2月24日每日安全热点 - 乌克兰指责俄罗斯对其发动DDoS攻击

Inspired by 360CERT

漏洞 Vulnerability

VMWare修复vCenter高危漏洞

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-rce-bug-in-all-default-vcenter-installs/

 

安全研究 Security Research

SilentProcessExit LSASS转储

https://www.deepinstinct.com/2021/02/16/lsass-memory-dumps-are-stealthier-than-ever-before-part-2/

 

XXE从入门到还是入门

https://www.bugcrowd.com/blog/how-to-find-xxe-bugs/

 

安全工具 Security Tools

Teler：实时入侵检测

https://github.com/kitabisa/teler

 

Endgame：AWS安全检测工具

https://github.com/brandongalbraith/endgame

 

安全资讯 Security Information

Twitter称因安全问题删除部分俄罗斯账号

https://www.bleepingcomputer.com/news/security/twitter-removes-accounts-of-russian-government-backed-actors/

 

Google在密码管理中加入密码检查功能

https://www.bleepingcomputer.com/news/security/google-adds-password-checkup-support-to-android-autofill/

 

安全事件 Security Incident

芬兰TietoEVRY披露遭勒索软件攻击

https://www.bleepingcomputer.com/news/security/finnish-it-services-giant-tietoevry-discloses-ransomware-attack/

 

乌克兰指责俄罗斯对其发动DDoS攻击

https://www.bleepingcomputer.com/news/security/ukraine-ddos-attacks-on-govt-sites-originated-from-russia/

 

安全客 Security Geek

捕鱼达人——钓鱼基础设施的应用分析

https://www.anquanke.com/post/id/231444