360-CERT每日安全简报
Daily Security Briefing
2020-11-01 星期天
漏洞 Vulnerability
CVE-2020-28031 eramba c2.8.1 HTTP主机头注入
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28031
CVE-2020-7373 vBulletin 远程命令执行漏洞
https://github.com/rapid7/metasploit-framework/pull/13970
CVE-2020-28036 WordPress XML-RPC特权升级
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28036
安全资讯 Security Information
谷歌披露Windows零日漏洞被利用
https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/#ftag=RSSbaffb68
103,000台计算机仍然容易受到SMBGhost攻击
https://securityaffairs.co/wordpress/110247/hacking/smbghost-vulnerable-machines-dangers.html
安全事件 Security Incident
黑客正在出售从17家公司失窃的3400万用户记录
https://www.bleepingcomputer.com/news/security/hacker-is-selling-34-million-user-records-stolen-from-17-companies/
DoppelPaymer勒索软件团伙泄露了佐治亚州霍尔县的选民信息
https://securityaffairs.co/wordpress/110180/cyber-crime/doppelpaymer-ransomware-hall-county.html
安全研究 Security Research
Spring 视图操纵漏洞
https://mp.weixin.qq.com/s/pJGE7nS2zg-tuz4YPf7Xgw
CrowdStrike | 无文件攻击白皮书
https://www.freebuf.com/articles/neopoints/253687.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn