3月1日每日安全热点 - 厄瓜多尔银行遭勒索软件攻击

Inspired by 360CERT

恶意软件 Malware

恶意Firefox插件致Gmail账户劫持

https://www.bleepingcomputer.com/news/security/malicious-firefox-extension-allowed-hackers-to-hijack-gmail-accounts/

 

安全研究 Security Research

Windows持久化——DLL劫持

https://marcusedmondson.com/2021/02/28/windows-persistence-mechanics-dll-search-order-hijacking/

 

Web漏洞构建完整攻击链

https://btlr.dev/blog/gordian-lock

 

PostWigger 2020 十大Web攻击技术

https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

 

安全资讯 Security Information

Google部分域名导致用户怀疑是否是钓鱼域名

https://www.bleepingcomputer.com/news/security/what-are-these-suspicious-google-gvt1com-urls/

 

NSA与微软倡议建立零信任机制

https://www.bleepingcomputer.com/news/security/nsa-microsoft-promote-a-zero-trust-approach-to-cybersecurity/

 

Google公开Windows 10 Graphics RCE漏洞PoC

https://www.bleepingcomputer.com/news/security/google-shares-poc-exploit-for-critical-windows-10-graphics-rce-bug/

 

安全报告 Security Report

法国安全部门发现Ryuk勒索软件变种

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/

 

安全事件 Security Incident

安全人员统计上周Twitter虚拟货币诈骗共收入数十万美元

https://www.bleepingcomputer.com/news/security/twitter-scammers-earned-over-145k-this-week-in-bitcoin-ethereum-doge/

 

T-Mobile在SIM交换攻击后披露数据泄露

https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/

 

厄瓜多尔银行遭勒索软件攻击

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-ecuadors-largest-private-bank-ministry-of-finance/

 

安全客 Security Geek

Java反序列化之与JDK版本无关的利用链挖掘

https://www.anquanke.com/post/id/232415