360CERT每日安全简报

报告编号：B6-2020-081802

报告来源：360CERT

报告作者：360CERT

更新日期：2020-08-18

0x01 漏洞 Vulnerability

【近期热点】深信服edr控制端存在大量RCE漏洞

https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247484102&idx=1&sn=9eb357e573a2b0691a653fdb118416e0&chksm=fa8b1f5ecdfc96480126c82f27287df2b044961efc97b3f4e283f09e3fbf4b1ac6013b99b35a&mpshare=1&scene=23&srcid=08184lQxnuSyQE0pXggDQrwt&sharer_sharetime=1597713401942&sharer_shareid=f90f1877792a23a0ac7dd34dd661ce8e%23rd

0x02 安全工具 Security Tools

Urlbuster-Web目录Fuzz程序，用于暴力破解文件或目录

https://www.kitploit.com/2020/08/urlbuster-powerful-mutable-web.html

0x03 安全事件 Security Incident

世界最大的邮轮运营商披露勒索软件攻击

https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/

加密蠕虫窃取AWS凭证

https://www.zdnet.com/article/crypto-mining-worm-steal-aws-credentials/

0x04 安全资讯 Security Information

2020.8.17红队威胁情报-日更

https://mp.weixin.qq.com/s/IaKyc5x39nKbCX8D4N4BIw

0x05 安全研究 Security Research

冰蝎3.0 流量特征分析 附特征

https://mp.weixin.qq.com/s?__biz=MzUzNTEyMTE0Mw==&mid=2247484089&idx=1&sn=d5557b5b30e4c6638776a2573a7da3c0&chksm=fa8b1f21cdfc96373254c8981d09b261b8b82b3adb876fd45ec33c9ed75ad5f9fc6f5ebb0f12&mpshare=1&scene=23&srcid=0818TJl0LcEtzsFwiA4eIWH6&sharer_sharetime=1597713467921&sharer_shareid=f90f1877792a23a0ac7dd34dd661ce8e%23rd

浅探内网横向移动-Pass The Hash

https://xz.aliyun.com/t/8117

为你的IoT设备锁上大门:亚马逊Alexa上发现的漏洞

https://research.checkpoint.com/2020/amazons-alexa-hacked/

BLS12-381签名配对，第3部分:配对

https://research.nccgroup.com/2020/08/13/pairing-over-bls12-381-part-3-pairing/

记一次有趣的APP反编译的过程

https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247490593&idx=1&sn=db8fa34e8abf49d6b8a349ec17998494&chksm=e89e34f9dfe9bdef0ec8466a0dcfcab930331ed702296fa8321a40cceaa29a1774020abde084&scene=126&sessionid=1597708919&key=4598b5ee8f6c4950a9f2d7a7733d4d

Facebook镜像网站中的一个反射XSS

https://medium.com/bugbountywriteup/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11

推荐阅读：

1、360CERT每日安全简报

2、安全运营周刊第四期

3、安全事件周报 (8.10-8.16)

长按下方二维码关注360CERT！谢谢你的关注！
   

注：360CERT官方网站提供 《360CERT每日安全简报》 完整详情