360-CERT每日安全简报
Daily Security Briefing
2020-10-22 星期四
漏洞 Vulnerability
2020-10 补丁日:Oracle多个产品高危漏洞安全风险通告
https://www.anquanke.com/post/id/220208
安全工具 Security Tools
GWTMap - 逆向Google Web Toolkit
https://labs.f-secure.com/blog/gwtmap-reverse-engineering-google-web-toolkit-applications/
MalwareSourceCode - 一些病毒的源代码
https://www.kitploit.com/2020/10/malwaresourcecode-collection-of-malware.html
安全资讯 Security Information
Intezer Analyze的新功能
https://www.intezer.com/blog/new-threat-intel-features-in-intezer-analyze/
安全研究 Security Research
Zimbra 漏洞分析之路
https://www.anquanke.com/post/id/220239
堆中index溢出类漏洞利用思路总结
https://www.anquanke.com/post/id/219092
Windows内核对象管理全景解析前奏
https://www.anquanke.com/post/id/219839
Google Chrome WebGL代码执行漏洞
https://blog.talosintelligence.com/2020/10/vuln-spotlight-chrome-web-gl-.html
深入了解WAGO的云连接性和出现的漏洞
https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-deep-dive-into.html
疫情之下,从某IM软件RCE漏洞看供应链安全
https://www.anquanke.com/post/id/220159
探索GfxDownloadWrapper.exe LOLBIN的程序集加载技术和检测机制
https://bohops.com/2020/10/21/exploring-an-assembly-loading-technique-and-detection-mechanism-for-the-gfxdownloadwrapper-exe-lolbin/
恶意软件 Malware
对Maze勒索病毒的研究
https://securelist.com/maze-ransomware/99137/
XSS到TSS:诈骗活动滥用跨站点脚本漏洞
https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn