360-CERT每日安全简报
Daily Security Briefing
2020-10-26 星期一
漏洞 Vulnerability
CNVD-C-2020-121325:禅道文件上传漏洞通告
https://cert.360.cn/warning/detail?id=ace6901fc02100078ce586ffe53d4cfb
安全研究 Security Research
Citrix 网关插件多个提权漏洞的分析
https://cymptom.com/gateway2hell-multiple-privilege-escalation-vulnerabilities-in-citrix-gateway-plug-in/2020/10/
IBM QRadar Java 反序列化漏洞分析(CVE-2020–4280
https://medium.com/@testbnull/cve-2020-4280-ibm-qradar-java-deserialization-anlysis-and-bypass-c3fe57207057
CVE-2020-26561:Linksys WRT160NL 远程溢出漏洞分析
https://research.nccgroup.com/2020/10/20/wrt160nl-cve-2020-26561-bof/
CVE-2018-2093: Firefox WebAssembly 整数溢出漏洞分析
https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/?utm_source=rss&utm_medium=rss&utm_campaign=firefox-vulnerability-research
安全事件 Security Incident
美国大选:垃圾邮件发送者使用伪造的选民登记表来窃取用户数据和银行凭证
https://www.thetechstreetnow.com/tech/us-elections-spammers-use-fake-voter-registration-forms-to-steal-user-data-and-banking-credentials/11118660311353938322/11118660311353938322/
勒索软件攻击佐治亚州县的投票系统
https://www.hackread.com/voting-system-georgia-county-ransomware-attack/
Cloudflare修复了HTTP/2走私漏洞
https://lab.wallarm.com/cloudflare-fixed-an-http-2-smuggling-vulnerability/
安全工具 Security Tools
Awesome Asset Discovery:资产发现工具总结
https://github.com/redhuntlabs/Awesome-Asset-Discovery
Manuka:一个开源情报沙箱
https://github.com/spaceraccoon/manuka
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn