360-CERT每日安全简报(2020-08-27)

  • A+
所属分类:安全新闻

报告编号:B6-2020-082702

报告来源:360CERT

报告作者:360CERT

更新日期:2020-08-27

Vulnerability|漏洞

CVE-2020-24548: Ericom Access Server x64 9.2.0 - 服务器端请求伪造

https://www.exploit-db.com/exploits/48765

linux写时复制机制(copy on write)权限授予错误

https://packetstormsecurity.com/files/158948/Linux-CoW-Incorrect-Access-Grant.html

Malware|恶意软件

七夕—一例APT28(Fancybear)样本详细分析

https://www.anquanke.com/post/id/215184

Security Incident|安全事件

APT黑客利用Autodesk 3D Max软件进行工业间谍活动

https://thehackernews.com/2020/08/autodesk-malware-attack.html

恶意的SDK被发现通过ios应用程序监视和欺骗用户

https://www.hackread.com/malicious-sdk-defrauding-stealing-ios-apps-data/

新西兰证券交易所连续两天遭受网络攻击

https://www.infosecurity-magazine.com/news/new-zealand-stock-exchange-cyber/

Security Information|安全资讯

MITRE介绍了"Shield"防御知识库

https://www.securityweek.com/mitre-introduces-shield-defense-knowledge-base

Security Research|安全研究

逃逸安全的模板沙箱(一)——FreeMarker(上)

https://www.anquanke.com/post/id/215348

MySQL蜜罐获取攻击者微信ID

https://www.freebuf.com/articles/web/247976.html

代码审计从0到1 —— Centreon One-click To RCE

https://paper.seebug.org/1313/

360-CERT每日安全简报(2020-08-27)推荐阅读:

1、360-CERT每日安全简报(2020-08-26)

2、CVE-2020-14364:QEMU USB模块越界读写漏洞通告

3、安全事件周报 (8.17-8.23)

长按下方二维码关注360CERT!谢谢你的关注!

360-CERT每日安全简报(2020-08-27)

注:360CERT官方网站提供 《360-CERT每日安全简报(2020-08-27)》 完整详情,点击阅读原文

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: