资讯类

Facebook：剑桥分析公司拥有比预想的要多得多的数据

https://www.zdnet.com/article/facebook-confirms-cambridge-analytica-took-more-data-than-first-thought/

https://www.bleepingcomputer.com/news/security/facebook-cambridge-analytica-accessed-data-on-87-million-users-not-50-million/

Microsoft带外安全更新修补恶意软件保护引擎漏洞

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986

https://www.bleepingcomputer.com/news/security/microsoft-out-of-band-security-update-patches-malware-protection-engine-flaw/

Microsoft issued out-of-band patch to fix CVE-2018-0986 Malware Protection Engine flaw

最新的macOS更新不再对许多外部监视器提供支持

https://www.bleepingcomputer.com/news/apple/latest-macos-update-breaks-support-for-many-external-monitors/

CertUtil.exe可能允许攻击者绕过AV时下载恶意软件

https://www.bleepingcomputer.com/news/security/certutilexe-could-allow-attackers-to-download-malware-while-bypassing-av/

Google Chrome扩展程序检测到“零宽度字符”指纹攻击

https://www.bleepingcomputer.com/news/security/google-chrome-extension-detects-zero-width-character-fingerprinting-attacks/

https://medium.com/@umpox/be-careful-what-you-copy-invisibly-inserting-usernames-into-text-with-zero-width-characters-18b4e6f17b66

技术类

漏洞聚焦：Natus NeuroWorks多个漏洞

http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-natus.html

通过蓝牙从FUZE窃取信用卡

https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html

Vulnerability Modeling with Binary Ninja

Vulnerability Modeling with Binary Ninja

Triaging a DLL planting vulnerability

https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/

与OceanLotus相关的新MacOS后门

https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found

如何攻击FTP客户端

https://snyk.io/blog/attacking-an-ftp-client/

Hunting down Dofoil with Windows Defender ATP

https://cloudblogs.microsoft.com/microsoftsecure/2018/04/04/hunting-down-dofoil-with-windows-defender-atp/

解包可执行文件 – ESP技巧

https://goggleheadedhacker.com/blog/post/6

使用Hashcat破解256个字符的密码

https://cyberarms.wordpress.com/2018/04/03/cracking-passwords-up-to-256-characters-with-hashcat/