报告编号：B6-2021-050799

报告来源：360CERT

报告作者：360CERT

更新日期：2021-05-07

1. Vulnerability|漏洞

• CVE-2021-30665/CVE-2021-30663 Sarfri安全漏洞

    https://support.apple.com/en-us/HT212340

• CVE-2021-29552/CVE-2021-29553 Firefox安全漏洞

    https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/

• Gentoo发布Exim版本更新风险通告

    https://security.gentoo.org/glsa/202105-01

2. Security Incident|安全事件

• 新增N3tw0rm勒索病毒家族针对企业进行攻击

    https://www.bleepingcomputer.com/news/security/n3tw0rm-ransomware-emerges-in-wave-of-cyberattacks-in-israel/

• BaBuk不再加密受害者文件，转为纯数据盗取敲诈勒索

    https://www.bleepingcomputer.com/news/security/babuk-quits-ransomware-encryption-focuses-on-data-theft-extortion/

• Microsoft Azure Blob暴露敏感源代码

    https://www.hackread.com/source-codes-microsoft-azure-blob-account-leak/

• 黑客利用SonicWall 0Day漏洞部署FiveHands勒索软件

    https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

• First Horizon银行在线帐户被黑客窃取客户资金

    https://www.bleepingcomputer.com/news/security/first-horizon-bank-online-accounts-hacked-to-steal-customers-funds/

• 卡巴斯基发现了具有后门功能的中情局恶意软件

    https://www.hackread.com/kaspersky-cia-malware-backdoor-capabilities/

• 云托管提供商瑞士云遭遇勒索软件攻击

    https://securityaffairs.co/wordpress/117433/cyber-crime/swiss-cloud-ransomware-attack.html