360CERT - 每日安全简报 (2020-11-07)

<<Previous Next>>

漏洞 Vulnerability

[EXP公开] CVE-2020-13935: Tomcat WebSocket 拒绝服务漏洞通告

https://cert.360.cn/warning/detail?id=c01c205c79fc1a9740f6ca9b133fb6f7

CVE-2020-27955：Gita <= 2.29.2 - 远程代码执行 via git-lfs

https://cxsecurity.com/issue/WLB-2020110033

恶意软件 Malware

勒索软件告警: Pay2Key

https://research.checkpoint.com/2020/ransomware-alert-pay2key/

安全事件 Security Incident

GitHub企业服务端源码泄漏

https://www.de24.news/2020/11/githubs-source-code-leaked-on-github-last-night-kind-of.html

安全资讯 Security Information

RansomExx恶意软件现在也将目标对准了linux系统

https://securityaffairs.co/wordpress/110491/malware/linux-version-ransomexx-ransowmare.html

苹果对产品线的24个漏洞进行了修补

https://www.darkreading.com/vulnerabilities---threats/apple-patches-24-vulnerabilities-across-product-lines/d/d-id/1339399

Pwn2Own东京第一天:NETGEAR路由器、NAS设备被攻破

https://securityaffairs.co/wordpress/110509/hacking/pwn2own-tokyo-2020-day1.html

安全研究 Security Research

关于 Trickbot 恶意软件新增的 Anchor 模块分析

https://paper.seebug.org/1392/

CVE-2020-15999：Chrome FreeType字体库堆溢出原理分析

https://www.anquanke.com/post/id/221878

渗透技巧——通过Exchange ActiveSync访问内部文件共享

https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E9%80%9A%E8%BF%87Exchange-ActiveSync%E8%AE%BF%E9%97%AE%E5%86%85%E9%83%A8%E6%96%87%E4%BB%B6%E5%85%B1%E4%BA%AB/

<<Previous Next>>