3月3日每日安全热点 - 马来西亚航空数据泄露长达九年

Inspired by 360CERT

漏洞 Vulnerability

Google修复今年第二个在野利用0day漏洞

https://www.bleepingcomputer.com/news/security/google-fixes-second-actively-exploited-chrome-zero-day-bug-this-year/

 

安全研究 Security Research

看我如何攻破微软账户

https://thezerohack.com/how-i-might-have-hacked-any-microsoft

 

本地提权研究

https://sysdig.com/blog/mitre-privilege-escalation-falco/

 

安全工具 Security Tools

SaltStack Minion 漏洞PoC

https://github.com/stealthcopter/CVE-2020-28243

 

安全资讯 Security Information

乐施利用法律迫使安全人员保持沉默

https://portswigger.net/daily-swig/xerox-legal-threat-reportedly-silences-researcher-at-infiltrate-security-conference

 

安全报告 Security Report

Solarwinds报告因网络攻击支出共350万美元

https://www.bleepingcomputer.com/news/security/solarwinds-reports-35-million-in-expenses-from-supply-chain-attack/

 

安全事件 Security Incident

PrismHR服务中断疑似遭勒索软件攻击

https://www.bleepingcomputer.com/news/security/payroll-giant-prismhr-outage-likely-caused-by-ransomware-attack/

 

马来西亚航空数据泄露长达九年

https://www.bleepingcomputer.com/news/security/malaysia-airlines-discloses-a-nine-year-long-data-breach/

 

澳大利亚Oxfam遭网络攻击后出现数据泄露

https://www.bleepingcomputer.com/news/security/oxfam-australia-confirms-data-breach-after-stolen-info-sold-online/

 

安全客 Security Geek

在Windbg中明查OS实现UAC验证全流程——三个进程之间的”情爱”[3]

https://www.anquanke.com/post/id/231446