资讯类

恶意广告活动攻击Google的DoubleClick，coinhive矿工人数激增

https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/

NotPetya攻击：马士基重新安装了4.5万台电脑，2,500个应用程序和4,000台服务器

https://www.hackread.com/notpetya-attack-maersk-reinstalled-45000-pcs-2500-apps-4000-servers/

Malwarebytes发布更新来修复Mbamservice.exe中的高CPU和内存使用率这一问题

https://www.bleepingcomputer.com/news/security/malwarebytes-update-released-to-fix-high-cpu-and-memory-usage-in-mbamservice-exe/

网络犯罪分子在暗网上出售婴儿信息

http://securityaffairs.co/wordpress/68295/deep-web/dark-web-infant-fullz.html

技术类

DnsLog的改造和自动化调用

http://www.polaris-lab.com/index.php/archives/423/

APK签名v3方案即将推出

Developers: APK Signature Scheme v3 is coming with support for Key Rotation

企业安全架构建设

https://mp.weixin.qq.com/s/okBcP4OvXLOCzhYkwHbA5g

GandCrab勒索软件解析

https://secrary.com/ReversingMalware/UnpackingGandCrab

Equation Group泄露工具之vBulletin无文件后门分析

https://mp.weixin.qq.com/s/5WRXpljL7RFSPRQ2NdHhtA

Web应用程序渗透测试中最重要的500个最重要的XSS脚本备忘单

Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing

高级JavaScript反混淆

https://github.com/mindedsecurity/JStillery

Logstash 日志安全攻击分析插件

https://github.com/anbai-inc/AttackFilter

灵活的加密DNS代理

https://github.com/jedisct1/dnscrypt-proxy/blob/master/README.md