每日安全简讯(20170105)

1、DeriaLock等三勒索软件家族解密程序发布
2、感染LG智能电视的勒索软件为Flocker变种
3、研究人员盘点以Fsociety主题命名恶意软件
4、印度发现针对WhatsApp用户的移动恶意软件
5、开源PHP库RCE高危漏洞影响数百万Web服务器
6、美国纽约州加强针对金融行业网络安全法规

【安天】搜集整理（来源：securityweek、securityaffairs、bleepingcomputer、scmagazine、freebuf、securityweek）

1、DeriaLock等三勒索软件家族解密程序发布
标题：Decrypters Released for OpenToYou, DeriaLock, and PHP Ransomware

作者信息：January 04, 2017 By Ionut Arghire

//BEGIN
Decryption tools are now available for three ransomware families that have been discovered during the past few weeks, allowing victims to recover files without paying a dime.
近期才出现的三个勒索软件：DeriaLock、PHP和OpenToYou的受害者不用出一毛钱就可以解密其被加密的文件了。解密工具可以从网站No More Ransom (NMR) 下载。

//END
According to Emsisoft, OpenToYou is still in development, because it creates a “C:\Logs\” folder on the infected machines, to store temporary files and debug data in it. Since the content of this folder is always the same, researchers can detect the malware’s presence on machines. The Emsisoft OpenToYou Decrypter, available on the company’s website, allows victims to recover their files for free.
根据安全公司的说法：勒索软件OpenToYou依然还在开发过程中。但是其有一个特性是只要该勒索软件感染了客户的计算机，它都会在C:\下的创建一个名为Logs的目录名。而且每次在该目录下保存的文件和临时数据都一样，因此安全公司目前比较容易能据此检测其是否存在。同时OpenToYou勒索软件的解密程序也在该安全公司的网站可下载。

点评：对付勒索软件，建议采用备份备份再备份的3B原则：Backup、Backup、Backup（Beifen、Beifen、Beifen）。

2、感染LG智能电视的勒索软件为Flocker变种
标题：It has happened again, ransomware infected an LG Smart TV

作者信息：January 3, 2017  By Pierluigi Paganini

//BEGIN
The software engineer Darren Cauthon reported his LG Smart TV was infected with ransomware on Christmas day, the malware asked for $500 to unlock the device
刚刚过去的圣诞节，一个软件工程师家中的LG智能电视感染了勒索软件，赎金为500美金才能解锁。

//END
“With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option.” states the The Register.
（当然没支付赎金）厂家详细指导该工程师一步一步操作，最后终于重置了该智能电视。过程还是很多：关闭电源、选择Setting设置.....

点评：对付勒索软件，建议采用备份备份再备份的3B原则：Backup、Backup、Backup（Beifen、Beifen、Beifen）。

3、研究人员盘点以Fsociety主题命名恶意软件
标题：Real World FSociety Malware Is Giving Mr. Robot a Bad Name

作者信息：January 3, 2017 03:30 PM By Catalin Cimpanu

//BEGIN
In the past few weeks, more or less talented malware authors have resorted to naming their newly launched threats using the "FSociety" brand, made famous by the Mr. Robot TV series.
知名黑客电视主题系列片Mr. Robot中突出的Fsociety主题被勒索软件者频繁利用。过去的几周中不少的勒索软件都打起了该主意。

//END
As you can see, all the malware discovered in the past five months that bore the FSociety name were one amateurish attempt after another, with threats becoming more laughable as time passed by.
过去五个月以Fsociety为主题的恶意软件还是非常业余的，随着时间的推移，我们会发现其甚至有点可笑。

点评：对付勒索软件，建议采用备份备份再备份的3B原则：Backup、Backup、Backup（Beifen、Beifen、Beifen）。

4、印度发现针对WhatsApp用户的移动恶意软件
标题：Mobile malware disguised as Microsoft docs spread via WhatsApp

作者信息：January 03, 2017 by Robert Abel

//BEGIN
Mobile malware was spotted targeting WhatsApp users in India through messages claiming to be from government agencies.
移动恶意代码找到了新的传播渠道了。最近在印度发现了通过即时通信软件WhatsApp传播的移动恶意代码，它们出现的面目是模仿来自政府部门的文档、文件等。引诱甚至强迫用户打开，从而让这些恶意代码有可乘之机。

//END
Most of the files appeared to use Microsoft Excel formats however, researchers also spotted some using Microsoft Word and PDF formats as well.
这些被利用的恶意文档大多是微软的Excel格式，当然也有DOC格式以及PDF格式等等。

点评：Android移动安全推荐AVL Pro!

5、开源PHP库RCE高危漏洞影响数百万Web服务器
{CHN}
标题：PhpMailer、SwiftMailer、ZendMail接连曝RCE高危漏洞，影响数百万Web服务器

作者信息：2017-01-04 By Sphinx

//BEGIN
研究人员最近发现了一个存在于3个常见开源PHP库中的高危(Critical)漏洞，黑客可以利用这个漏洞远程执行任意命令，存在漏洞的PHP库包括SwiftMailer、PhpMailer和ZendMail。前几天FreeBuf报道过，来自波兰Legal Hackers的研究员Dawid Golunski前一阵就披露了存在于PHPMailer中的漏洞(CVE-2016-10033)，该漏洞利用程序对参数过滤的不完善，来执行任意代码。PHPMailer在全球拥有用户约900多万。所以，PHPMailer针对该漏洞发布了5.2.18版，其中使用了escapeshellarg()函数进行过滤，看似是修复了漏洞，但实际上新的函数与escapeshellcmd()存在冲突。   

//END
Golunski已经发布了一段PoC视频演示和一个名为PwnScriptum的三合一exp，其中包含三个漏洞的攻击方法。并且会在不久之后发布白皮书详细讲解三个漏洞。

点评：补快！

6、美国纽约州加强针对金融行业网络安全法规
标题：New York State Imposes New Cybersecurity Regulation for Financial Services

作者信息：January 02, 2017 By Kevin Townsend

//BEGIN
New York State Department of Financial Services (DFS) has published its revised proposal for what it calls a 'first-in-the-nation cybersecurity regulation' for New York regulated financial services. Publication was delayed by approximately one week following significant pushback from affected organizations on Dec. 22 2016.
其实该法规去年9月就已经出台，这次新颁布的版本也曾再次推迟。是首个网络安全的法律规章，对该州的金融行业的行为进行了进一步细化和规范。

//END
The purpose is clear and beneficial. The new regulation seeks to both define good security practices and ensure that the board is responsible for their implementation. It marks a new process where regulators don't simply stand outside of an organization with policy guidelines, but actually impose new business practices on the regulated entities.
该法规的目的是明确和有益处的。定义了一些最佳实践，确保有人负责，而且非常具体，没有空喊口号。

//下载： CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES.pdf (106.1 KB, 下载次数: 338)

2017-1-6 00:56 上传

点击文件名下载附件

文件名：CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES.pdf
文件大小：108，643 bytes
MD5     : 69D280C2221E1E03FC5C7DAA29B6AA1D

点评：金融行业是关键基础设施！