360-CERT每日安全简报
Daily Security Briefing
2020-07-02 星期四
漏洞 Vulnerability
(Pwn2Own Tokyo 2019) Netgear R6700v3 LAN RCE write-up and exploit
https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Tokyo_2019/tokyo_drift/tokyo_drift.md
Nexus Repository Manager 2.x 命令注入漏洞 (CVE-2019-5475) 两次绕过
https://paper.seebug.org/1260/
安全工具 Security Tools
GoGhost是一种高性能、轻量级、便携的用于大规模SMBGhost扫描的开源工具
https://github.com/deepsecurity-pe/GoGhost
安全报告 Security Report
游走在东欧和中亚的奇幻熊
https://mp.weixin.qq.com/s/pE_6VRDk-2aTI996sff0og
安全资讯 Security Information
美联邦通信委员会周二正式将华为和中兴通讯指定为国家安全威胁
https://www.zdnet.com/article/fcc-officially-designates-huawei-zte-as-national-security-threats/
59款中国APP印度遭禁后续:TikTok主动下架
https://www.cnbeta.com/articles/tech/997721.htm
安全研究 Security Research
重新审视 CVE-2019-19781 (Citrix NetScaler / ADC) 漏洞
https://blog.fox-it.com/2020/07/01/a-second-look-at-cve-2019-19781-citrix-netscaler-adc/
SMBaloo:A CVE-2020-0796 (aka "SMBGhost") Windows ARM64.漏洞利用
https://github.com/msuiche/smbaloo
Zombie VPN在一个特殊的vpnsdk(anchorFree)上执行的系统级代码(CVE-2020-12828)
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
点一下就接管Azure DevOps帐户的漏洞
https://blog.assetnote.io/2020/06/28/subdomain-takeover-to-account-takeover/?v=2
恶意软件 Malware
藏身“隐秘的角落”大肆敛财?!XMRig变种挖矿木马猖獗作恶
https://mp.weixin.qq.com/s/-7Gq7115NYSw2fceBrr__w
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn