360-CERT每日安全简报
Daily Security Briefing
2020-03-27 星期五
安全研究 Security Research
IoT 上 SSL 安全开发小结
https://paper.seebug.org/1157/
v8利用入门:从越界访问到RCE
https://www.freebuf.com/vuls/230182.html
部署LightSpy恶意软件的ios漏洞利用链
https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
新冠病毒笼罩下的全球疫情相关网络攻击分析报告
https://www.anquanke.com/post/id/201778
Fastjson1.2.6 6 远程代码执行漏洞分析复现含 4 个 Gadget 利用 Poc 构造
https://paper.seebug.org/1155/
安全工具 Security Tools
ProjectOpal - Wordpress后利用框架
http://feedproxy.google.com/~r/PentestTools/~3/bX1FcSaxu5Q/projectopal-stealth-post-exploitation.html
ConEmu - 可定制的windows窗口终端
http://feedproxy.google.com/~r/PentestTools/~3/ta1XP283qPo/conemu-customizable-windows-terminal.html
Ninja - 为秘密的红队创建的开放源码C2服务器
http://feedproxy.google.com/~r/PentestTools/~3/MWgMhafBiNM/ninja-open-source-c2-server-created-for.html
安全资讯 Security Information
Windows Font 0day漏洞有了临时补丁
https://www.bleepingcomputer.com/news/security/unpatched-windows-font-parsing-zero-days-get-temporary-fix/
未修复的iOS漏洞阻止vpn加密所有流量
https://www.bleepingcomputer.com/news/security/unpatched-ios-bug-blocks-vpns-from-encrypting-all-traffic/
谷歌警告称2019年有4万起国家支持的攻击
https://www.bleepingcomputer.com/news/security/google-warned-users-of-40-000-state-sponsored-attacks-in-2019/
疫情期间Ryuk勒索软件一直把目标对准医院
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-keeps-targeting-hospitals-during-the-pandemic/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn