360-CERT每日安全简报
Daily Security Briefing
2020-07-01 星期三
漏洞 Vulnerability
UPnP 协议 CallStranger 漏洞影响数百万设备
https://paper.seebug.org/1258/
Treck TCP/IP协议库多个漏洞安全风险通告
https://www.anquanke.com/post/id/209440
CVE-2020-2021 PAN OS操作系统曝“10分”罕见漏洞
https://www.freebuf.com/news/241526.html
安全工具 Security Tools
Spray:一款功能强大的活动目录凭证密码喷射工具
https://github.com/Greenwolf/Spray
ROADtools - 微软Azure AD渗透框架
https://github.com/dirkjanm/ROADtools
安全报告 Security Report
Bitdefender专门针对StrongPity APT组织木马工具的分析报告
https://www.bitdefender.com/files/News/CaseStudies/study/353/Bitdefender-Whitepaper-StrongPity-APT.pdf
安全资讯 Security Information
Google下架了25个窃取Facebook凭据的Android应用
https://www.zdnet.com/article/google-removes-25-android-apps-caught-stealing-facebook-credentials/
安全研究 Security Research
BIAS:蓝牙冒充攻击
https://www.anquanke.com/post/id/209333
联发科芯片 Rootkit 漏洞分析(CVE-2020-0069)
https://paper.seebug.org/1259/
无需任何身份验证实现远程主机网络接口的枚举
https://airbus-cyber-security.com/the-oxid-resolver-part-1-remote-enumeration-of-network-interfaces-without-any-authentication/
恶意软件 Malware
卡巴斯基对工控恶意样本Industroyer的检测与技术分析
https://www.kaspersky.com/enterprise-security/mitre/industroyer
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn