360-CERT每日安全简报
Daily Security Briefing
2020-03-09 星期一
漏洞 Vulnerability
Apache ActiveMQ 5.11.1目录遍历/ Shell上传
https://cxsecurity.com/issue/WLB-2020030033
Comtrend VR-3033命令注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-15983
安全工具 Security Tools
HoneyBot-捕获,上传和分析网络流量
https://www.kitploit.com/2020/03/honeybot-capture-upload-and-analyze.html
NTLMRecon-一种从启用了NTLM身份验证的Web端点枚举信息的工具
https://www.kitploit.com/2020/03/ntlmrecon-tool-to-enumerate-information.html
恶意软件 Malware
https://securityaffairs.co/wordpress/99156/cyber-crime/coronavirus-spam-campaign.html
以冠状病毒为主题的新垃圾邮件活动发送了FormBook恶意软件
安全事件 Security Incident
Zoho的0-day漏洞poc被披露
https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/
安全资讯 Security Information
Netgear修复了可能允许收购旗舰Nighthawk路由器的重要RCE
https://securityaffairs.co/wordpress/99177/security/netgear-flagship-nighthawk-router-rce.html
Facebook起诉Namecheap以保护人们免受域名欺诈
https://securityaffairs.co/wordpress/99138/social-networks/facebook-namecheap-domain-name-fraud.html
安全研究 Security Research
使用GitHub Actions进行进攻性开发
https://www.mdsec.co.uk/2020/03/offensive-development-with-github-actions/
Molerats向政府和电信组织提供后门服务
https://unit42.paloaltonetworks.com/molerats-delivers-spark-backdoor/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn