免责声明：以下内容原文来自互联网的公共方式，仅用于有限分享，译文内容不代表蚁景网安实验室观点，因此第三方对以下内容进行分享、传播等行为，以及所带来的一切后果与译者和蚁景网安实验室无关。以下内容亦不得用于任何商业目的，若产生法律责任，译者与蚁景网安实验室一律不予承担。

1、CISA 在其已知利用漏洞目录中增加了 12 个新漏洞

https://securityaffairs.co/wordpress/135491/security/cisa-known-exploited-vulnerabilities-catalog-flaws-2.html

2、北约机密文件从葡萄牙武装总参谋部被盗后在暗网上出售

https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html

3、与朝鲜有关的 Lazarus APT 针对全球能源供应商

https://securityaffairs.co/wordpress/135469/apt/north-korea-linked-lazarus-apt-targets-energy-providers-around-the-world.html

4、Rapid7 研究人员披露 Sigma Spectrum 输液泵的多个漏洞

https://www.securityweek.com/rapid7-flags-multiple-flaws-sigma-spectrum-infusion-pumps

5、新的伊朗黑客组织APT42部署定制的Android间谍软件

https://www.bleepingcomputer.com/news/security/new-iranian-hacking-group-apt42-deploys-custom-android-spyware/

6、名为DangerousSavanna的恶意活动针对非洲法语区国家金融机构

https://research.checkpoint.com/2022/dangeroussavanna-two-year-long-campaign-targets-financial-institutions-in-french-speaking-africa/

7、思科针对多个产品的新漏洞发布安全补丁

https://thehackernews.com/2022/09/cisco-releases-security-patches-for-new.html

8、200000个North Face账户在撞库攻击中被黑

https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/

9、网信办发布《网信部门行政执法程序规定（征求意见稿）》

https://www.freebuf.com/news/344065.html

10、Apache IoTDB grafana-connector 模块存在未授权漏洞

https://www.4hou.com/posts/l6L6