360-CERT每日安全简报
Daily Security Briefing
2020-04-01 星期三
漏洞 Vulnerability
CVE-2020-8835: Linux Kernel 信息泄漏/权限提升漏洞通告
https://cert.360.cn/warning/detail?id=c9d13806c9765a64462829f23fadb7f0
【更新】本地提权工具公开|CVE-2020-0796:微软发布SMBv3协议“蠕虫级”漏洞补丁通告
https://cert.360.cn/warning/detail?id=66c5a7404bd9b969016b91073483720c
曾在野外稳定利用的严重漏洞:MediaTek驱动程序任意内存读写漏洞分析
https://www.anquanke.com/post/id/201908
安全工具 Security Tools
使用Dirsearch查找隐藏的Web目录
https://www.peerlyst.com/posts/finding-the-hidden-web-directories-using-dirsearch-irfan-shakeel?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
安全事件 Security Incident
4200万伊朗人的个人信息和电话正在被出售
https://www.hackread.com/personal-phone-numbers-of-iranians-sold-hacking-forum/
上周末在黑客论坛上发布了整个乔治亚州人的个人信息文件
https://www.zdnet.com/article/personal-details-for-the-entire-country-of-georgia-published-online/
安全资讯 Security Information
一份关于俄罗斯军事情报总局GRU的"罕见"报告“走红”安全界,多重“内幕”浮出水面
https://mp.weixin.qq.com/s/dyTY9YHVTzL_KpSVQpKErw
针对DrayTek路由器和交换机的0day
https://www.scmagazine.com/home/security-news/vulnerabilities/zero-day-vulnerabilities-used-against-draytek-routers-and-switches/
黑客利用Zoom的流行来传播恶意软件
https://www.bleepingcomputer.com/news/security/hackers-take-advantage-of-zooms-popularity-to-push-malware/
黑客劫持YouTube帐户用于播放以比尔·盖茨为主题的诱导视频
https://www.zdnet.com/article/hacker-hijacks-youtube-accounts-to-broadcast-bill-gates-themed-crypto-ponzi-scam/#ftag=RSSbaffb68
安全研究 Security Research
关于俄罗斯联邦安全局FSB承包商0day公司的秘辛
https://www.freebuf.com/articles/network/231392.html
东南亚博彩行业浮世绘,道尽黑产从业百态
https://mp.weixin.qq.com/s/XBH8ONtjvM1ivG2_ladfew
Rootkit开发系列教程
https://www.youtube.com/watch?v=IGSa4OF6j_0&list=PL_joX3jb1YBOXFPsY0ZYtxkNQCeyvWxU-&index=14
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn