360-CERT每日安全简报
Daily Security Briefing
2020-10-30 星期五
漏洞 Vulnerability
CVE-2020-14882/14883: Weblogic ConSole HTTP 协议代码执行漏洞通告
https://mp.weixin.qq.com/s/Ir4ROjVRBdgJPnAmt-cQXw
CNVD: 深信服VPN升级维护工具存在命令执行漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-48680
CNVD: D-Link DAP-136 IP参数命令执行漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-59072
安全工具 Security Tools
NetSPI/NetblockTool: 快速收集指定公司的IP列表的
https://github.com/NetSPI/NetblockTool
安全资讯 Security Information
FBI, CISA 发布通告:存在针对医疗保健和公共卫生部门的勒索软件活动
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
群晖 SRM 组件存在多个漏洞
https://blog.talosintelligence.com/2020/10/vulnerability-spotlight-multiple.html
MSRC:监测到Netlogon (CVE-2020-1472)漏洞攻击仍然活跃
https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/
安全报告 Security Report
2020年全球联网数据库风险分析报告
https://mp.weixin.qq.com/s/sfZAAzgzPOxAqFfKkjt3_g
卡巴斯基:2020 Q3 DDoS 攻击报告
https://securelist.com/ddos-attacks-in-q3-2020/99171/
安全事件 Security Incident
KashmirBlack 僵尸网络劫持大量CMS网站
https://thehackernews.com/2020/10/kashmirblack-botnet-hijacks-thousands.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn