当前位置:安全客 >> 知识详情

【知识】10月14日 - 每日安全知识热点

2017-10-14 09:39:22 阅读:3039次 收藏 来源: 安全客 作者:77caikiki

http://p6.qhimg.com/t017313015b51e6034e.png

热点概要:DDoS攻击导致瑞典火车延误、Equifax网站把用户重定向到Adware和诈骗网站、Chrome扩展用你的Gmail注册域名还注入挖矿代码、钓鱼Word文档用RAT传播malware、新的野外Anubi Ransomware、Android DoubleLocker Ransomware:按下Home键就可激活你怕不怕(改变PIN值,加密文件)


资讯类:


DDoS攻击导致瑞典火车延误

https://www.bleepingcomputer.com/news/security/ddos-attacks-cause-train-delays-across-sweden/ 


Equifax网站把用户重定向到Adware和诈骗网站

https://www.bleepingcomputer.com/news/security/equifax-website-redirected-users-to-adware-scam-sites/ 


Chrome扩展用你的Gmail注册域名还注入挖矿代码

https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/ 


技术类:


钓鱼Word文档用RAT传播malware

https://blog.malwarebytes.com/threat-analysis/2017/10/decoy-microsoft-word-document-delivers-malware-through-rat/ 


通过DNS输入错误完成实用水坑

https://blog.0day.rocks/practical-waterholing-through-dns-typosquatting-e252e6a2f99e 


新的野外Anubi Ransomware

https://www.bleepingcomputer.com/news/security/new-anubi-ransomware-in-the-wild/ 


Android DoubleLocker Ransomware:按下Home键就可激活你怕不怕(改变PIN值,加密文件)

https://www.bleepingcomputer.com/news/security/android-doublelocker-ransomware-activates-every-time-you-hit-home-button/ 

https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/ 


Disassembler and Runtime Analysis(IDA Pro没检测出来的那些修改)

http://blog.talosintelligence.com/2017/10/disassembler-and-runtime-analysis.html 


新型x1881 CryptoMix Ransomware变种放出

https://www.bleepingcomputer.com/news/security/new-x1881-cryptomix-ransomware-variant-released/ 


Exploding Git Repositories

https://kate.io/blog/git-bomb/ 


安全应急响应工具大合集

https://github.com/meirwah/awesome-incident-response/blob/master/README_ch.md 


Leaking Amazon.com CSRF Tokens Using Service Worker API

https://ahussam.me/Amazon-leaking-csrf-token-using-service-worker/ 


Injects C# EXE or DLL Assembly into every CLR runtime and AppDomain of another process. 

https://github.com/jonatan1024/clrinject 


HSTS(HTTP Strict Transport Security)实用解答

https://pentesterslife.wordpress.com/2017/09/12/http-strict-transport-security-the-practical-explanation/ 


本文由 安全客 原创发布,如需转载请注明来源及本文地址。
本文地址:http://bobao.360.cn/learning/detail/4544.html

参与讨论,请先 | 注册 | 匿名评论
发布
用户评论
无任何评论