360-CERT每日安全简报
Daily Security Briefing
2020-11-06 星期五
漏洞 Vulnerability
SaltStack多个高危漏洞风险通告
https://cert.360.cn/warning/detail?id=349d7e86fb3b52c2ab8ddbd3bb30b5fe
CVE-2020-24435-Adobe Acrobat Reader DC JavaScript SubmitForm堆缓冲区溢出
https://blog.talosintelligence.com/2020/11/vulnerability-spotlight-multiple.html
恶意软件 Malware
QBot特洛伊木马通过利用美国选举不确定性进行垃圾邮件运动
https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/
安全工具 Security Tools
DeepBlueCLI-通过Windows事件日志进行威胁搜寻的PowerShell模块
https://www.kitploit.com/2020/11/deepbluecli-powershell-module-for.html
安全报告 Security Report
KONNI APT组织伪装安全功能应用的攻击活动剖析
https://www.anquanke.com/post/id/221632
CVE-2020-14882:Weblogic Console 权限绕过深入解析
https://cert.360.cn/report/detail?id=a95c049c576af8d0e56ae14fad6813f4
勒索软件利用分析
https://blog.virustotal.com/2020/11/keep-your-friends-close-keep-ransomware.html
第三季度恶意软件趋势分析
https://www.recordedfuture.com/q3-malware-trends/
安全事件 Security Incident
巴西最高法院遭遇勒索袭击
https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/
安全资讯 Security Information
Folksam证实百万瑞典公民信息泄露给Google、Facebook等巨头
https://www.anquanke.com/post/id/221732
ShinyHunters黑客泄露5.22GB的Mashable.com数据库
https://www.hackread.com/shinyhunters-hacker-leaks-mashable-database/
安全研究 Security Research
.Net 反序列化之 ViewState 利用
https://www.anquanke.com/post/id/221630
off-by-one漏洞分析
https://www.52pojie.cn/thread-1297736-1-1.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn