漏洞 Vulnerability CVE-2021-44077: Zoho ManageEngine ServiceDesk Plus 认证绕过漏洞通告 https://cert.360.cn/warning/detail?id=9f1d8d7dfb38cff910f731502ffb2470 安全事件 Security Incident APT37针对记者和安全研究人员的攻击活动分析 https://0xthreatintel.medium.com/apt37-targets-journalists-security-researchers-4d18c559767c 网络钓鱼攻击者开始利用新冠病毒变种话题 https://www.bleepingcomputer.com/news/security/phishing-actors-start-exploiting-the-omicron-covid-19-variant/ 新的恶意软件隐藏作为合法的Nginx进程在电子商务服务器 https://www.bleepingcomputer.com/news/security/new-malware-hides-as-legit-nginx-process-on-e-commerce-servers/ 去中心化金融平台badgerdao遭黑客攻击 损失超过1.2亿美元 https://www.cnbeta.com/articles/tech/1210257.htm 科罗拉多能源公司在网络攻击后丢失了25年的数据，但仍在重建网络 https://www.zdnet.com/article/colorado-energy-company-loses-25-years-of-data-after-cyberattack-still-rebuilding-network/ FBI：Cuba勒索软件攻击了49个美国关键基础设施组织 https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/ 新的广告活动传播后门，恶意Chrome扩展 https://thehackernews.com/2021/12/new-malvertising-campaigns-spreading.html 美国国务院雇员的电话被NSO的间谍软件窃听 https://www.bleepingcomputer.com/news/security/us-state-dept-employees-phones-hacked-using-nso-spyware/ 恶意的KMSPico安装程序窃取加密货币钱包 https://www.bleepingcomputer.com/news/security/malicious-kmspico-installers-steal-your-cryptocurrency-wallets/ 通过GitHub, Netlify发布的Monero挖掘恶意软件漏洞 https://www.trendmicro.com/en_us/research/21/l/vulnerabilities-exploited-for-monero-mining-malware-delivered-via-gitHub-netlify.html