安全路透社
当前位置:安全路透社 > 安全客 > 正文

【知识】11月9日 – 每日安全知识热点

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:Linux的USB驱动存在安全隐患震惊!一名用户意外触发Bug导致3亿美元以太坊货币被冻结最近大火的Coinhive到底是什么Google Play版权与安全政策解析微软关于LAN Manager与NTLMv1的警告DCOM与DDE的奇妙结合二进制代码的模糊测试

资讯类:


Linux的USB驱动存在安全隐患

https://www.bleepingcomputer.com/news/security/linux-has-a-usb-driver-security-problem/

像素颜色数据传输新方式

https://www.pentestpartners.com/security-blog/exfiltration-by-encoding-data-in-pixel-colour-values/

浏览器挖矿状况日益糟糕

https://www.bleepingcomputer.com/news/security/the-internet-is-rife-with-in-browser-miners-and-its-getting-worse-each-day/

https://www.bleepingcomputer.com/news/security/cryptojacking-craze-malwarebytes-says-it-blocks-8-million-requests-per-day/

震惊!一名用户意外触发Bug导致3亿美元以太坊货币被冻结

https://thehackernews.com/2017/11/parity-ethereum-wallet.html

http://securityaffairs.co/wordpress/65303/digital-id/ethereum-parity-wallet-flaw.html

技术类:


欺骗黑客的黑客——IP扫描器内置后门

https://www.bleepingcomputer.com/news/security/hacker-wannabes-fooled-by-backdoored-ip-scanner/


微软关于LAN Manager与NTLMv1的警告

https://blogs.technet.microsoft.com/miriamxyra/2017/11/07/stop-using-lan-manager-and-ntlmv1/

URL与安全

https://noncombatant.org/2017/11/07/problems-of-urls/

信息安全Cheat Sheets

https://www.cybrary.it/0p3n/infosec-cheat-sheets/

新近出现的提权框架

https://github.com/spencerdodd/kernelpop

安卓挖矿浅谈

https://www.ixiacom.com/company/blog/everythings-better-blockchain

IoT与ARM逆向 第三部分

https://quequero.org/2017/11/arm-exploitation-iot-episode-3/

Windows利用开发四:SEH覆写

http://www.shogunlab.com/blog/2017/11/06/zdzg-windows-exploit-4.html

最近大火的Coinhive到底是什么

https://blog.malwarebytes.com/cybercrime/2017/11/a-look-into-the-global-drive-by-cryptocurrency-mining-phenomenon/

DCOM与DDE的奇妙结合

https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom

SIEM系统通用签名工具

https://github.com/Neo23x0/sigma

二进制代码的模糊测试

https://medium.com/@njvoss299/afl-unicorn-fuzzing-arbitrary-binary-code-563ca28936bf

Shopware中的XXE

https://blog.ripstech.com/2017/shopware-php-object-instantiation-to-blind-xxe/

Google Play版权与安全政策解析

http://blog.fortinet.com/2017/11/08/the-strange-case-of-play-policy-for-copyright-and-security


本文地址:http://bobao.360.cn/learning/detail/4681.html

未经允许不得转载:安全路透社 » 【知识】11月9日 – 每日安全知识热点

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册