360-CERT每日安全简报
Daily Security Briefing
2020-05-22 星期五
漏洞 Vulnerability
CVE-2020-8816: Pi-hole中的远程代码执行漏洞分析及复现
https://www.freebuf.com/vuls/234533.html
CVE-2020-9484:Apache Tomcat Session 反序列化代码执行漏洞通告
https://www.anquanke.com/post/id/206278
安全工具 Security Tools
scanbox:功能强大的黑客工具包
https://twitter.com/Peerlyst/status/1263513655397748737
Sandcastle:一款针对AWS S3 Bucket的Python枚举脚本
https://www.freebuf.com/sectool/233014.html
恶意软件 Malware
英特尔最新的Malwarebytes威胁报告关注“Silent Night”木马
https://twitter.com/owlwoman911_/status/1263624624236924928
安全事件 Security Incident
Signal修复位置揭示漏洞,引入Signal PIN
https://www.helpnetsecurity.com/2020/05/21/signal-pins/
Dark Web黑客发布200GBToll Group的公司数据
https://www.hackread.com/dark-web-hackers-leak-200gb-toll-group-stolen-corporate-data/
在黑暗网络上售出800万条记录后,Home Chef确认数据泄露
https://www.scmagazine.com/home/security-news/home-chef-confirms-data-breach-after-eight-million-records-sold-on-dark-web/
安全资讯 Security Information
四个机构警告银行和客户COVID-19骗局
http://feedproxy.google.com/~r/fifth-domain/home/~3/EQ7_RtKZ-x0/
美国银行:COVID-19贷款数据可能泄露
https://www.databreachtoday.com/bank-america-covid-19-loan-data-may-have-leaked-a-14319
模块化后门潜入视频游戏开发商的服务器
https://www.scmagazine.com/home/security-news/gaming/modular-backdoor-sneaked-into-video-game-developers-servers/
商家如何做才能避免成为大规模ATO攻击的受害者?
https://www.helpnetsecurity.com/2020/05/22/large-scale-ato-attacks/
360发布《2020年Q1手机安全状况报告》,带你快速了解疫情下的网络安全趋势
https://www.anquanke.com/post/id/205982
安全研究 Security Research
如何在复杂环境获取有效信息
http://arxiv.org/abs/2005.10383
逆向 Flutter 应用(第一部分)
https://www.anquanke.com/post/id/205876
如何养成良好的渗透测试项目管理习惯
https://www.secpulse.com/archives/131594.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn