2月22日安全热点 - 思科Elastic Services Controller存在严重漏洞

阅读量    102603 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

 

思科Elastic Services Controller服务端口身份验证绕过漏洞

思科Elastic Services Controller软件的基于Web的身份验证功能中的漏洞可能允许未经授权的远程攻击者绕过身份验证,并在受影响的系统上以管理员权限执行任意操作。

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc

 

uTorrent客户端存在严重安全漏洞

https://www.bleepingcomputer.com/news/security/utorrent-client-affected-by-some-pretty-severe-security-flaws/

https://threatpost.com/utorrent-users-warned-of-remote-code-execution-vulnerability/130030/

 

俄罗斯Sofacy APT组织将重点攻击目标从北约成员国转移到中东地区

http://securityaffairs.co/wordpress/69365/apt/sofacy-apt-east.html

 

被忽视的朝鲜黑客组织——APT37

https://www2.fireeye.com/rs/848-DID-242/images/rpt_APT37.pdf

https://www.bleepingcomputer.com/news/security/a-new-north-korean-hacker-group-is-making-a-name-for-itself/

http://www.zdnet.com/article/north-korean-reaper-apt-uses-zero-day-vulnerabilities-to-spy-on-governments/

 

黑客可以劫持超过52,000个婴儿监视器视频源

https://www.bleepingcomputer.com/news/security/hackers-can-hijack-over-52-000-baby-monitor-video-feeds/

 

基于恐怖电影的新型勒索软件——Annabelle

https://www.bleepingcomputer.com/news/security/the-annabelle-ransomware-is-a-horrific-mess/

 

技术类

趋势科技电子邮件加密网关多个漏洞

https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

https://success.trendmicro.com/solution/1119349-security-bulletin-trend-micro-email-encryption-gateway-5-5-multiple-vulnerabilities

 

OWASP Web应用自动威胁手册

https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf

 

消失的字节:逆向工程MS Office RTF分析器

https://securelist.com/disappearing-bytes/84017/

 

当婴儿监视器不再智能

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

 

使用Facebook帐户攻击Tinder帐户

https://medium.com/@appsecure/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1

 

关于密码安全性的讨论

https://blog.cloudflare.com/how-developers-got-password-security-so-wrong/

 

攻击LNMP架构Web应用的几个小Tricks

https://www.leavesongs.com/PENETRATION/some-tricks-of-attacking-lnmp-web-application.html

 

隐藏在XXE Zeroday HP PPM中的漏洞

https://rhinosecuritylabs.com/application-security/xxe-zeroday-vulnerability-in-hp-project/

 

用户级API监控和代码注入检测

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

 

用k匿名验证泄漏的密码

https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/

https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

 

代码审计之QCMS 3.0

代码审计之QCMS 3.0

 

在Twitter上进行钓鱼

https://github.com/omergunal/PoT

 

IDA双击RCE

IDA text Execution

 

Chrome扩展程序和Express服务器利用CSS的键盘记录功能

https://github.com/maxchehab/CSS-Keylogging

 

 

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多