360-CERT每日安全简报
Daily Security Briefing
2020-03-20 星期五
漏洞 Vulnerability
Adobe ColdFusion 任意文件读取和任意文件包含漏洞通告
https://mp.weixin.qq.com/s/FxCV6zqj8V35lOe4ItsIyQ
AquaForest Tiff Server 中多个漏洞
https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/
Nginx/OpenResty内存泄漏/目录穿越漏洞通告
https://cert.360.cn/warning/detail?id=2fa61b8f64ebe5e0d74b62082ce2d12f
恶意软件 Malware
网络钓鱼活动冒充WHO邮件传播HawkEye恶意软件
https://www.bleepingcomputer.com/news/security/who-chief-impersonated-in-phishing-to-deliver-hawkeye-malware/
安全事件 Security Incident
总部位于英国的安全公司 Elasicsearch配置错误泄露了包括 邮箱密码在内的50亿条数据
https://securitydiscovery.com/data-breach-database-data-breach/
安全资讯 Security Information
分析网络空间日光浴室委员会针对网络安全国家的蓝图
https://www.securityweek.com/analyzing-cyberspace-solarium-commissions-blueprint-cybersecure-nation?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
美国国家标准技术研究所(NIST)发布 SP 800-53 修订草案
https://www.securityweek.com/nist-updates-flagship-sp-800-53-security-and-privacy-controls?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5-draft.pdf
隐私一览无余!微博泄露事件卧底调查报告
https://www.freebuf.com/news/230960.html
随着在家办公的开展,网络攻击逐步增多
https://threatpost.com/coronavirus-poll-cyberattacks-work-from-home/153958/?utm_source=rss&utm_medium=rss&utm_campaign=coronavirus-poll-cyberattacks-work-from-home
安全研究 Security Research
在Go运行时托管CLR并执行.NET程序集
https://www.anquanke.com/post/id/201221
挖洞经验 | 不被PayPal待见的6个安全漏洞
https://www.freebuf.com/vuls/228755.html
攻击者利用通达OA漏洞释放勒索病毒,用户数据遭到加密
https://www.secpulse.com/archives/125954.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn