每日安全简讯(20161228)

1、国家网信办发布《国家网络空间安全战略》
2、PHPMailer发现RCE漏洞，影响众多开源项目
3、部分路由器厂商对研究者提交漏洞重视不足
4、黑客Kapustkiy入侵土耳其商会窃取个人信息
5、泰国警方逮捕9名参与攻击政府网站的嫌疑人
6、黑客盗用索尼音乐推特传播布兰妮死讯谣言

【安天】搜集整理（来源：chinanews、freebuf、bleepingcomputer、softpedia、hackread、cnbeta）

1、国家网信办发布《国家网络空间安全战略》
{CHN}
标题：《国家网络空间安全战略》今发布 明确9方面战略任务

作者信息：2016年12月27日 11:26　By 央视新闻客户端

//BEGIN
今天上午，国家互联网信息办公室发布了《国家网络空间安全战略》，这是我国首次发布关于网络空间安全的战略。《战略》阐明了中国关于网络空间发展和安全的重大立场和主张，明确了战略方针和主要任务，是指导国家网络安全工作的纲领性文件。

//END
《战略》明确，当前和今后一个时期国家网络空间安全工作的战略任务是坚定捍卫网络空间主权、坚决维护国家安全、保护关键信息基础设施、加强网络文化建设、打击网络恐怖和违法犯罪、完善网络治理体系、夯实网络安全基础、提升网络空间防护能力、强化网络空间国际合作等9个方面。

//下载： 国家网络空间安全战略.pdf (185.15 KB, 下载次数: 43)

2016-12-28 21:44 上传

点击文件名下载附件

文件名：国家网络空间安全战略.pdf
文件大小：189，591 bytes
MD5     : DFFCAB2D78BA34FB8F507A0077D1873E

点评：法有了，战略也有了，然后....开干?

2、PHPMailer发现RCE漏洞，影响众多开源项目
{CHN}
标题：PHPMailer曝远程代码执行高危漏洞（CVE-2016-10033）

作者信息：2016-12-26 By lmj

//BEGIN
这次曝出远程代码执行漏洞的是堪称全球最流行邮件发送类的PHPMailer，据说其全球范围内的用户量大约有900万——每天还在持续增多。
GitHub上面形容PHPMailer“可能是全球PHP发送邮件最流行的代码。亦被诸多开源项目所采用，包括WordPress、Drupal、1CRM、Joomla!等”。所以这个漏洞影响范围还是比较广的，
漏洞级别也为Critical最高级。
漏洞编码 CVE-2016-10033
影响版本 PHPMailer <  5.2.18

//END
漏洞级别 高危
漏洞描述
独立研究人员Dawid Golunski发现了该漏洞——远程攻击者利用该漏洞，可实现远程任意代码在web服务器账户环境中执行，并使web应用陷入威胁中。攻击者主要在常见的web表单如意见反馈表单，注册表单，邮件密码重置表单等使用邮件发送的组件时利用此漏洞。
不过有关该漏洞的细节信息，研究人员并未披露，期望给予网站管理员更多的时间来升级PHPMailer类，避免受漏洞影响。
漏洞PoC
实际上Dawid Golunski已经做了个可行的RCE PoC，不过会迟一些再发布。关注视频PoC请点击：https://legalhackers.com/videos/ ... 2016-10033-PoC.html
漏洞修复
更新到5.2.18：https://github.com/PHPMailer/PHPMailer
漏洞详情目前已经提交给了PHPMailer官方——官方也已经发布了PHPMailer 5.2.18紧急安全修复，解决上述问题，受影响的用户应当立即升级。详情可参见：
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md

点评：补快！

3、部分路由器厂商对研究者提交漏洞重视不足
标题：ZyXEL and Netgear Fail to Patch Seven Security Flaws Affecting Their Routers

作者信息：December 26, 2016 08:40 AM By Catalin Cimpanu

//BEGIN
Router manufacturers such as Netgear and ZyXEL have failed to address seven security flaws reported by security researchers in the last three or more months.
Following unofficial industry standards, the security teams who found these flaws published their findings, so users can take precautionary measures, and decide if they still want to keep using the vulnerable devices, or replace them with more secure equipment.
两个路由器厂家Netgear和ZyXEL被安全研究人员发现了高危的漏洞，导致利用这些漏洞可以远程控制这些路由器，从而危及用户的隐私和安全。
漏洞一共7个，前者3个，后者ZyXEL4个。研究人员报告的时间周期从3个月到4个月不等。但是厂家一直未见响应。
按照“业界通行的漏洞披露潜规则”，安全专家公布了这些漏洞，提醒用户注意防范。同时将决定权交给用户：继续使用还是更换设备。

//END
Vendor response
Probably the most disheartening part of these security flaws is the vendor response the research teams received for their reports. Which was none. We quote Ribeiro and SecuriTeam's disclosure timelines:
We notified ZyXEL of the vulnerabilities back in July 2016, repeated attempts to re-establish contact and get some answer on the status of the patches for these vulnerabilities went unanswered. At this time there is no solution or workaround for these vulnerabilities.
Timeline of disclosure:
26.09.2016: Email sent to NETGEAR (security () netgear com) asking for PGP key, no response.
28.10.2016: Email sent to NETGEAR (security () netgear com) asking for PGP key, no response.
26.11.2016: Disclosed vulnerability to CERT through their web portal.
29.11.2016: Received reply from CERT. They indicated that NETGEAR does not cooperate with them, so they recommended getting CVE numbers from MITRE and releasing
the vulnerability information.  Email to MITRE requesting CVE numbers, no response. Email sent to NETGEAR (security () netgear com) asking for PGP key, no response.
20.12.2016: Public disclosure.
这2个厂家对安全人员的报告没有任何响应。于是安全人员决定在等待了3个月+后的12月20日公开漏洞细节。

点评：一言不合就公开？我怎么觉得他们是看不懂英文呢（或者骗子这么多，怎么能确定你说的是对的^^）抑或邮件被规则到垃圾邮箱里了？

4、黑客Kapustkiy入侵土耳其商会窃取个人信息
标题：Turkish Chamber of Commerce Hacked, Personal Information Stolen
Kapustkiy breaches new chamber of commerce website
作者信息：Dec 27, 2016 10:58 GMT  By Bogdan Popa

//BEGIN
The Turkish Chamber of Commerce and Industry in United Kingdom suffered a double hack the past days after two separate groups of hackers managed to breach their official website.
土耳其商会的官方网站近期遭到了双重入侵，一个是篡改页面，表达政治诉求；一个是窃取了部分用户信息（姓名、地址和电话号码等），不过后者只是公布了部分信息以证实自己确实入侵成功。其实是多余的啦：页面都能看到被篡改了，还用证明？

//END
We’ve also tried contacting the site admins to report the breach and ask for more information, but no answer was received before publishing the article. We’ll update with more information as it is provided.
本文的作者也试图联系该网站，但是截止发稿，依然没有任何响应。

点评：这个也是不理不睬，难道.....

5、泰国警方逮捕9名参与攻击政府网站的嫌疑人
标题：Thai Police  Arrest 9 Suspects Behind Cyber Attacks on Gov't Sites
All 9 are believed to be part of hackivist group behind OpSingleGateway

作者信息：2016-12-26 By Waqas

//BEGIN
Last week HackRead reported on the Thailand government passing a cyber-scrutiny law that was being criticized by hacktivists ever since it was being drafted back in 2015. To protest aginst the law Anonymous and its Thai counterparts have been conducting a series of cyber attacks including DDoS attacks and data leaks on prominent government and defense institution.
Their last attack came in shape of a massive data leak in which personal details including ID cards, copies of employee records from Thai ministry of foreign affair and the Royal Navy were leaked. But, things have now turned sour for the hacktivists as Thai authorities have detained nine people suspected of carrying out hack attacks on government websites out of which one has already been charged for breaking the cyber crime law.
Thai Police spokesperson Dejnarong Suthicharnbancha told Reuters that “The rest remain in custody and are being processed in accordance with the law.”
泰国警方逮捕了据称是针对政府网站发起攻击的九名嫌疑人，其中一名已经因“”证据确凿“”而被起诉，其余八人正在羁押，等待法律的审判。
这9个嫌疑人据称与Anonymous匿名者黑客组织相关，他们都是对泰国政府通过的网络监管法不满而蓄意发起攻击的。其目标就是对政府网站发起DDoS攻击，以及泄露一些政府和国防部门的机密信息。这些泄露的信息包括个人的ID号、职员的个人隐私信息，政府部门包括泰国外交部、皇家海军等。


//END
In an exclusive conversation with Anonymous hackers behind OpSingleGateway, HackRead was told that “DDoS attacks are not hacking so hacking charges, in this case, are nonsense because we did the hacking and we are behind the data leak, not those who are arrested and we are not even in Thailand. We will hit back at the Thai government over these arrests and they should expect us once again.”
The operation OpSingleGateway was launched last year when Anonymous hacked State-owned Telecom Firm and leaked a trove of data against the same law. The attackers then DDoSed Asia Pacific Telecommunity against Internet censorship in Asia and especially in Thailand. That’s not all, Thai Police server also came under the wrath of hackers against the very same Internet surveillance law.
It will be interesting to see how the Anonymous community reacts to the arrest of these suspects. Stay tuned.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
匿名组织Anonymous声称：是他们干的这些，而且人都不在泰国。被抓的人全部不是真正的“元凶”。政府很愚蠢，而且Anonymous还会因为这个重新攻击泰国的政府网站。
我们将持续关注后续进展。（DDoS越来越多，那么这个攻击带来的损失究竟有多大？特别是对商业运作的影响如何计算？有专家编制了一种计算方法来算出因DDoS攻击带来的损失。）

点评：DDoS不知道有没好的办法对付？

6、黑客盗用索尼音乐推特传播布兰妮死讯谣言
{CHN}
标题：黑客夺取索尼音乐推特帐户 传播布兰妮斯皮尔斯死亡的假消息

作者信息：2016-12-26 23:11:46 By cnBeta.com

//BEGIN
今天上午，与索尼音乐相关的一些Twitter帐户显然被黑客集团OurMine攻破并且获得控制权。黑客在索尼音乐全球和鲍勃迪伦的推特上发帖，声称布兰妮斯皮尔斯美国东部时间今早8点多钟死亡。其中，索尼音乐全球的推特账号发推声称：“布兰妮斯皮尔斯死于意外！我们会很快告诉你更多细节。”

//END
目前，布兰妮斯皮尔斯的代表向CNN确认，这位歌手事实上还活着。OurMine是众所周知的黑客团体，他们喜欢进行这种恶作剧式的攻击。仅在2016年，该黑客团体就攻占了谷歌首席执行官Sundar Pichai的Quora账户，Facebook CEO Mark Zuckerberg的社交媒体账户，Twitter CEO Jack Dorsey自己的Twitter账户。就在上周，他们又攻破了Netflix和Marvel的Twitter帐户。
索尼的电影部门在2014年被黑客入侵，在财务和声誉方面造成严重损失，索尼时至今日仍在从这次入侵当中恢复元气。

点评：大V们看好自己的账号密码哈！