2月23日安全热点 - Spectre补丁更新/npm更新导致系统崩溃

 

资讯类

tomcat发布两个高危漏洞预警

 http://tomcat.apache.org/security.html

 

全球网络犯罪造成的损失高达6000亿美元

http://securityaffairs.co/wordpress/69401/cyber-crime/cybercrime-cost-2017.html

 

npm更新导致Linux系统崩溃,迫使用户重新安装

https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/

 

英特尔发布Spectre补丁更新

https://www.bleepingcomputer.com/news/hardware/here-we-go-again-intel-releases-updated-spectre-patches/

 

代码签名证书买卖黑市的真实情况

https://www.bleepingcomputer.com/news/security/the-market-of-stolen-code-signing-certificates-is-too-expensive-for-most-hackers/

http://www.zdnet.com/article/hackers-are-selling-legitimate-code-signing-certificates-to-evade-malware-detection/

 

技术类

FINSPY VM UNPACKING教程第3部分:设备的虚拟化

http://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization

 

CVE-2018-6947漏洞利用教程

https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/

 

DEVSPIRTUALIZATION FINSPY,PHASE#1:反混淆FINSPY VM字节码程序

http://www.msreverseengineering.com/blog/2018/2/21/wsbjxrs1jjw7qi4trk9t3qy6hr7dye

伪造的ASIC(澳大利亚证券和投资委员会)利用钓鱼邮件传播恶意软件

https://www.trustwave.com/Resources/SpiderLabs-Blog/Fake-ASIC-Renewal-Spam-Delivers-Malware-to-Australian-Companies/

 

Nix技巧:SSH复用

https://0x00sec.org/t/stupid-nix-tricks-ssh-multiplexing/5583

 

荷兰DDoS攻击始末

https://securingtomorrow.mcafee.com/mcafee-labs/ddos-attacks-netherlands-reveal-teen-gamers-troublesome-path/

 

伪造代码签名证书的兴起

https://www.recordedfuture.com/code-signing-certificates/

 

保护物联网网络

https://blog.trendmicro.com/securing-iot-networks/

 

数说IoT僵尸网络

http://www.aqniu.com/learn/31650.html

 

Drive-by download campaign targets Chinese websites

https://blog.malwarebytes.com/threat-analysis/2018/02/chinese-criminal-experiments-with-exploits-in-drive-by-download-campaign/

 

SinVR漏洞利用分析

https://www.digitalinterruption.com/single-post/2018/02/22/Hacking-SinVR-for-fun-and-profit-and-free-adult-content

 

利用TAP适配器窃取哈希值

https://orangewirelabs.wordpress.com/2018/02/21/stealing-hashes-with-tap/

 

Wavpack 5.1.0 Denial of Service

https://cxsecurity.com/issue/WLB-2018020236

 

Web浏览安全性概述

https://sec.eff.org/articles/web-browsing-security

 

Wafid: WAF指纹识别工具

https://github.com/CSecGroup/wafid

(完)