360-CERT每日安全简报
Daily Security Briefing
2020-10-28 星期三
漏洞 Vulnerability
CNVD-C-2020-121325:禅道文件上传漏洞通告
https://cert.360.cn/warning/detail?id=ace6901fc02100078ce586ffe53d4cfb
安全工具 Security Tools
JWT-Hack:一个JWT攻击工具
https://github.com/hahwul/jwt-hack
安全报告 Security Report
北非狐(APT-C-44)攻击活动揭露
https://blogs.360.cn/post/APT-C-44.html
俄罗斯政府支持的高级黑客持续攻击美国政府网络
https://paper.seebug.org/1383/
安全资讯 Security Information
FBI披露黑客利用SonarQube盗取政府源码
https://www.bleepingcomputer.com/news/security/fbi-hackers-stole-government-source-code-via-sonarqube-instances/
安全研究 Security Research
CVE-2020-16939:windows组策略DACL覆盖导致的特权提升漏洞分析
https://www.zerodayinitiative.com/blog/2020/10/27/cve-2020-16939-windows-group-policy-dacl-overwrite-privilege-escalation
如何打破JVM验证器(part1)
https://github.com/bytechef/Blog/tree/master/001-Breaking-The-Verifier-1
如何打破JVM验证器(part2)
https://github.com/bytechef/Blog/tree/master/002-Breaking-The-Verifier-2
CVE-2020-26878 & CVE-2020-26879:Ruckus物联网控制器远程代码执行漏洞分析
https://adepts.of0x.cc/ruckus-vriot-rce/
Tomcat 内存马检测
https://paper.seebug.org/1381/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn