1月28日每日安全热点 - 美国政府收缴Netwalker网络资产并逮捕嫌疑人

Inspired by 360CERT

漏洞 Vulnerability

NAT Slipstreaming v2.0

https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/

 

恶意软件 Malware

TeamTNT利用开源工具逃避检测

https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/

 

安全研究 Security Research

研究人员披露如何攻入微软VSC Github仓库

https://www.bleepingcomputer.com/news/security/heres-how-a-researcher-broke-into-microsoft-vs-codes-github/

 

iMessage逆向研究

https://www.nowsecure.com/blog/2021/01/27/reverse-engineering-imessage-leveraging-the-hardware-to-protect-the-software/

 

SSM通信研究

https://frichetten.com/blog/ssm-agent-tomfoolery/

 

安全报告 Security Report

RinBot加密货币挖矿攻击事件调查

https://sysdig.com/blog/rinbot-discord-bot-crypto-miner/

 

云原生安全白皮书

https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf

 

安全事件 Security Incident

美国政府收缴Netwalker网络资产并逮捕嫌疑人

https://www.bleepingcomputer.com/news/security/us-charges-netwalker-ransomware-affiliate-seizes-ransom-payments/

 

欧洲刑警组织分发Emotet新模块

https://www.bleepingcomputer.com/news/security/europol-emotet-malware-will-uninstall-itself-on-march-25th/

 

安全客 Security Geek

区块链又3道题目分析（主过程）

https://www.anquanke.com/post/id/229484