12月26日安全热点 - IoT安全漏洞/Mozilla安全更新

=

 

资讯类

影响无数IoT设备的漏洞，预计会造成严重的问题

https://www.bleepingcomputer.com/news/security/vulnerability-affects-hundreds-of-thousands-of-iot-devices/

 

Mozilla发布安全更新修复Thunderbird的漏洞

https://www.us-cert.gov/ncas/current-activity/2017/12/25/Mozilla-Releases-Security-Update-Thunderbird

 

CVE-2017-9966：施耐德Pelco VideoXpert Enterprise中的缺陷

http://securityaffairs.co/wordpress/67108/hacking/pelco-videoxpert-flaws.html

 

技术类

自动漏洞检测中的校验和导向模糊测试

http://faculty.cs.tamu.edu/guofei/paper/TaintScope-Oakland10.pdf

 

Uber Promo Customer Endpoint与Uber App的两个漏洞说明

https://hackerone.com/reports/293359#activity-2203160

https://hackerone.com/reports/293358#activity-2214781

 

网络犯罪的机器学习

https://erpscan.com/press-center/blog/machine-learning-for-cybercriminals/

 

Uber漏洞赏金计划却让我分文未赚

https://medium.com/bread-and-circuses/how-i-got-paid-0-from-the-uber-security-bug-bounty-aa9646aa103f

 

口袋Kali：GPD7 mini laptop上的Kali Linux

https://medium.com/@tomac/a-kali-linux-on-your-pocket-kali-2017-3-on-gpd-7-mini-laptop-637c897488d

 

通过基于邮件的工具检测数据泄露

https://edgylabs.com/researchers-developed-a-tool-that-can-detect-website-security-breaches

 

2018即将面临的12个云安全风险

https://www.csoonline.com/article/3043030/security/12-top-cloud-security-threats-for-2018.html

 

2017年的数据泄露带给我们的经验与教训

https://medium.com/starting-up-security/learning-from-security-breaches-in-2017-ff62a2c56522

 

关于Wired Machines的思考

https://medium.com/@againsthimself/on-weird-machines-etc-2834b0913023