360-CERT每日安全简报
Daily Security Briefing
2020-02-17 星期一
漏洞 Vulnerability
CVE-2020-0618: 微软 SQL Server 远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=eb57a4ea32131f58ad40b6d92168a74c
安全工具 Security Tools
ATT&CK工具
https://github.com/nshalabi/ATTACK-Tools
Fuzzowski:网络协议fuzzer
https://www.kitploit.com/2020/02/fuzzowski-network-protocol-fuzzer-that.html
安全事件 Security Incident
IOTA加密货币在钱包被黑后其基金会关闭了整个网络
https://www.zdnet.com/article/iota-cryptocurrency-shuts-down-entire-network-after-wallet-hack/
PhotoSquared应用程序泄露了十万个用户的照片和家庭住址
https://www.hackread.com/photosquared-leaks-photos-home-addresses-of-users/
安全资讯 Security Information
500个Chrome扩展程序窃取了170万用户隐私
https://thehackernews.com/2020/02/chrome-extension-malware.html
OpenSSH添加了对FIDO / U2F安全密钥的支持
https://www.zdnet.com/article/openssh-adds-support-for-fidou2f-security-keys/
美国网络司令部在VT上分享来自朝鲜的恶意软件样本
https://www.securityweek.com/uscybercom-shares-more-north-korean-malware-samples
安全研究 Security Research
Azure安全知识
https://michaelhowardsecure.blog/2020/02/14/so-you-want-to-learn-azure-security/
武器化XSS的乐趣
https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/
2020年网络安全趋势预测
https://www.trustedsec.com/events/webinar-2020-security-trends-from-trustedsec-whats-happening-today-tomorrow-and-far-out/
DNS隧道第3部分:RogueRobin
https://ironnet.com/blog/dns-tunneling-series-part-3-the-siren-song-of-roguerobin/
静态逆向Shellcode技术:第1阶段
https://0ffset.net/reverse-engineering/malware-analysis/common-shellcode-techniques/
修补MacOS Sketch.App在Ghidra中的无限试用
https://duraki.github.io/posts/o/20200214-sketch.app-patch-in-ghidra.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn