3月29日每日安全热点 - npm库Bug致数十万应用出现问题

Inspired by 360CERT

漏洞 Vulnerability

Apple修复iOS 0day漏洞

https://www.bleepingcomputer.com/news/security/apple-fixes-a-ios-zero-day-vulnerability-actively-used-in-attacks/

 

McAfee HTML注入

https://ricardojba.github.io/CVE-2021-23888-McAfee-ePolicy-Orchestrator-HTML-Injection/

 

恶意软件 Malware

勒索软件开始通过二级受害者威胁受害者

https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/

 

安全研究 Security Research

Foobar CTF 2021

https://foobar.nitdgplug.org/

 

绕过Cloudflare bot检测

https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb

 

恶意软件“指纹”

https://www.sans.org/reading-room/whitepapers/threats/exploring-human-fingerprints-malware-39275

 

安全资讯 Security Information

Compucom MSP预计因勒索软件损失2000万美元

https://www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/

 

FatFace遭勒索软件攻击后群发邮件惹争议

https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/

 

安全事件 Security Incident

Ziggy勒索软件宣布关闭后决定退还赎金

https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/

 

npm库Bug致数十万应用出现问题

https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

 

德国议会再遭俄罗斯黑客攻击

https://www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/

 

安全客 Security Geek

Laravel 8 Debug mode RCE 汇总

https://www.anquanke.com/post/id/235228