2月9日每日安全热点 - 黑客攻击供水设施并试图攻击市民

Inspired by 360CERT

漏洞 Vulnerability

超80万次安装的WP插件已修复高危漏洞

https://www.bleepingcomputer.com/news/security/critical-vulnerability-fixed-in-wordpress-plugin-with-800k-installs/

 

恶意软件 Malware

Emotet逆向分析大总结

https://cert.grnet.gr/en/blog/reverse-engineering-emotet/

 

安全研究 Security Research

Telegram附近的人功能安全性研究

https://owlspace.xyz/cybersec/tg-nearby/

 

JWT密钥滥用

https://blog.silentsignal.eu/2021/02/08/abusing-jwt-public-keys-without-the-public-key/

 

Java反序列化Cheatsheet

https://afinepl.medium.com/testing-and-exploiting-java-deserialization-in-2021-e762f3e43ca2

 

安全工具 Security Tools

Blobhunter：Azure安全评估

https://www.helpnetsecurity.com/2021/02/08/open-source-tool-blobhunter-public-azure-blobs/

 

安全资讯 Security Information

Android应用更新后加入恶意功能后被下架

https://www.bleepingcomputer.com/news/security/android-app-joins-the-dark-side-sends-malware-update-to-millions/

 

安全报告 Security Report

微软称Emotet被击溃后仍不能放松警惕

https://www.bleepingcomputer.com/news/security/microsoft-keep-your-guard-up-even-after-emotet-s-disruption/

 

安全事件 Security Incident

黑客攻击供水设施并试图攻击市民

https://www.bleepingcomputer.com/news/security/hackers-tried-poisoning-town-after-breaching-its-water-facility/

 

安全客 Security Geek

从Java RMI反序列化到内网沦陷

https://www.anquanke.com/post/id/230516