2月25日安全热点 - SamSam再次来袭，科罗拉多交通部遭到重创

 

资讯类

科罗拉多交通部门2000多台电脑被SamSam勒索软件感染

http://securityaffairs.co/wordpress/69492/malware/samsam-ransomware-colorado-dot.html

https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-colorado-dot-agency-shuts-down-2-000-computers/

 

Data Keeper在野勒索软件出现

https://www.bleepingcomputer.com/news/security/data-keeper-ransomware-makes-first-victims-two-days-after-release-on-dark-web-raas/

 

Talos：2月16日至23日威胁总结

http://blog.talosintelligence.com/2018/02/threat-round-up-0216-0223.html

 

安卓操作系统的下一个主要版本Android P将阻止后台应用程序访问手机的相机或麦克风

https://www.bleepingcomputer.com/news/mobile/android-p-will-block-background-apps-from-accessing-phones-camera-and-microphone/

 

技术类

是谁悄悄偷走我的电（三）：某在线广告网络公司案例分析

http://blog.netlab.360.com/who-is-stealing-my-power-iii-an-adnetwork-company-case-study/

 

应用安全:JAVA反序列化漏洞之殇

https://mp.weixin.qq.com/s?__biz=MzI3NzAzMjEyNg==&mid=2649530469&idx=1&sn=4a2ba687274aec2f44b29660b8567fcd&chksm=f3747db4c403f4a2c1fb3ac7cb869f347bfc74a838266ef55455d7b4495ab0481abef81e660f&scene=0&key=840d183eb8a3dbfa5f3f32cb8d30667e5030e61ccbe28114

 

用 javascript 框架绕过 XSS 防御

https://paper.seebug.org/533/

 

打破.Net框架的界限

.Net over .net – Breaking the Boundaries of the .Net Framework

 

CVE-2018-4878 Exploit生成器

http://py4.me/blog/?p=572

 

网安学科知识体系正式发布

https://mp.weixin.qq.com/s/uZFYl3xKT5-aWzvI3mmQ2A

 

2017年度蜜计划（蜜罐工作）总结

https://mp.weixin.qq.com/s/SIBGnMc-XIqy2Ohj1ni_fg

 

Writeup – Flag Checker 2，Mario Mystery，Envy（Xiomara CTF）

https://advancedpersistentjest.com/2018/02/24/writeup-flag-checker-2-mario-mystery-envy-xiomara-ctf/

 

GitLeaks——检查git回购密钥

https://github.com/zricethezav/gitleaks

 

使用YubiKey解锁LUKS分区

https://github.com/agherzan/yubikey-full-disk-encryption

 

Mitmproxy 3发布

https://mitmproxy.org/posts/releases/mitmproxy3/