1月27日每日安全热点 - 针对安全人员钓鱼攻击被认为是朝鲜黑客所为

Inspired by 360CERT

漏洞 Vulnerability

最新SUDO漏洞可被利用提权

https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt

 

Google修复Golang RCE漏洞

https://www.bleepingcomputer.com/news/security/google-fixes-severe-golang-windows-rce-vulnerability/

 

Apple发布iOS 14.4修复多个漏洞

https://support.apple.com/en-us/HT212146

 

安全资讯 Security Information

Mimecast称此前的网络攻击为Solarwinds黑客所为

https://www.bleepingcomputer.com/news/security/mimecast-links-security-breach-to-solarwinds-hackers/

 

黑客扬言攻击马来西亚政府

https://www.malaymail.com/news/malaysia/2021/01/25/hacktivist-group-anonymous-malaysia-resurfaces-vows-cyber-attack-against-go/1943943

 

加州因黑客和欺诈损失超百亿美元

https://www.sacbee.com/news/politics-government/article248756275.html

 

安全报告 Security Report

动静结合检测供应链攻击

https://ajinabraham.com/blog/detecting-zero-days-in-software-supply-chain-with-static-and-dynamic-analysis

 

针对安全人员钓鱼攻击被认为是朝鲜黑客所为

https://www.comae.com/posts/pandorabox-north-koreans-target-security-researchers/

 

安全事件 Security Incident

Dairy Farm遭REvil勒索软件攻击

https://www.bleepingcomputer.com/news/security/pan-asian-retail-giant-dairy-farm-suffers-revil-ransomware-attack/

 

安全客 Security Geek

抢救变砖的某款智能音箱

https://www.anquanke.com/post/id/229320