每日安全简讯(20161204)

1、加拿大Carleton大学感染比特币勒索软件
2、AirDroid存在中间人攻击和信息拦截漏洞
3、委内瑞拉军方网站被黑，3千用户信息泄露
4、俄罗斯央行遭到黑客入侵，20亿卢布被盗
5、NPort串行设备被发现远程代码执行等漏洞
6、研究者发现绕过苹果激活锁定机制iOS漏洞

【安天】搜集整理（来源：softpedia、softpedia、softpedia、sina、securityweek、securityweek）

1、加拿大Carleton大学感染比特币勒索软件
标题：Carleton University Hacked, Attackers Demanding $28,500 to Unlock Files
University says it’s now restoring its backups to fight the malware, students advised to keep computers off

作者信息：Dec 1, 2016 08:48 GMT By Bogdan Popa

//BEGIN
Hackers managed to infect the systems of a Canadian university with ransomware and are now demanding 39 Bitcoin (approximately $28,500) to unlock the files.
不明黑客袭击了一个加拿大的大学计算机系统，并索要39比特币解密被加密的文件，这些勒索金当前相当于28500美元。

//END
At this point, no other details are known about the ransomware infection or the hacker or hackers who managed to break into the university’s systems.
By the looks of things, the university has no intention to pay the attackers to remove the infection, but restoring the backups could take a little longer. Students are strongly recommended to ignore messages from attackers, as the IT department warns that popups could show up on more computers connected to the local Wi-Fi network.
目前，关于勒索软件的细节还未披露，以及这些坏蛋是通过何种方式入侵该校的系统的。从目前的种种迹象表明，涉事的大学目前并未打算给勒索者支付赎金，而是正在通过备份系统对感染的计算机系统进行恢复。但是这个恢复系统可能需要较长时间，在还未完全恢复前，校方建议学生目前暂时不要打开其计算机进行任何操作，同时建议不要连接到该校的无线网络，以免再次感染。但是校方保证不管是学生还是教职员工的个人信息没有被泄露和破坏，这些关键的数据还是非常安全的。但是邮件系统已经恢复，以后的进展将通过邮件系统发送。

点评：即使中招，也不向勒索低头：关键是事先的预防措施做得到位：备份备份再备份。

2、AirDroid存在中间人攻击和信息拦截漏洞
标题：Top Android App AirDroid Exposes Phones to Hacks, Dev Ignoring Security Bug
AirDroid recorded between 10 and 50 million downloads

作者信息：Dec 2, 2016 13:30 GMT By Bogdan Popa

//BEGIN
AirDroid is currently one of the top Android apps available in the Google Play Store, with official statistics claiming that it already recorded between 10 million and 50 million downloads.
Google的应用商店中排名靠前的应用AirDroid被爆存在MitM中间人攻击漏洞，可能导致已经下载的一千万到五千万用户信息泄露。

//END
Unfortunately, this is not an easy task. Zimperium says that you need to either deploy dedicated software that can block such attacks or simply remove AirDroid until a fix is provided.
In most of the cases, such attacks are only possible when you are connected to free Wi-Fi networks, so if you avoid these hotspots, you should be secure as well. Of course, your own trusted network shouldn’t pose any threat.
开发该APP的技术人员对修补该漏洞积极性不足，虽然早就得知存在该漏洞并确认了，但是一直并未修复，而且在这期间，一直在升级该APP应用。因此安全公司被迫无奈公布了该漏洞。从目前的情况下，防范该漏洞并不容易，除非简单的直接卸载该存在漏洞的APP版本，一直到漏洞修复为止。
免费使用的Wifi最容易被攻击，因此不建议使用公开的免费WIFI。

点评：个人Android安全建议采用AVL Pro!

3、委内瑞拉军方网站被黑，3千用户信息泄露
标题：Venezuelan Army Website Hacked, Details of 3,000 Accounts Exposed
Kapustkiy breaks into database of Venezuelan army

作者信息：Dec 2, 2016 10:12 GMT  By Bogdan Popa

//BEGIN
A website belonging to the Venezuelan army has been hacked by Kapustkiy, who managed to breach a database containing thousands of accounts, including personal details such as phone numbers.
隶属于南美的委内瑞拉陆军的一个网站被黑客攻击，这个黑客是有名的Kapustkiy，它专门针对世界各地政府和军队的网站（早前意大利和印度的政府或者军方机构也曾经被该黑客光顾，但是这2个政府均与其合作，并努力解决问题）。该攻击导致大约3000个军方的账号信息被泄露。这些泄露的中包括姓名、邮件地址和电话号码！

//END
And it goes without saying that this can only be bad news given the fact that details of nearly 3,000 people are exposed, including phone numbers and even email accounts that can be easily accessed by anyone who can reproduce the attack.
毫无疑问，被公布的信息会导致严重的后果，但是好像该国政府部门并不怎么在意，特别是不像印度政府那样积极合作，并感谢黑客做出的努力。
据说黑客是在多次通报该国军队存在该漏洞，但是长久未得到修复，才不得不公开细节：实际上这些信息以前可能已经被更多别用用心的黑客获取。

点评：军方的网络也不堪一击，在网络面前，一律平等？

4、俄罗斯央行遭到黑客入侵，20亿卢布被盗
{CHN}
标题：又一家央行被盗！黑客从俄罗斯央行窃走20亿卢布

作者信息：2016年12月03日10:42 By 界面

//BEGIN
继孟加拉后又一个国家央行遭遇惊天劫案。据CNNMoney2日报道，黑客入侵了俄罗斯央行并从该行的代理银行账户中偷走了20亿卢布（约合3100万美元）。该央行周五证实了这一消息。

//END
报道援引俄罗斯央行安全官员Artyom Sychyov的话说，黑客本来试图盗窃50亿卢布，但当局成功阻止了他们，将这笔资金转移到了它处。“我们很幸运的找回了部分资金，”一名央行发言人称。
央行没有指出这起黑客盗窃案是什么时候发生的，以及被窃资金是如何被转走的，不过报道称，截至目前，这起案子跟最近针对全球金融体系的一系列入侵事件有相似之处。
2015年1月，黑客通过SWIFT（环球同业银行金融电讯协会）获得了厄瓜多尔银行的代码，窃取了该行存在富国银行的资金。今年10月，黑客利用同样的手段潜入了菲律宾一家银行。两个月后，黑客入侵越南一家商业银行试图做出虚假操作指令但没有成功。
今年2月，孟加拉国央行纽约联储账户1.01亿美元资金被盗（其中2000万被追回），也是通过SWIFT平台实施的。

点评：我国的四大行也得注意啦。

5、NPort串行设备被发现远程代码执行等漏洞
标题：Eight Vulnerabilities Found in Moxa NPort Devices

作者信息：December 02, 2016 By Eduard Kovacs

//BEGIN
Security researchers have discovered a total of eight vulnerabilities in NPort serial device servers produced by Taiwan-based industrial automation solutions provider Moxa, ICS-CERT reported on Thursday.
我国台湾的ICS工控设备生产厂家Moxa被爆存在严重安全漏洞，数量一共8个，存在于串行设备NPort中。

//END
Andrea Micalizzi, known online as “rgod,” discovered high severity information disclosure, path traversal and privilege escalation issues in Advantech’s SUSIAccess product, which is designed for building custom intelligent systems. The vendor has replaced SUSIAccess with the WISE-PaaS integrated IoT platform software services and customers have been advised to migrate to the new product.
另外来自俄罗斯的卡巴等安全厂商还发现了其他严重信息泄露漏洞。

点评：工控安全，关注的重点。

6、研究者发现绕过苹果激活锁定机制iOS漏洞
标题：Bug Allows Activation Lock Bypass on iPhone, iPad

作者信息：December 01, 2016 By Eduard Kovacs

//BEGIN
Researchers have found a bug that can be used to bypass Apple’s Activation Lock feature and gain access to the homescreen of locked iPhones and iPads running the latest version of iOS.
安全研究人员在苹果的最新系统中发现了2个漏洞：一个能绕过苹果的激活锁屏；另外一个能直接访问最新版iOS操作系统的起始屏幕，设备包括电话iPhone和平板iPads.

//END
Researchers at Vulnerability Lab also analyzed the issue and discovered that it can be reproduced on iOS 10.1.1 using the screen rotation feature and Night Shift mode.
In the video published by Vulnerability Lab, the homescreen is only visible for a second, but the company’s founder, Benjamin Kunz-Mejri, told SecurityWeek that access can be maintained by quickly pressing the power button.
The videos published by Vulnerability Lab and Joseph show how the bug is triggered on an iPad, but Kunz-Mejri said the bug affects iPhones as well.
SecurityWeek has reached out to Apple for comment and will update this article if the company responds.
记者就此事询问了苹果公司，但是到目前为止还未有回复。

点评：苹果不是漏洞的禁区。