360-CERT每日安全简报
Daily Security Briefing
2020-01-01 星期三
漏洞 Vulnerability
RICOH 在线图床 1.09 - HTML 注入漏洞
https://www.exploit-db.com/exploits/47827
MyDomoAtHome REST API Gateway 0.2.40 - 信息泄漏漏洞
https://www.exploit-db.com/exploits/47824
IBM Java SDK中的多个漏洞
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-security-privileged-identity-manager/
NextVPN v4.10 - 本地文件权限错误漏洞
https://www.exploit-db.com/exploits/47831
恶意软件 Malware
新的USB 闪存恶意软件: Threats Decoded
https://www.ehackingnews.com/2019/12/alert-usb-flash-drive-malware-threats.html
安全事件 Security Incident
Microsoft 部分域名被用于网络攻击活动
https://www.hackread.com/microsoft-pwns-domains-hackers-cyber-attacks/
安全资讯 Security Information
Smart TVs 存在的隐私安全隐患
https://www.hackread.com/smart-tvs-make-screenshots-every-second/
安全研究 Security Research
UAC 绕过解析
https://amonitoring.ru/article/uac_bypass_english/
Python 教程 - 认识恶意加密软件
https://0x00sec.org/t/python-tutorial-ransomware-malware-edition-hacking-info-sec/18376/1
渗透技巧——使用远程桌面协议建立通道
https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E4%BD%BF%E7%94%A8%E8%BF%9C%E7%A8%8B%E6%A1%8C%E9%9D%A2%E5%8D%8F%E8%AE%AE%E5%BB%BA%E7%AB%8B%E9%80%9A%E9%81%93/
PHP反序列化漏洞入门
https://www.freebuf.com/articles/web/221213.html
Django重置密码漏洞(CVE-2019-19844)复现和分析
https://www.anquanke.com/post/id/196044
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn