360CERT - 每日安全简报 (2020-04-06)

<<Previous Next>>

漏洞 Vulnerability

CVE-2020-6819|CVE-2020-6820：Firefox在野利用漏洞通告

https://cert.360.cn/warning/detail?id=74baf4074b3f8ecb31600b02978c4ccc

关于境外非法组织利用深信服SSL VPN设备下发恶意文件并发起APT攻击活动的说明

https://mp.weixin.qq.com/s/lKp_3kPNEycXqfCnVPxoDw

OpenSSL Client CRYPTO_DOWN_REF UAF 漏洞

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20816

安全资讯 Security Information

针对Docker服务器的新的恶意软件 Kinsing

https://www.zdnet.com/article/docker-servers-targeted-by-new-kinsing-malware-campaign/

安全研究 Security Research

VMware Workstation DHCP组件中的释放后使用漏洞(CVE-2020-3947)分析

https://www.zerodayinitiative.com/blog/2020/4/1/cve-2020-3947-use-after-free-vulnerability-in-the-vmware-workstation-dhcp-component

NTLM Relay 攻击综述

https://en.hackndo.com/ntlm-relay/

CVE-2020-10199：Nexus Repository Manager RCE细节

https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype

攻击链系列：远程访问服务安全威胁第1部分— RDS

https://medium.com/vartai-security/attack-chain-series-remote-access-service-compromise-part-1-rds-e984101c78b7

用蜜罐的方案检测 Kerberoasting 攻击

https://www.pentestpartners.com/security-blog/honeyroasting-how-to-detect-kerberoast-breaches-with-honeypots/

使用ZOOM的防篡改库进行篡改

https://blog.syscall.party/post/tampering-with-zooms-anti-tampering-library/

<<Previous Next>>