360-CERT每日安全简报(2020-09-03)

  • A+
所属分类:安全新闻

报告编号:B6-2020-090301

报告来源:360CERT

报告作者:360CERT

更新日期:2020-09-03

Vulnerability|漏洞

MoFi路由器多个漏洞

https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/

WordPress 文件管理器插件0day

https://portswigger.net/daily-swig/wordpress-security-zero-day-flaw-in-file-manager-plugin-actively-exploited?&web_view=true

phpstudy 自带Ngnix存在畸形解析漏洞

https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650480468&idx=3&sn=709ffded8ed465ee03f91f2478aaba69

CVE-2020-13946:Apache Cassandra RMI重新绑定漏洞通告

https://cert.360.cn/warning/detail?id=9da7493f3ac8c42c9908d89006f3561a

Security Research|安全研究

QNAP NAS在野漏洞攻击事件披露

https://www.anquanke.com/post/id/216163

CVE-2020-0986: Windows splwow64 漏洞分析

https://googleprojectzero.blogspot.com/p/rca-cve-2020-0986.html

CVE-2020-7460:FREEBSD 内核提权分析

https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation

武器化GhostWriting注入

https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf

CVE-2019-19499: Grafana 6.4.3任意文件读取漏洞分析

https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/

PHP session 常见利用点

https://xz.aliyun.com/t/8221

Malware|恶意软件

Qbot木马:十年的银行木马快速分析

https://cyware.com/news/qbot-trojan-a-quick-analysis-of-a-decade-old-banking-trojan-bd6d0efd/?&web_view=true

360-CERT每日安全简报(2020-09-03)推荐阅读:

1、CVE-2020-13946:Apache Cassandra RMI重新绑定漏洞通告

2、CVE-2019-0233:S2-060 拒绝服务漏洞分析

3、CVE-2019-0230:S2-059 远程代码执行漏洞分析

长按下方二维码关注360CERT!谢谢你的关注!

360-CERT每日安全简报(2020-09-03)

注:360CERT官方网站提供 《360-CERT每日安全简报(2020-09-03)》 完整详情,点击阅读原文

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: