1月29日每日安全热点 - 微软跟进针对安全人员的攻击事件并将其组织命名为ZINC

Inspired by 360CERT

漏洞 Vulnerability

Windows Installer提权漏洞获微补丁更新

https://blog.0patch.com/2021/01/windows-installer-local-privilege.html

 

YouPHPTube多个漏洞分析

https://www.synacktiv.com/sites/default/files/2021-01/YouPHPTube_Multiple_Vulnerabilities.pdf

 

恶意软件 Malware

Oscorp：针对意大利用户的恶意软件

https://securityaffairs.co/wordpress/113983/malware/oscorp-android-malware.html

 

安全研究 Security Research

从N day利用到K8提权

https://www.blackarrow.net/from-n-day-exploit-to-kerberos-eop-in-linux-environments/

 

安全资讯 Security Information

Chrome更新以缓解NAT Slipstreaming 2.0漏洞

https://www.bleepingcomputer.com/news/security/google-chrome-blocks-7-more-ports-to-stop-nat-slipstreaming-attacks/

 

安全报告 Security Report

微软跟进针对安全人员的攻击事件并将其组织命名为ZINC

https://www.bleepingcomputer.com/news/security/microsoft-dprk-hackers-likely-hit-researchers-with-chrome-exploit/

 

安全人员认为真主党黑客与电信公司攻击事件有关

https://www.bleepingcomputer.com/news/security/hezbollah-hackers-attack-unpatched-atlassian-servers-at-telcos-isps/

 

安全事件 Security Incident

USCellular遭黑客攻击出现数据泄露

https://www.bleepingcomputer.com/news/security/uscellular-hit-by-a-data-breach-after-hackers-access-crm-software/

 

安全客 Security Geek

Battleye 系列翻译之分析与简化

https://www.anquanke.com/post/id/229718