360-CERT每日安全简报
Daily Security Briefing
2020-09-16 星期三
漏洞 Vulnerability
CVE-2020-1472:NetLogon特权提升漏洞通告
https://www.anquanke.com/post/id/217401
CVE-2020-15598:ModSecurity v3 DoS漏洞
http://seclists.org/fulldisclosure/2020/Sep/32
cisco talos披露Nitro Pro PDF reader多个漏洞
https://blog.talosintelligence.com/2020/09/vuln-spotlight-nitro-pdf-sept-2020.html
CVE-2020-14390:Linux kernel slab-out-of-bounds漏洞
https://seclists.org/oss-sec/2020/q3/174
安全工具 Security Tools
WMIHACKER - 绕过杀毒软件横向移动命令执行工具
http://feedproxy.google.com/~r/PentestTools/~3/dkRbV_ANAKk/wmihacker-bypass-anti-virus-software.html
ActiveDirectoryEnumeration - 通过LDAP枚举AD的工具
https://www.kitploit.com/2020/09/activedirectoryenumeration-enumerate-ad.html
安全资讯 Security Information
2020年Gartner十大安全项目发布
https://www.freebuf.com/articles/network/249842.html
Windows 10 Finger命令可以用来下载文件
https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/
US CERT警告伊朗APT组织利用多个VPN漏洞
https://us-cert.cisa.gov/ncas/alerts/aa20-259a
Adobe为Adobe Media Encoder发布例外安全更新
https://www.bleepingcomputer.com/news/security/adobe-releases-out-of-band-security-update-for-adobe-media-encoder/
半夜潜入诈骗团伙内部,才明白为什么兼职刷单总被骗钱
https://www.anquanke.com/post/id/217388
安全研究 Security Research
Potato家族本地提权分析
https://www.anquanke.com/post/id/217397
DeFi 项目 bZx-iToken 盗币事件分析
https://www.anquanke.com/post/id/217358
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn