360-CERT每日安全简报(2020-09-01)

  • A+
所属分类:安全新闻

报告编号:B6-2020-090101

报告来源:360CERT

报告作者:360CERT

更新日期:2020-09-01

Vulnerability|漏洞

CVE-2019-17026:Firefox JIT漏洞,双星漏洞之一Exp

https://github.com/maxpl0it/CVE-2019-17026-Exploit/

chrome 一个1day的exp,影响版本:<= 83.0.4103.61

https://github.com/r4j0x00/exploits

CVE-2020-8218:Pulse Secure RCE PoC

https://github.com//withdk//pulse-gosecure-rce-poc

Malware|恶意软件

疑似摩诃草组织利用边境争端问题为诱饵针对周边地区的攻击活动分析

https://mp.weixin.qq.com/s/iFM0ZZDrqqWFki3hB5h5_w

QNAP NAS在野漏洞攻击事件

https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks/

对恶意软件Gozi演变的跟踪和分析

https://research.checkpoint.com/2020/gozi-the-malware-with-a-thousand-faces/

Security Research|安全研究

linux Shellcode 注入教程

https://pwn.college/modules/shellcode

物联网安全之MQTT渗透实战

https://www.anquanke.com/post/id/216074

利用Metasploit Loader 64-Bit 生成可以绕过杀毒软件的程序

https://medium.com/securebit/bypassing-av-through-metasploit-loader-64-bit-9abe55e3e0c8

Slack + Zomato,HTTP请求走私导致用户接管

https://www.youtube.com/watch?v=gzM4wWA7RFo&feature=youtu.be

Windows 利用编写相关资源

https://github.com/FULLSHADE/WindowsExploitationResources

使用 CodeQL 分析闭源 Java 程序

https://paper.seebug.org/1324/

Fuzzing Linux kernel (x86) entry code, Part 1 of 3

https://blogs.oracle.com/linux/fuzzing-the-linux-kernel-x86-entry-code%2c-part-1-of-3

一步步用iPhone搭建iOS研究环境

https://www.mac4n6.com/blog/2020/8/23/step-by-step-iphone-setup-for-ios-research-via-bizzybarney

Security Tools|安全工具

Speakeasy:fireeye出品的恶意样本仿真框架

https://www.fireeye.com/blog/threat-research/2020/08/emulation-of-malicious-shellcode-with-speakeasy.html

360-CERT每日安全简报(2020-09-01)推荐阅读:

1、安全事件周报 (08.24-08.30)

2、安全运营周刊第六期

3、360-CERT每日安全简报(2020-08-31)

长按下方二维码关注360CERT!谢谢你的关注!

360-CERT每日安全简报(2020-09-01)

注:360CERT官方网站提供 《360-CERT每日安全简报(2020-09-01)》 完整详情,点击阅读原文

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: