3月25日安全热点 - Facebook从用户的智能手机收集电话和短信数据

资讯类

Facebook从用户的智能手机收集电话和短信数据

https://www.bleepingcomputer.com/news/technology/facebook-collected-call-and-sms-metadata-from-some-users-smartphones/

 

Shodan搜索公开数千台托管密码和密钥的服务器 

https://developers.slashdot.org/story/18/03/24/1943239/shodan-search-exposes-thousands-of-servers-hosting-passwords-and-keys?utm_source=rss1.0mainlinkanon&utm_medium=feed

 

The DiskWriter or UselessDisk BootLocker May Be A Wiper

https://www.bleepingcomputer.com/news/security/the-diskwriter-or-uselessdisk-bootlocker-may-be-a-wiper/

 

Firefox正在研究针对浏览器内部加密脚本的保护

 https://www.bleepingcomputer.com/news/software/firefox-working-on-protection-against-in-browser-cryptojacking-scripts/

 

黑客利用5年前的漏洞通过门罗币挖矿软件感染Linux服务器

 https://www.bleepingcomputer.com/news/security/hackers-infect-linux-servers-with-monero-miner-via-5-year-old-vulnerability/

 

伍尔夫大学:大学课程直接在以太坊区块链上进行

 

技术类

在恶意软件中重写LibC功能

https://0x00sec.org/t/rewriting-libc-functions-in-malwares/6004

 

通过盲OOB XXE获得文件系统访问权限

https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe

 

Web应用渗透测试备忘单

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

 

Android蓝牙BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG越界读取

Easy CD DVD Copy 1.3.24缓冲区溢出

(完)