3月20日安全热点 – 黑客大会提供硬件后门Bicho可远程控制汽车

 

资讯类:

黑客大会提供硬件后门Bicho可远程控制汽车
https://news.hitb.org/content/backdoor-allowing-remote-control-cars-be-presented-amsterdam-hacker-conference

 

每200个Google搜索建议中就有一个被污染
https://www.bleepingcomputer.com/news/google/one-in-every-200-google-search-suggestions-is-polluted/

 

GrayKey承诺以15,000美元的价格为警方破解iPhone密码
http://www.zdnet.com/article/graykey-box-promises-to-unlock-iphones-for-police/

 

美国国土安全部,联邦调查局分析揭示了俄罗斯黑客入侵电网的证据
http://www.eweek.com/security/dhs-fbi-analysis-uncovers-evidence-russia-is-hacking-power-grid

 

优步自驾车撞死了一名行人
https://thenextweb.com/insider/2018/03/19/self-driving-car-killed-pedestrian-first-time-last-night/

 

技术类:

MikroTik RouterOS中发现了可远程利用的缓冲区溢出漏洞
http://securityaffairs.co/wordpress/70436/hacking/mikrotik-routeros-flaw.html

 

警惕!PowershellMiner无文件挖矿正在悄然流行
https://xianzhi.aliyun.com/forum/topic/2181

 

Popup Famo(ir)多重漏洞
https://cxsecurity.com/issue/WLB-2018030145

 

bnamericas – 跨站点脚本(XSS)漏洞
https://cxsecurity.com/issue/WLB-2018030144

 

GetAltName – 从SSL证书发现子域
https://www.darknet.org.uk/2018/03/getaltname-discover-sub-domains-from-ssl-certificates/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

 

TENDA AC15路由器中的硬编码帐户 – CVE-2018-5768
https://www.fidusinfosec.com/tenda-ac15-hard-coded-accounts-cve-2018-5768/

 

Preventing Lateral Movement Attacks with PowerBroker for Windows
https://www.beyondtrust.com/blog/preventing-lateral-movement-attacks-powerbroker-windows/

 

勒索软件采用开源路径,使用GNU Privacy Guard进行加密
https://securingtomorrow.mcafee.com/mcafee-labs/ransomware-takes-open-source-path-encrypts-gnu-privacy-guard/

(完)