五月 | 2018 | xxx2018年5月 – xxx
菜单

每月的档案:2018年5月

EOS节点远程代码执行漏洞 — EOS智能合约WASM函数表数组越界
Yuki Chen of Qihoo 360 Vulcan TeamZhiniang Peng of Qihoo 360 Core Security我们发现了EOS区块链系统在解析智能合约WASM文件时的一个越界写缓冲区溢出漏洞,并验证了该漏洞的完整攻击链。
EOS Node Remote Code Execution Vulnerability — EOS WASM Contract Function Table Array Out of Bounds
Yuki Chen of Qihoo 360 Vulcan TeamZhiniang Peng of Qihoo 360 Core SecurityWe found and successfully exploit a buffer out-of-bounds write vulnerability in [...]
GPON Exploit in the Wild (IV) – TheMoon Botnet Join in with a 0day(?)
This article was co-authored by Hui Wang, Rootkiter and Yegenshen.It looks like this GPON party will never end. We just found TheMoon botnet has join the party.
DDG.Mining.Botnet 近期活动分析
UPDATE(2018.6.13)6.12 日,我们监测到 DDG.Mining.Botnet 又发布了新版本,最新版本为 v3012 ,更新概要如下:
GPON Exploit in the Wild (III) – Mettle, Hajime, Mirai, Omni, Imgay
This article was co-authored by Hui Wang, LIU Ya, Rootkiter and Yegenshen.In our previous articles I and II of this series, we mentioned that since the [...]
GPON 漏洞的在野利用(三)——Mettle、Hajime、Mirai、Omni、Imgay、TheMoon
本文由 Hui Wang、LIU Ya、RootKiter、yegenshen 共同撰写。[更新 2018-05-21 17:30]我们在之前的系列文章 一 和 二 [...]
GPON Exploit in the Wild (II) – Satori Botnet
This article was co-authored by Rootkiter, Yegenshen, and Hui Wang.In our previous article, we mentioned since this GPON Vulnerability (CVE-2018-10561, [...]
GPON 漏洞的在野利用(二)——Satori 僵尸网络
本篇文章由 Rootkiter,yegenshen,Hui Wang 共同撰写。我们在之前的 文章 里提及,在本次GPON漏洞(CVE-2018-10561,CVE-2018-10562)公布以来,10天内已经有至少5个僵尸网络家族在积极利用该漏洞构建其僵尸军团,包括 [...]
GPON 漏洞的在野利用(一)——muhstik 僵尸网络
自从本次GPON漏洞公布以来,10天内已经有至少5个僵尸网络家族在积极利用该漏洞构建其僵尸军团,包括 mettle、muhstik、mirai、hajime、satori。时间之短、参与者之多,在以往IoT僵尸网络发展中并不多见。
GPON Exploit in the Wild (I) – Muhstik Botnet Among Others
On May 1st, VPN Mentor disclosed two vulnerabilities against GPON home router. Since then, at least 5 botnet families have been actively exploiting the [...]
APT-C-06组织在全球范围内首例使用“双杀”0day漏洞(CVE-2018-8174)发起的APT攻击分析及溯源
[...]
Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack
Recently, the Advanced Threat Response Team of 360 Core Security Division detected an APT attack exploiting a 0-day vulnerability and captured the world’s [...]
Lock. 勒索病毒分析
更多详情请点击360勒索病毒专题页:http://lesuobingdu.360.cn随着网络办公的普及,人们越来越习惯使用电脑处理文档以及工作上的事情,该勒索病毒伪装成Excel图标,当受害者不小心点开后,便会加密文件,并提示用户缴纳赎金。

Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51