勒索病毒新变种 收获日到来
201711月第五周公众舆论周报:安卓恶意软件、新欺诈样本、重大缺陷、其他安全事项等谷歌检测AndroidTizi特工软件,特工流行的应用程序,如WhatsApp和电报
http://securityaffairs.co/wordpress/66116/malware/android-tizi-spyware.html
macOS你登录的管理员不需要密码
https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/
.fucku终端勒索样本出来解密工具
https://twitter.com/demonslay335/status/935622942737817601
macOS新平台采矿木马:OSX.CpuMeaner
https://www.sentinelone.com/blog/osx-cpumeaner-miner-trojan-software-pirates/
东南亚远程接见木马攻击的目的:UBoatRAT
https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/
大规模的电子邮件运动流传SCARAB勒索
https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware
跨越400000电子邮件服务器可能会受到严重影响RCE破绽的影响
https://www.bleepingcomputer.com/news/security/no-patch-available-for-rce-bug-affecting-half-of-the-internets-email-servers/
世界上最大的僵尸网络Necurs在6一小时内发出1250万封垃圾邮件
http://www.ibtimes.co.uk/game-thrones-botnet-spewed-12-5m-booby-trapped-emails-6-hours-1649118?utm_campaign=soficalflowtwitter&utm_source=socialflowtwitter&utm_medium=articles
AV-Test对6儿童智能手表评估发现了惊人的缺陷
https://www.av-test.org/en/news/news-single-view/shock-around-the-clock-6-childrens-watches-in-the-test/
伪造的赛门铁克网站流传OSX.Proton密码窃取器
https://www.scmagazine.com/osxproton-spread-via-fake-symantec-blog/article/709695/
自我传播恶意软件行使Office内置机制
http://securityaffairs.co/wordpress/65942/hacking/self-replicating-malware-flaw.html
https://twitter.com/leotpsc/status/934628866856927232
修复wordpresspingbackDDos攻击
http://josephfoulds.com/mitigating-wordpress-pingback-reflective-ddos-attacks/
DrWeb发现伪装libz的linux后门木马
勒索病毒新变种 CryptXXX”降临
https://news.drweb.com/show/?i=11593&lng=en
恶意软件分析工具总结
https://github.com/wtsxDev/Malware-Analysis
GOLDENSAML伪造攻击手艺身份验证云应用程序
http://securityaffairs.co/wordpress/66002/hacking/golden-saml-hacking.html
有史以来最糟糕的失败7款恶意软件
https://medium.com/threat-intel/malware-fails-cybersecurity-d37fa1fc525
威胁比特币:攻击
https://btc-hijack.ethz.ch/
德国信息安全研究员31在银行应用程序中发现严重问题,容易受到黑客攻击
https://www.heise.de/security/meldung/31-lueckenhafte-Banking-Apps-Forscher-entlarven-App-TAN-Verfahren-abermals-als-unsicher-3900945.html
TEMPESTSDR:SDR电脑屏幕上的工具通过无意中窃听射频辐射
https://www.rtl-sdr.com/tempestsdr-a-sdr-tool-for-eavesdropping-on-computer-screens-via-unintentionally-radiated-rf/
一个新的Mirai变种正在迅速传播,专家们也在过去60约莫在一个小时内被调查100K个IP搜索有缺陷的地址ZyXELPK5001Z路由器。
http://securityaffairs.co/wordpress/66012/malware/mirai-argentina.html
通过你的屏幕施法者攻击你的办公室
https://www.pentestpartners.com/security-blog/hacking-your-office-through-your-screen-caster/
Windows中的ASLR破绽公布忠告(随机地址缺陷)
https://www.scmagazine.com/us-cert-issues-warning-on-aslr-vulnerability-in-windows/article/708805/
GooglePlay商店让数百万用户下载恶意软件Android应用
http://www.ibtimes.com/google-play-store-let-millions-users-download-malware-laden-android-apps-2614780?sf173819016=1
在144个GooglePlay在应用程序中发现新的Android恶意软件
https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-grabos-exposed-millions-to-pay-per-install-scam-on-google-play/#sf173818493
systemd破绽导致Linux拒绝服务
http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerability-leads-to-denial-of-service-on-linux/
警惕发票邮件钓鱼财务人员