360-CERT每日安全简报
Daily Security Briefing
2020-04-09 星期四
漏洞 Vulnerability
WordPress Lead Plus X WordPress插件中的严重漏洞
https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-in-the-wp-lead-plus-x-wordpress-plugin/
CNVD-2020-21803:Mozilla Firefox和Firefox ESR内存错误引用漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-21803
CNVD-2020-21802 Mozilla Firefox和Firefox ESR内存错误引用漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-21802
CNVD-2020-18686:宝塔Linux面板存在逻辑缺陷漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-18686
安全资讯 Security Information
7场针对流行病的医疗保健机构的网络攻击
https://businessinsights.bitdefender.com/7-cyberattacks-against-pandemic-stressed-healthcare-orgs?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+BusinessInsightsInVirtualizationAndCloudSecurity+%28Business+Insights+In+Virtualization+and+Cloud+Security%29
火眼:由COVID-19驱动的网络威胁格局的有限变化
https://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html
Maze勒索软件运营商披露了来自药物测试公司HMR的数据
https://securityaffairs.co/wordpress/101247/data-breach/maze-ransomware-hmr-leak.html
以Skype为主题的应用程序隐藏了大量恶意软件
https://threatpost.com/skype-apps-hide-malware/154566/
安全报告 Security Report
【更新】新型勒索软件WannaRen风险通告
https://cert.360.cn/warning/detail?id=2f45e9274a8a894c2b358903a6f6115f
“震网”三代和二代漏洞技术分析报告
https://cert.360.cn/report/detail?id=3e6f34de3afb14cfd6cd65231e16790b
2019年的垃圾邮件和网络钓鱼报告
https://securelist.com/spam-report-2019/96527/
微软在全球危机中共享新的威胁情报和安全指导
https://www.microsoft.com/security/blog/2020/04/08/microsoft-shares-new-threat-intelligence-security-guidance-during-global-crisis/
Dark Nexus:一个针对广泛设备的新型物联网僵尸网络分析报告
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
安全研究 Security Research
模糊测试器开发流程-Part-1
https://h0mbre.github.io/Fuzzing-Like-A-Caveman/
模糊测试器开发流程-Part-2
https://h0mbre.github.io/Fuzzing-Like-a-Caveman-Part-2/
tomcat幽灵猫分析
https://xz.aliyun.com/t/7510
基于纯软件环境的AVR逆向分析
https://www.anquanke.com/post/id/202256
BlueBorne 之 CVE-2017-0785 原理分析
https://www.anquanke.com/post/id/202575
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn