3月22日安全热点 – 60%财富500强公司受ManageEngine的漏洞影响

 

ManageEngine 产品中出现代码执行漏洞 60%的财富500强公司受影响

http://www.zdnet.com/article/manageengine-zero-day-vulnerabilities-impact-three-out-of-five-fortune-500s/

 

固件更新发布修复影响多款 IP 摄像头的严重漏洞

https://www.bleepingcomputer.com/news/security/firmware-updates-released-for-security-camera-dumpster-fire/

 

Ledger加密钱包中存在严重漏洞，可能会威胁到您的钱包账户安全

http://securityaffairs.co/wordpress/70516/hacking/ledger-wallet-flaw.html

 

Facebook事件之后，澳大利亚绿党就政治数据使用的透明度提出了新的看法

http://www.zdnet.com/article/australian-pollies-shut-down-calls-for-transparency-over-data-use/

 

新的R2D2技术保护文件免受恶意软件的侵害

https://www.bleepingcomputer.com/news/security/new-r2d2-technique-protects-files-against-wiper-malware/

 

Dropbox更新其漏洞披露政策以保护研究人员

http://www.zdnet.com/article/dropbox-updates-its-vulnerability-disclosure-policy-to-protect-researchers/

 

技术类

通过PHP Weathermap漏洞分发的Cryptocurrency Miner瞄准Linux服务器

https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-miner-distributed-via-php-weathermap-vulnerability-targets-linux-servers/

 

Crashmail 1.6缓冲区溢出

https://cxsecurity.com/issue/WLB-2018030167

 

防止加密挖掘攻击：四个关键步骤可以确保您的安全

https://blog.checkpoint.com/2018/03/21/preventing-crypto-mining-attacks-four-key-steps-thatll-keep-safe/

 

加密聊天：第二部分

https://0x00sec.org/t/encrypted-chat-part-ii/5958

 

Windows内核开发教程第7部分：未初始化的堆变量

https://rootkits.xyz/blog/2018/03/kernel-uninitialized-heap-variable/

 

Persistence using RunOnceEx – Hidden from Autoruns.exe

Persistence using RunOnceEx – Hidden from Autoruns.exe

 

揭秘以太坊中潜伏多年的“偷渡”漏洞，全球黑客正在疯狂偷币

https://paper.seebug.org/547/

 

Unveiling Umbral

https://blog.nucypher.com/unveiling-umbral-3d9d4423cd71

 

【代码审计】MIPCMS 远程写入配置文件Getshell

https://mp.weixin.qq.com/s?__biz=MzA3NzE2MjgwMg==&mid=301419963&idx=1&sn=0cb82aa5629b6432415c93d9f2b8eb8c&chksm=0b55dde63c2254f04399a7afa7f49a3889e8eaa37d747ec1a1b70f00cc0bf94c764db1295a11&mpshare=1&scene=23&srcid=0321pbJgBla01aN1U5GZXNlG#rd

 

NGROK工作与设置 – 无需端口转发即可访问本地设备

Ngrok Working & Setup – Access Local Devices without Port Forwarding

 

CSA报告| 《用区块链技术保障物联网安全》（附报告下载）

https://mp.weixin.qq.com/s/DShAaS_7YSYQle5FzyKGpQ

 

企业安全建设实践之邮件安全

https://mp.weixin.qq.com/s/xCeae-I0juo8JfMZjbdoYQ

 

IDN Generator——用于生成类似IDN域名的小型实用程序

https://github.com/phishai/idn_generator