360-CERT每日安全简报
Daily Security Briefing
2020-04-08 星期三
漏洞 Vulnerability
CVE-2020-10204/CVE-2020-10199: Nexus Repository Manager3 漏洞分析
https://mp.weixin.qq.com/s/KP-O38uZCRq7SY7S48L_sw
Jackson-databind-2670远程代码执行漏洞简单分析
https://xz.aliyun.com/t/7506
安全工具 Security Tools
Fuzzowski:一款功能强大的网络协议模糊测试工具
https://www.freebuf.com/sectool/227869.html
恶意软件 Malware
火眼:通过 “代码嫁接” 仿真模拟分析和解压恶意软件
https://www.fireeye.com/blog/threat-research/2020/04/code-grafting-to-unpack-malware-in-emulation.html
卡巴斯基:无法清除的 xhelper 木马
https://securelist.com/unkillable-xhelper-and-a-trojan-matryoshka/96487/
APT 攻击者滥用微软 crypto api 释放后门程序
https://gbhackers.com/apt-hackers-abusing-microsoft-crypto-api/
Clicker木马新家族:Haken木马
https://www.freebuf.com/articles/terminal/230524.html
SideWinder APT 组织 4月 活动情报
https://twitter.com/timele9527/status/1247325070520750080
安全事件 Security Incident
新型勒索软件 WannaRen 风险通告
https://mp.weixin.qq.com/s/QPCiAmoDPiMl3QHE-t7ntw
8000余未受保护的 Redis 实例可遭任意访问
https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-8000-unsecured-redis-instances-found-in-the-cloud/
Hoaxcalls DDoS 僵尸网络利用 Grandstream 和 DrayTek 设备漏洞
https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/
时间紧迫,公网上存在 35万台 Microsoft Exchange 服务器还未修复 早在2月披露的漏洞(CVE-2020-0688)
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
安全资讯 Security Information
Email.it 遭受网络攻击,有超过 60 万用户数据在按网上销售
https://www.zdnet.com/article/email-provider-got-hacked-data-of-600000-users-now-sold-on-the-dark-web/
火眼:据统计调查,越来越多的 0day 在网络攻击中使用
https://www.fireeye.com/blog/threat-research/2020/04/zero-day-exploitation-demonstrates-access-to-money-not-skill.html
伊朗,哥伦比亚和意大利使用COVID-19政府移动应用程序使公民面临网络信息泄露风险
https://www.zerofox.com/blog/covid-19-mobile-apps/
安全研究 Security Research
2019 东京 PWN2OWN TP-Link Archer A7 exp 开发详解
https://www.thezdi.com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo
GTFOBins:一个用来绕过本地安全限制的 Unix 二进制程序列表
https://gtfobins.github.io/
使用 Slack 的 TURN 服务器来访问内部服务(ssrf)
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
漏洞管理面面观
https://www.freebuf.com/vuls/232791.html
大型企业如何部署落地(云)主机EDR+态势感知平台
https://www.freebuf.com/articles/es/230196.html
绕过 sysmon 和 windows 事件日志的通用手法
https://blog.dylan.codes/evading-sysmon-and-windows-event-logging/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn