3月10日每日安全热点 - Tesla、Cloudflare等公司摄像头遭黑客攻击

Inspired by 360CERT

漏洞 Vulnerability

iOS修复呼叫记录安全漏洞

https://www.bleepingcomputer.com/news/security/iphone-call-recorder-bug-gave-acess-to-other-peoples-conversations/

 

CVE-2020-5377 Dell Openmanage Server漏洞

https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/

 

恶意软件 Malware

挖矿恶意软件重出江湖：z0Miner大肆攻击ES、Jenkins服务器

https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/

 

安全研究 Security Research

K8s原理浅析

https://attl4s.github.io/assets/pdf/You_do_(not)_Understand_Kerberos.pdf

 

再探DNS缓存荼毒

https://unit42.paloaltonetworks.com/overview-of-dnsmasq-vulnerabilities-the-dangers-of-dns-cache-poisoning/

 

绕过静态检测研究

https://www.cyberark.com/resources/threat-research-blog/kinsing-the-malware-with-two-faces

 

CSRF -> RCE

https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce

 

Amazon EC2 IP

https://blog.melbadry9.xyz/ddns-ec2-ips-current-state

 

安全资讯 Security Information

微软公布Azure LoLBins缓解措施

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/

 

GandCrab相关人员被逮捕

https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/

 

Github修复登录账号错误漏洞

https://www.bleepingcomputer.com/news/security/github-fixes-bug-causing-users-to-log-into-other-accounts/

 

安全事件 Security Incident

Tesla、Cloudflare等公司摄像头遭黑客攻击

https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/

 

美司法部又扣押一个疑似参与疫苗钓鱼攻击的域名

https://www.bleepingcomputer.com/news/security/us-seizes-more-domains-used-in-covid-19-vaccine-phishing-attacks/

 

安全客 Security Geek

D3CTF wp By ez_team

https://www.anquanke.com/post/id/233829