360-CERT每日安全简报
Daily Security Briefing
2020-04-07 星期二
<<Previous
Next>>
漏洞
Vulnerability
CVE-2020-11100: HAProxy 内存越界写入漏洞通告
https://cert.360.cn/warning/detail?id=9907acb1d05db5d53762d4d02781937b
Pandora FMS 7.0NG 远程代码执行
https://cxsecurity.com/issue/WLB-2020040018
CNVD-2020-18694: WPS Office内存破坏漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-18694
CNVD-2020-18704: 网站安全狗存在SQL注入绕过漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-18704
CNVD-2020-18702: 超星汇雅电子图书平台SQL注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-18702
CNVD-2020-18703: 云锁公有云版本SQL注入绕过漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-18703
安全研究
Security Research
文件解压引发的Getshell
https://www.freebuf.com/articles/others-articles/229928.html
利用YARA进行恶意软件狩猎
https://securelist.com/yara-webinar-follow-up/96505/
安全事件
Security Incident
关于境外非法组织利用深信服SSL VPN设备下发恶意文件并发起APT攻击活动的通告
https://cert.360.cn/warning/detail?id=3a2b6038e58561043040cc4a35dc7978
俄罗斯电信运营商Rostelecom遭受BGP劫持
https://securityaffairs.co/wordpress/101134/security/rostelecom-telco-hijacks-internet-traffic.html
Kinsing挖矿:新型攻击针对Docker云服务
https://securityaffairs.co/wordpress/101134/security/rostelecom-telco-hijacks-internet-traffic.html
Turla利用水坑攻击植入后门
https://www.freebuf.com/articles/network/230436.html
安全工具
Security Tools
OSSEM-开源安全事件元数据集合
https://github.com/hunters-forge/OSSEM
PolyShell:一款适用于Bash、Batch、PowerShell的polyglot
https://www.freebuf.com/sectool/228758.html
记一次编写安全资产管理平台
https://www.freebuf.com/sectool/231097.html
<<Previous
Next>>