360-CERT每日安全简报
Daily Security Briefing
2020-09-21 星期一
漏洞 Vulnerability
Bitwarden 密码管理工具远程代码执行漏洞
https://github.com/bitwarden/desktop/issues/552#issue-705081460
rConfig 远程代码执行漏洞
https://ssd-disclosure.com/ssd-advisory-rconfig-unauthenticated-rce/
基于HiSilicon的硬件视频编码器中的后门和其他多个漏洞
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
CVE-2020-13948: Apache Superset远程代码执行漏洞
https://cert.360.cn/warning/detail?id=9b2f3aaaec1586267b655034b01d3bed
安全工具 Security Tools
探索FinCEN文件数据
https://projects.icij.org/investigations/fincen-files/explore-the-data/#/my-nav-dropdown
安全事件 Security Incident
Rampant Kitten - 伊朗的间谍活动
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
安全资讯 Security Information
Mozi僵尸网络占了IoT网络流量的90%
https://securityaffairs.co/wordpress/108537/malware/mozi-botnet-iot-traffic.html
安全研究 Security Research
CVE-2020-9964:IOS 14.0信息泄露漏洞分析
https://muirey03.blogspot.com/2020/09/cve-2020-9964-ios-infoleak.html
使用十六进制IP地址的网络钓鱼攻击活动
https://mp.weixin.qq.com/s/GLc3Bsp0Pt_QulRp4q0uxA
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn