2018年6月14日每日安全快讯

BaCde  430天前

漏洞预警

Burpsuite 未验证collaborator服务器证书漏洞

https://hackerone.com/reports/337680

计算机生成了可选文字:
囝 
Burp Col laborator Server 
Burp Collaborator 飞 an external service that Burp can use to help discover many kinds of vul 
should read the full documentation for this feature and decide which option 区 mo appropri 
Use the default Collaborator “ rve r 
Don't use Burp Collaborator 
@ Use a private Collaborator server. 
Server location. 
Polling location (optional). b. 
囗 Poll ove r unencrypted HTTP 
Run health check , 
9441

 

Intel 又公布了 Spectre漏洞新变体——Lazy FP 状态还原漏洞

https://security.solidot.org/story?sid=56843

数据泄露

英国手机零售商 Dixons Carphone泄露了590万张支付卡数据

https://securityaffairs.co/wordpress/73479/data-breach/dixons-carphone-hacked.html

 

安全新闻

Intel 又公布了 Spectre漏洞新变体——Lazy FP 状态还原漏洞

https://security.solidot.org/story?sid=56843

17个带有后门的Docker 镜像从Docker hub上溢出,后门镜像可被用于挖矿

https://www.bleepingcomputer.com/news/security/17-backdoored-docker-images-removed-from-docker-hub/

Docker logo

技术分享

我是如何发现WebCRTL 的out of band(oob) xxe漏洞(CVE-2018-8819)的

https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/how-i-found-cve-2018-8819-out-of-band-(oob)-xxe

黑客兵器

Powershell的实用脚本

https://github.com/FuzzySecurity/PowerShell-Suite

恶意软件分析过程中获得各种配置文件

https://github.com/JR0driguezB/malware_configs


该信息由白帽汇安全研究院整理发布,如果错误,欢迎指出纠正。

最新评论

昵称
邮箱
提交评论

友情链接:FOFA FOEYE BCSEC BAIMAOHUI 安全客 i春秋

nosec.org All Rights Reserved 京ICP备15042518号