3月25日每日安全热点 - 数百万以色列公民信息泄露

Inspired by 360CERT

漏洞 Vulnerability

思科修复Jabber客户端漏洞

https://www.bleepingcomputer.com/news/security/cisco-addresses-critical-bug-in-windows-macos-jabber-clients/

 

Chrome Render RCE

https://securitylab.github.com/research/one_day_short_of_a_fullchain_renderer/

 

安全研究 Security Research

PEM私钥安全研究

https://cryptohack.org/blog/twitter-secrets

 

OAuth安全研究

https://portswigger.net/research/hidden-oauth-attack-vectors

 

Google Richmedia Studio漏洞

https://www.ehpus.com/post/multiple-authorization-bypass-issues-in-google-s-richmedia-studio

 

安全工具 Security Tools

API安全Cheatsheet

https://github.com/dsopas/MindAPI

 

安全资讯 Security Information

Chrome将HTTPS设置为默认协议

https://www.bleepingcomputer.com/news/google/google-chrome-will-use-https-as-default-navigation-protocol/

 

内鬼删除Office 365账户报复并因此入狱

https://www.bleepingcomputer.com/news/security/resentful-employee-deletes-1-200-microsoft-office-365-accounts-gets-prison/

 

安全事件 Security Incident

数百万以色列公民信息泄露

https://therecord.media/data-of-6-5-million-israeli-citizens-leaks-online/

 

安全客 Security Geek

猫鼠游戏:Windows内核提权样本狩猎思路分享

https://www.anquanke.com/post/id/235716

(完)