2月26日每日安全热点 - 遭钓鱼攻击后红衫披露数据泄露事件

Inspired by 360CERT

漏洞 Vulnerability

 

恶意软件 Malware

VMWare漏洞PoC公布后出现大量攻击事件

https://www.bleepingcomputer.com/news/security/attackers-scan-for-vulnerable-vmware-servers-after-poc-exploit-release/

 

安全研究 Security Research

JSON漏洞探索

https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

 

Intel Graphics安全探索Part.2

https://igor-blue.github.io/2021/02/24/graphics-part2.html

 

安全工具 Security Tools

VMWare vCenter漏洞检测

https://github.com/alt3kx/CVE-2021-21972

 

AWS构建密码破解系统

https://www.sevn-x.com/blog/post/building-a-password-cracker-in-aws

 

安全资讯 Security Information

微软公布了扫描Solarwinds使用的CodeQL语法

https://www.bleepingcomputer.com/news/security/microsoft-shares-codeql-queries-to-scan-code-for-solarwinds-like-implants/

 

安全报告 Security Report

安全人员发现朝鲜黑客对多国国防工业系统发动攻击

https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-defense-industry-with-custom-malware/

 

安全事件 Security Incident

荷兰研究理事会确认遭勒索软件攻击并出现数据泄露

https://www.bleepingcomputer.com/news/security/dutch-research-council-nwo-confirms-ransomware-attack-data-leak/

 

遭钓鱼攻击后红衫披露数据泄露事件

https://www.bleepingcomputer.com/news/security/vc-giant-sequoia-capital-discloses-data-breach-after-failed-bec-attack/

 

安全客 Security Geek

CDN 2021 完全攻击指南 （三）

https://www.anquanke.com/post/id/231441