4月3日安全热点 - 美零售业惨遭黑客攻击 500万张银行卡信息被窃

资讯类

美零售业遭最惨黑客攻击 500万张银行卡信息被窃

http://news.haiwainet.cn/n/2018/0402/c3541093-31290882.html

 

热键脚本语言AHK正在迅速成为恶意软件开发者的“新宠”

https://www.hackeye.net/threatintelligence/13060.aspx

 

学生挖掘加密货币造成大学网络堵塞

https://www.bleepingcomputer.com/news/cryptocurrency/students-mining-cryptocurrencies-are-clogging-up-university-networks/

 

华媒：网络安全问题不容忽视 要勤换登录密码
http://dw.chinanews.com/chinanews/content.jsp?id=8481503&classify=zw&pageSize=6&language=chs

 

Google禁止Chrome扩展程序从网上商店中挖掘加密货币

https://www.bleepingcomputer.com/news/google/google-bans-chrome-extensions-that-mine-cryptocurrencies-from-the-web-store/

http://www.zdnet.com/article/google-to-crack-down-on-cryptojacking-on-chrome/

 

Mobile Menace Monday: Fake WhatsApp can steal info from your phone

Mobile Menace Monday: Fake WhatsApp can steal info from your phone

 

技术类

Exim Off-by-one(CVE-2018-6789)漏洞复现分析

https://paper.seebug.org/557/

 

0CTF 2018 EZDOOR(WEB) Writeup

https://www.cdxy.me/?p=790

 

sqlmap time-based inject 分析

http://blog.wils0n.cn/archives/178/

 

简单粗暴的文件上传漏洞

https://mp.weixin.qq.com/s/e1jy-DFOSROmSvvzX_Ge5g

 

同源策略和跨域访问学习笔记

http://uknowsec.cn/posts/notes/%E5%90%8C%E6%BA%90%E7%AD%96%E7%95%A5%E5%92%8C%E8%B7%A8%E5%9F%9F%E8%AE%BF%E9%97%AE%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0.html

 

LTR101 – 一次性攻击容器（DAC）

https://blog.zsec.uk/ltr101-dac/

 

PicoCTF Binary 125: Solution

https://0x00sec.org/t/picoctf-binary-125-solution/6131

 

关于后门插件的讨论

https://www.gironsec.com/blog/2018/03/backdooring-plugins/

 

逆向分析Notability文件格式

https://jvns.ca/blog/2018/03/31/reverse-engineering-notability-format/

 

Whonow DNS服务器——用于即时执行DNS重新绑定攻击的恶意DNS服务器

https://github.com/brannondorsey/whonow