360-CERT每日安全简报
Daily Security Briefing
2020-03-26 星期四
漏洞 Vulnerability
CNVD-2020-19256:LILIN DVR远程命令执⾏漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-19256
恶意软件 Malware
Tekya恶意软件隐藏在Google Play商店的24个儿童游戏和32个实用程序中
https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/
安全工具 Security Tools
Sandcastle:一款AWS S3 Bucket枚举工具
https://www.darknet.org.uk/2020/03/sandcastle-aws-s3-bucket-enumeration-tool/
安全报告 Security Report
APT41使用多种漏洞发起全球入侵活动
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
对抗地下经济的自动化革命
https://www.recordedfuture.com/underground-economy-automation/
安全资讯 Security Information
未知的"WildPressure"恶意软件活动在中东散播
https://threatpost.com/wildpressure-malware-campaign-middle-east/154101/
微软宣布新的"硬件强制堆栈保护"功能
https://www.zdnet.com/article/microsoft-announces-new-hardware-enforced-stack-protection-feature/
香港用户通过本地新闻链接被手机恶意软件攻击
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
安全事件 Security Incident
佳能被黑客入侵后,世界500强科技巨头通用电气(GE)公开披露数据泄露
https://securityaffairs.co/wordpress/100353/breaking-news/general-electric-data-breach.html
安全研究 Security Research
使用LLDB扫描进程的内存
https://rderik.com/blog/scanning-a-process-memory-using-lldb/
对恶意软件攻击的2000种反应研究
https://www.virusbulletin.com/uploads/pdf/magazine/2019/VB2019-Haertle.pdf
JAVA反序列化-ysoserial-URLDNS
https://www.anquanke.com/post/id/201048
APT37分析之Final1stspy
https://xz.aliyun.com/t/7429
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn