360-CERT每日安全简报
Daily Security Briefing
2020-06-28 星期天
漏洞 Vulnerability
CNVD-2020-30168: KKCMS sql 注入漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-30168
Haiwell 云组件 Cloud SCADA 代码执行漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-30190
CVE-2020–8469: 趋势科技密码管理软件 DLL 劫持漏洞
https://seclists.org/fulldisclosure/2020/Jun/30
安全工具 Security Tools
GhostShell:一款带有AV绕过和反分析技术的恶意软件研究工具
https://www.freebuf.com/articles/system/239019.html
Screenspy - 绕过安全策略获用户屏幕截图工具
https://www.kitploit.com/2020/06/screenspy-capture-user-screenshots.html
Espionage - Linux 网络数据包拦截嗅探工具
https://www.kitploit.com/2020/06/espionage-network-packet-and-traffic.html
安全事件 Security Incident
GeoVision 门禁设存在备漏洞导致黑客窃取用户指纹信息
https://www.bleepingcomputer.com/news/security/geovision-access-control-devices-let-hackers-steal-fingerprints/
安全资讯 Security Information
Magento 1.x 版本仍在被大规模使用
https://www.zdnet.com/article/adobe-mastercard-visa-warn-online-store-owners-of-magento-1-x-eol/
安全研究 Security Research
云WAF如何防止敏感信息泄漏
https://www.freebuf.com/articles/web/239300.html
Oracle VirtualBox VHWA UAF 漏洞分析
https://starlabs.sg/blog/2020/06/oracle-virtualbox-vhwa-use-after-free-privilege-escalation-vulnerability/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn