360-CERT每日安全简报
Daily Security Briefing
2020-04-04 星期六
漏洞 Vulnerability
Testlink 文件上传和SQL注入漏洞
https://ackcent.com/blog/testlink-1.9.20-unrestricted-file-upload-and-sql-injection/
安全报告 Security Report
Windows win32k组件 新的漏洞类型和利用技术
https://www.ragestorm.net/Win32k%20Smash%20the%20Ref.pdf
安全事件 Security Incident
1400万个Key Ring用户的付款和医疗卡信息遭泄露
https://www.scmagazine.com/home/security-news/data-breach/14-million-key-ring-users-exposed-in-open-database/
安全资讯 Security Information
黑客论坛OGUsers被入侵,超过20万用户信息被窃取
https://www.hackread.com/ogusers-hacking-forum-hacked-database-dumped/
Elasticsearch未授权访问,15000多台ES服务器数据被删除
https://www.zdnet.com/article/a-hacker-has-wiped-defaced-more-than-15000-elasticsearch-servers/#ftag=RSSbaffb68
新型DDoS僵尸网络Hoaxcalls利用Grandstream UCM6200(CVE-2020-5722)和Draytek Vigor(CVE-2020-8515)漏洞进行传播
https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/?web_view=true
安全研究 Security Research
使用Miasm分析Shellcode
https://www.randhome.io/blog/2020/04/04/analyzing-shellcodes-with-miasm-for-fun-and-profit/
JMX远程代码漏洞研究
https://www.freebuf.com/vuls/231132.html
CVE-2019-1458: Win32k特权提升漏洞分析
https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html
Android Cerberus恶意样本分析
https://www.freebuf.com/articles/terminal/230628.html
如何在iOS和macOS上未经授权的情况下开启相机访问权限
https://www.ryanpickren.com/webcam-hacking
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn