资讯类
亚特兰大IT系统被SamSam Ransomware袭击
https://www.bleepingcomputer.com/news/security/city-of-atlanta-it-systems-hit-by-samsam-ransomware/
亚洲黑帽大会:可穿戴设备的3个攻击面
https://www.theregister.co.uk/2018/03/22/holy_sweat_wearables_have_three_attack_surfaces/
银行木马Trojan TrickBot又出新花样
http://www.zdnet.com/article/old-trickbot-trojan-taught-new-tricks/
TrickBot银行木马获取Screenlocker组件
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-gets-screenlocker-component/
谷歌正在为Chrome OS设备发布更多的Meltdown和Spectre补丁
Google宣布,针对受到Spectre和Meltdown漏洞影响的英特尔处理器的设备的缓解 将可用于Google Chrome操作系统的最新稳定频道更新。
http://securityaffairs.co/wordpress/70561/hacking/chrome-os-meltdown-spectre.html
TeleRAT——使用电报进行数据泄露的新型Android木马
Palo Alto Networks的安全专家发现了一种名为TeleRAT的新型Android木马,该木马使用Telegram Bot API与命令和控制(C&C)服务器进行通信并泄露数据。
http://securityaffairs.co/wordpress/70551/malware/telerat-android-trojan.html
数千台服务器泄露了750MB的密码和密钥
泄漏etcd服务器可能是数据盗窃者和勒索软件骗子的福音。
恶意软件利用网络注入来清空用户的加密货币账户
https://www.helpnetsecurity.com/2018/03/22/cryptocurrency-theft-web-injects/
技术类
国产电纸书Bambook破解笔记
WPHunter:Wordpress漏洞扫描器v0.1测试版
https://www.reddit.com/r/netsec/comments/867xmp/wphunter_a_wordpress_vulnerability_scanner_v01/
GhostMiner: Cryptomining Malware Goes Fileless
https://blog.minerva-labs.com/ghostminer-cryptomining-malware-goes-fileless
Yahoo Small Business – SQL注入漏洞
https://cxsecurity.com/issue/WLB-2018030186
[CVE-2018-3741] rails-html-sanitizer中的XSS漏洞
http://seclists.org/oss-sec/2018/q1/262
ModSecurity WAF 3.0 for Nginx – Denial of Service
https://www.securityfocus.com/archive/1/541886
CVE-2018-8822 Linux 内核多内存损坏漏洞