之前我们报道过两起Android手机暗藏漏洞的事件，而周一，来自俄罗斯杀软厂商Dr.Web（大蜘蛛）的研究人员又发现了暗藏漏洞的现象。 研究人员们发现，某些廉价的Android智能手机和平板中内置了恶意的固件，这些固件会从手机上收集数据，在软件上覆盖广告，还能下载一些无用的软件APK。 研究员调查了俄罗斯市场中销售的MTK平台手机，发现了固件中存在的两种downloader木马。 这两个木马被命名为Android.DownLoader.473.origin和Android.Sprovider.7。他们能够收集手机数…

不仅仅是个人可识别信息(PII)，还包括额外的财务信息和消费习惯。 超过2亿人的完整数据扩充资料被放到了暗网上售卖。提供文件的人宣称，数据来自全球最大征信机构Experian，只需600美元即可获得完整文件。 事件详情是通过Peerlyst的SecureDrop被 Salted Hash 知悉的，有人在上面上传了关于售卖和数据的细节。数据先是被Peerlyst的技术审查委员会审查，证实了其合法性。被技术团队清洁过后，数据样本交由 Salted Hash 做进一步验证和公开。打给样本数据中人员的电话被转到了语音信箱，…

每年，企业需要面对100多起“图谋已久”的网络攻击，1/3的攻击会导致数据泄露。（来源：埃森哲） 81.9%的网络攻击者，在1分钟内就能入侵成功；绝大部分攻击者，在1天内就能完全渗透企业的内网；而超过3/4的企业，在数据泄露发生之后的1天之内，都无法察觉到“大事不好”。（来源：Verizon） 网络攻击就像流感病毒，一旦防不住，扩散是必然的，最坏的结果之一就是造成数据泄露。但这并不意味着，数据泄露的罪魁祸首就是万恶的攻击者。 很多时候，“中招”也和企业没有做好预防工作有关。今天，安全君用六个Yes or No 的选…

IBM Security发表报告称，70% 感染勒索软件的公司选择了向攻击者支付赎金。许多被调查的公司表示，他们支付了数万美元。研究调查了美国的600名企业负责人和1021名消费者。46% 的被调查企业称他们遭到了勒索软件的攻击，其中70%的企业承认支付了赎金。不同企业支付的赎金金额存在差异，20%的公司支付了超过4万美元，25%支 付了2万到4万美元，11%支付了1万到2万美元。 至于消费者，感染勒索软件后是否支付赎金很大程度上与受害者是否是父母有关。55%身份为父母的消费者表示将会支付赎金恢复访问被加密的照片，…

21世纪经济报道独家获悉，最高人民法院正在起草审理侵犯公民个人信息刑事案件的相关司法解释。此外，最高法、最高检正会同公安部起草办理电信网络诈骗案件中关于法律适用问题的指导意见。专项打击之下，电信网络诈骗犯罪势头有所遏制，但恶性事件仍有发生。司法实践中，作为电信网络诈骗上游犯罪的侵犯公民个人信息犯罪处罚畸轻，难以对全链条犯罪形成威慑。今年10月11日，在全国社会治安综合治理创新工作会议上，中共中央政治局委员、中央政法委书记孟建柱指出，针对电信网络诈骗犯罪非接触性、空间跨度大、链条长等特点，最高法、最高检、公安部要尽快…

俄罗斯在乌克兰和欧洲的选举中试用过的低成本、高威力武器，也被用在了美国身上，产生了极强的破坏力。 华盛顿——2015年9月，联邦调查局(FBI)特工阿德里安·霍金斯(Adrian Hawkins)打电话给民主党全国委员会（Democratic National Committee，简称DNC)，通报关于对方计算机网络的一些令人不安的消息，电话自然就被转到了服务部门。 他的话很简短，但令人担忧：至少有一个属于DNC的计算机系统已遭黑客入侵，联邦调查人员称这个黑客组织为“the Dukes”，这是一个与俄罗斯政府有关系…

漏洞类别：CGI 漏洞等级： 漏洞信息 McAfee VirusScan Enterprise combines anti-virus, anti-spyware, firewall, and intrusion prevention technologies to stop and remove malicious software. This VirusScan Enterprise update fixes the following vulnerabilities: CVE-2016-8023: Authe…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xorg-x11-libxrender to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited t…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xorg-x11-libxv to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gai…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for libass to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP2 SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP2 SUS…

漏洞类别：SUSE 漏洞等级： 漏洞信息 Suse has released security update for xen to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability…

漏洞类别：RedHat 漏洞等级： 漏洞信息 Mozilla Firefox is an open source web browser. Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the pr…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for firefox to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 Oracle Linux 5 漏洞危害 Successful exploitation may allow an attacker to cause a denial of service and…

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 6 Oracle Linux 5 漏洞危害 Sucessful exploitation may allow remote attackers to cause a denial of …

漏洞类别：OEL 漏洞等级： 漏洞信息 Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities. Affected Products: Oracle Linux 7 Oracle Linux 6 漏洞危害 Successful exploitation may allow remote attackers to cause a denial of…

漏洞类别：Local 漏洞等级： 漏洞信息 Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android. Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can create specially crafted content that, w…

漏洞类别：Local 漏洞等级： 漏洞信息 Apple macOS Security Update 10.12.2 is not installed. Apple macOS Sierra Security Update 10.12.2 is available to resolve multiple security vulnerabilities. Additional information regarding the update can be found at APPLE-SA-2016-12-13-1.…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that APT incorrectly handled InRelease files. 漏洞危害 If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. 解决方案 Refer to Ubuntu advisory USN…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 Multiple security vulnerabilities were discovered in Firefox. 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting (XSS) attacks, obtain sensit…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. It was discovered…

漏洞类别：Ubuntu 漏洞等级： 漏洞信息 Multiple vulnerabilities were discovered in Chromium. Multiple vulnerabilities were discovered in V8. An integer overflow was discovered in ANGLE. 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker could p…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for firefox-esr to fix the vulnerabilities. 漏洞危害 Successful exploitation may lead to Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitra…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for php5 to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities may cause Integer and Buffer overflows 解决方案 Refer to Debian security advisory DSA 3732-1 to address this issue a…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for chromium-browser to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities among other issues may cause: 1. Cross-site scripting 2. Heap Overflows 3. URL spoofing 4. Informati…

漏洞类别：Debian 漏洞等级： 漏洞信息 Debian has released security update for icedove to fix the vulnerabilities. 漏洞危害 Successful exploitation of the vulnerabilities may allow an attacker to cause Multiple memory safety errors, same-origin policy bypass issues, integer overf…