360-CERT每日安全简报
Daily Security Briefing
2020-02-27 星期四
<<Previous
Next>>
漏洞
Vulnerability
CVE-2020-9054:ZyXEL NAS设备存在未授权访问漏洞
https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/
WordPress的Supsystic插件存在多个严重漏洞
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
CVE-2020-0688:Microsoft Exchange远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=26ac820dfe1b5f13c5a6ec3a5274d59a
安全工具
Security Tools
VirusTotal新增对奇安信沙箱的支持
https://blog.virustotal.com/2020/02/virustotal-multisandbox-qianxin-reddrip.html
安全报告
Security Report
eSentire年度威胁情报报告:2019年观点和2020年预测
https://www.esentire.com/assets/resourcefiles/eSentire_Annual-Threat-Intelligence-Report_2019.pdf
2020年值得关注的5种勒索软件趋势
https://go.recordedfuture.com/hubfs/reports/cta-2020-0213.pdf
安全资讯
Security Information
所有钓鱼网站中有四分之三都使用SSL保护
https://www.helpnetsecurity.com/2020/02/26/phishing-ssl/
Chrome 80的出现削弱了顶级网络犯罪市场
https://www.zdnet.com/article/chrome-80-update-cripples-top-cybercrime-marketplace/
DDoS勒索分子瞄准澳大利亚银行,要求其支付大量赎金
https://www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/
法国体育零售巨头迪卡侬泄露超过1.23亿条客户和员工信息记录
https://securityaffairs.co/wordpress/98471/data-breach/decathlon-spain-data-leak.html
安全研究
Security Research
使用LNK快捷方式文件恢复有关最近访问的文件的元数据,包括访问后删除的文件
https://www.fireeye.com/blog/threat-research/2020/02/the-missing-lnk-correlating-user-search-lnk-files.html
在运行时加载枚举以了解它们及其在C#中的属性
http://csharphelper.com/blog/2020/02/load-enums-at-runtime-to-understand-them-and-their-attributes-in-c/
低熵压缩方案在恶意软件生态系统中的流行和影响
https://blog.talosintelligence.com/2020/02/new-research-paper-prevalence-and.html
恶意软件
Malware
利用冠状病毒进行传播的恶意软件
https://securityaffairs.co/wordpress/98484/malware/covid-19-hacking-campaign.html
DoppelPaymer勒索软件启动站点发布受害者数据
https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/
<<Previous
Next>>