E安全12月21日讯 根据美国国会18个月的研究报告显示，美国执法机构花费巨额资金在黄貂鱼（Stingray）类设备上（是一款便携式定位设备，实质上就是“伪基站”）。Stingray类设备冒充手机信号塔监控目标——而不受任何监管。 报告显示，美国司法部2010年至2014年，在310部手机追踪设备上支出7100万美元。美国国土安全部此时间段在另124个硬件中花费超过2400万美元。 州郡警察机关这期间至少花费200万美元，但调查估计，这只是冰山一角。通常情况下，如果警方人员与FBI、厂商签署协议掩盖硬件的实际使用用…

E安全12月21日讯 据外媒报道，乌克兰上周六大范围停电，其原因可能是乌克兰国家能源公司Ukrenergo遭到网络攻击。 据Ukrenergo表示，停电发生在上周六午夜与周日之间，影响Petrivtsi“北”变电站。该事件造成基辅和邻近地区大范围停电。 Ukrenergo发布官方声明，宣布停电。NEC Ukrenergo负责人Vsevolod Kovalchuk在Facebook发布信息解释称，公司专家能在30分钟内通过手动程序恢复供电。Kovalchuk表示，短短一个小时后，完全恢复服务。 他写到：“公司专家快速…

E安全12月21日讯 据外媒报道，网络安全公司IOActive的研究人员披露松下航空电子机载娱乐系统（In-Flight Entertainment，IFE）存在漏洞，可以授予黑客访问飞机乘客显示屏，客舱照明和广播系统权限。在某些情况下，他们甚至可能劫持飞机。 松下航空电子制造的机载娱乐与通讯系统是航空业最常用的组件之一。 据松下航空电子提供的数据显示，该公司为大型航空公司提供超过8000个机载娱乐与通讯系统以及1300个机载连接解决方案。 松下IFE系统的旧型号（例如3000/3000i）使用Linux操作系统，…

“南都记者700元买到同事行踪”追踪 南都讯 见习记者王秀中 记者陈磊 程姝雯 南方都市报日前报道的“记者700元买到同事行踪”在社会各界引发强烈关注。采访中南都记者发现，个人信息泄露已成为互联网时代的一个普遍现象。《中国网民权益保护调查报告2016》显示，4.8亿网购用户，过半网购过程中遭遇个人信息泄露。行业专家表示，“内鬼”的比例要大于外部黑客攻击。针对这两类泄露渠道的防范技术也存在很大的差别，需要采取完整且具有针对性的手段，做到“外防黑客，内防内鬼”。 国内网站对漏洞修复率 平均不足10% 南都记者采访的70…

12月19日，国外漏洞平台 securityfocus 上发布了最新的 OpenSSH（CVE-2016-10009） 远程代码执行漏洞。         漏洞描述 OpenSSH存在远程代码执行漏洞,攻击者可以通过远程攻击openssh来获得服务器权限,目前未有相关POC公布。 OpenSSH是SSH（Secure SHell）协议的免费开源实现,它是取代由SSH Communications Security所提供的商用版本的开放源代码方案。目前OpenSSH是OpenBSD的子计划。OpenSSH提供了服务端…

名为OurMine的黑客小组已经设法获得了官方Netflix Twitter帐户的控制权，并向将近250万关注者发布了公共消息，其中一个推文嘲弄Netflix在Twitter上的安全性：“所谓的世界安全是狗屎，我们在这里证明这一点。” 目前，Netflix似乎夺回了对Twitter帐户的控制，但该公司还使用官方支持帐户发送消息，这表明Netflix官方仍然在处理善后事宜。Netflix CS Twitter帐户几分钟前发推文表示：“谢谢你伸出手，贝丝！我们意识到这种情况，并正在努力解决问题。”令人欣慰的是，黑客在攻…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xorg-x11-libxfixes to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for pcre to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUSE …

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xorg-x11-libs to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for the linux kernel to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This …

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability can also be used to cause a limited …

漏洞类别：Local 漏洞等级： 漏洞信息 Adobe RoboHelp Server extends the capabilities of Adobe RoboHelp and Adobe FrameMaker. Merge multiple segments of Help content, including responsive HTML5 content, into a unified information system. Host it for anytime, anywhere, any devi…

漏洞类别：Local 漏洞等级： 漏洞信息 Gollum is a simple wiki system built on top of Git. The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check. Affected Versions: gollum prior 4.0.1…

漏洞类别：Local 漏洞等级： 漏洞信息 iTunes is a digital media player application for Mac OS and Windows developed by Apple. WebKit in Apple iTunes for Windows is prone to multiple vulnerabilities like Information Disclosure and Arbitrary Code Execution. Affected Versions: A…

漏洞类别：Amazon Linux 漏洞等级： 漏洞信息 A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim…

漏洞类别：Web Application 漏洞等级： 漏洞信息 Apache Struts is a framework for building web applications. A vulnerability CVE-2016-3081 exists due to improper handling of malicious expressions by the Apache Struts when Dynamic Method Invocation is enabled. This will allow a…

漏洞类别：Web Application 漏洞等级： 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. A vulnerability CVE-2013-1966 and CVE-2013-2115 exists due to Invalid handling of "includeParams" attribute, which leads to code …

漏洞类别：Web Application 漏洞等级： 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. Apache Struts is prone to multiple remote code execution vulnerabilities CVE-2013-2134 and CVE-2013-2135 due to improper handling…

漏洞类别：Web Application 漏洞等级： 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. Apache Struts is prone to multiple security vulnerabilities CVE-2013-4310 and CVE-2013-4316. Apache Strut is affected by followin…

漏洞类别：Web Application 漏洞等级： 漏洞信息 The Apache Struts web framework is a free open source solution for creating Java web applications. A vulnerability CVE-2016-4438 exists due to improper handling of malicious expressions by the Apache Struts when using the REST p…

漏洞类别：CGI 漏洞等级： 漏洞信息 WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on…

漏洞类别：CGI 漏洞等级： 漏洞信息 Oracle Hospitality OPERA Cloud Services is an enterprise platform for hotel operations and distribution. It offers the comprehensive, next-generation capabilities hotels need to enhance guest experiences and improve operating efficiency. Or…

漏洞类别：CentOS 漏洞等级： 漏洞信息 CentOS has released security update for bind97 to fix the vulnerabilities. Affected Products: centos 5 漏洞危害 Successful exploitation allows attacker to service disruption. 解决方案 To resolve this issue, upgrade to the latest packages which c…

漏洞类别：CentOS 漏洞等级： 漏洞信息 CentOS has released security update for bind to fix the vulnerabilities. Affected Products: centos 5 centos 6 centos 7 漏洞危害 Successful exploitation allows attacker to cause service disruption. 解决方案 To resolve this issue, upgrade to the l…

漏洞类别：CentOS 漏洞等级： 漏洞信息 CentOS has released security update for python-twisted-web to fix the vulnerabilities. Affected Products: centos 6 centos 7 漏洞危害 Successful exploitation allows attacker to compromise the system. 解决方案 To resolve this issue, upgrade to the…