360-CERT每日安全简报
Daily Security Briefing
2020-04-06 星期一
<<Previous
Next>>
漏洞
Vulnerability
CVE-2020-6819|CVE-2020-6820:Firefox在野利用漏洞通告
https://cert.360.cn/warning/detail?id=74baf4074b3f8ecb31600b02978c4ccc
关于境外非法组织利用深信服SSL VPN设备下发恶意文件并发起APT攻击活动的说明
https://mp.weixin.qq.com/s/lKp_3kPNEycXqfCnVPxoDw
OpenSSL Client CRYPTO_DOWN_REF UAF 漏洞
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20816
安全资讯
Security Information
针对Docker服务器的新的恶意软件 Kinsing
https://www.zdnet.com/article/docker-servers-targeted-by-new-kinsing-malware-campaign/
安全研究
Security Research
VMware Workstation DHCP组件中的释放后使用漏洞(CVE-2020-3947)分析
https://www.zerodayinitiative.com/blog/2020/4/1/cve-2020-3947-use-after-free-vulnerability-in-the-vmware-workstation-dhcp-component
NTLM Relay 攻击综述
https://en.hackndo.com/ntlm-relay/
CVE-2020-10199:Nexus Repository Manager RCE细节
https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
攻击链系列:远程访问服务安全威胁第1部分— RDS
https://medium.com/vartai-security/attack-chain-series-remote-access-service-compromise-part-1-rds-e984101c78b7
用蜜罐的方案检测 Kerberoasting 攻击
https://www.pentestpartners.com/security-blog/honeyroasting-how-to-detect-kerberoast-breaches-with-honeypots/
使用ZOOM的防篡改库进行篡改
https://blog.syscall.party/post/tampering-with-zooms-anti-tampering-library/
<<Previous
Next>>