360-CERT每日安全简报
Daily Security Briefing
2020-05-21 星期四
漏洞 Vulnerability
CVE-2020-1956:Apache Kylin 命令注入漏洞
https://seclists.org/oss-sec/2020/q2/133
CVE-2020-12888:Linux内核vfio DoS漏洞
https://seclists.org/oss-sec/2020/q2/129
CVE-2020-10736:ceph认证绕过漏洞
https://seclists.org/oss-sec/2020/q2/124
DPDK安全漏洞
https://seclists.org/oss-sec/2020/q2/123
安全资讯 Security Information
Chrome 83将默认加密DNS请求
https://www.cbronline.com/news/dns-over-https-in-chrome
安全报告 Security Report
卡巴斯基:2020年第一季度IT威胁演变的统计分析
https://securelist.com/it-threat-evolution-q1-2020-statistics/96959/
安全研究 Security Research
LOLSnif–另一个基于Ursnif的目标追踪活动
https://paper.seebug.org/1213/
通过DNS传输Payloads绕过杀毒软件检查
https://www.peerlyst.com/posts/bypassing-anti-viruses-with-transfer-backdoor-payloads-by-dns-traffic-damon-mohammadbagher?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
HMI固件解密思路
https://mp.weixin.qq.com/s/2qWJVyPeT-L_9lK_bDxQZg
微软发布针对NXNSAttack DNS DDoS攻击的缓解措施
https://www.bleepingcomputer.com/news/security/microsoft-issues-mitigation-for-the-nxnsattack-dns-ddos-attack/#comments
AVWS漏洞扫描实战:HDwiki XSS漏洞发现、利用及修复
https://www.freebuf.com/vuls/200745.html
Linux Rootkit如何避开内核检测
https://mp.weixin.qq.com/s/ksFm2271uR1yrMB02cgKsw
权限提升 T1134 Windows 令牌窃取及防御
https://www.secpulse.com/archives/131423.html
Vim modeline命令执行漏洞分析(CVE-2019-12735)
https://www.anquanke.com/post/id/205669
邮箱伪造之搭建匿名SMTP服务器
https://www.secpulse.com/archives/131408.html
RDP补丁安全性分析
https://www.anquanke.com/post/id/205449
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn