6月27日-每日安全知识热点

http://p0.qhimg.com/t01f7ef32da341925d2.jpg

技术类:

Apple EFI固件密码和SCBO的秘密

https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/


研究人员在维也纳度假时遇到的ATM Skimmer

http://thehackernews.com/2016/06/atm-skimmer.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29


Security Onion 提供安全/匿名上网的LINUX发行版

https://security-onion-solutions.github.io/security-onion/


使用多字节字符绕过sql WAF

http://howto.hackallthethings.com/2016/06/using-multi-byte-characters-to-nullify.html


Cloakify:开源的Data Exfiltration工具

https://github.com/trycatchhcf/cloakify


From LFI to RCE in php

https://dustri.org/b/


facebook bug:可以删除任意视频(已经修复)

http://www.pranavhivarekar.in/2016/06/23/facebooks-bug-delete-any-video-from-facebook/


Windows: NtCreateProcessEx 空指针引用POC

https://bugs.chromium.org/p/project-zero/issues/detail?id=852#c_ts1466850084


Apple OS X 10.10 系统安全辅导

http://csrc.nist.gov/publications/drafts/800-179/sp800_179_draft.pdf


使用kali实现evil twin攻击

https://www.cybrary.it/0p3n/evil-twin-attack-using-kali-linux/


uber攻击:渗透测试人员如何从bug到bereach

https://nakedsecurity.sophos.com/2016/06/24/uber-under-attack-how-penetration-testers-turn-bugs-into-breaches/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29


我如何被黑以及丢掉我的工作的

https://heimdalsecurity.com/blog/true-story-time-got-hacked-lost-work/?utm_content=buffer6b7d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer


dorothy2:用ruby编写的恶意软件/僵尸网络分析框架

https://github.com/m4rco-/dorothy2


从编程和GPU破解角度讲解密码安全

https://www.troyhunt.com/our-password-hashing-has-no-clothes/


secant:给云作安全评估的工具

https://github.com/CESNET/secant


浏览器exploi pack,可用于辅助进行内网攻击

https://github.com/julienbedard/browsersploit


CVE-2016-5699 POC

https://github.com/bunseokbot/CVE-2016-5699-poc


Pornhub的svn服务可访问,导致源码泄露,漏洞发现者获得了1W美金奖励

https://hackerone.com/reports/72243


回顾这一年多款杀软自身的漏洞

http://blog.ptsecurity.com/2016/06/antivirus-as-threat.html


受雇的黑客是如何完全控制Palantir(大数据公司)的

https://www.buzzfeed.com/williamalden/how-hired-hackers-got-complete-control-of-palantir


恶意软件可以使用风扇噪音从空气中提取计算机数据

http://news.softpedia.com/news/malware-can-use-fan-noise-to-exfiltrate-data-from-air-gapped-systems-505623.shtml?utm_content=bufferc9615&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer


绕过保护,访问敏感数据

http://reverseengineeringtips.blogspot.com/2016/06/bypassing-protections-exploiting.html


资讯类:

黑客在暗网销售651,894份医疗记录

http://news.softpedia.com/news/hacker-selling-651-894-patient-records-on-the-dark-web-505680.shtml


网络广告公司InMobi通过WIFI暗中跟踪用户,被罚$950,000

http://news.softpedia.com/news/ad-network-fined-950-000-for-secretly-tracking-users-via-nearby-wifi-signals-505602.shtml?utm_content=buffer4e92e&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer


新的ICS恶意软件攻击SCADA系统

https://securityintelligence.com/news/new-ics-malware-irongate-channels-stuxnet-to-scam-scada-systems/


黑客泄露美国军方个人数据

https://www.hackread.com/ghost-squad-hackers-leak-us-military-data/


通过tor的xmpp中间人攻击

https://tech.immerda.ch/2016/03/xmpp-man-in-the-middle-via-tor/


PunkeyPOS已经窃取千万信用卡号

http://securityaffairs.co/wordpress/48742/malware/punkeypos-impacts-millions-via-infected-restaurants.html


联邦储备银行从2011-2015年至少被黑了50次

http://venturebeat.com/2016/06/04/federal-reserve-bank-was-hacked-more-than-50-times-between-2011-and-2015/


Locky欺诈勒索软件回来了:已经感染了49个域名

http://securityaffairs.co/wordpress/48725/malware/locky-ransomware-back.html


数据泄露消息:

有人泄露了2016年3月18月前的17.media的数据库,数据比较杂,没有暗网卖的那份数据格式规整,其中包含邮箱的有1995016条,含有QQ邮箱的有974184条,含有126/163邮箱的有175257条,使用IOS手机的用户有1234068条,使用android手机的用户有760947条

免责声明:文章内容不代表本站立场,本站不对其内容的真实性、完整性、准确性给予任何担保、暗示和承诺,仅供读者参考,文章版权归原作者所有。如本文内容影响到您的合法权益(内容、图片等),请及时联系本站,我们会及时删除处理。查看原文

为您推荐