安全研究部&产品规则组)
 | 请点击屏幕右上方“…” NSFOCUS-weixin |
↑↑↑长按二维码,下载绿盟云APP
关注公众号:拾黑(shiheibook)了解更多
[广告]赞助链接:
四季很好,只要有你,文娱排行榜:https://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/
绿盟科技
关注网络尖刀微信公众号
