777
綠盟科技網絡安全威脅周報2017.33 關注Foxit PDF Compressor installer DLL預加載漏洞CVE-2017-12892
綠盟科技發布了本周安全通告,周報編號NSFOCUS-17-32,綠盟科技漏洞庫本周新增67條,其中高危7條。本次周報建議大家關注 Foxit PDF Compressor installer DLL預加載漏洞 。目前,廠商已發布更新程序,請使用Foxit PDF Compressor的用戶及時升級修複。
焦點漏洞
Foxit PDF Compressor installer DLL預加載漏洞
- NSFOCUS ID 37423
- CVE ID CVE-2017-12892
受影響版本
- Foxit PDF Compressor 7.0.0.183 — 7.7.2.10
漏洞點評
Foxit PDF Compressor是基於服務器文檔轉換及壓縮的企業解決方案。Foxit PDF Compressor installer在 7.0.0.183 至 7.7.2.10 版本中,存在DLL預加載漏洞,可使攻擊者在當前安裝工作目錄中加載惡意DLL。目前廠商已發布更新程序,請使用Foxit PDF Compressor的用戶及時升級修複。
(數據來源:綠盟科技安全研究部&產品規則組)
互聯網安全態勢
CVE統計
最近一周CVE公告總數與前期相比有大幅度上升。值得關注的高危漏洞如下:
威脅信息回顧
-
標題:Rapid7 warns of Remote Desktop Protocol (RDP) exposure for millions of endpoints
- 時間:2017-08-14
- 摘要:According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP).
- 鏈接:https://securityaffairs.co/wordpress/62004/hacking/rdp-exposure-report.html
-
標題:HBO hackers leak episodes for Insecure and Curb Your Enthusiasm
- 時間:2017-08-14
- 摘要:It looks like for now there is no end to the HBO hacking spree as earlier today the group of hackers behind breaching the Network’s system and stealing a trove of data has leaked unaired episodes of Curb Your Enthusiasm, Insecure, Ballers, Barry and The Deuce TV series, reports the Associated Press.
- 鏈接:https://www.hackread.com/hbo-hackers-leak-episodes-for-insecure-curb-your-enthusiasm/
-
標題:The Disdain exploit kit appears in the threat landscape
- 時間:2017-08-15
- 摘要:The Disdain exploit kit is available for rent on a daily, weekly, or monthly basis for prices of $80, $500, and $1,400 respectively.
- 鏈接:https://securityaffairs.co/wordpress/62021/malware/disdain-exploit-kit.html
-
標題: Blizzard Entertainment hit by massive DDoS attack
- 時間:2017-08-15
- 摘要:The web servers of Blizzard Entertainment have suffered a series of massive distributed denial-of-service (DDoS) attacks over the weekend causing disconnection and latency issues in Blizzard Games including World of Warcraft and Overwatch.
- 鏈接:https://www.hackread.com/blizzard-entertainment-hit-by-massive-ddos-attack/
-
標題:8 More Chrome Extensions Hijacked to Target 4.8 Million Users
- 時間:2017-08-16
- 摘要:Google’s Chrome web browser Extensions are under attack with a series of developers being hacked within last one month.
- 鏈接:https://thehackernews.com/2017/08/chrome-extension-hacking.html
-
標題:Backdoor Found in Popular Server Management Software used by Hundreds of Companies
- 時間:2017-08-15
- 摘要:Cyber criminals are becoming more adept, innovative, and stealthy with each passing day. They are now adopting more clandestine techniques that come with limitless attack vectors and are harder to detect.
- 鏈接:https://thehackernews.com/2017/08/netsarang-server-management.html
-
標題:Cerber Ransomware now includes a feature to avoid canary files anti-malware
- 時間:2017-08-16
- 摘要:Researchers at Cybereason have discovered a new strain of the Cerber ransomware that implements a new feature to avoid triggering canary files.
- 鏈接:https://securityaffairs.co/wordpress/62068/malware/cerber-ransomware-canary.html
-
標題:Skilled bad actors use new pulse wave DDoS attacks to hit multiple targets
- 時間:2017-08-16
- 摘要:In a new type of DDoS attack, skilled bad actors use pulse wave DDoS assaults to exploit weaknesses in appliance-first hybrid mitigation solutions and pin down multiple targets.
- 鏈接:https://www.csoonline.com/article/3216548/security/skilled-bad-actors-using-new-pulse-wave-ddos-attacks-to-pin-down-multiple-targets.html
-
標題:Game of Thrones and HBO — Twitter, Facebook Accounts Hacked
- 時間:2017-08-16
- 摘要:The Game of Thrones hacking saga continues, but this time it’s the HBO’s and GOT’s official Twitter and Facebook accounts got compromised, rather than upcoming episodes.
- 鏈接:https://thehackernews.com/2017/08/game-of-thrones-hbo-hack.html
-
標題:Drupal Patches Critical Access Bypass in Core Engine
- 時間:2017-08-17
- 摘要:Website management platform Drupal released several patches that address access bypass vulnerabilities in its Drupal 8 Core engine Wednesday, fixing one critical and two moderately critical security bugs.
- 鏈接:https://threatpost.com/drupal-patches-critical-access-bypass-in-core-engine/127515/
-
標題:Rowhammer Attacks Come to MLC NAND Flash Memory
- 時間:2017-08-17
- 摘要:The Rowhammer attacks developed by Google more than two years ago put the focus on hardware front and center. That research allowed attackers to flip dynamic random access memory (DRAM) bits in order to induce those memory cells to change their state.
- 鏈接:https://threatpost.com/rowhammer-attacks-come-to-mlc-nand-flash-memory/127504/
-
標題: netsarang公司軟件中的nssock2.dll模塊被植入惡意代碼
- 時間:2017-08-15
- 摘要:NetSarang是一家提供安全鏈接解決方案的公司,該公司的產品主要包括Xmanager, Xmanager 3D, Xshell, Xftp 和Xlpd。在最近的軟件版本中發現nssock2.dll模塊的官方源碼中被植入惡意後門代碼
- 鏈接:https://blog.nsfocus.net/netsarang-nssock2-threat-report/
-
標題: 版本控製軟件爆出遠程命令執行漏洞
- 時間:2017-08-18
- 摘要:幾個流行的版本控製係統受到可能嚴重的 遠程命令執行漏洞 的影響。受影響產品的開發人員本周發布了更新補丁來修補安全漏洞。該缺陷影響版本控製軟件, 如 Git (CVE-2017-1000117)、Apache Subversion (CVE-2017-9800)、Mercurial (CVE-2017-1000116) 和 CVS。由於CVS 係統上次更新已經是9年前的事情了, 因此沒有為它分配 CVE 標識符。
- 鏈接:https://toutiao.secjia.com/git-svn-mercurial-cvs-rce
-
標題: 木馬Konni及解決方案
- 時間:2017-08-18
- 摘要:在今年7月份,針對朝鮮的進行網絡攻擊的遠程訪問木馬Konni被發現,此次的網絡攻擊行為被懷疑與韓國有關。該木馬主要通過 釣魚郵件 的方式進行傳播,開始先通過一個.scr文件執行Powershell腳本,並根據係統信息下載對應版本的 惡意軟件
- 鏈接:https://toutiao.secjia.com/trojan-konn-attacked-north-korea
-
標題: 中國網信辦與教育部聯手:預期十年打造4-6所國際知名網絡安全學院
- 時間:2017-08-15
- 摘要:為貫徹習近平總書記關於加強一流網絡安全學院建設的重要指示精神,落實《網絡安全法》、《關於加強網絡安全學科建設和人才培養的意見》明確的工作任務,向各高校印發《一流網絡安全學院建設示範項目管理辦法》
- 鏈接:https://www.freebuf.com/news/144259.html
(數據來源:綠盟科技 威脅情報與網絡安全實驗室 收集整理)
漏洞研究
漏洞庫統計
截止到2017年8月18日,綠盟科技漏洞庫已收錄總條目達到37435條。本周新增漏洞記錄67條,其中高危漏洞數量7條,中危漏洞數量44條,低危漏洞數量16條。
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3124)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-3124
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3123)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-3123
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3122)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-3122
- Apache Tomcat 緩存投毒漏洞(CVE-2017-7674)
- 危險等級:低
- cve編號:CVE-2017-7674
- Apache Tomcat 目錄遍曆漏洞(CVE-2017-7675)
- 危險等級:中
- BID:100256
- cve編號:CVE-2017-7675
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11237)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-11237
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11238)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11238
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11242)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11242
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11241)
- 危險等級:中
- BID:100180
- cve編號:CVE-2017-11241
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11239)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11239
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11243)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11243
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11249)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11249
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11248)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11248
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11246)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11246
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11245)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11245
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11244)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11244
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11251)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-11251
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-11254)
- 危險等級:中
- BID:100182
- cve編號:CVE-2017-11254
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11252)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11252
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11259)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11259
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11258)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11258
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-11257)
- 危險等級:中
- BID:100181
- cve編號:CVE-2017-11257
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-11256)
- 危險等級:中
- BID:100182
- cve編號:CVE-2017-11256
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11255)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11255
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11260)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11260
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11261)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11261
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11262)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11262
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11265)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11265
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11263)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11263
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11270)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-11270
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11269)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-11269
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11268)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-11268
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11267)
- 危險等級:中
- BID:100179
- cve編號:CVE-2017-11267
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11271)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-11271
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-3113)
- 危險等級:中
- BID:100182
- cve編號:CVE-2017-3113
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3016)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-3016
- Adobe Acrobat/Reader信息泄露漏洞(CVE-2017-3115)
- 危險等級:低
- BID:100187
- cve編號:CVE-2017-3115
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3116)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-3116
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3117)
- 危險等級:中
- BID:100180
- cve編號:CVE-2017-3117
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3121)
- 危險等級:中
- BID:100180
- cve編號:CVE-2017-3121
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-3120)
- 危險等級:中
- BID:100182
- cve編號:CVE-2017-3120
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-3119)
- 危險等級:高
- BID:100179
- cve編號:CVE-2017-3119
- Adobe Acrobat/Reader安全功能繞過漏洞(CVE-2017-3118)
- 危險等級:中
- BID:100189
- cve編號:CVE-2017-3118
- Fortinet FortiManager SQL注入漏洞(CVE-2015-3616)
- 危險等級:中
- cve編號:CVE-2015-3616
- Fortinet FortiManager 跨站腳本漏洞(CVE-2015-3615)
- 危險等級:低
- cve編號:CVE-2015-3615
- Fortinet FortiManager 信息泄露漏洞(CVE-2015-3614)
- 危險等級:低
- cve編號:CVE-2015-3614
- Apache Sling Servlets Post跨站腳本漏洞(CVE-2017-9802)
- 危險等級:中
- BID:100284
- cve編號:CVE-2017-9802
- Symantec Messaging Gateway遠程代碼執行漏洞(CVE-2017-6327)
- 危險等級:低
- BID:100135
- cve編號:CVE-2017-6327
- Symantec Messaging Gateway跨站請求偽造漏洞(CVE-2017-6328)
- 危險等級:低
- BID:100136
- cve編號:CVE-2017-6328
- SIMPlight SCADA Software DLL加載本地代碼執行漏洞(CVE-2017-9661)
- 危險等級:中
- BID:100263
- cve編號:CVE-2017-9661
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11233)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11233
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11236)
- 危險等級:中
- BID:100184
- cve編號:CVE-2017-11236
- Adobe Acrobat/Reader遠程代碼執行漏洞(CVE-2017-11235)
- 危險等級:中
- BID:100182
- cve編號:CVE-2017-11235
- Adobe Acrobat/Reader內存破壞漏洞(CVE-2017-11234)
- 危險等級:低
- BID:100179
- cve編號:CVE-2017-11234
- Foxit PDF Compressor installer DLL預加載漏洞(CVE-2017-12892)
- 危險等級:低
- cve編號:CVE-2017-12892
- PostgreSQL 遠程拒絕服務漏洞(CVE-2017-7548)
- 危險等級:低
- BID:100276
- cve編號:CVE-2017-7548
- 389 Directory Server信息泄露漏洞(CVE-2017-7551)
- 危險等級:低
- BID:100143
- cve編號:CVE-2017-7551
- PostgreSQL 身份驗證繞過漏洞(CVE-2017-7546)
- 危險等級:中
- BID:100278
- cve編號:CVE-2017-7546
- PostgreSQL 信息泄露漏洞(CVE-2017-7547)
- 危險等級:低
- BID:100275
- cve編號:CVE-2017-7547
- Advantech WebOP 堆緩衝區溢出漏洞(CVE-2017-12705)
- 危險等級:中
- cve編號:CVE-2017-12705
- Cisco Application Policy Infrastructure Controller本地權限提升漏洞(CVE-2017-6768)
- 危險等級:中
- BID:100363
- cve編號:CVE-2017-6768
- Cisco AnyConnect Secure Mobility Client Software跨站腳本漏洞(CVE-2017-6788)
- 危險等級:中
- BID:100364
- cve編號:CVE-2017-6788
- Cisco Prime Infrastructure HTML注入漏洞(CVE-2017-6782)
- 危險等級:中
- cve編號:CVE-2017-6782
- Cisco Policy Suite 權限提升漏洞(CVE-2017-6781)
- 危險等級:中
- BID:100365
- cve編號:CVE-2017-6781
- Cisco RV340/RV345/RV345P Dual WAN Gigabit VPN路由器信息泄露漏洞(CVE-2017-6784)
- 危險等級:中
- cve編號:CVE-2017-6784
- Cisco Security Appliances SNMP輪詢信息泄露漏洞(CVE-2017-6783)
- 危險等級:中
- BID:100387
- cve編號:CVE-2017-6783
- Cisco Virtual Network Function Element Manager任意命令執行漏洞(CVE-2017-6710)
- 危險等級:高
- BID:100362
- cve編號:CVE-2017-6710
(數據來源:綠盟科技安全研究部&產品規則組)
原文發布時間:2017年8月21日
本文由:綠盟科技發布,版權歸屬於原作者
原文鏈接:https://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201733
本文來自雲棲社區合作夥伴安全加,了解相關信息可以關注安全加網站
最後更新:2017-09-13 10:33:04