- News -
1.超10万个 GitHub 仓库被发现可泄漏API令牌及密钥
https://www.cnbeta.com/articles/tech/830477.htm
2.微软为 macOS 推出 Defender ATP Endpoint Security
http://www.securityweek.com/microsoft-launches-defender-atp-endpoint-security-macos
- Analysis -
1.2019年网络犯罪和恶意软件预测
https://www.freebuf.com/news/197732.html
2.一个新的门罗币挖矿恶意软件变种分析
https://blog.checkpoint.com/2019/03/19/check-point-forensic-files-monero-cryptominer-campaign-cryptojacking-crypto-apt-hacking/
3.CVE-2019-0604 :微软 SharePoint RCE 漏洞分析
https://www.thezdi.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability
- Research -
1.如何分析 Go 二进制文件
https://isc.sans.edu/diary/rss/24770
2.通过USB攻击游戏手柄上的微控制器固件
https://securelist.com/hacking-microcontroller-firmware-through-a-usb/89919/89919/
- News -
1.Elsevier配置错误导致用户凭证泄漏
https://latesthackingnews.com/2019/03/25/elsevier-exposed-user-credentials-publicly-through-misconfigured-server/
2.LTE协议发现了36个新漏洞
https://xakep.ru/2019/03/25/ltefuzz/
3.Mozilla发布安全更新修复了 Pwn2Own 期间公布两个 0day
https://news.softpedia.com/news/mozilla-releases-firefox-66-0-1-to-patch-two-critical-security-vulnerabilities-525408.shtml
- Analysis -
1.Cardinal RAT攻击以色列金融科技公司
https://unit42.paloaltonetworks.com/cardinal-rat-sins-again-targets-israeli-fin-tech-firms/
- Tools -
1.Androwarn - 恶意Android应用程序静态代码分析器
https://www.kitploit.com/2019/03/androwarn-yet-another-static-code.html
2.SilkETW - 用于捕获和分析Windows事件日志的新型威胁情报工具
https://gbhackers.com/silketw-intellegence-tool/
- APT -
1.拍拍熊(APT-C-37):持续针对某武装组织的攻击活动揭露
http://blogs.360.cn/post/analysis-of-apt-c-37.html
2.海莲花组织针对中国APT攻击的最新样本分析
https://www.4hou.com/web/16956.html
- News -
1.网络犯罪分子越来越多地使用 SSL/TLS 来隐藏并发动攻击
https://www.helpnetsecurity.com/2019/03/26/using-encryption-to-conceal-and-launch-attacks
2.iOS 12.2 修复了超过50个的安全漏洞
https://www.bleepingcomputer.com/news/security/ios-122-patches-over-50-security-vulnerabilities/
3.易于破解的无钥启动汽车使得盗窃增多
https://www.komando.com/happening-now/557051/car-security
4.华硕回应Live Update供应链攻击:仅数百台受到影响
https://www.cnbeta.com/articles/tech/831203.htm
- Vulnerability -
1.Chrome零日漏洞(CVE-2019-5786)分析
https://www.anquanke.com/post/id/175411
2.一行代码逃逸 Safari 沙箱
https://paper.seebug.org/868/
- Analysis -
1.逆向分析ISFB银行木马的第一阶段的加载程序(上)
https://www.4hou.com/reverse/16961.html
- Research -
1.PHP 内核层解析反序列化漏洞
http://paper.seebug.org/866/
2.在JEP 290出现后攻克JAVA RMI服务
https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/
3.APT组织的聚类与攻击者活动关联
https://www.fireeye.com/blog/threat-research/2019/03/clustering-and-associating-attacker-activity-at-scale.html
- APT -
1.疑似APT-C-27利用WinRAR漏洞的定向攻击活动分析
https://www.freebuf.com/articles/system/198695.html
- News -
1.欧盟委员会提出了确保5G电信网络安全引入的计划
https://www.france24.com/en/20190326-eu-presents-plan-safe-5g-amid-huawei-suspicions
2.UC浏览器中的危险功能允许黑客通过MITM攻击劫持数百万Android用户
https://gbhackers.com/uc-browser-mitm-attack/
- Analysis -
1.华硕软件更新服务器遭黑客劫持,自动更新向用户下发恶意程序
https://www.4hou.com/info/news/17035.html
- Research -
1.Windows注册表取证分析
https://paper.tuisec.win/detail/2c9acf6c656dd85
2.红队建设与备忘录
http://www.cnblogs.com/backlion/p/10606276.html
- APT -
1.疑似MuddyWater APT组织针对伊拉克运营商的攻击活动分析
https://www.freebuf.com/articles/system/198940.html
- News -
1.Elfin 间谍组织瞄准沙特阿拉伯和美国
https://www.symantec.com/blogs/threat-intelligence/elfin-apt33-espionage
2.思科补丁问题导致 RV320/RV325 路由器仍然暴露在黑客攻击中
https://twitter.com/gastronomy/status/1111175375760044034
3.暗网市场 Dream Market 宣布4月底“跑路” 同天打击走私行动收工
https://www.cnbeta.com/articles/tech/831903.htm
4.黑客排队利用 WinRAR 漏洞
https://www.infosecurity-magazine.com/news/hackers-queue-up-to-exploit-winrar-1/
- Vulnerability -
1.WebAssembly 高危漏洞影响 Edge 和 Safari 浏览器
http://paper.seebug.org/870/
2.CVE-2019-0604 SharePoint 远程代码执行安全预警通告
https://mp.weixin.qq.com/s/L_WjxJFgpYcNoMzclCYMMQ
- Research -
1.从0到 ReverseShell:路由器漏洞靶场DVAR实践
https://www.anquanke.com/post/id/175493
2.YSOSERIAL Payloads 分析笔记(1)
https://blog.csdn.net/fnmsd/article/details/88807512
- News -
1.微软关闭了APT35控制的99个站点
http://www.darkreading.com/attacks-breaches/microsoft-takes-down-99-hacker-controlled-websites/d/d-id/1334286
2.前 NSA 承包商将因盗窃最高机密信息罪而被判刑
https://www.cyberscoop.com/harold-martin-guilty-plea-nsa-shadow-brokers/
3.APT小组Elfin通过WinRAR漏洞从数据破坏行为转向数据窃取
http://www.csoonline.com/article/3385126/apt-group-elfin-switches-from-data-destruction-to-data-stealing-via-winrar-vulnerability.html
4.MikroTik RouterOS中未修补的漏洞可以被利用于拒绝服务攻击
https://www.techrepublic.com/article/unpatched-vulnerability-in-mikrotik-routeros-enables-easily-exploitable-denial-of-service-attack/
5.黑客通过加密ZIP文件传播银行类恶意软件
https://gbhackers.com/hackers-distribute-malware-zip/
6.黑客入侵加油站窃取超过120,000升汽油
https://gbhackers.com/gas-stations-hacked/
- Tools -
1.LAPSToolkit - 检查和攻击LAPS环境的工具
https://github.com/leoloobeek/LAPSToolkit
2.Legion:一款易于使用且功能强大的半自动化网络渗透工具
https://github.com/GoVanguard/legion
- News -
1.微软 Edge和 IE 浏览器 0day 被公开,可绕过同源策略
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
2.丰田310万客户敏感信息泄露
https://www.darkreading.com/attacks-breaches/toyota-customer-information-exposed-in-data-breach/d/d-id/1334291
3.英国网络安全官员称华为的安全措施一团糟
https://arstechnica.com/information-technology/2019/03/uk-cyber-security-officials-report-huaweis-security-practices-are-a-mess/
4.TP-Link SR20 路由器现命令执行漏洞
https://meterpreter.org/researcher-reveals-arbitrary-command-execution-on-the-tp-link-sr20-smart-hub-and-router/
5.韩国研究人员对4G移动网络进行模糊测试,发现36个新安全漏洞
https://www.aqniu.com/industry/45919.html
6.微软发现华为笔记本驱动程序存在本地权限提升漏洞
https://arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/
- Research -
1.台湾企业2019年信息安全投入调查报告
https://www.ithome.com.tw/article/129617
- News -
1.沙特政府从亚马逊CEO贝索斯手机获取到个人数据
http://www.cnbeta.com/articles/tech/832747.htm
2.Bithumb疑似被黑,超过3百万EOS被转走
https://twitter.com/DoveyWan/status/1111839155380801536
3.新型Android木马Gustuff已影响上百家银行应用程序
https://securityaffairs.co/wordpress/83005/malware/android-trojan-gustuff.html
4.精彩回顾 | Blackhat ASIA 亚洲黑帽大会
https://www.anquanke.com/post/id/175294
- Research -
1.rapid7发布现代漏洞管理白皮书
https://content.rapid7.com/c/rapid7-whitepaper-mo?x=o0CqBp
- Others -
1.BlackHat Asia 2019 slides 合集
https://github.com/riusksk/SecConArchive/tree/master/BlackHat_Asia_2019