2月28日安全热点 - SAML漏洞/利用Memcache Server进行DDoS攻击

阅读量    97997 |

分享到: QQ空间 新浪微博 微信 QQ facebook twitter

 

资讯类

SAML漏洞可让攻击者以其他用户身份登录

https://www.bleepingcomputer.com/news/security/saml-vulnerability-lets-attackers-log-in-as-other-users/

https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations

http://www.zdnet.com/article/saml-protocol-bug-puts-single-sign-on-accounts-at-risk/

 

最近修补的CVE-2018-4878 Adob​​e Flash Player漏洞现在已被网络犯罪分子利用

Morphisec的安全研究人员发现了一个大规模黑客活动,该活动利用最近修补的CVE-2018-4878 Adob​​e Flash Player漏洞

Recently patched CVE-2018-4878 Adobe Flash Player flaw now exploited by cybercriminals

 

Memcache服务器可以被利用来进行大规模DDoS攻击

https://www.bleepingcomputer.com/news/security/memcache-servers-can-be-abused-for-insanely-massive-ddos-attacks/

 

新的RedDrop Android间谍软件可以记录附近的音频

一款名为RedDrop的新型Android恶意软件可以执行大量恶意操作,包括录制附近的音频并将数据上传到Dropbox和Google Drive上的云存储帐户。

https://www.bleepingcomputer.com/news/security/new-reddrop-android-spyware-records-nearby-audio/

 

技术类

从救火到先知,DNS安全分析场景实践谈

https://www.sec-un.org/%E4%BB%8E%E6%95%91%E7%81%AB%E5%88%B0%E5%85%88%E7%9F%A5%EF%BC%8Cdns%E5%AE%89%E5%85%A8%E5%88%86%E6%9E%90%E5%9C%BA%E6%99%AF%E5%AE%9E%E8%B7%B5%E8%B0%88

 

Tomcat CVE-2018-1305 分析

https://mp.weixin.qq.com/s/PZsOQy2lpR1lHqLWmAXlbg

 

物联网黑客:如何再次打破智能家居
https://securelist.com/iot-hack-how-to-break-a-smart-home-again/84092/

 

三星 Gear VR 控制器逆向分析

http://jsyang.ca/hacks/gear-vr-rev-eng/

 

深入研究数据库攻击 Part 2:通过 SQL 命令传递和执行恶意程序(SQL Server)

https://www.imperva.com/blog/2018/02/deep-dive-database-attacks-part-ii-delivery-execution-malicious-executables-sql-commands-sql-server

 

Harpoon:OSINT /威胁情报工具

https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-/-threat-intelligence-tool/

 

All Hail Bettercap 2.0, One Tool to Rule Them All

https://www.evilsocket.net/2018/02/27/All-hail-bettercap-2-0-one-tool-to-rule-them-all/

 

GetGo Download Manager 5.3.0.2712 – Buffer Overflow (SEH)

https://www.exploit-db.com/exploits/44187/

 

Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence

https://bohops.com/2018/02/26/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence/

 

Chrome V8 – ‘PropertyArray’ Integer Overflow

https://www.exploit-db.com/exploits/44179/

 

用一个域名挖出一个团伙,暗云实战中的威胁溯源方法

https://mp.weixin.qq.com/s/VT0npkPY8byBLA6WTTMAyw

 

tcp连接劫持者

https://crates.io/crates/rshijack

https://github.com/kpcyrd/rshijack

 

Joomla! Component K2 2.8.0 – Arbitrary File Download

https://www.exploit-db.com/exploits/44188/

 

AxxonSoft Axxon Next – AxxonSoft Client Directory Traversal via an initial /css//..%2f substring in a URI. CVE-2018-7467

http://seclists.org/fulldisclosure/2018/Feb/82

 

高级蜜罐框架
https://github.com/honeytrap/honeytrap

分享到: QQ空间 新浪微博 微信 QQ facebook twitter
|推荐阅读
|发表评论
|评论列表
加载更多