3月4日每日安全热点 - Qualys成Accellion最新受害者

Inspired by 360CERT

漏洞 Vulnerability

Grub2被发现多个严重漏洞

https://www.bleepingcomputer.com/news/security/grub2-boot-loader-reveals-multiple-high-severity-vulnerabilities/

 

恶意软件 Malware

Exchange漏洞已被积极利用

https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/

 

安全研究 Security Research

Windows.com争夺战

https://remyhax.xyz/posts/bitsquatting-windows/

 

代码安全与陷阱

https://medium.com/@1ndahous3/safe-code-pitfalls-dll-side-loading-winapi-and-c-73baaf48bdf5

 

OWASP之应用程序网关

https://github.com/gianlucafrei/Application-Gateway

 

安全资讯 Security Information

黑客研究绕过3DS（支付）安全协议

https://www.bleepingcomputer.com/news/security/hackers-share-methods-to-bypass-3d-secure-for-payment-cards/

 

美政府提醒关注伪造身份诈骗

https://www.bleepingcomputer.com/news/security/us-government-warns-of-social-security-scams-using-fake-federal-ids/

 

安全事件 Security Incident

CompuCom遭网络攻击并出现服务中断

https://www.bleepingcomputer.com/news/security/compucom-msp-confirms-ongoing-outage-following-malware-incident/

 

Qualys成Accellion最新受害者

https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-is-the-latest-victim-of-accellion-hacks/

 

安全客 Security Geek

堆漏洞利用（2.29以上glibc,off-by-null, 加了申请size限制）

https://www.anquanke.com/post/id/231418