360-CERT每日安全简报
Daily Security Briefing
2020-09-22 星期二
漏洞 Vulnerability
CVE-2020-4643:WebSphere Application Server信息泄露漏洞
https://www.ibm.com/support/pages/node/710969
CVE-2020-5421:Spring Framework RFD 保护机制绕过漏洞
https://tanzu.vmware.com/security/cve-2020-5421
安全研究 Security Research
RASP攻防 —— RASP安全应用与局限性浅析
https://security.tencent.com/index.php/blog/msg/166
对多米诺行动所用JScript漏洞(CVE-2020-0968)的详细分析
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/cve-2020-0968/
利用隐写术配合4个重定向连接到c2
https://medium.com/@curtbraz/one-part-steganography-four-redirectors-and-a-splash-of-c2-e13e5a65daa9
CVE-2020-16171:Acronis Cyber Backup SSRF漏洞分析
https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/
fastadmin最新版前台getshell漏洞分析
https://mp.weixin.qq.com/s/XR6p6sf3__QtpMjJuJEjfA
安全报告 Security Report
Checkpoint 对 Rampant Kitten 伊朗间谍组织的分析报告
https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
安全工具 Security Tools
微软开源OneFuzz
https://github.com/microsoft/onefuzz
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn