青少年黑客，2017年11月第四周舆情周报-黑客业务

勒索病毒贴热Wanna命名方式

201711月第四周舆论周报：安卓恶意软件、新欺诈样本、重大缺陷、其他安全事项等

LazarusAPT使用Android针对韩国三星用户的应用程序

http://securityaffairs.co/wordpress/65854/apt/lazarus-apt-android.html

https://securingtomorrow.mcafee.com/mcafee-labs/android-malware-appears-linked-to-lazarus-cybercrime-group

苹果最新的平安更新修复plug-n-hackMacOS包罗USB攻击

https://www.bleepingcomputer.com/news/apple/apples-latest-macos-security-update-contained-fix-for-plug-n-hack-usb-attack/

qkG勒索:自我复制，文件加密勒索

http://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/

HP为补丁提供50企业级打印机型号及风险分析

https://threatpost.com/hp-to-patch-bug-impacting-50-enterprise-printer-models/128984/

http://securityaffairs.co/wordpress/65892/hacking/hp-printers-hacking.html

TerdotTrojan喜欢社交媒体

https://blog.malwarebytes.com/threat-analysis/malware-threat-analysis/2017/11/terdot-trojan-likes-social-media/

https://labs.bitdefender.com/2017/11/terdot-zeus-based-malware-strikes-back-with-a-blast-from-the-past/

HANCITORMALSPAM-现在查看ICEDID银行TROJAN（不是ZEUS熊猫银行）

http://malware-traffic-analysis.net/2017/11/21/index2.html

macOS恶意软件通过假赛门铁克博客流传

http://www.securityweek.com/macos-malware-spread-fake-symantec-blog

BankBotTrojan再次绕过Google为Play店铺安全检查

http://securityaffairs.co/wordpress/65808/malware/bankbot-trojan-play-store.html

Uber大规模数据泄露，付款10赎金万美元后，与黑客争

https://nakedsecurity.sophos.com/2017/11/22/uber-suffered-massive-data-breach-then-paid-hackers-to-keep-quiet/

新的CryptomixRansomware第二个变种在几天内公布

http://securityaffairs.co/wordpress/65716/malware/cryptomix-ransomware-2.html

https://twitter.com/campuscodi/status/931643419281289217

https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/

平安专家最近观察到了一种新的趋势技术EMOTET银行木马实现了新的规避效果

http://securityaffairs.co/wordpress/65693/malware/emotet-evasion-techniques.html

使用Meterpreter来攻击Windows

https://www.coengoedegebure.com/hacking-windows-with-meterpreter/

PHP内陆文件包括（LFI）远程执行代码（RCE）破绽

https://rawsec.ml/en/local-file-inclusion-remote-code-execution-vulnerability/

剖析KaiXinExploitKit

http://www.nao-sec.org/2017/11/analyzing-kaixin-exploit-kit.html

Terdot木马发展成为银行业务的巨大威胁

https://www.bleepingcomputer.com/news/security/terdot-banking-trojan-grows-into-a-sophisticated-threat/

Google修正Android的WPA2破绽

https://blog.avira.com/wpa2-wifi-krack/

在144个Android应用上发现Grabos恶意软件

https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/?utm_campaign=Consumer&utm_source=twitter&utm_medium=spredfast&utm_content=#sf173329560

外国媒体称，中国国家破绽数据库CNNVD比美国快，中国也快。13天，美国需33天，但主要缺陷公布缓慢

https://www.bleepingcomputer.com/news/security/china-delays-vulnerability-disclosure-process-on-important-bugs/

克制孩子的德国Smartwatches智能手表,他们被归类为非法特工装备

腾讯安全11月漏洞感谢榜排名第一

http://www.bbc.com/news/technology-42030109

类似乌克兰的数百种类型Moxa装备电网攻击容易受到远程攻击

http://www.securityweek.com/moxa-nport-devices-vulnerable-remote-attacks

勒索软件首先通过远程桌面入侵

https://twitter.com/SecurityWeek/status/931550136777494529

http://www.securityweek.com/ransomware-targets-smbs-rdp-attacks

亚马逊SmartLock平安过程中存在缺陷

https://twitter.com/MalwarePatrol/status/931570176042196992

https://www.v3.co.uk/v3-uk/news/3021310/security-flaw-in-amazon-smart-locks-would-leave-targets-exposed-to-rogue-couriers

现在很热的EMOTET木马家族分析

https://twitter.com/SecurityWeek/status/931591831762202628

http://www.securityweek.com/emotet-trojan-variant-evades-malware-analysis

GIBON勒索木马将统计攻击时间

https://twitter.com/McAfee/status/931599094073774083

https://securingtomorrow.mcafee.com/business/gibon-ransomware-created-benchmark-response-time/?utm_source=RR&utm_medium=Twitter#sf170467758

卡巴发现NSA工作人员的电脑感染恶意软件

https://thehackernews.com/2017/11/kaspersky-nsa-malware.html

跨越三款Android恶意软件家族入侵谷歌Play商铺

https://www.scmagazine.com/three-more-android-malware-families-invade-google-play-store/article/707693/

勒索 点击敲诈:新的夹杂攻击

https://www.netskope.com/blog/ransomware-click-fraud-new-blended-attack/

2018年度工控安全展望8个人倾向于直接击中工业控制系统的关键点

http://toutiao.secjia.com/2018-ics-predictions

破绽相关：

思科Web平安防火墙WSA平安绕过破绽CVE-2017-12303未经授权接待

http://toutiao.secjia.com/web-security-appliance-bypass

OpenStackSwauth身份验证绕过破绽CVE-2017-16613未经授权的操作

http://toutiao.secjia.com/openstack-abypass-cve-2017-16613

CVE-2017-11882相关缺陷样本信息

https://twitter.com/anyrun_app

cve-2017-11826攻击者行使和政治主题RTF文档

https://blog.fortinet.com/2017/11/22/cve-2017-11826-exploited-in-the-wild-with-politically-themed-rtf-document

Samba随机代码执行缺陷CVE-2017-14746可执行随机代码失败，也可执行DoS

http://toutiao.secjia.com/samba-ace-cve-2017-14746

英特尔宣布，数百万计算机可能被远程胁迫

https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/?comments=1

IOS及IOSXE该软件再次爆出跨站剧本的缺陷CVE-2017-12304可执行随机代码

http://toutiao.secjia.com/ios-xe-xss-cve-2017-12304

12款思科产品泛起未经授权接触的缺陷CVE-2017-12337可拿装备Root权限

http://toutiao.secjia.com/cisco-uav-cve-2017-12337

blueborneRCEAndroid6.0.1（cve-2017-0781）

https://jesux.es/exploiting/blueborne-android-6.0.1-english/

FoscamC1室内高清摄像机的多个缺陷分析

http://bobao.360.cn/learning/detail/4703.html

LinkedinIP闭包破绽

https://twitter.com/TheHackersNews/status/931774220564131840

201711月4周勒索病毒周报

« 2024年8月 »
一	二	三	四	五	六	日
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

黑客业务

黑客服务,入侵网站,网站入侵,黑客技术,信息安全,web安全

青少年黑客，2017年11月第四周舆情周报