Inspired by 360CERT
漏洞 Vulnerability
Apple修复iOS 0day漏洞
https://www.bleepingcomputer.com/news/security/apple-fixes-a-ios-zero-day-vulnerability-actively-used-in-attacks/
McAfee HTML注入
https://ricardojba.github.io/CVE-2021-23888-McAfee-ePolicy-Orchestrator-HTML-Injection/
恶意软件 Malware
勒索软件开始通过二级受害者威胁受害者
https://www.bleepingcomputer.com/news/security/ransomware-gang-urges-victims-customers-to-demand-a-ransom-payment/
安全研究 Security Research
Foobar CTF 2021
https://foobar.nitdgplug.org/
绕过Cloudflare bot检测
https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb
恶意软件“指纹”
https://www.sans.org/reading-room/whitepapers/threats/exploring-human-fingerprints-malware-39275
安全资讯 Security Information
Compucom MSP预计因勒索软件损失2000万美元
https://www.bleepingcomputer.com/news/security/compucom-msp-expects-over-20m-in-losses-after-ransomware-attack/
FatFace遭勒索软件攻击后群发邮件惹争议
https://www.bleepingcomputer.com/news/security/fatface-sends-controversial-data-breach-email-after-ransomware-attack/
安全事件 Security Incident
Ziggy勒索软件宣布关闭后决定退还赎金
https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/
npm库Bug致数十万应用出现问题
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
德国议会再遭俄罗斯黑客攻击
https://www.bleepingcomputer.com/news/security/german-parliament-targeted-again-by-russian-state-hackers/
安全客 Security Geek
Laravel 8 Debug mode RCE 汇总
https://www.anquanke.com/post/id/235228