2月19日每日安全热点 - Azure、Exchange部分源码在Solarwinds行动中被窃

Inspired by 360CERT

漏洞 Vulnerability

以太坊DoS漏洞

https://adalogics.com/blog/the-importance-of-continuity-in-fuzzing-cve-2020-28362

 

安全研究 Security Research

供应链攻击现状

https://github.com/hardenedlinux/cheap-pcb/blob/main/cheap-pcb-story.md

 

中间件安全配置杂谈

https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

 

行为控制图像扫描识别

https://sysdig.com/blog/image-scanning-admission-controller/

 

第三方网络安全之用户输入

https://adtechmadness.wordpress.com/2021/02/18/all-your-are-belong-to-me/

 

安全报告 Security Report

Azure、Exchange部分源码在Solarwinds行动中被窃

https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-hackers-downloaded-some-azure-exchange-source-code/

 

FBI对电话拒绝服务攻击发出预警

https://www.bleepingcomputer.com/news/security/fbi-telephony-denial-of-service-attacks-can-lead-to-loss-of-lives/

 

FBI分享朝鲜窃取加密货币行动细节

https://www.bleepingcomputer.com/news/security/us-shares-info-on-north-korean-malware-used-to-steal-cryptocurrency/

 

安全事件 Security Incident

RIPE NCC发布通告称遭到网络攻击

https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/

 

Google Apps被滥用以绕过CSP

https://www.bleepingcomputer.com/news/security/hackers-abuse-google-apps-script-to-steal-credit-cards-bypass-csp/

 

安全客 Security Geek

CVE-2021-3156 sudo heap-based bufoverflow 复现&分析

https://www.anquanke.com/post/id/231408