360-CERT每日安全简报
Daily Security Briefing
2020-03-25 星期三
漏洞 Vulnerability
CVE-2020-0069:安卓超级漏洞影响 mediatek 设备,本地攻击者可利用进行任意内存地址读写
https://blog.quarkslab.com/cve-2020-0069-autopsy-of-the-most-stable-mediatek-rootkit.html
CVE-2020-0863:Windows Diagnostic Tracking 服务任意文件读漏洞分析
https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/
安全报告 Security Report
独家:关于俄罗斯联邦安全局FSB承包商0day公司的秘辛
https://mp.weixin.qq.com/s/z1YDwXp0vsHzEWsVHt_yng
通过本地新闻链接针对香港移动用户攻击的技术简报
https://documents.trendmicro.com/assets/Tech-Brief-Operation-Poisoned-News-Hong-Kong-Users-Targeted-with-Mobile-Malware-via-Local-News-Links.pdf
安全事件 Security Incident
针对 PHPUnit RCE 漏洞(CVE-2017-9841)的攻击卷土重来
https://www.imperva.com/blog/the-resurrection-of-phpunit-rce-vulnerability/
恶意软件 Malware
Kimsuky APT 组织利用疫情话题针对南韩进行双平台的攻击活动的分析
https://mp.weixin.qq.com/s/MDYFd699cwkiBD9YD-uTcw
WildPressure: 卡巴斯基发现了针对中东工业的 APT 攻击
https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/?utm_source=rss&utm_medium=rss&utm_campaign=wildpressure-targets-industrial-in-the-middle-east
攻击者利用美国公共健康网站 HHS.gov 域名重定向恶意地址推送恶意软件
https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/?__cf_chl_jschl_tk__=7170ee3e7fa802a920ea29658c091461ba9e75f5-1585099871-0-AWZGCoOySxwvDDpqa6pSZlyBHKd4a0yDTA-jFVGynBgWKfxdFsWdqDjbO6uVUj3mofqli67wsZx2Xj2t5cPdVZvuEdkF2Wo3tq6iK4u4Zi_g8xY1-G4VMqGVMhCjUF3xsFrEAMsDsDukbsr-MKDiNJ8EbmoIhQ0RDn8qzoDENNVfsowT82DXapDrF2adKmNPQnzZG9qkYbi55YYGqtxpOiLsSSfQfvLIjGSCWcO-Bxav6jTs0N4jmL0spFRrtEQ36cgDoSfbww2rZTJFo2fe9jcH1euyGBhuL4-ALnayV2CowE60Pq37gxAZqHD6QyRK8MllsLhsfvVDMeYiu4Ut-kVPo40TmPlRQ3nOzrM0tI0JCxT8ei22F017yleH2APQxw
新 Mirai 变种针对 Zyxel 网络存储设备分析报告
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/
TrickBot 针对性向德国银行受害者投递能够绕过"双因子认证"移动木马
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
俄罗斯 APT28 组织行为追踪:持续扫描并攻击邮件服务器
https://www.zdnet.com/article/apt28-has-been-scanning-and-exploiting-vulnerable-email-servers-for-more-than-a-year/
安全研究 Security Research
Linux 内核内存管理与漏洞利用
https://mp.weixin.qq.com/s/giV6FcKK5wm2KnbYQxtvLA
JNDI 实现回显研究
https://www.anquanke.com/post/id/200892
内存标签技术的安全性分析
https://github.com/microsoft/MSRC-Security-Research/blob/master/papers/2020/Security%20analysis%20of%20memory%20tagging.pdf
蓝牙安全之 Active Scanning vs. Passive Scanning 研究
https://www.anquanke.com/post/id/201599
相似样本查找引擎研究
http://blog.topsec.com.cn/%e7%9b%b8%e4%bc%bc%e6%a0%b7%e6%9c%ac%e6%9f%a5%e6%89%be%e5%bc%95%e6%93%8e%e7%a0%94%e7%a9%b6/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn