360-CERT每日安全简报
Daily Security Briefing
2020-06-28 星期天
<<Previous
Next>>
漏洞
Vulnerability
CNVD-2020-30168: KKCMS sql 注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-30168
Haiwell 云组件 Cloud SCADA 代码执行漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-30190
CVE-2020–8469: 趋势科技密码管理软件 DLL 劫持漏洞
https://seclists.org/fulldisclosure/2020/Jun/30
安全工具
Security Tools
GhostShell:一款带有AV绕过和反分析技术的恶意软件研究工具
https://www.freebuf.com/articles/system/239019.html
Screenspy - 绕过安全策略获用户屏幕截图工具
https://www.kitploit.com/2020/06/screenspy-capture-user-screenshots.html
Espionage - Linux 网络数据包拦截嗅探工具
https://www.kitploit.com/2020/06/espionage-network-packet-and-traffic.html
安全事件
Security Incident
GeoVision 门禁设存在备漏洞导致黑客窃取用户指纹信息
https://www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/
安全资讯
Security Information
Magento 1.x 版本仍在被大规模使用
https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/
安全研究
Security Research
云WAF如何防止敏感信息泄漏
https://www.freebuf.com/articles/web/239300.html
Oracle VirtualBox VHWA UAF 漏洞分析
https://starlabs.sg/blog/2020/06/oracle-virtualbox-vhwa-use-after-free-privilege-escalation-vulnerability/
<<Previous
Next>>