3月18日每日安全热点 - 智利银行监管机构遭Exchange漏洞攻击目前已分享IOC

Inspired by 360CERT

安全研究 Security Research

安全人员发现在Twitter图像文件中隐藏ZIP、MP3文件方法

https://www.bleepingcomputer.com/news/security/twitter-images-can-be-abused-to-hide-zip-mp3-files-heres-how/

 

安全人员发现可以将测试包加入Azure SDK进行钓鱼攻击

https://www.bleepingcomputer.com/news/security/microsofts-azure-sdk-site-tricked-into-listing-fake-package/

 

恶意软件开发

https://0xpat.github.io/

 

SMS安全浅谈

https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80

 

常见安全配置错误

https://s3cur3th1ssh1t.github.io/The-most-common-on-premise-vulnerabilities-and-misconfigurations/

 

云环境下安全日志

https://www.marcolancini.it/2021/blog-security-logging-cloud-environments-gcp/

 

安全工具 Security Tools

Data Breaches Tracker——在线监控ES服务器风险

https://securityaffairs.co/wordpress/115698/security/data-breaches-tracker-unsecured-elasticsearch.html

 

安全事件 Security Incident

智利银行监管机构遭Exchange漏洞攻击目前已分享IOC

https://www.bleepingcomputer.com/news/security/chiles-bank-regulator-shares-iocs-after-microsoft-exchange-hack/

 

安全客 Security Geek

如何高效的挖掘Java反序列化利用链？

https://www.anquanke.com/post/id/234537