360-CERT每日安全简报
Daily Security Briefing
2020-04-05 星期天
<<Previous
Next>>
安全工具
Security Tools
Sandcastle-AWS S3 Bucket枚举的Python脚本
https://www.kitploit.com/2020/04/sandcastle-python-script-for-aws-s3.html
Frida API Fuzzer-用于API内存中的fuzzing
https://github.com/andreafioraldi/frida-fuzzer
安全事件
Security Incident
Firefox74.0.1解决了两个0day的漏洞
https://securityaffairs.co/wordpress/101045/security/firefox-74-0-1-two-zero-days.html
以冠状病毒为主题的新活动在全球范围内传播Lokibot
https://securityaffairs.co/wordpress/101058/malware/coronavirus-campaign-who-lokibot.html
安全资讯
Security Information
黑客侵入GoDaddy雇员的帐户,从而破坏了Escrow.com
https://www.hackread.com/hackers-deface-escrow-com-hacking-godaddy-employees/
ugs允许黑客劫持并激活Mac和iPhone摄像头
https://www.hackread.com/bugs-hackers-hijack-mac-iphone-cameras/
安全研究
Security Research
CVE-2020-0796 Windows SMBv3 LPE Exploit POC 分析
https://paper.seebug.org/1164/
利用Grandstream和DrayTek设备为新的骗局DDoS僵尸网络供电
https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
安装NetWire RAT的恶意垃圾邮件活动
https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/
CVE-2020-3947:VMWARE WORKSTATION DHCP组件中的无其他使用漏洞
https://www.thezdi.com/blog/2020/4/1/cve-2020-3947-use-after-free-vulnerability-in-the-vmware-workstation-dhcp-component
安全报告
Security Report
XSS WAF&像boss一样绕过字符限制
https://medium.com/bugbountywriteup/xss-waf-character-limitation-bypass-like-a-boss-2c788647c229
<<Previous
Next>>