2月2日每日安全热点 - Android模拟器成供应链攻击新目标

Inspired by 360CERT

漏洞 Vulnerability

SonicWall SMA 100漏洞遭在野利用

https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/

 

恶意软件 Malware

Bazar详析

https://thedfirreport.com/2021/01/31/bazar-no-ryuk/

 

安全研究 Security Research

Shadowmove：横向移动新手段

https://www.ired.team/offensive-security/lateral-movement/shadowmove-lateral-movement-by-stealing-duplicating-existing-connected-sockets

 

VIPRE安全风险研究

https://www.n00py.io/2020/12/the-dangers-of-endpoint-discovery-in-vipre-endpoint-security/

 

安全工具 Security Tools

Patrick Wardle安全工具继续开源

https://github.com/objective-see

 

安全资讯 Security Information

欧洲排球组织云资产泄露数百护照信息

https://twitter.com/MayhemDayOne/status/1331279873424371712

 

安全报告 Security Report

美联邦贸易委员会称去年身份伪造诈骗数量翻番

https://www.consumer.ftc.gov/blog/2021/02/identity-theft-awareness-week-starts-today

 

Android模拟器成供应链攻击新目标

https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/

 

安全事件 Security Incident

数据泄露导致华盛顿失业救济服务160万用户受影响

https://www.bleepingcomputer.com/news/security/data-breach-exposes-16-million-washington-unemployment-claims/

 

安全客 Security Geek

安全事件周报（01.25-01.31）

https://www.anquanke.com/post/id/230321