热点概要:S2-045:远程代码执行漏洞、滥用协议加载本地文件,导致绕过HTML5沙箱,打开弹出窗口等高危操作、逆向Samsung S6 SBOOT – part1、一行行分析恶意的Powershell Exploit、揭秘powershell攻击[pdf]
国内热词(以下内容部分摘自http://www.solidot.org/):
Nintendo Switch 运行 FreeBSD 内核
手机漫游费 10 月 1 日起取消
深圳公司生产的物联网设备被发现后门
资讯类:
垃圾邮件组织RCM泄漏了14亿用户记录,包括真实姓名,用户IP地址以及物理地址
http://thehackernews.com/2017/03/email-marketing-database.html
黑客在暗网上售卖超过1百万的gmail和雅虎解密后的密码
http://thehackernews.com/2017/03/gmail-yahoo-password-hack.html
技术类:
S2-045:远程代码执行漏洞
https://cwiki.apache.org/confluence/display/WW/S2-045
滥用协议加载本地文件,导致绕过HTML5沙箱,打开弹出窗口等高危操作
http://www.brokenbrowser.com/abusing-of-protocols/
hacking 西部数据 MyCloud NAS
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
WordPress 4.7.3 发布,修复多个xss、csrf和管理员插件删除非预期文件漏洞
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
vBulletin恶意插入广告分析
https://blog.sucuri.net/2017/03/vbulletin-used-show-malicious-advertisements.html
逆向Samsung S6 SBOOT – part1
http://blog.quarkslab.com/reverse-engineering-samsung-s6-sboot-part-i.html
野外发现的运用了AtomBombing隐式代码注入的DridexV4恶意软件
https://www.endgame.com/blog/dropping-atombombs-detecting-dridexv4-wild
Mirai事件的再分析
https://insights.sei.cmu.edu/sei_blog/2017/03/powered-by-mirai.html
一行行分析恶意的Powershell Exploit
https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/
探索win10上 windows内核shellcode-part2
https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-2
JSShell:一个基于python的交互式shell
https://github.com/Den1al/JSShell/
WordPress Hacks: functions.php后门分析
https://www.polaris64.net/blog/cyber-security/2017/wordpress-hacks-functions-php-backdoors
揭秘powershell攻击[pdf]
rooted 2017 talk
https://github.com/skuater/rooted2k17
Ponemon Institute的《威胁情报的价值:北美和英国公司的研究报告》
为什么要用BLAKE2替换SHA-1?
https://research.kudelskisecurity.com/2017/03/06/why-replace-sha-1-with-blake2/
WordPress Multiple Plugins – Remote File Upload