360-CERT每日安全简报
Daily Security Briefing
2020-03-07 星期六
漏洞 Vulnerability
ManageEngine Desktop Central 远程桌面管理控制台RCE漏洞
https://www.exploit-db.com/exploits/48176
CVE-2019-0090:英特尔CSME和SPS漏洞
https://www.intel.com/content/www/us/en/support/articles/000033416/technologies.html
CVE-2020-3843:AWDL边界检查不足,导致远程iOS/MacOS内核堆损坏
https://bugs.chromium.org/p/project-zero/issues/detail?id=1982
CVE-2020-5405:spring-cloud-config-server 目录遍历漏洞
https://pivotal.io/security/cve-2020-5405
CVE-2020-2555: Oracle Coherence&WebLogic反序列化远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=f52f5ba5e84b7577d4157fdac85d8208
CVE-2020-8597: PPPD 远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=b41ffdb8a90a58c0c263b84a03ed22fa
安全工具 Security Tools
Apfell 一个多人协作的多平台的红队框架
https://github.com/its-a-feature/Apfell
安全事件 Security Incident
超过2亿条美国人口数据泄露
https://thehackernews.com/2020/03/us-property-records-database.html
安全资讯 Security Information
删库背后,是权限管控的缺失
https://www.freebuf.com/articles/security-management/229084.html
安全研究 Security Research
开源威胁仿真器(模拟网络攻击或恶意行为)概述
https://arxiv.org/pdf/2003.01518.pdf
Microsoft的670多个子域很容易被接管
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
SMS身份验证的常见缺陷
https://blog.deteact.com/common-flaws-of-sms-auth/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn