2018年7月5日每日安全快讯

xiannv  438天前

威胁情报

恶意软件伪装成《堡垒之夜》作弊外挂 作弊者遭感染被投送恶意广告

https://hot.cnbeta.com/articles/game/743067

956c3e255655bbc.jpg

攻击者滥用CoinHive短网址植入被黑站点,用户访问即被迫挖矿

https://www.secrss.com/articles/3720

D6DQWGIYlZIRHWMgcupvBNy8RsA2vTqiPeW3ipST.png

安全动态

IBM Java SDK安全漏洞

https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-os-images-for-red-hat-linux-systems-aix-based-and-windows-based-deployments-for-ibm-pureapplication-system-security-bulleti/

微软对外披露两个0day漏洞详情

https://mp.weixin.qq.com/s/_mdBO3CgWE1kr4HHeP6cRQ

研究17,260个Android应用程序没有发现秘密间谍的证据

https://www.bleepingcomputer.com/news/security/study-of-17-260-android-apps-doesn-t-find-evidence-of-secret-spying/

数据泄露

Thermanator Attack通过读取键盘上的热残留来窃取密码

https://www.bleepingcomputer.com/news/security/thermanator-attack-steals-passwords-by-reading-thermal-residue-on-keyboards/

Thermanator.png

技术分析

详细分析微软Edge浏览器Chakra引擎UAF漏洞(CVE-2018-0946)

http://www.4hou.com/vulnerable/12316.html

使用Office 365 Activities API 调查电子邮件攻击行为

https://www.crowdstrike.com/blog/hiding-in-plain-sight-using-the-office-365-activities-api-to-investigate-business-email-compromises/

黑客工具

Masc:一款恶意软件扫描工具

https://www.kitploit.com/2018/07/masc-web-malware-scanner.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

以上内容均来自互联网,由白帽汇安全研究院整理发布。如有任何问题,欢迎纠正。

最新评论

昵称
邮箱
提交评论

友情链接:FOFA FOEYE BCSEC BAIMAOHUI 安全客 i春秋

nosec.org All Rights Reserved 京ICP备15042518号