3月7日安全热点 – 微软发布关键USB驱动更新/Nike泄露敏感信息

 

资讯类

微软发布修复关键USB驱动问题的KB4090913更新

微软昨天发布了一个Windows更新,以修复2018年2月补丁周二安全更新中引入的USB设备驱动程序问题。

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4090913-update-to-fix-critical-usb-driver-issue/

 

Nike网站漏洞暴露敏感的服务器数据

http://www.zdnet.com/article/nike-website-flaw-exposed-access-to-sensitive-server-data/

 

GandCrab勒索软件V2版本发布,具有新的.Crab扩展

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/

 

ComboJack恶意软件通过更改Windows剪贴板窃取加密货币和付款

ComboJack Malware alters Windows clipboards to steal cryptocurrencies and payments

Cryptocurrency-stealing malware relies on victims copy-pasting wallet info

 

Gozi ISFB在2018年保持活跃,利用“黑云”分销僵尸网络

http://blog.talosintelligence.com/2018/03/gozi-isfb-remains-active-in-2018.html

 

严重漏洞影响近一半的互联网电子邮件服务器

https://www.bleepingcomputer.com/news/security/vulnerability-affects-half-of-the-internets-email-servers/

 

代码审查最佳实践

https://medium.com/@palantir/code-review-best-practices-19e02780015f

 

网络犯罪最危险的来源地图

A Map of the Most Dangerous Sources of Cybercrime

 

思科年度安全报告(2018)

https://xianzhi.aliyun.com/forum/topic/2105?from=timeline

 

恶意软件“TSCookie”

http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html

 

技术类

Password Filter DLL在渗透测试中的应用

https://3gstudent.github.io/3gstudent.github.io/Password-Filter-DLL%E5%9C%A8%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%E4%B8%AD%E7%9A%84%E5%BA%94%E7%94%A8/

 

反欺诈、身份自治、IoT:2018年将成为区块链应用元年

http://www.aqniu.com/news-views/31868.html

 

SQL注入ByPass的一些小技巧

https://www.secpulse.com/archives/68991.html

 

以太坊区块链网络的Eclipse攻击详解

http://www.4hou.com/technology/10570.html

 

VMAttack: Deobfuscating Virtualization-Based Packed Binaries

https://www1.cs.fau.de/filepool/publications/unpacking-dynamic-static.pdf

 

机器学习是我们预防网络威胁的最佳武器

https://securityintelligence.com/machine-learning-is-our-best-weapon-against-spiraling-cyberthreats/

 

如何清除window上的RDP连接记录

https://xianzhi.aliyun.com/forum/topic/2102

 

基于Python的自动化代码审计

https://blog.formsec.cn/2018/02/11/python-audit-auto/media/python_audit.pdf

 

区块链安全-DAO攻击事件解析

http://blog.csdn.net/u011721501/article/details/79450122

 

我们如何在瑞士最大的托管服务提供商之一的系统中发现数据库泄漏漏洞

https://security.infoteam.ch/en/blog/posts/how-we-discovered-a-database-leak-in-one-of-the-biggest-swiss-hosting-provider.html

 

Quick Notes on the PSoC

Quick Notes on the PSoC

 

Adapting hashcat for SAP ‘half hashes’

https://erpscan.com/press-center/blog/adapting-hashcat-for-sap-half-hashes/

 

Exim Off-by-one RCE:利用完全缓解绕过的CVE-2018-6789

https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/

 

子域扫描工具

http://www.berkdusunur.net/2018/03/subdomain-scanner-tool.html?m=1

 

Clang控制流程完整性(CFI)绕过技术

https://github.com/0xcl/clang-cfi-bypass-techniques

 

OpticSpy:用于解码光学隐蔽信道传输的数据的工具

http://www.4hou.com/tools/10583.html

(完)