2月3日每日安全热点 - 最新调查美农业部金融中心受Solarwinds事件影响

Inspired by 360CERT

恶意软件 Malware

Trickbot升级网络模块提升检索能力

https://www.bleepingcomputer.com/news/security/trickbot-malware-now-maps-victims-networks-using-masscan/

 

安全研究 Security Research

Nespresso逆向研究

https://pollevanhoof.be/nuggets/smart_cards/nespresso

 

ATT&CK与Falco

https://sysdig.com/blog/mitre-defense-evasion-falco/

 

Skype欺骗攻击研究

https://blog.thecybersecuritytutor.com/spoofing-and-attacking-with-skype/

 

Model 3地理欺骗攻击研究

https://safekeepsecurity.com/2021/02/02/summon-tesla-from-anywhere-in-the-world-tesla-model-3-geospoofing/

 

安全工具 Security Tools

Rust钓鱼模拟代理实现

https://www.phishdeck.com/blog/phinn-on-engineering-a-real-time-phishing-simulation-proxy/

 

安全资讯 Security Information

Babyk勒索软件列出不会攻击的目标

https://www.bleepingcomputer.com/news/security/babyk-ransomware-wont-hit-charities-unless-they-support-lgbt-blm/

 

Netgain勒索软件攻击事件影响逐渐扩大

https://www.bleepingcomputer.com/news/security/netgain-ransomware-incident-impacts-local-governments/

 

安全事件 Security Incident

最新调查美农业部金融中心受Solarwinds事件影响

https://www.bleepingcomputer.com/news/security/us-federal-payroll-agency-hacked-using-solarwinds-software-flaw/

 

螳螂捕蝉——黑客挑被黑的网商下手窃取信用卡信息

https://www.bleepingcomputer.com/news/security/malicious-script-steals-credit-card-info-stolen-by-other-hackers/

 

黑客终于朝超算下手了

https://www.bleepingcomputer.com/news/security/new-linux-malware-steals-ssh-credentials-from-supercomputers/

 

安全客 Security Geek

Windows内核回调实现原理与逆向调试分析

https://www.anquanke.com/post/id/230073