360-CERT每日安全简报
Daily Security Briefing
2020-05-25 星期一
漏洞 Vulnerability
Check Point发布了针对常见Linux内存损坏安全漏洞的开源修复程序
https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/
思科呼叫中心平台Unified Contact Center Express(Unified CCX)产品可远程利用的漏洞,基于Java的远程管理界面中的严重反序列化漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN
某些Epson投影仪中的身份验证绕过漏洞
https://blog.talosintelligence.com/2020/05/vuln-spotlight-epson-project-authentication-may-2020.html
罗克韦尔自动化EDS子系统SQL注入漏洞
https://www.us-cert.gov/ics/advisories/icsa-20-140-01
恶意软件 Malware
安天Darkhotel组织渗透隔离网络的Ramsay组件分析
https://mp.weixin.qq.com/s/X4FkItJVS9RMxoX4lwWPyA
针对意大利制造行业的高级威胁,疑似与Gorgon APT相关。
https://yoroi.company/research/cyber-criminal-espionage-operation-insists-on-italian-manufacturing/
启明星辰Darkhotel组织Ramsay框架分析
https://mp.weixin.qq.com/s/taYLJwL2XS1_WDQOuoAEdg
安全资讯 Security Information
网络安全公司ImmuniWeb发布了一个免费工具,该工具可让企业和政府组织检查其暗网暴露情况
https://www.immuniweb.com/radar/
安全研究 Security Research
GhostDNS Source Code Leaked,大多数GhostDNS活动都针对拉丁美洲,特别是巴西的路由器。
https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/
蓝牙攻击新技术
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
安全事件 Security Incident
200万印尼人的选民信息泄
https://underthebreach.com/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn