Inspired by 360CERT
漏洞 Vulnerability
iOS修复呼叫记录安全漏洞
https://www.bleepingcomputer.com/news/security/iphone-call-recorder-bug-gave-acess-to-other-peoples-conversations/
CVE-2020-5377 Dell Openmanage Server漏洞
https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
恶意软件 Malware
挖矿恶意软件重出江湖:z0Miner大肆攻击ES、Jenkins服务器
https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/
安全研究 Security Research
K8s原理浅析
https://attl4s.github.io/assets/pdf/You_do_(not)_Understand_Kerberos.pdf
再探DNS缓存荼毒
https://unit42.paloaltonetworks.com/overview-of-dnsmasq-vulnerabilities-the-dangers-of-dns-cache-poisoning/
绕过静态检测研究
https://www.cyberark.com/resources/threat-research-blog/kinsing-the-malware-with-two-faces
CSRF -> RCE
https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce
Amazon EC2 IP
https://blog.melbadry9.xyz/ddns-ec2-ips-current-state
安全资讯 Security Information
微软公布Azure LoLBins缓解措施
https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/
GandCrab相关人员被逮捕
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/
Github修复登录账号错误漏洞
https://www.bleepingcomputer.com/news/security/github-fixes-bug-causing-users-to-log-into-other-accounts/
安全事件 Security Incident
Tesla、Cloudflare等公司摄像头遭黑客攻击
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
美司法部又扣押一个疑似参与疫苗钓鱼攻击的域名
https://www.bleepingcomputer.com/news/security/us-seizes-more-domains-used-in-covid-19-vaccine-phishing-attacks/
安全客 Security Geek
D3CTF wp By ez_team
https://www.anquanke.com/post/id/233829