最新動態

服務公告

  • 【04-17】云手機鏡像更新通知

    云(yun)(yun)(yun)手機(ji)(ji)鏡(jing)像(xiang)更(geng)新(xin)通(tong)知尊敬的華云(yun)(yun)(yun)用戶:       為給您提(ti)供更(geng)優質(zhi)的服務(wu),我們(men)已(yi)上線新(xin)版云(yun)(yun)(yun)手機(ji)(ji)鏡(jing)像(xiang)(不影響正在(zai)使用的云(yun)(yun)(yun)手機(ji)(ji)),新(xin)鏡(jing)像(xiang)有以下變(bian)化,歡迎(ying)體(ti)驗。現(xian)有云(yun)(yun)(yun)手機(ji)(ji)可以通(tong)過重裝(zhuang)系(xi)統功能更(geng)換新(xin)鏡(jing)像(xiang)。鏡(jing)像(xiang)優化內容:1、云(yun)(yun)(yun)手機(ji)(ji)支(zhi)持第三方APP截(jie)圖、錄屏2、云(yun)(yun)(yun)手機(ji)(ji)系(xi)統WIFI信息完善,提(ti)高云(yun)(yun)(yun)手機(ji)(ji)仿真度      華云(yun)(yun)(yun)數據      2020年(nian)04月(yue)17日

    2020-03-06

  • 春節假期服務安排

     春節假(jia)期(qi)服(fu)務(wu)安排(pai)尊敬(jing)的(de)華云(yun)用戶:       新(xin)春伊始,萬象更(geng)新(xin)。華云(yun)數(shu)據(ju)全(quan)體員工在(zai)(zai)此深深感謝您(nin)(nin)(nin)(nin)長期(qi)以(yi)來(lai)對我(wo)司的(de)支(zhi)持與(yu)厚愛!在(zai)(zai)新(xin)的(de)一年里,我(wo)們會更(geng)加努力,給您(nin)(nin)(nin)(nin)提供(gong)更(geng)優質(zhi)的(de)產(chan)品與(yu)服(fu)務(wu)!       在(zai)(zai)1月(yue)24日-1月(yue)30日長假(jia)期(qi)間(jian)(jian)(jian)(jian),我(wo)們將(jiang)持續為您(nin)(nin)(nin)(nin)提供(gong)7*24小(xiao)時服(fu)務(wu),同時請您(nin)(nin)(nin)(nin)確(que)認賬號余額充(chong)足(對即將(jiang)到期(qi)的(de)資源提前進行(xing)續費),以(yi)保證(zheng)您(nin)(nin)(nin)(nin)的(de)業務(wu)在(zai)(zai)節假(jia)日期(qi)間(jian)(jian)(jian)(jian)持續穩定的(de)運行(xing)。關于長假(jia)期(qi)間(jian)(jian)(jian)(jian)服(fu)務(wu)受理、備案審(shen)核(he)、財務(wu)相關的(de)須知(zhi)如(ru)下:7x24服(fu)務(wu):在(zai)(zai)線工單:訪(fang)問cn-henji.com登錄會員后臺(tai)提交工單服(fu)務(wu)電話:400-808-4000轉8備案審(shen)核(he):春節期(qi)間(jian)(jian)(jian)(jian)受法定假(jia)日影(ying)響(xiang),管局1月(yue)24日至1月(yue)30日期(qi)間(jian)(jian)(jian)(jian)暫停審(shen)核(he)。線上充(chong)值(zhi):訪(fang)問cn-henji.com登錄會員后臺(tai)——費用——充(chong)值(zhi)選(xuan)擇在(zai)(zai)線充(chong)值(zhi)“支(zhi)付寶”。       再(zai)次感謝您(nin)(nin)(nin)(nin)對華云(yun)數(shu)據(ju)的(de)信賴與(yu)支(zhi)持,祝您(nin)(nin)(nin)(nin)春節愉快、闔家幸福!      華云(yun)數(shu)據(ju)      2020年1月(yue)15日

    2020-01-15

  • 【漏洞預警】Windows RDP 遠程代碼執行高危漏洞(CVE-2019-0708)利用代碼公布

    【漏(lou)(lou)洞(dong)預(yu)警(jing)】Windows RDP 遠程(cheng)代碼(ma)執行(xing)高危漏(lou)(lou)洞(dong)(CVE-2019-0708)利(li)用(yong)(yong)(yong)(yong)代碼(ma)公(gong)(gong)布(bu)2019年(nian)9月6日,華云數據安(an)(an)全(quan)中心監(jian)測到metasploit-framework在github空間(jian)披露CVE-2019-0708可(ke)(ke)遠程(cheng)命(ming)令執行(xing)利(li)用(yong)(yong)(yong)(yong)代碼(ma),利(li)用(yong)(yong)(yong)(yong)此EXP代碼(ma),可(ke)(ke)以(yi)在目標(biao)系統上(shang)執行(xing)任(ren)意命(ming)令。甚至(zhi)傳播惡(e)意蠕蟲,感染(ran)內網(wang)其他機(ji)器。類似于2017年(nian)爆(bao)發(fa)的(de)WannaCry等惡(e)意勒索軟件病毒(du)。風險極大。2019.5.15 華云已(yi)發(fa)布(bu)該(gai)漏(lou)(lou)洞(dong)預(yu)警(jing)公(gong)(gong)告,華云再(zai)次提醒windows相關用(yong)(yong)(yong)(yong)戶(hu)盡(jin)快采取(qu)安(an)(an)全(quan)措(cuo)施阻(zu)止漏(lou)(lou)洞(dong)攻(gong)擊(ji)。詳(xiang)情://docs.cn-henji.com/notice/warning-18.html漏(lou)(lou)洞(dong)評級(ji)CVE-2019-0708 嚴重(zhong)影響版(ban)本(ben)Windows 7Windows Server 2008 R2Windows Server 2008Windows 2003Windows XP安(an)(an)全(quan)建(jian)(jian)議(yi)注:微軟官(guan)方(fang)描述(shu)開(kai)啟(qi)(qi)NLA(網(wang)絡(luo)級(ji)別(bie)身份驗(yan)證)可(ke)(ke)能可(ke)(ke)以(yi)緩解此漏(lou)(lou)洞(dong)攻(gong)擊(ji),建(jian)(jian)議(yi)用(yong)(yong)(yong)(yong)戶(hu)先開(kai)啟(qi)(qi)NLA(詳(xiang)見第6種建(jian)(jian)議(yi))緩解漏(lou)(lou)洞(dong)危害再(zai)安(an)(an)裝(zhuang)安(an)(an)全(quan)補丁(ding);以(yi)下補丁(ding)修(xiu)(xiu)復(fu)方(fang)案均存(cun)在不可(ke)(ke)預(yu)知風險(黑屏或死機(ji)),建(jian)(jian)議(yi)修(xiu)(xiu)復(fu)前(qian)先備(bei)份數據或做(zuo)好磁盤快照。1、針對Windows 7、Windows Server 2008和(he)Windows Server 2008 R2的(de)用(yong)(yong)(yong)(yong)戶(hu),及時安(an)(an)裝(zhuang)官(guan)方(fang)安(an)(an)全(quan)補丁(ding)://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-07082、針對Windows 2003及Windows XP的(de)用(yong)(yong)(yong)(yong)戶(hu),及時更新系統版(ban)本(ben)或安(an)(an)裝(zhuang)官(guan)方(fang)補丁(ding)://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-07083、華云新架構平臺的(de)服(fu)(fu)務器用(yong)(yong)(yong)(yong)戶(hu),可(ke)(ke)使用(yong)(yong)(yong)(yong)我(wo)司平臺提供的(de)防火墻臨(lin)時禁止RDP服(fu)(fu)務端口對外或者限制允許訪(fang)問的(de)IP地址(zhi)。操作幫助文(wen)檔://docs.cn-henji.com/vpc/quick-start/firewall.html4、開(kai)啟(qi)(qi)NLA(網(wang)絡(luo)級(ji)別(bie)身份驗(yan)證)可(ke)(ke)能可(ke)(ke)以(yi)緩解此漏(lou)(lou)洞(dong)攻(gong)擊(ji),操作如下相關鏈接(jie)://github.com/rapid7/metasploit-framework/pull/12283/files#diff-903c287159a4a98b700ea627a0eda15e我(wo)們(men)會關注后(hou)續進展(zhan),請(qing)隨時關注官(guan)方(fang)公(gong)(gong)告。如有任(ren)何問題,可(ke)(ke)隨時通(tong)過工單或我(wo)司服(fu)(fu)務電話400-808-4000-8聯系反饋。華云數據集(ji)團有限公(gong)(gong)司2019.9.7

    2019-09-09

  • 【漏洞預警】Windows 遠程桌面服務RDP遠程代碼執行漏洞

    【漏(lou)(lou)(lou)洞(dong)(dong)預警】Windows 遠程桌(zhuo)面服(fu)(fu)務RDP遠程代(dai)碼(ma)執(zhi)(zhi)行(xing)(xing)漏(lou)(lou)(lou)洞(dong)(dong)(CVE-2019-1181/1182)2019年(nian)8月13日(ri),華云(yun)安(an)全檢(jian)測(ce)中心(xin)監(jian)測(ce)到微(wei)軟(ruan)(ruan)官(guan)方(fang)發布緊(jin)急(ji)安(an)全補(bu)(bu)丁,修(xiu)(xiu)復了多(duo)個Windows遠程桌(zhuo)面服(fu)(fu)務的(de)遠程代(dai)碼(ma)執(zhi)(zhi)行(xing)(xing)漏(lou)(lou)(lou)洞(dong)(dong)(CVE-2019-1181/1182),利(li)用(yong)(yong)(yong)此漏(lou)(lou)(lou)洞(dong)(dong)可(ke)(ke)能(neng)(neng)可(ke)(ke)以(yi)在沒有(you)用(yong)(yong)(yong)戶(hu)交互(hu)的(de)情(qing)況(kuang)下(xia)直接獲(huo)取(qu)Windows服(fu)(fu)務器權限。漏(lou)(lou)(lou)洞(dong)(dong)描(miao)述微(wei)軟(ruan)(ruan)官(guan)方(fang)公(gong)告稱(cheng):CVE-2019-1181 和 CVE-2019-1182 這兩個漏(lou)(lou)(lou)洞(dong)(dong)和之前的(de)BlueKeep(CVE-2019-0708)一樣,屬(shu)于“可(ke)(ke)蠕蟲傳(chuan)播(bo)的(de)”漏(lou)(lou)(lou)洞(dong)(dong)。類(lei)似于2017年(nian)爆發的(de)WannaCry等惡(e)意(yi)勒索軟(ruan)(ruan)件(jian)病毒。未經身(shen)份驗證(zheng)的(de)攻(gong)擊(ji)(ji)者利(li)用(yong)(yong)(yong)該漏(lou)(lou)(lou)洞(dong)(dong),向目(mu)標(biao)服(fu)(fu)務端(duan)(duan)口(kou)發送惡(e)意(yi)構(gou)造請求,可(ke)(ke)以(yi)在目(mu)標(biao)系(xi)統上執(zhi)(zhi)行(xing)(xing)任意(yi)代(dai)碼(ma)。該漏(lou)(lou)(lou)洞(dong)(dong)的(de)利(li)用(yong)(yong)(yong)無需進行(xing)(xing)用(yong)(yong)(yong)戶(hu)交互(hu)操作,這就(jiu)意(yi)味著這個漏(lou)(lou)(lou)洞(dong)(dong)可(ke)(ke)以(yi)通過網絡(luo)蠕蟲的(de)方(fang)式被利(li)用(yong)(yong)(yong)。利(li)用(yong)(yong)(yong)此漏(lou)(lou)(lou)洞(dong)(dong)的(de)任何惡(e)意(yi)軟(ruan)(ruan)件(jian)都(dou)可(ke)(ke)能(neng)(neng)從(cong)被感(gan)染的(de)計算(suan)機(ji)傳(chuan)播(bo)到其他易受攻(gong)擊(ji)(ji)的(de)計算(suan)機(ji),與(yu)2019年(nian)5月14日(ri)修(xiu)(xiu)補(bu)(bu)的(de)遠程桌(zhuo)面服(fu)(fu)務的(de)遠程代(dai)碼(ma)執(zhi)(zhi)行(xing)(xing)漏(lou)(lou)(lou)洞(dong)(dong)CVE-2019-0708和2017年(nian)WannaCry惡(e)意(yi)軟(ruan)(ruan)件(jian)的(de)傳(chuan)播(bo)方(fang)式類(lei)似。漏(lou)(lou)(lou)洞(dong)(dong)評(ping)級(ji)CVE-2019-1181 嚴重CVE-2019-1182 嚴重影響版本Windows 7Windows 8Windows 10Windows Server 2008 R2 SP1Windows Server 2012Windows Server 2012 R2安(an)全建議1、微(wei)軟(ruan)(ruan)官(guan)方(fang)已發布補(bu)(bu)丁修(xiu)(xiu)復此漏(lou)(lou)(lou)洞(dong)(dong),建議用(yong)(yong)(yong)戶(hu)將(jiang)相(xiang)關系(xi)統版本立即升(sheng)級(ji)至(zhi)最新(xin)版本2、使(shi)用(yong)(yong)(yong)華云(yun)新(xin)架(jia)構(gou)產品(pin)的(de)用(yong)(yong)(yong)戶(hu),可(ke)(ke)使(shi)用(yong)(yong)(yong)安(an)全組防火墻(qiang)規則臨時禁止RDP服(fu)(fu)務端(duan)(duan)口(kou)對(dui)外或只(zhi)運行(xing)(xing)授(shou)權IP訪問,阻止漏(lou)(lou)(lou)洞(dong)(dong)攻(gong)擊(ji)(ji)。注:微(wei)軟(ruan)(ruan)官(guan)方(fang)描(miao)述開啟NLA(網絡(luo)級(ji)別身(shen)份驗證(zheng))可(ke)(ke)能(neng)(neng)可(ke)(ke)以(yi)緩解此漏(lou)(lou)(lou)洞(dong)(dong)攻(gong)擊(ji)(ji),但還是強烈建議盡(jin)快安(an)裝(zhuang)安(an)全補(bu)(bu)丁并重啟;安(an)裝(zhuang)補(bu)(bu)丁修(xiu)(xiu)復方(fang)案可(ke)(ke)能(neng)(neng)存在不可(ke)(ke)預知風險(黑(hei)屏/死機(ji)/藍屏/進入恢復模式),建議修(xiu)(xiu)復前先備份數據/鏡像/快照。相(xiang)關鏈接//portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d//msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/華云(yun)數據集團有(you)限公(gong)司2019.8.14

    2019-08-15

  • 【漏洞預警】Linux 內核TCP SACK機制遠程拒絕服務漏洞

    【漏(lou)(lou)(lou)洞(dong)(dong)預警】Linux 內(nei)核(he)(he)TCP SACK機(ji)制遠(yuan)(yuan)程拒(ju)絕服(fu)(fu)務(wu)漏(lou)(lou)(lou)洞(dong)(dong)近日,華云(yun)安(an)(an)全(quan)中心監測到 Linux 內(nei)核(he)(he)被曝(pu)存在(zai)TCP “SACK PANIC” 遠(yuan)(yuan)程拒(ju)絕服(fu)(fu)務(wu)漏(lou)(lou)(lou)洞(dong)(dong)(漏(lou)(lou)(lou)洞(dong)(dong)編號:CVE-2019-11477,CVE-2019-11478,CVE-2019-11479),攻(gong)擊(ji)(ji)者(zhe)可(ke)利用(yong)(yong)(yong)該漏(lou)(lou)(lou)洞(dong)(dong)遠(yuan)(yuan)程攻(gong)擊(ji)(ji)目標服(fu)(fu)務(wu)器(qi),導致(zhi)(zhi)系(xi)統(tong)崩潰或(huo)無(wu)法提供服(fu)(fu)務(wu)。為避免您(nin)(nin)的(de)(de)業務(wu)受(shou)到影(ying)響(xiang),建議(yi)(yi)您(nin)(nin)及(ji)時開展安(an)(an)全(quan)自查,如(ru)(ru)在(zai)受(shou)影(ying)響(xiang)范(fan)圍,請您(nin)(nin)及(ji)時進(jin)行(xing)更(geng)(geng)新(xin)(xin)修(xiu)復(fu)(fu)(fu),避免被外部(bu)攻(gong)擊(ji)(ji)者(zhe)入侵。 【漏(lou)(lou)(lou)洞(dong)(dong)詳情】近日,Netflix 信息(xi)安(an)(an)全(quan)團(tuan)(tuan)隊(dui)研究員Jonathan Looney發(fa)(fa)現 Linux系(xi)統(tong)內(nei)核(he)(he)上存在(zai)嚴重遠(yuan)(yuan)程DoS漏(lou)(lou)(lou)洞(dong)(dong),攻(gong)擊(ji)(ji)者(zhe)可(ke)利用(yong)(yong)(yong)該漏(lou)(lou)(lou)洞(dong)(dong)構造(zao)并發(fa)(fa)送特(te)定的(de)(de) SACK 序列(lie)請求遠(yuan)(yuan)程觸發(fa)(fa)Linux服(fu)(fu)務(wu)器(qi)內(nei)核(he)(he)模塊溢出漏(lou)(lou)(lou)洞(dong)(dong),導致(zhi)(zhi)服(fu)(fu)務(wu)器(qi)崩潰或(huo)拒(ju)絕服(fu)(fu)務(wu)。【風險等級(ji)(ji)】CVE-2019-11477 高危(wei)CVE-2019-11478 中危(wei)CVE-2019-11479 中危(wei) 【影(ying)響(xiang)版(ban)(ban)本(ben)(ben)】目前(qian)(qian)已知受(shou)影(ying)響(xiang)版(ban)(ban)本(ben)(ben)如(ru)(ru)下(xia)(xia):CentOS 5(Redhat 官方(fang)(fang)(fang)已停(ting)止(zhi)支持,不再(zai)提供補丁)CentOS 6CentOS 7Ubuntu 18.04 LTSUbuntu 16.04 LTSUbuntu 19.04Ubuntu 18.10 【安(an)(an)全(quan)版(ban)(ban)本(ben)(ben)】各大Linux發(fa)(fa)行(xing)廠(chang)商已發(fa)(fa)布內(nei)核(he)(he)修(xiu)復(fu)(fu)(fu)補丁,詳細內(nei)核(he)(he)修(xiu)復(fu)(fu)(fu)版(ban)(ban)本(ben)(ben)如(ru)(ru)下(xia)(xia):CentOS 6:2.6.32-754.15.3CentOS 7:3.10.0-957.21.3Ubuntu 18.04 LTS:4.15.0-52.56Ubuntu 16.04 LTS:4.4.0-151.178 【修(xiu)復(fu)(fu)(fu)建議(yi)(yi)】注意:以下(xia)(xia)升(sheng)級(ji)(ji)內(nei)核(he)(he)或(huo)者(zhe)臨時緩解方(fang)(fang)(fang)案(an)的(de)(de)方(fang)(fang)(fang)式都有可(ke)能造(zao)成業務(wu)使(shi)用(yong)(yong)(yong)上問(wen)題,請在(zai)操作前(qian)(qian)進(jin)行(xing)業務(wu)評估。選(xuan)擇(ze)內(nei)核(he)(he)修(xiu)復(fu)(fu)(fu)方(fang)(fang)(fang)式建議(yi)(yi)先對系(xi)統(tong)進(jin)行(xing)快(kuai)照(zhao),升(sheng)級(ji)(ji)內(nei)核(he)(he)后如(ru)(ru)果有問(wen)題可(ke)使(shi)用(yong)(yong)(yong)快(kuai)照(zhao)進(jin)行(xing)恢復(fu)(fu)(fu)。 推薦方(fang)(fang)(fang)案(an):1、請參(can)(can)照(zhao)上述【安(an)(an)全(quan)版(ban)(ban)本(ben)(ben)】升(sheng)級(ji)(ji)您(nin)(nin)的(de)(de) Linux 服(fu)(fu)務(wu)器(qi)內(nei)核(he)(he),參(can)(can)考(kao)(kao)操作如(ru)(ru)下(xia)(xia):CentOS 6/7系(xi)列(lie)服(fu)(fu)務(wu)器(qi): 1)yum clean all && yum makecache,進(jin)行(xing)軟件(jian)源更(geng)(geng)新(xin)(xin); 2)yum update kernel -y,更(geng)(geng)新(xin)(xin)當(dang)(dang)前(qian)(qian)內(nei)核(he)(he)版(ban)(ban)本(ben)(ben); 3)reboot,更(geng)(geng)新(xin)(xin)后重啟系(xi)統(tong)生(sheng)效; 4)uname -a,檢(jian)查當(dang)(dang)前(qian)(qian)版(ban)(ban)本(ben)(ben)是否為上述【安(an)(an)全(quan)版(ban)(ban)本(ben)(ben)】,如(ru)(ru)果是,則說明(ming)修(xiu)復(fu)(fu)(fu)成功(gong)。Ubuntu 16.04/18.04 LTS系(xi)列(lie)服(fu)(fu)務(wu)器(qi)1)sudo apt-get update && sudo apt-get install linux-image-generic,進(jin)行(xing)軟件(jian)源更(geng)(geng)新(xin)(xin)并安(an)(an)裝(zhuang)最新(xin)(xin)內(nei)核(he)(he)版(ban)(ban)本(ben)(ben);2)sudo reboot,更(geng)(geng)新(xin)(xin)后重啟系(xi)統(tong)生(sheng)效;3)uname -a,檢(jian)查當(dang)(dang)前(qian)(qian)版(ban)(ban)本(ben)(ben)是否為【安(an)(an)全(quan)版(ban)(ban)本(ben)(ben)】,如(ru)(ru)果是,則說明(ming)修(xiu)復(fu)(fu)(fu)成功(gong)。2、臨時緩解方(fang)(fang)(fang)案(an):如(ru)(ru)用(yong)(yong)(yong)戶不方(fang)(fang)(fang)便重啟進(jin)行(xing)內(nei)核(he)(he)補丁更(geng)(geng)新(xin)(xin),可(ke)選(xuan)擇(ze)如(ru)(ru)下(xia)(xia)方(fang)(fang)(fang)式禁(jin)用(yong)(yong)(yong)內(nei)核(he)(he) SACK配(pei)(pei)置(zhi)防范(fan)漏(lou)(lou)(lou)洞(dong)(dong)利用(yong)(yong)(yong),運行(xing)如(ru)(ru)下(xia)(xia)命令:1)echo 'net.ipv4.tcp_sack = 0' >> /etc/sysctl.conf ,禁(jin)用(yong)(yong)(yong) SACK 配(pei)(pei)置(zhi);2)sysctl -p ,重載配(pei)(pei)置(zhi),使(shi)其生(sheng)效。【漏(lou)(lou)(lou)洞(dong)(dong)參(can)(can)考(kao)(kao)】1) 官方(fang)(fang)(fang)通告://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md 2)社區參(can)(can)考(kao)(kao)://www.openwall.com/lists/oss-security/2019/06/17/5 3)紅帽公告://access.redhat.com/security/vulnerabilities/tcpsack華云(yun)數據集團(tuan)(tuan)有限公司2019.6.20

    2019-06-20

  • 【漏洞預警】Windows RDP 遠程代碼執行高危漏洞

    【漏(lou)(lou)洞(dong)(dong)預警】Windows RDP 遠(yuan)程代碼執(zhi)(zhi)行(xing)高危漏(lou)(lou)洞(dong)(dong)(CVE-2019-0708)2019年5月15日,華(hua)云(yun)(yun)安(an)全(quan)中心監測到微(wei)軟(ruan)(ruan)官(guan)方(fang)(fang)發(fa)布緊(jin)急安(an)全(quan)補(bu)丁(ding)(ding)(ding),修(xiu)復了(le)一個(ge)(ge)Windows遠(yuan)程桌(zhuo)面(mian)服(fu)務的(de)(de)(de)遠(yuan)程代碼執(zhi)(zhi)行(xing)漏(lou)(lou)洞(dong)(dong)(CVE-2019-0708),此(ci)漏(lou)(lou)洞(dong)(dong)是預身(shen)(shen)份驗證(zheng)且無(wu)需用(yong)戶交互(無(wu)需驗證(zheng)系(xi)統(tong)(tong)賬戶密碼),這就意(yi)(yi)味著這個(ge)(ge)漏(lou)(lou)洞(dong)(dong)可以通過網絡蠕(ru)(ru)蟲的(de)(de)(de)方(fang)(fang)式被利用(yong)直接(jie)獲取Windows服(fu)務器權限(xian)。漏(lou)(lou)洞(dong)(dong)描述微(wei)軟(ruan)(ruan)官(guan)方(fang)(fang)緊(jin)急發(fa)布安(an)全(quan)補(bu)丁(ding)(ding)(ding),修(xiu)復了(le)一個(ge)(ge)Windows遠(yuan)程桌(zhuo)面(mian)服(fu)務的(de)(de)(de)遠(yuan)程代碼執(zhi)(zhi)行(xing)漏(lou)(lou)洞(dong)(dong)(CVE-2019-0708),該漏(lou)(lou)洞(dong)(dong)影響了(le)某些(xie)舊版本(ben)的(de)(de)(de)Windows系(xi)統(tong)(tong)。此(ci)漏(lou)(lou)洞(dong)(dong)是預身(shen)(shen)份驗證(zheng),無(wu)需用(yong)戶交互。當未(wei)經身(shen)(shen)份驗證(zheng)的(de)(de)(de)攻擊者(zhe)使用(yong)RDP(常見端口(kou)3389)連接(jie)到目標系(xi)統(tong)(tong)并發(fa)送(song)特制(zhi)請(qing)求時(shi),可以在目標系(xi)統(tong)(tong)上執(zhi)(zhi)行(xing)任(ren)意(yi)(yi)命令。甚至傳播惡意(yi)(yi)蠕(ru)(ru)蟲,感染內網其(qi)他(ta)機器。類似于2017年爆發(fa)的(de)(de)(de)WannaCry等惡意(yi)(yi)勒索軟(ruan)(ruan)件病毒。漏(lou)(lou)洞(dong)(dong)評級CVE-2019-0708 嚴重(zhong)影響范圍該漏(lou)(lou)洞(dong)(dong)影響了(le)某些(xie)舊版本(ben)的(de)(de)(de)Windows系(xi)統(tong)(tong),如下(xia):Windows 7Windows Server 2008 R2Windows Server 2008Windows 2003Windows XP安(an)全(quan)建議(yi)1、微(wei)軟(ruan)(ruan)官(guan)方(fang)(fang)已經發(fa)布更(geng)新(xin)補(bu)丁(ding)(ding)(ding)(包括(kuo)官(guan)方(fang)(fang)停止(zhi)維護版本(ben)),請(qing)用(yong)戶及時(shi)進行(xing)補(bu)丁(ding)(ding)(ding)更(geng)新(xin)。共有三(san)種方(fang)(fang)式可獲取最(zui)新(xin)補(bu)丁(ding)(ding)(ding):內網WSUS服(fu)務、微(wei)軟(ruan)(ruan)官(guan)網Microsoft Update服(fu)務、離線(xian)安(an)裝(zhuang)(zhuang)補(bu)丁(ding)(ding)(ding)。Windows 7及Windows Server 2008的(de)(de)(de)用(yong)戶,及時(shi)安(an)裝(zhuang)(zhuang)官(guan)方(fang)(fang)安(an)全(quan)補(bu)丁(ding)(ding)(ding)://www.catalog.update.microsoft.com/Search.aspx?q=KB4499175Windows 2003及Windows XP的(de)(de)(de)用(yong)戶,及時(shi)更(geng)新(xin)系(xi)統(tong)(tong)版本(ben)或安(an)裝(zhuang)(zhuang)官(guan)方(fang)(fang)補(bu)丁(ding)(ding)(ding)://support.microsoft.com/zh-cn/help/4500705/customer-guidance-for-cve-2019-07082、華(hua)云(yun)(yun)新(xin)架(jia)構平臺的(de)(de)(de)服(fu)務器用(yong)戶,可使用(yong)我司(si)平臺提供的(de)(de)(de)防火墻(qiang)臨(lin)時(shi)禁止(zhi)RDP服(fu)務端口(kou)對外或者(zhe)限(xian)制(zhi)允(yun)許訪(fang)問的(de)(de)(de)IP地址相關(guan)鏈(lian)接(jie)//portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708我們會關(guan)注后續(xu)進展,請(qing)隨時(shi)關(guan)注官(guan)方(fang)(fang)公告。如有任(ren)何問題,可隨時(shi)通過工單或我司(si)服(fu)務電話(hua)400-808-4000-8聯系(xi)反饋。華(hua)云(yun)(yun)數據集團有限(xian)公司(si)2019.5.15

    2019-05-15

  • 【漏洞預警】ApacheTomcatHTTP/2遠程拒絕服務漏洞

    【漏洞預警】Apache Tomcat HTTP/2 遠程拒絕服務高危漏洞2019年3月26日,我司監測到Apache Tomcat近日發布安全更新,披露了1個遠程拒絕服務的漏洞:CVE-2019-0199,開啟HTTP/2的Apache Tomcat可被遠程拒絕服務攻擊。漏洞描述Apache Tomcat在實現HTTP/2時允許接受大量的SETTINGS幀的配置流量,并且客戶端在沒有讀寫請求的情況下可以長時間保持連接。如果來自客戶端的連接請求過多,最終可導致服務端線程耗盡而DoS。漏洞評級CVE-2019-0199 高危影響范圍開啟HTTP/2協議功能且版本如下:9.0.0.M1 < Apache Tomcat < 9.0.148.5.0 < Apache Tomcat < 8.5.37安全版本Apache Tomcat 9.0.16Apache Tomcat 8.5.38Apache Tomcat 7.xApache Tomcat 6.x安全建議禁用HTTP/2或升級至安全版本。相關鏈接//tomcat.apache.org/security-9.html華云數據集團有限公司2019年03月27日

    2019-03-27

  • 【高危事件預警】關于GlobeImposter變種勒索病毒預警

    【高(gao)(gao)危(wei)事件(jian)(jian)(jian)預(yu)警(jing)】關(guan)于(yu)(yu)GlobeImposter變種(zhong)(zhong)勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du)預(yu)警(jing)近日,一(yi)種(zhong)(zhong)勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du)GlobeImposter再次(ci)變種(zhong)(zhong)后在(zai)(zai)網(wang)(wang)(wang)上(shang)(shang)傳播,目(mu)前該(gai)病(bing)(bing)(bing)毒(du)(du)(du)已在(zai)(zai)多個省份(fen)(fen)出現感(gan)(gan)染情況。一(yi)旦感(gan)(gan)染該(gai)勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du),網(wang)(wang)(wang)絡(luo)(luo)系(xi)(xi)(xi)統(tong)(tong)(tong)的(de)(de)(de)數據(ju)(ju)庫文(wen)件(jian)(jian)(jian)將被(bei)(bei)病(bing)(bing)(bing)毒(du)(du)(du)加(jia)密(mi),并(bing)須支付勒(le)(le)索(suo)資金(jin)才(cai)能恢(hui)復(fu)文(wen)件(jian)(jian)(jian)。一(yi)、GlobeImposter勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du)的(de)(de)(de)危(wei)害(hai)GlobeImposter是(shi)目(mu)前流行(xing)(xing)的(de)(de)(de)一(yi)類勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du),此次(ci)變種(zhong)(zhong)為3.0版本,它會(hui)加(jia)密(mi)磁盤文(wen)件(jian)(jian)(jian)并(bing)篡改后綴名*4444形式(shi),同(tong)時(shi)(shi)在(zai)(zai)被(bei)(bei)加(jia)密(mi)的(de)(de)(de)目(mu)錄(lu)下會(hui)生成一(yi)個名為“HOW_TO_BACK_FILES”的(de)(de)(de)txt文(wen)件(jian)(jian)(jian),顯(xian)示(shi)受害(hai)者的(de)(de)(de)個人(ren)ID序列號以(yi)(yi)及(ji)黑(hei)客(ke)的(de)(de)(de)聯(lian)系(xi)(xi)(xi)方式(shi)等(deng)。由(you)(you)于(yu)(yu)GlobeImposter3.0采用(yong)(yong)高(gao)(gao)強(qiang)度(du)非(fei)對稱加(jia)密(mi)方式(shi),受害(hai)者在(zai)(zai)沒有(you)私鑰的(de)(de)(de)情況下無(wu)法(fa)恢(hui)復(fu)文(wen)件(jian)(jian)(jian),如(ru)需恢(hui)復(fu)重(zhong)(zhong)要(yao)(yao)資料只能被(bei)(bei)迫(po)支付贖金(jin)。通過分析(xi)發現,該(gai)病(bing)(bing)(bing)毒(du)(du)(du)不(bu)具(ju)備(bei)(bei)(bei)(bei)主(zhu)(zhu)動(dong)傳播性(xing)(xing),被(bei)(bei)感(gan)(gan)染設(she)備(bei)(bei)(bei)(bei)均是(shi)由(you)(you)黑(hei)客(ke)滲透(tou)進入(ru)內(nei)(nei)網(wang)(wang)(wang)后,在(zai)(zai)目(mu)標主(zhu)(zhu)機(ji)上(shang)(shang)人(ren)工(gong)植(zhi)(zhi)入(ru),該(gai)病(bing)(bing)(bing)毒(du)(du)(du)具(ju)有(you)極(ji)強(qiang)的(de)(de)(de)破壞性(xing)(xing)和(he)針(zhen)對性(xing)(xing),目(mu)前很難被(bei)(bei)破解。二、GlobeImposter勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du)的(de)(de)(de)攻(gong)(gong)擊(ji)手(shou)法(fa)該(gai)病(bing)(bing)(bing)毒(du)(du)(du)的(de)(de)(de)主(zhu)(zhu)要(yao)(yao)攻(gong)(gong)擊(ji)步驟如(ru)下:第(di)一(yi)步對服務(wu)(wu)器(qi)(qi)進行(xing)(xing)滲透(tou),黑(hei)客(ke)通過弱(ruo)口(kou)令(ling)(ling)爆(bao)破、端口(kou)掃(sao)描等(deng)攻(gong)(gong)擊(ji)手(shou)法(fa),利用(yong)(yong)3389等(deng)遠(yuan)(yuan)程登(deng)陸開(kai)放端口(kou),使用(yong)(yong)自動(dong)化攻(gong)(gong)擊(ji)腳(jiao)本,用(yong)(yong)密(mi)碼字典暴力(li)破解管理員賬號。第(di)二步對內(nei)(nei)網(wang)(wang)(wang)其他(ta)機(ji)器(qi)(qi)進行(xing)(xing)滲透(tou),攻(gong)(gong)擊(ji)者在(zai)(zai)打開(kai)內(nei)(nei)網(wang)(wang)(wang)突破口(kou)后,會(hui)在(zai)(zai)內(nei)(nei)網(wang)(wang)(wang)對其他(ta)主(zhu)(zhu)機(ji)進行(xing)(xing)口(kou)令(ling)(ling)爆(bao)破,利用(yong)(yong)網(wang)(wang)(wang)絡(luo)(luo)嗅探、多協議爆(bao)破等(deng)工(gong)具(ju)實(shi)施(shi)爆(bao)破。第(di)三(san)步植(zhi)(zhi)入(ru)勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du),在(zai)(zai)內(nei)(nei)網(wang)(wang)(wang)橫(heng)向移動(dong)至一(yi)臺新(xin)的(de)(de)(de)主(zhu)(zhu)機(ji)后,會(hui)嘗試進行(xing)(xing)手(shou)動(dong)或用(yong)(yong)工(gong)具(ju)卸載主(zhu)(zhu)機(ji)上(shang)(shang)安(an)(an)(an)(an)(an)(an)裝的(de)(de)(de)防(fang)護軟件(jian)(jian)(jian),手(shou)動(dong)植(zhi)(zhi)入(ru)勒(le)(le)索(suo)病(bing)(bing)(bing)毒(du)(du)(du)。第(di)四(si)步運行(xing)(xing)病(bing)(bing)(bing)毒(du)(du)(du),病(bing)(bing)(bing)毒(du)(du)(du)自動(dong)執行(xing)(xing)程序,對電腦(nao)內(nei)(nei)文(wen)件(jian)(jian)(jian)進行(xing)(xing)加(jia)密(mi),完成病(bing)(bing)(bing)毒(du)(du)(du)攻(gong)(gong)擊(ji)過程。三(san)、網(wang)(wang)(wang)絡(luo)(luo)安(an)(an)(an)(an)(an)(an)全(quan)提(ti)(ti)示(shi)經安(an)(an)(an)(an)(an)(an)全(quan)專家分析(xi),存在(zai)(zai)弱(ruo)口(kou)令(ling)(ling)且Windows遠(yuan)(yuan)程桌面服務(wu)(wu)(3389端口(kou))暴露在(zai)(zai)互聯(lian)網(wang)(wang)(wang)上(shang)(shang)、未(wei)做(zuo)好內(nei)(nei)網(wang)(wang)(wang)安(an)(an)(an)(an)(an)(an)全(quan)隔離、Windows服務(wu)(wu)器(qi)(qi)、終(zhong)端未(wei)部署或未(wei)及(ji)時(shi)(shi)更(geng)新(xin)殺毒(du)(du)(du)軟件(jian)(jian)(jian)等(deng)漏洞(dong)和(he)風險的(de)(de)(de)信(xin)息系(xi)(xi)(xi)統(tong)(tong)(tong)更(geng)容易遭受該(gai)病(bing)(bing)(bing)毒(du)(du)(du)侵(qin)害(hai)。針(zhen)對上(shang)(shang)述情況,請(qing)及(ji)時(shi)(shi)開(kai)展以(yi)(yi)下幾(ji)方面的(de)(de)(de)工(gong)作:1、及(ji)時(shi)(shi)加(jia)強(qiang)終(zhong)端、服務(wu)(wu)器(qi)(qi)防(fang)護。所有(you)服務(wu)(wu)器(qi)(qi)、終(zhong)端應強(qiang)行(xing)(xing)實(shi)施(shi)復(fu)雜(za)密(mi)碼策(ce)略,杜絕(jue)弱(ruo)口(kou)令(ling)(ling);安(an)(an)(an)(an)(an)(an)裝殺毒(du)(du)(du)軟件(jian)(jian)(jian)、終(zhong)端安(an)(an)(an)(an)(an)(an)全(quan)管理軟件(jian)(jian)(jian)并(bing)及(ji)時(shi)(shi)更(geng)新(xin)病(bing)(bing)(bing)毒(du)(du)(du)庫;及(ji)時(shi)(shi)安(an)(an)(an)(an)(an)(an)裝漏洞(dong)補丁(ding);服務(wu)(wu)器(qi)(qi)開(kai)啟關(guan)鍵日志(zhi)收(shou)集功(gong)能,為安(an)(an)(an)(an)(an)(an)全(quan)事件(jian)(jian)(jian)的(de)(de)(de)追溯(su)提(ti)(ti)供基礎(chu)。2、嚴(yan)格控制(zhi)端口(kou)管理。盡量關(guan)閉(bi)不(bu)必(bi)要(yao)(yao)的(de)(de)(de)文(wen)件(jian)(jian)(jian)共享權限以(yi)(yi)及(ji)關(guan)閉(bi)不(bu)必(bi)要(yao)(yao)的(de)(de)(de)端口(kou),如(ru):445,135,139,3389;建議關(guan)閉(bi)遠(yuan)(yuan)程桌面協議。3、合理劃分內(nei)(nei)網(wang)(wang)(wang)安(an)(an)(an)(an)(an)(an)全(quan)域(yu)。重(zhong)(zhong)要(yao)(yao)業(ye)務(wu)(wu)系(xi)(xi)(xi)統(tong)(tong)(tong)及(ji)核心數據(ju)(ju)庫應當設(she)置獨立(li)的(de)(de)(de)安(an)(an)(an)(an)(an)(an)全(quan)區域(yu)并(bing)做(zuo)好區域(yu)邊界(jie)的(de)(de)(de)安(an)(an)(an)(an)(an)(an)全(quan)防(fang)御,嚴(yan)格限制(zhi)重(zhong)(zhong)要(yao)(yao)區域(yu)的(de)(de)(de)訪問(wen)權限。4、做(zuo)好業(ye)務(wu)(wu)數據(ju)(ju)備(bei)(bei)(bei)(bei)份(fen)(fen)。對業(ye)務(wu)(wu)系(xi)(xi)(xi)統(tong)(tong)(tong)及(ji)數據(ju)(ju)進行(xing)(xing)及(ji)時(shi)(shi)備(bei)(bei)(bei)(bei)份(fen)(fen),并(bing)驗(yan)證備(bei)(bei)(bei)(bei)份(fen)(fen)系(xi)(xi)(xi)統(tong)(tong)(tong)及(ji)備(bei)(bei)(bei)(bei)份(fen)(fen)數據(ju)(ju)的(de)(de)(de)可(ke)用(yong)(yong)性(xing)(xing);建立(li)安(an)(an)(an)(an)(an)(an)全(quan)災備(bei)(bei)(bei)(bei)預(yu)案,同(tong)時(shi)(shi),做(zuo)好備(bei)(bei)(bei)(bei)份(fen)(fen)系(xi)(xi)(xi)統(tong)(tong)(tong)與主(zhu)(zhu)系(xi)(xi)(xi)統(tong)(tong)(tong)的(de)(de)(de)安(an)(an)(an)(an)(an)(an)全(quan)隔離,避免(mian)主(zhu)(zhu)系(xi)(xi)(xi)統(tong)(tong)(tong)和(he)備(bei)(bei)(bei)(bei)份(fen)(fen)系(xi)(xi)(xi)統(tong)(tong)(tong)同(tong)時(shi)(shi)被(bei)(bei)攻(gong)(gong)擊(ji),影響業(ye)務(wu)(wu)連續性(xing)(xing)。華云數據(ju)(ju)集團(tuan)有(you)限公司2019年03月13日

    2019-03-13

  • 【漏洞預警】Linux內核提權高危漏洞預警

    【漏(lou)洞(dong)預警】Linux內(nei)(nei)核(he)提(ti)權高(gao)危漏(lou)洞(dong)預警,代號:Mutagen Astronomy2018年(nian)9月27日,某(mou)國外安全研究(jiu)團隊披露了(le)一個Linux內(nei)(nei)核(he)提(ti)權高(gao)危漏(lou)洞(dong)(CVE-2018-14634),漏(lou)洞(dong)被命(ming)名(ming)為:Mutagen Astronomy。漏(lou)洞(dong)描述(shu)在Linux kernel的(de)create_elf_tables()函數(shu)中,存在緩沖(chong)區溢出漏(lou)洞(dong),普通(tong)用戶可利用漏(lou)洞(dong)提(ti)升至管理員(root)權限(xian)執行(xing)惡意(yi)代碼。漏(lou)洞(dong)評級CVE-2018-14634:高(gao)危影響范圍1、32位系(xi)統暫(zan)不受(shou)漏(lou)洞(dong)影響2、內(nei)(nei)存小于(yu)32G的(de)機器(qi)暫(zan)不受(shou)影響3、內(nei)(nei)存不小于(yu)32G的(de)64位紅帽系(xi)列發行(xing)版OS和CentOS的(de)機器(qi)受(shou)漏(lou)洞(dong)影響安全建(jian)議使用紅帽官方發布的(de)安全補(bu)丁://access.redhat.com/security/cve/cve-2018-14634華云數(shu)據(ju)集團有限(xian)公司2018年(nian)12月05日

    2018-12-27

  • 【漏洞預警】 Gogs 和 Gitea 遠程命令執行高危漏洞

    【漏(lou)洞(dong)(dong)(dong)預警】Git服(fu)務系統 Gogs 和(he)(he) Gitea 遠程命令執行(xing)高危(wei)漏(lou)洞(dong)(dong)(dong)2018年11月(yue)5日(ri),Gogs 和(he)(he) Gitea 官(guan)方(fang)GitHub發布了安(an)(an)全issue,披露(lu)了一個遠程命令執行(xing)漏(lou)洞(dong)(dong)(dong)(CVE-2018-18925/CVE-2018-18926),攻擊(ji)者利(li)用(yong)該漏(lou)洞(dong)(dong)(dong),可(ke)(ke)在目標服(fu)務器(qi)上執行(xing)任意命令。漏(lou)洞(dong)(dong)(dong)描述Gogs 和(he)(he) Gitea 都是用(yong)于搭建(jian)簡單(dan)、穩定、可(ke)(ke)擴展的(de)(de)(de)自助 Git 服(fu)務的(de)(de)(de)平臺(tai),并都使用(yong) Go 語言開(kai)發。在默(mo)認安(an)(an)裝部署的(de)(de)(de)情況下,由于 Gogs 和(he)(he) Gitea 對(dui)用(yong)戶(hu)會(hui)話管理存在漏(lou)洞(dong)(dong)(dong)導致(zhi)攻擊(ji)者可(ke)(ke)以(yi)將普通用(yong)戶(hu)提升(sheng)為(wei)管理員admin賬(zhang)戶(hu)權限(xian),并執行(xing)系統命令。影(ying)響范圍Gogs 目前 master 分(fen)支下的(de)(de)(de)版本(ben)Gitea 1.5.3 之前的(de)(de)(de)版本(ben)風險評(ping)級CVE-2018-18925:嚴重(zhong)CVE-2018-18926:嚴重(zhong)安(an)(an)全建(jian)議Gogs 用(yong)戶(hu):develop 分(fen)支中已經更新漏(lou)洞(dong)(dong)(dong)修復代碼(ma),下載(zai)并安(an)(an)裝。下載(zai)鏈(lian)接://github.com/gogs/gogs/tree/developGitea 用(yong)戶(hu):下載(zai)并安(an)(an)裝最新版本(ben)。下載(zai)鏈(lian)接://github.com/go-gitea/gitea/releases相關鏈(lian)接//github.com/gogs/gogs/issues/5469//github.com/go-gitea/gitea/issues/5140華云(yun)數據集團有限(xian)公司2018年11月(yue)05日(ri)

    2018-12-27