3月26日每日安全热点 - 安全人员报告数据泄露反被起诉

Inspired by 360CERT

漏洞 Vulnerability

OpenSSL修复高危漏洞

https://www.bleepingcomputer.com/news/security/openssl-fixes-severe-dos-certificate-validation-vulnerabilities/

 

OpenVAS提权

https://csal.medium.com/pentesters-tricks-local-privilege-escalation-in-openvas-fe933d7f161f

 

恶意软件 Malware

 

安全研究 Security Research

CASMM成熟度模型

https://danielmiessler.com/blog/casmm-consumer-authentication-security-maturity-model-2/

 

OAuth2.0安全浅析

https://www.proofpoint.com/us/blog/cloud-security/oauth-abuse-think-solarwindssolorigate-campaign-focus-cloud-applications

 

安全工具 Security Tools

Cloudflare发布恶意JS预警功能

https://www.bleepingcomputer.com/news/security/cloudflare-page-shield-early-warning-system-for-malicious-scripts/

 

Limelighter:证书安全工具

https://github.com/Tylous/Limelighter

 

安全资讯 Security Information

BackBlaze已修正意外添加的广告脚本

https://www.bleepingcomputer.com/news/security/backblaze-mistakenly-shared-backup-metadata-with-facebook/

 

农夫与蛇:安全人员报告数据泄露反被起诉

https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-nonprofit-hears-from-the-police/

 

安全报告 Security Report

安全人员认为Evil Corp与Hades勒索软件存在密切联系

https://www.bleepingcomputer.com/news/security/evil-corp-switches-to-hades-ransomware-to-evade-sanctions/

 

安全事件 Security Incident

CNA确认遭Phoenix勒索软件攻击

https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/

 

安全客 Security Geek

白盒代码审计系统建设实践系列1:技术选型

https://www.anquanke.com/post/id/235226

(完)