2018年7月5日每日安全快讯

威胁情报

恶意软件伪装成《堡垒之夜》作弊外挂 作弊者遭感染被投送恶意广告

https://hot.cnbeta.com/articles/game/743067

攻击者滥用CoinHive短网址植入被黑站点，用户访问即被迫挖矿

https://www.secrss.com/articles/3720

安全动态

IBM Java SDK安全漏洞

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-aix-based-and-windows-based-deployments-for-ibm-pureapplication-system-security-bulleti/

微软对外披露两个0day漏洞详情

https://mp.weixin.qq.com/s/_mdBO3CgWE1kr4HHeP6cRQ

研究17,260个Android应用程序没有发现秘密间谍的证据

https://www.bleepingcomputer.com/news/security/study-of-17-260-android-apps-doesn-t-find-evidence-of-secret-spying/

数据泄露

Thermanator Attack通过读取键盘上的热残留来窃取密码

https://www.bleepingcomputer.com/news/security/thermanator-attack-steals-passwords-by-reading-thermal-residue-on-keyboards/

技术分析

详细分析微软Edge浏览器Chakra引擎UAF漏洞（CVE-2018-0946）

http://www.4hou.com/vulnerable/12316.html

使用Office 365 Activities API 调查电子邮件攻击行为

https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/

黑客工具

Masc：一款恶意软件扫描工具

https://www.kitploit.com/2018/07/masc-web-malware-scanner.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

以上内容均来自互联网，由白帽汇安全研究院整理发布。如有任何问题，欢迎纠正。