免责声明:以下内容原文来自互联网的公共方式,仅用于有限分享,译文内容不代表蚁景网安实验室观点,因此第三方对以下内容进行分享、传播等行为,以及所带来的一切后果与译者和蚁景网安实验室无关。以下内容亦不得用于任何商业目的,若产生法律责任,译者与蚁景网安实验室一律不予承担。
1、黑客滥用Microsoft Build Engine来传播恶意软件
https://thehackernews.com/2021/05/hackers-using-microsoft-build-engine-to.html
2、Rapid7源代码受Codecov供应链攻击影响
https://thehackernews.com/2021/05/rapid7-source-code-breached-in-codecov.html
3、Magecart使用网站图标隐藏PHP后门
https://thehackernews.com/2021/05/magecart-hackers-now-hide-php-based.html
4、FIN7网络犯罪团伙将Lizar后门伪装称渗透测试工具进行传播
https://threatpost.com/fin7-backdoor-ethical-hacking-tool/166194/
5、思科修复了VPN产品中了代码执行漏洞
https://www.securityweek.com/cisco-patches-code-execution-flaw-vpn-product-6-months-after-disclosure
6、Avaddon勒索软件团伙入侵了法国金融咨询公司Acer Finance
https://securityaffairs.co/wordpress/117991/cyber-crime/avaddon-ransomware-acer-finance-axa.html
7、AMD SEV保护系统存在漏洞可被绕过
https://securityaffairs.co/wordpress/117981/security/amd-sev-attacks.html
8、QNAP警告eCh0raix勒索软件和Roon Server零日攻击
https://securityaffairs.co/wordpress/117943/hacking/qnap-ech0raix-ransomware-roon-server.html
9、scheme flooding技术可在不同浏览器之间(包括Tor)识别用户
https://securityaffairs.co/wordpress/117933/digital-id/fingerprinting-technique-scheme-flooding.html
10、Darkside勒索运营商失去了对服务器和资金的控制
https://securityaffairs.co/wordpress/117918/cyber-crime/fbi-seized-darkside-servers.html