资讯类
美国边境官员十多年来未对访客的护照进行密码验证
Drupal修补关键的CMS漏洞
http://www.zdnet.com/article/drupal-patches-critical-cms-vulnerabilities/
https://www.drupal.org/SA-CORE-2018-001
Mirai变种”OMG”在易受攻击的设备上设置代理服务器
http://securityaffairs.co/wordpress/69449/malware/omg-botnet.html
安防不力的Linux 服务器正在遭 Chaos 后门感染
http://securityaffairs.co/wordpress/69459/hacking/chaos-backdoor.html
Terraform Provider for PAN-OS Now Available
https://researchcenter.paloaltonetworks.com/2018/02/terraform-provider-pan-os-now-available/
技术类
中间件安全-Tomcat安全测试概要
https://mp.weixin.qq.com/s/_-AtrbMNROUFRbaime3NrA
npm 5.7.0之前版本在执行 sudo npm –help 等命令时会随机修改 /etc /usr /boot 等目录的属主权限
https://github.com/npm/npm/issues/19883
OilRig利用 ThreeDollars传播新木马
Avzhan DDoS bot深入介绍及样本分析
企业安全项目-短信验证码安全
https://mp.weixin.qq.com/s/sy-ti0QzESnOKfg-WUCYWA
ASLR新的绕过和保护技巧分享
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
控制流程完整性:一种Javascript混淆技术
https://marcoramilli.blogspot.hk/2018/02/control-flow-integrity-javascript.html
使用Azure安全中心检测Kerberoasting活动
Detecting Kerberoasting activity using Azure Security Center
Storage Access API
https://webkit.org/blog/8124/introducing-storage-access-api
Pwn2own: V8 – isolate control via function deoptimization
https://bugs.chromium.org/p/chromium/issues/detail
PowerShell混淆器
https://github.com/danielbohannon/Invoke-Obfuscation
Dependency-Track——智能软件组合分析(SCA)平台
https://github.com/stevespringett/dependency-track
色情文章检测工具
http://yudake.xin/articles/2018/02/22/1519289676946.html