360-CERT每日安全简报
Daily Security Briefing
2019-12-28 星期六
漏洞 Vulnerability
谷歌浏览器有5个新缺陷,称为Magellan 2.0
https://securityaffairs.co/wordpress/95633/hacking/chrome-magellan-2-0-flaws.html
D-Link DIR-601 B1 2.00NA设备身份验证绕过
https://cve.circl.lu/cve/CVE-2019-16327
安全工具 Security Tools
nmapAutomator-自动化所有侦察/枚举的工具
https://www.kitploit.com/2019/12/nmapautomator-tool-to-automate-all-of.html
Haaukins:一款高度自动化和可访问的安全教育虚拟化平台
https://www.freebuf.com/articles/terminal/223184.html
sherlock:通过社交网络上的用户名搜寻社交媒体帐户
https://github.com/sherlock-project/sherlock
shelly基于python 的后门管理工具
https://www.kitploit.com/2019/12/shelly-simple-backdoor-manager-with.html
安全报告 Security Report
2019年数据泄露报告
https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report
2020年网络预测
https://resources.infosecinstitute.com/top-cybersecurity-predictions-for-2020/
安全资讯 Security Information
世界著名恶意软件汇总
https://www.cybersecurity-insiders.com/worlds-most-dreaded-state-developed-malware-strains/
新方向:黑客利用AI创建高级威胁
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/foreseeing-a-new-era-cybercriminals-using-machine-learning-to-create-highly-advanced-threats?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=1219_New-Era-Cybercriminals
浅谈ATT&CK对提升主机EDR检测能力的探索
https://www.anquanke.com/post/id/195933
年终盘点:南亚APT组织“群魔乱舞”,链条化攻击“环环相扣”
https://www.anquanke.com/post/id/195989
安全研究 Security Research
利用树莓派来监视任务目标
https://www.secpulse.com/archives/121288.html
ATT&CK框架:攻击者最常用的TOP7攻击技术及其检测策略
https://www.freebuf.com/articles/network/223122.html
恶意软件 Malware
FIN7 攻击组织样本分析
https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn