3月16日每日安全热点 - 遭攻击后Blender网站处于维护中

Inspired by 360CERT

恶意软件 Malware

钓鱼网站纷纷加入JS虚拟机检测

https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/

 

Telegram恶意广告攻击

https://suid.ch/research/Telegram_Malware_Analysis.html

 

安全研究 Security Research

Fickling机器学习分析pickle

https://blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/

 

安全工具 Security Tools

通过iOS查找跟踪蓝牙设备

https://github.com/seemoo-lab/openhaystack

 

安全资讯 Security Information

微软发布一键式Exchange修复工具

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-one-click-exchange-on-premises-mitigation-tool/

 

安全报告 Security Report

OVH火灾或影响部分黑客组织

https://securityaffairs.co/wordpress/115559/apt/ovh-fire-apt-impact.html

 

安全事件 Security Incident

遭攻击后Blender网站处于维护中

https://www.bleepingcomputer.com/news/security/blender-website-in-maintenance-mode-after-hacking-attempt/

 

安全客 Security Geek

从 hxp 一道题来看利用 ftp 与 php-fpm 对话 RCE

https://www.anquanke.com/post/id/233454