360-CERT每日安全简报
Daily Security Briefing
2020-07-04 星期六
漏洞 Vulnerability
CVE-2020-7284: McAfee NSM 未授权访问
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7284
CVE-2020-5902: F5 BIG-IP 远程代码执行漏洞
https://cert.360.cn/warning/detail?id=a1768348bde7807647cbc7232edce7df
CVE-2020-9497/9498: Apache Guacamole 网关远程代码执行漏洞
https://cert.360.cn/warning/detail?id=00a1d7b3a0c2df9e2e33f6861bf5b496
安全工具 Security Tools
KAFL: x86内核Fuzz工具
https://github.com/IntelLabs/kAFL
安全报告 Security Report
Linux安全的十年
https://grsecurity.net/10_years_of_linux_security.pdf
安全事件 Security Incident
健身公司V Shred 606 GB客户数据泄露
https://www.hackread.com/fitness-firm-v-shred-leaks-606-gb-customer-data/
欧洲警方顺藤摸瓜利用EncroChat抓捕数百名罪犯
https://www.bleepingcomputer.com/news/security/hundreds-arrested-after-encrypted-messaging-network-takeover/
安全研究 Security Research
Windows Telemetry 服务本地信息泄漏与代码执行
https://secret.club/2020/07/01/diagtrack.html
攻击检测基础知识教程:代码执行和持久性-实验1
https://labs.f-secure.com/blog/attack-detection-fundamentals-code-execution-and-persistence-lab-1
针对RMI服务的九重攻击 - 上
https://xz.aliyun.com/t/7930
针对RMI服务的九重攻击 - 下
https://xz.aliyun.com/t/7932
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn