漏洞 Vulnerability
CVE-2019–19681:PandoraFMS 7.x 的远程代码执行漏洞
https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a
恶意软件 Malware
挖矿僵尸网络使用Taylor Swift(人名)图像隐藏有效载荷
https://www.zdnet.com/article/cryptocurrency-mining-botnet-uses-a-taylor-swift-image-to-hide-malware-payloads/
安全工具 Security Tools
ida 插件:寻找文件中可能存在的加密常量
https://github.com/polymorf/findcrypt-yara
BinDiff 6 Beta 版本
https://docs.google.com/forms/d/e/1FAIpQLSepe2TtvckQsDxYTaiD3wv2EtikHLBTilnFjBM_Es6f1DLZuw/viewform?usp=send_form
automatic-api-attack-tool:自动化 API 安全测试工具
http://feedproxy.google.com/~r/PentestTools/~3/NqlqeAZtRY4/automatic-api-attack-tool-customizable.html
安全报告 Security Report
对被水破坏的移动设备进行取证分析
https://www.sciencedirect.com/science/article/pii/S1742287619301586
安全事件 Security Incident
命名为 “Wocao” 组织的黑客行为分析
https://www.fox-it.com/nl/actueel/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/
蔓灵花(APT-C-08)移动平台攻击活动揭露
https://www.anquanke.com/post/id/195378
针对韩国数百家工业系统的APT攻击正波及全球
https://www.anquanke.com/post/id/195346
2019年度APT攻击回顾
https://www.anquanke.com/post/id/195311
安全资讯 Security Information
本田泄漏2.6万北美客户的数据
https://threatpost.com/honda-leaks-data-26k-north-american-customers/151283/
超过 3000 个 Ring 摄像头的用户信息及登录凭证被泄露
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
由于 Emotet 恶意软件感染,法兰克福关闭了当地网络
https://www.zdnet.com/article/frankfurt-shuts-down-it-network-following-emotet-infection/
安全研究 Security Research
通过 CHROMIUM 正则表达式对特斯拉的渗透攻击
https://www.zerodayinitiative.com/blog/2019/12/18/regular-exploitation-of-a-tesla-model-3-through-chromium-regexp
用Unicode的“ i”入侵GitHub
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
检查 TLS WEB 流量 -Part2
https://blogs.akamai.com/2019/12/inspecting-tls-web-traffic—part-2.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheAkamaiBlog+%28The+Akamai+Blog%29
检查TLS WEB流量-第1部分
https://blogs.akamai.com/2019/12/inspecting-tls-web-traffic—part-1.html
Javascript反调试-使用SourceMappingURL
https://www.perimeterx.com/blog/javascript-anti-debugging-1/
Firefox Web浏览器逻辑沙箱逃逸漏洞
https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes
Windows内核模式驱动程序中的本地特权升级
https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes
回顾 SHAREPOINT(CVE-2019-0604) 远程代码执行漏洞的影响
https://www.zerodayinitiative.com/blog/2019/12/18/looking-back-at-the-impact-of-cve-2019-0604-a-sharepoint-rce
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论