360-CERT每日安全简报
Daily Security Briefing
2020-08-03 星期一
漏洞 Vulnerability
MacOS <=10.15.5 从用户到内核的本地权限提升链(CVE-2020–9854)
https://objective-see.com/blog/blog_0x4D.html
wdiscuz插件中修补了关键的任意文件上传漏洞(80,000 installed)
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
ueditor 1.4.3.3 .net版 任意文件上传漏洞分析与复现
https://xz.aliyun.com/t/8065
禅道11.6注入分析
https://xz.aliyun.com/t/8066
未知 Unknown
wpdiscuz插件中修补了关键的任意文件上传漏洞(80,000 installed)
https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/
安全资讯 Security Information
FBI锁定Twitter事件背后的三名黑客
https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/
Windows 7用户指责Microsoft Edge窃取数据
https://www.zdnet.com/article/microsoft-edge-is-malware-says-angry-windows-7-user/
安全工具 Security Tools
burp Shiro回显利用工具
https://github.com/potats0/shiroPoc
安全研究 Security Research
抛砖引玉之CobaltStrike4.1的BOF
https://mp.weixin.qq.com/s/-jU4HrPtB8rD4cmqAKZOZw
再谈几种Nginx后门——发现与修复
https://mp.weixin.qq.com/s/kzNRmpCgOOODI6J5A8L2Jg
插件分享 | 可以查看摄像头快照的“Hikvision插件”
https://mp.weixin.qq.com/s/YExvYQ8RtBvrNC0VwwnV9A
实现网络空间的“挂图作战”:网络空间地理学+可视化技术
https://mp.weixin.qq.com/s/53wDSOuSrvybTtHrh10i-Q
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn