漏洞 Vulnerability
CVE-2019-19082 CrOS: Linux kernel漏洞
https://bugs.chromium.org/p/chromium/issues/detail?id=1030084
工控产品ABB Relion 670系列漏洞
https://www.us-cert.gov/ics/advisories/icsa-19-330-01
卡巴斯基安全连接工具可被dll劫持
https://safebreach.com/Post/Kaspersky-Secure-Connection-DLL-Preloading-and-Potential-Abuses-CVE-2019-15689
安全工具 Security Tools
kilos–暗网内容检索工具
https://intsights.com/blog/kilos-the-dark-webs-newest-and-most-extensive-search-engine
安全报告 Security Report
欧盟网络安全局(ENISA)发布港口网络安全指南,以加强其网络安全。
https://www.enisa.europa.eu/publications/port-cybersecurity-good-practices-for-cybersecurity-in-the-maritime-sector/
安全资讯 Security Information
2100万Mixcloud用户数据泄露
https://securityaffairs.co/wordpress/94581/data-breach/mixcloud-data-breach.html
TrueDialog数据库泄漏了数千万条SMS短信
https://securityaffairs.co/wordpress/94593/data-breach/truedialog-data-leak.html
国土安全部要求联邦机构制定漏洞披露政策
https://www.darkreading.com/vulnerabilities—threats/dhs-to-require-federal-agencies-to-set-vulnerability-disclosure-policies-/d/d-id/1336499
巴拿马参与干扰美国大选
https://www.dispatch.com/news/20191126/ohio-election-day-cyber-attack-attempt-traced-to-panama
美国联邦调查局(FBI)评估俄罗斯应用软件可能构成反情报威胁
https://www.cyberscoop.com/fbi-russian-apps-counterintelligence-faceapp-schumer/
安全研究 Security Research
深入分析一个Pwn2Own的优质Webkit漏洞
https://www.anquanke.com/post/id/194006
追溯朝鲜APT组织Lazarus的攻击历程
https://www.freebuf.com/articles/system/221008.html
利用安卓RCS获取目标权限
https://gbhackers.com/rcs-hacking-attacks/
开源情报(OSINT)教程
https://www.peerlyst.com/posts/how-to-perform-open-source-intelligence-osint-chiheb-chebbi
利用CallerSpy分发的移动网络间谍活动
https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-distributed-through-callerspy-mounts-initial-phase-of-a-targeted-attack/
StrandHogg 安卓漏洞,被银行木马搭载使用
https://promon.co/security-news/strandhogg/
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论