360-CERT每日安全简报
Daily Security Briefing
2020-09-06 星期天
安全工具 Security Tools
varchashva/vPrioritizer: 集中化漏洞风险管理平台
https://github.com/varchashva/vPrioritizer
infobyte/faraday: 协同渗透测试和漏洞管理平台
https://github.com/infobyte/faraday
安全资讯 Security Information
FBI发布了ProLock勒索软件窃取数据的第二次通告
https://securityaffairs.co/wordpress/107920/malware/prolock-ransomware-fbi-alert.html
CVE-2020-17496: vBulletin预认证RCE漏洞的野外利用
https://unit42.paloaltonetworks.com/cve-2020-17496/
针对在线课程的DDoS攻击
https://www.hackread.com/teen-arrested-ddos-attacks-disrupted-school-online-classes/
恶意软件 Malware
Thanos勒索软件:针对中东和北非的国有组织的变种
https://unit42.paloaltonetworks.com/thanos-ransomware/
安全研究 Security Research
Windows横向移动第1部分– WMI事件订阅
https://www.mdsec.co.uk/2020/09/i-like-to-move-it-windows-lateral-movement-part-1-wmi-event-subscription/
CPR-Zero: CVE-2020-1247: Windows 10 x64 1909 越界读写漏洞
https://cpr-zero.checkpoint.com/vulns/cprid-2154/
IoT安全测试指北
https://www.freebuf.com/articles/ics-articles/247718.html
安全报告 Security Report
白宫发布了太空系统的网络安全规则手册
https://www.zdnet.com/article/white-house-publishes-a-cyber-security-rulebook-for-space-systems/
卡巴斯基:数字教育-在线教室的网络风险
https://securelist.com/digital-education-the-cyberrisks-of-the-online-classroom/98380/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn