12月21日安全热点 - 朝鲜黑客与金钱/Facebook照片新规

 

资讯类

表情包的末日？Facebook执行新规，利用脸部识别提醒是否有自己照片发出，且可以提出删除或投诉

https://www.wired.com/story/facebook-will-find-your-face-even-when-its-not-tagged/

或许是时候把自己照片设置成这个了

 

“巴柯维亚行动”抓捕了5名犯罪嫌疑人，他们利用邮件传播CTB-Locker勒索软件，不过可能幕后仍有黑手

https://www.bleepingcomputer.com/news/security/five-romanians-arrested-for-spreading-ctb-locker-and-cerber-ransomware/

 

报道有风险，发文需谨慎：Keeper公司欲就漏洞报道事件提起诉讼

http://www.zdnet.com/article/security-firm-keeper-sues-news-reporter-over-vulnerability-story/

 

据称朝鲜黑客已经开始对工业及信用卡等信息下手

http://thehill.com/policy/cybersecurity/365882-north-koreas-hackers-now-rob-individuals-credit-card-terminals

 

技术类

CVE-2017-12262：思科SDN控制器技术分析与攻击测试

https://labs.mwrinfosecurity.com/blog/routing-101/

 

Talos：VMWare VNC漏洞通告

http://blog.talosintelligence.com/2017/12/vulnerability-spotlight-vmware-vnc.html

 

Triple A Threat（AAA）

http://grugq.github.io/presentations/comae-blackhat-year-of-the-worm.pdf

 

胡狼头下的罪恶，以阿努比斯神命名的恶意软件意欲何为

https://www.scmagazineuk.com/anubisspy-malware-steals-data-seemingly-links-to-old-sphinx-campaign/article/719845/

 

年度漏洞回顾之三：Safari漏洞

https://www.zerodayinitiative.com/blog/2017/12/20/invariantly-exploitable-input-an-apple-safari-bug-worth-revisiting

 

Sqli Wiki

https://sqlwiki.netspi.com/

 

大量挖矿软件针对Wordpress站点发动攻击

https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpress/

 

Windows内核’NtQueryVirtualMemory(MemoryMappedFilenameInformation)’漏洞

https://www.exploit-db.com/exploits/43380/

 

Cloudflare与TCP规范

https://blog.cloudflare.com/this-is-strictly-a-violation-of-the-tcp-specification/

 

利用Radare2逆向EVM字节码

https://blog.positive.com/reversing-evm-bytecode-with-radare2-ab77247e5e53

 

尝试改变组织网络安全的框架讨论

https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/a-framework-for-improving-cybersecurity-discussions-within-organizations

 

Osterman Research关于网络钓鱼和下一代恶意软件白皮书

https://redmondmag.com/whitepapers/2017/12/knowbe4-best-practices-for-dealing-with-phishing.aspx