12月29日安全热点 - 新的WordPress后门插件/趋势科技与GPL

 

资讯类

又有三个WordPress插件被发现存在后门

https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/

 

奥巴马网络安全专员告诉你如何保护网上购物安全

https://www.digitaltrends.com/computing/dr-eric-cole-on-cybersecurity/?_lrsc=74f0f6f9-de93-4b6b-92b8-89dd540ecfb0

 

趋势科技发布的勒索软件解密器未遵守GPL协议

https://www.bleepingcomputer.com/forums/t/666586/trend-micro-distributing-a-gpl-violating-teslacrypt-decryptor/

 

Opera浏览器开始启用内部保护程序对抗挖矿脚本

https://cryptovest.com/news/crypto-mining-scripts-latest-opera-version-includes-built-in-protection/

 

Tastylock Cryptomix勒索软件变种出现

https://www.bleepingcomputer.com/news/security/tastylock-cryptomix-ransomware-variant-released/

 

技术类

iOS内核漏洞利用探耽求究

https://media.ccc.de/v/34c3-8720-ios_kernel_exploitation_archaeology

 

iPhone X Home“键”的内在分析

http://blog.zats.io/2017/12/27/iPhone-X-home-button/

 

2^5位指令集TCP Bind Shell

https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/

 

SaaS中的SSL初探

https://blog.cloudflare.com/introducing-ssl-for-saas/

 

走向Web开发巅峰之路的经验教训

https://medium.freecodecamp.org/how-to-be-an-uncommonly-good-web-developer-7f745978351f

 

Cisco iOS 1day利用

https://media.ccc.de/v/34c3-8936-1-day_exploit_development_for_cisco_ios

 

Wifi Direct Protocol攻击实现

https://www.blackhat.com/docs/eu-17/materials/eu-17-Blanco-WI-FI-Direct-To-Hell-Attacking-WI-FI-Direct-Protocol-Implementations-wp.pdf

 

关于C2的设计与思考

http://www.invokethreat.actor/2017/12/thoughts-on-c2-designs-and-tradecraft.html

 

Steam漏洞利用PoC

https://gitlab.com/kyeho/Write-ups/raw/master/Steam%20Link