3月9日每日安全热点 - Flagstar Bank遭网络攻击出现严重数据泄露

Inspired by 360CERT

漏洞 Vulnerability

 

恶意软件 Malware

 

安全研究 Security Research

利用rundll32执行.NET

https://github.com/p3nt4/RunDLL.Net

 

CPU测信道攻击研究

https://github.com/FPSG-UIUC/lotr

 

BMC Patrol域账号到管理员

https://www.securifera.com/blog/2021/03/08/bmc-patrol-agent-domain-user-to-domain-admin-part-2/

 

突破浏览器安全防护

https://orenlab.sise.bgu.ac.il/p/PP0

 

安全工具 Security Tools

Hash破解提速工具

https://github.com/HashPals/search-that-hash

 

安全资讯 Security Information

CISA接获GOV域名管理权

https://www.bleepingcomputer.com/news/security/cisa-takes-over-gov-top-level-domain-tld-administration/

 

QNap设备被黑客接管后用于挖矿

https://www.bleepingcomputer.com/news/security/unpatched-qnap-devices-are-being-hacked-to-mine-cryptocurrency/

 

英特尔将研究同态加密芯片

https://www.anandtech.com/show/16533/intel-microsoft-darpa-to-build-silicon-for-fully-homomorphic-encryption-this-is-important

 

安全事件 Security Incident

Sarbloh勒索软件支持印度农民抗议活动

https://www.bleepingcomputer.com/news/security/new-sarbloh-ransomware-supports-indian-farmers-protest/

 

欧洲银行管理局披露遭Exchange漏洞攻击

https://www.bleepingcomputer.com/news/security/european-banking-authority-discloses-exchange-server-hack/

 

美金融机构Flagstar Bank遭网络攻击出现严重数据泄露

https://www.bleepingcomputer.com/news/security/flagstar-bank-hit-by-data-breach-exposing-customer-employee-data/

 

安全客 Security Geek

V8 CVE-2019-5755 MinusZero类型缺失漏洞 in turboFan

https://www.anquanke.com/post/id/231473