360-CERT每日安全简报
Daily Security Briefing
2020-01-20 星期一
漏洞 Vulnerability
CVE-2019-19470:TinyWall防火墙本地提权漏洞分析
https://www.anquanke.com/post/id/197436
趋势科技CVE-2019-20357 持久性任意代码执行漏洞
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx
安全工具 Security Tools
微软发布软件源代码分析工具
https://github.com/Microsoft/ApplicationInspector
安全报告 Security Report
金融行业研究报告--网络风险与美国金融体系
https://www.newyorkfed.org/medialibrary/media/research/staff_reports/sr909.pdf
安全资讯 Security Information
欧盟可能会禁止面部识别5年
https://www.ehackingnews.com/2020/01/european-union-likely-to-ban-facial.html
乌兹别克斯坦当局启动国家矿池
https://www.ehackingnews.com/2020/01/the-authorities-of-uzbekistan-to-launch.html
TA428对于伊朗与美国之间最近的冲突的滥用
https://twitter.com/stevelord/status/1218801022363000833
未修补的IE浏览器零日漏洞影响数百万的Windows用户
https://gbhackers.com/ie-zero-day-vulnerability/
自2019年10月以来,360安全中心已成功拦截了针对外贸,运输和几个重要海港的多次网络攻击
https://twitter.com/360TotalSec/status/1218816654097862657
安全研究 Security Research
HTB-Craft 一次从git入手的渗透练习
https://www.anquanke.com/post/id/197432
Windows 10帮助文件chm格式漏洞挖掘
https://www.anquanke.com/post/id/197417
TrickBot使用Windows 10 UAC旁路进行逃避检测
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/
Android VoIP组件中的8种网络安全风险
https://daoyuan14.github.io/papers/TR19_VoIPFuzzing.pdf
恶意软件 Malware
针对沙特的恶意软件ZeroCleare攻击活动。后续特马为:Dustman
https://securityintelligence.com/posts/enter-dustman-new-wiper-takes-after-zerocleare-targets-organizations-in-saudi-arabia/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn