360-CERT每日安全简报
Daily Security Briefing
2020-03-10 星期二
<<Previous
Next>>
漏洞
Vulnerability
CVE-2019-0090: 英特尔CSME子系统访问控制漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-0090#vulnCurrentDescriptionTitle
CNVD-2020-16102:D-Link DIR-825和TRENDnet TEW-632BRP命令注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-16102
ASUS GiftBox Desktop服务权限提升漏洞
https://cxsecurity.com/issue/WLB-2020030036
安全工具
Security Tools
Proton Framework: 渗透框架
https://www.kitploit.com/2020/03/proton-framework-windows-post.html
Evil SSDP: 利用SSDP多播捕获windows认证信息工具
https://www.kitploit.com/2020/03/evil-ssdp-spoof-ssdp-replies-and-create.html
安全报告
Security Report
CVE-2020-2555: Oracle Coherence&WebLogic反序列化远程代码执行分析
https://cert.360.cn/report/detail?id=15b04e663cc63500a05abde22266b2ee
安全事件
Security Incident
FACTUM杂志遭受网络攻击
https://www.qurium.org/press-releases/revista-factum-suffered-week-long-cyber-attacks-for-denouncing-corruption-by-the-president-of-el-salvador/
安全资讯
Security Information
AMD处理器存在漏洞易遭受侧信道攻击
https://thehackernews.com/2020/03/amd-processors-vulnerability.html
WAGO公司产品中存在的多个漏洞
https://blog.talosintelligence.com/2020/03/wago-vulnerability-spotlight-march-2020.html
安全研究
Security Research
RMI 工作原理及反序列化知识学习
https://xz.aliyun.com/t/7334
使用 Dom Clobbering 扩展 XSS
https://xz.aliyun.com/t/7329
php自定义恶意扩展so编写过程
https://xz.aliyun.com/t/7330
<<Previous
Next>>