360-CERT每日安全简报
Daily Security Briefing
2020-10-02 星期五
漏洞 Vulnerability
CVE-2020-9850|CVE-2020-9856|CVE-2020-9801: Safari类型混淆/沙盒逃逸
https://cxsecurity.com/issue/WLB-2020100009
CVE-2020-25986|CVE-2020-25987: MonoCMS Blog 1.0文件删除/CSRF/硬编码凭证
https://cxsecurity.com/issue/WLB-2020100008
安全研究 Security Research
二维码:一种隐秘的安全威胁
https://threatpost.com/qr-codes-sneaky-security-threat/159757/
Cobalt Strike 绕过流量审计
https://paper.seebug.org/1349/
安全报告 Security Report
CISA和CNMF识别了一个新的恶意软件变种
https://us-cert.cisa.gov/ncas/current-activity/2020/10/01/cisa-and-cnmf-identify-new-malware-variant
安全工具 Security Tools
WhatWeb Scanner 0.5.3
https://packetstormsecurity.com/files/159446/WhatWeb-0.5.3.tar.gz
安全事件 Security Incident
网络罪犯通过BEC攻击从150家公司窃取了1500万美元
https://www.securityweek.com/cybercriminals-stole-15-million-150-companies-bec-attacks
Netwalker勒索软件操作员泄露了从K-Electric窃取的文件
https://securityaffairs.co/wordpress/109000/hacking/k-electric-netwalker-data-leak.html?utm_source=rss&utm_medium=rss&utm_campaign=k-electric-netwalker-data-leak
安全资讯 Security Information
新的恶意软件找到新目标物联网设备——Android电视
https://www.hackread.com/malware-targets-iot-devices-android-tv/
IPStorm僵尸网络从Windows扩展到Android、Mac和Linux
https://www.zdnet.com/article/ipstorm-botnet-expands-from-windows-to-android-mac-and-linux/#ftag=RSSbaffb68
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn