360-CERT每日安全简报
Daily Security Briefing
2020-06-30 星期二
漏洞 Vulnerability
CVE-2020-2021 PAN-OS:SAML身份验证中的身份验证绕过
https://security.paloaltonetworks.com/CVE-2020-2021
CVE-2020-11996: Apache Tomcat HTTP/2 拒绝服务攻击漏洞通告
https://cert.360.cn/warning/detail?id=530ef8a50e2435846f7291157b40c6e4
安全研究 Security Research
JNDI之初探 LDAP
https://mp.weixin.qq.com/s/Pg2bb6385Sv6ptsXAS22-g
浅谈PyYAML反序列化漏洞
https://xz.aliyun.com/t/7923
红蓝对抗之Windows内网渗透
https://mp.weixin.qq.com/s/OGiDm3IHBP3_g0AOIHGCKA
CVE-2019-5786 漏洞原理分析及利用
https://paper.seebug.org/1257/
ThinkPHP 6.x反序列化POP链(二)
https://mp.weixin.qq.com/s/mk1zT_jWryEzV8tTKzl-Jg
硬件安全系列——ARM Cortex-M4固件逆向分析
https://www.anquanke.com/post/id/209364
安全事件 Security Incident
研究人员透露,在COVID-19期间,每天对Windows RDP进行的暴力攻击次数已增加了一倍
https://securityaffairs.co/wordpress/105335/hacking/rdp-during-covid-19.html
Satori IoT僵尸网络作者被判入狱13个月
https://nakedsecurity.sophos.com/2020/06/29/satori-iot-botnet-author-sentenced-to-13-months-in-prison/
在勒索软件攻击后,UCSF向网络罪犯支付了114万美元以恢复文件
https://www.securityweek.com/ucsf-pays-cybercriminals-114-million-recover-files-after-ransomware-attack
安全工具 Security Tools
Kube-Bench 检查是否根据CIS Kubernetes 安全基准部署了Kubernetes
https://www.kitploit.com/2020/06/kube-bench-checks-whether-kubernetes-is.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn