360-CERT每日安全简报
Daily Security Briefing
2020-08-01 星期六
漏洞 Vulnerability
Zoom 网页客户端存在密码爆破漏洞
https://www.hackread.com/zoom-web-client-flaw-crack-private-meetings-passcode/
CVE-2020-14158: ABUS Secvest Hybrid 模块认证绕过漏洞
https://seclists.org/fulldisclosure/2020/Jul/36
RouterOS 3处内存漏洞
https://seclists.org/fulldisclosure/2020/Jul/32
安全资讯 Security Information
IndieFlix 公司s3存储空间数据泄漏
https://cybernews.com/security/indieflix-leaks-thousands-of-filmmaker-ssns-confidential-agreements-videos/
Pwn20wn 黑客马拉松将在11月线上举行
https://www.hackread.com/pwn20wn-hackathon-going-online-november-2020/
BootHole漏洞的修复将造成多个Linux发行版无法启动
https://www.zdnet.com/article/boothole-fixes-causing-boot-problems-across-multiple-linux-distros/
安全报告 Security Report
WastedLocker 勒索软件报告-paloalto
https://unit42.paloaltonetworks.com/wastedlocker/
WastedLocker 技术分析-卡巴斯基
https://securelist.com/wastedlocker-technical-analysis/97944/
安全研究 Security Research
HTTP/2 新型侧信道攻击方式
https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html
Project Zero: 单字节iOS 内核攻击技术
https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.html
挖洞经验 | 通过域名劫持实现Azure DevOps账户劫持
https://www.freebuf.com/articles/web/242727.html
透过tcft2020的chromium_rce学习V8
https://xz.aliyun.com/t/8057
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn