360-CERT每日安全简报
Daily Security Briefing
2020-09-08 星期二
安全研究 Security Research
java 安全开发之 spring boot Thymeleaf 模板注入
https://paper.seebug.org/1332/
如何简单的打造过WAF的蚁剑
https://mp.weixin.qq.com/s/jigMkw2v1gEN7MLHpKC7RA
用友 NC 6.5反序列化漏洞复现与分析
https://xz.aliyun.com/t/8242
一次病毒应急的学与思
https://mp.weixin.qq.com/s/4dmRdcQTdG2h-ulNTCHbew
Struts2-059 远程代码执行漏洞(CVE-2019-0230)分析
https://paper.seebug.org/1331/
使用Windows 10主题来窃取Windows密码
https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/
安全资讯 Security Information
WhatsApp现神秘漏洞,黑客可远程查看聊天记录
https://www.anquanke.com/post/id/216843
恶意软件 Malware
恶意软件作者使用.NET库创建恶意Excel文档来绕过安全检查
https://gbhackers.com/excel-documents-library/
安全事件 Security Incident
黑客窃取了澳大利亚政府机构的738 GB数据
https://www.hackread.com/hackers-stole-738-gb-data-australian-government-agency/
智利银行:全国有超过12,000个系统被REvil勒索软件感染
https://www.reddit.com/r/netsec/comments/iodjfx/chilean_state_bank_over_12000_systems_infected/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn