2月25日每日安全热点 - 乌克兰国家文件管理系统遭俄罗斯攻击

Inspired by 360CERT

漏洞 Vulnerability

思科修复MSO身份验证绕过漏洞

https://www.bleepingcomputer.com/news/security/cisco-fixes-maximum-severity-mso-auth-bypass-vulnerability/

 

Node.js systeminformation组件存在代码注入漏洞

https://www.bleepingcomputer.com/news/security/heavily-used-nodejs-package-has-a-code-injection-vulnerability/

 

恶意软件 Malware

 

安全研究 Security Research

VMWare vCenter漏洞分析

https://swarm.ptsecurity.com/unauth-rce-vmware/

 

Web与二进制融合的奇妙之旅

https://blog.orange.tw/2021/02/a-journey-combining-web-and-binary-exploitation.html

 

安全工具 Security Tools

Kali Linux 2021.1版本发布

https://www.kali.org/blog/kali-linux-2021-1-release/

 

利用Brim与NetworkX可视化网络攻击

https://medium.com/brim-securitys-knowledge-funnel/visualizing-network-cyber-attacks-with-suricata-and-zeek-using-brim-and-networkx-332dd265d4b6

 

安全资讯 Security Information

Google资助Linux开发以提升安全性

https://www.bleepingcomputer.com/news/security/google-funds-linux-maintainers-to-boost-linux-kernel-security/

 

CDPR因勒索软件攻击推迟游戏补丁更新

https://www.bleepingcomputer.com/news/gaming/cyberpunk-2077-patch-12-delayed-by-cd-projekt-ransomware-attack/

 

安全报告 Security Report

NASA与FAA也证实为Solarwinds事件受害者

https://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/

 

安全事件 Security Incident

乌克兰国家文件管理系统遭俄罗斯攻击

https://www.bleepingcomputer.com/news/security/russian-hackers-linked-to-attack-targeting-ukrainian-government/

 

五眼联盟针对Accellion FTA网络攻击发布预警

https://www.bleepingcomputer.com/news/security/five-eyes-members-warn-of-accellion-fta-extortion-attacks/

 

Bombardier遭勒索软件攻击后出现数据泄露

https://www.bleepingcomputer.com/news/security/ransomware-gang-extorts-jet-maker-bombardier-after-accellion-breach/

 

Lazyscripter针对航空公司发起定向攻击

https://www.bleepingcomputer.com/news/security/lazyscripter-hackers-target-airlines-with-remote-access-trojans/

 

安全客 Security Geek

内网渗透代理之frp的应用与改造（一）

https://www.anquanke.com/post/id/231424