360CERT - 每日安全简报 (2020-01-17)

<<Previous Next>>

漏洞 Vulnerability

CVE-2020-0601 Windows CryptoAPI验证绕过漏洞修复指南

https://mp.weixin.qq.com/s/CjCzH5pU0kDteFfEcMJ7qg

CVE-2020-0601 Windows CryptoAPI验证绕过漏洞原理简要分析

https://mp.weixin.qq.com/s/q4Y2oWUIOqxSpHSFeZmkcQ

ATLASSIAN公司公开了其产品Bitbucket的服务器和数据中心的3个远程代码执行(RCE)漏洞：CVE-2019-15010/CVE-2019-20097/CVE-2019-15012

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2020-01-15-985498238.html

Allok Video Converter 4.6.1217存在堆栈溢出漏洞

https://cxsecurity.com/issue/WLB-2020010127

安全工具 Security Tools

LOLBITS-使用后台智能传输服务(BITS)作为通信协议的C＃反向Shell工具

https://www.kitploit.com/2020/01/lolbits-c-reverse-shell-using.html

恶意软件 Malware

Ako勒索软件利用垃圾邮件感染受害者

https://www.bleepingcomputer.com/news/security/ako-ransomware-uses-spam-to-infect-its-victims/

Satan勒索软件背后组织疑似参与5ss5c勒索软件开发

https://securityaffairs.co/wordpress/96452/malware/5ss5c-ransomware.html

安全事件 Security Incident

P&N银行数据泄露可能已影响100,000西澳大利亚人

https://securityaffairs.co/wordpress/96435/data-breach/pn-bank-data-breach.html

数亿用户通过谷歌Play安装了涉嫌财务欺诈的Android fleeceware应用

https://securityaffairs.co/wordpress/96492/cyber-crime/fleeceware-apps.html

黑客出售哈萨克斯坦银行8万张客户卡的数据

https://www.ehackingnews.com/2020/01/hackers-sell-data-of-80-thousand-cards.html

来自Peekaboo Moments应用的婴儿图片,视频和位置数据在线泄漏

https://www.hackread.com/baby-pics-video-location-data-peekaboo-moments-app-leaked/

安全资讯 Security Information

为什么俄罗斯APT花式熊袭击了乌克兰能源公司Burisma?

https://securityaffairs.co/wordpress/96393/apt/fancy-bear-ahcked-burisma.html

情报内生：高级威胁检测的必要条件

https://mp.weixin.qq.com/s/U3XKIh0ffdzuCJihnJL7Lw

安全研究 Security Research

iPhone的远程利用第3部分:从内存损坏到JavaScript再到返回-获得代码执行

https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html

Go语言代码安全审计

https://mp.weixin.qq.com/s/8Ju05hYCYk6bOgkvjtP11A

Windows Carbon Black edr 逆向分析第一部分

https://www.anquanke.com/post/id/197312

<<Previous Next>>