2月10日每日安全热点 - CDPR疑遭Hellokitty勒索软件攻击

Inspired by 360CERT

漏洞 Vulnerability

Apple终于修复macOS中的sudo提权漏洞

https://www.bleepingcomputer.com/news/apple/apple-fixes-sudo-root-privilege-escalation-flaw-in-macos/

 

LibreNMS二次注入

https://www.horizon3.ai/disclosures/librenms-second-order-sqli

 

安全研究 Security Research

K8s日志分析入门

https://sysdig.com/blog/kubernetes-audit-log-falco/

 

DiceCTF 2021 WP

https://thegoonies.github.io/2021/02/08/dicectf-2021-rev-dice-is-you/

 

安全工具 Security Tools

Evil FTP：SSRT -> TCP scan

https://github.com/vp777/evilFTP

 

安全事件 Security Incident

CDPR疑遭Hellokitty勒索软件攻击

https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-behind-cd-projekt-red-cyberattack-data-theft/

 

安全人员发现涉及30余家企业的供应链攻击

https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610?sk=991ef9a180558d25c5c6bc5081c99089

 

安全客 Security Geek

Ryuk勒索病毒新变种分析

https://www.anquanke.com/post/id/231363