Inspired by 360CERT
漏洞 Vulnerability
以太坊DoS漏洞
https://adalogics.com/blog/the-importance-of-continuity-in-fuzzing-cve-2020-28362
安全研究 Security Research
供应链攻击现状
https://github.com/hardenedlinux/cheap-pcb/blob/main/cheap-pcb-story.md
中间件安全配置杂谈
https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/
行为控制图像扫描识别
https://sysdig.com/blog/image-scanning-admission-controller/
第三方网络安全之用户输入
https://adtechmadness.wordpress.com/2021/02/18/all-your-are-belong-to-me/
安全报告 Security Report
Azure、Exchange部分源码在Solarwinds行动中被窃
https://www.bleepingcomputer.com/news/microsoft/microsoft-solarwinds-hackers-downloaded-some-azure-exchange-source-code/
FBI对电话拒绝服务攻击发出预警
https://www.bleepingcomputer.com/news/security/fbi-telephony-denial-of-service-attacks-can-lead-to-loss-of-lives/
FBI分享朝鲜窃取加密货币行动细节
https://www.bleepingcomputer.com/news/security/us-shares-info-on-north-korean-malware-used-to-steal-cryptocurrency/
安全事件 Security Incident
RIPE NCC发布通告称遭到网络攻击
https://www.bleepingcomputer.com/news/security/ripe-ncc-internet-registry-discloses-sso-credential-stuffing-attack/
Google Apps被滥用以绕过CSP
https://www.bleepingcomputer.com/news/security/hackers-abuse-google-apps-script-to-steal-credit-cards-bypass-csp/
安全客 Security Geek
CVE-2021-3156 sudo heap-based bufoverflow 复现&分析
https://www.anquanke.com/post/id/231408