3月13日安全热点 – 通过扬声器和耳机从PC窃取数据

 

资讯类

通过扬声器和耳机从PC窃取数据

四大恶意软件威胁中竟然有三个是浏览器内加密矿工

https://www.bleepingcomputer.com/news/security/report-three-of-top-four-malware-threats-are-in-browser-cryptocurrency-miners/

 

医院黑客：默认密码和不打补丁使医疗保健器械面临风险

http://www.zdnet.com/article/hospital-hacks-default-passwords-and-no-patching-leaves-healthcare-at-risk/

 

2017年利用PowerShell的恶意软件增长了432％

https://www.darkreading.com/vulnerabilities—threats/malware-leveraging-powershell-grew-432–in-2017/d/d-id/1331255

 

2月份最受欢迎的恶意软件：加密恶意软件深入企业计算资源

https://blog.checkpoint.com/2018/03/12/februarys-wanted-malware-cryptomining-malware-digs-deeper-enterprises-computing-resources/

 

技术类

WPS Office Free 10.2.0.5978 本地权限提升或拒绝服务漏洞

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6400

 

SecurEnvoy SecurMail爆出多个严重漏洞

http://seclists.org/fulldisclosure/2018/Mar/29

 

 

对JSON Web Services的Fuzz研究
https://secapps.com/blog/2018/03/fuzzing-json-web-services

 

浅谈企业内部安全漏洞的运营(一)——规范化
https://www.secpulse.com/archives/69352.html

 

在中东和亚洲中部的新行动——可能与“MuddyWater”行动有联系

https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/

 

编写C#查询证书域名小工具
https://www.secpulse.com/archives/69342.html

 

有人在看！当相机不仅仅是“聪明”
https://securelist.com/somebodys-watching-when-cameras-are-more-than-just-smart/84309/

 

ezXSS——测试（盲）XSS的简单方法
https://github.com/ssl/ezXSS

 

Docker安全审计工具

 https://github.com/bbb31/dprobe