360-CERT每日安全简报
Daily Security Briefing
2020-11-14 星期六
漏洞 Vulnerability
Samsung NPU 共享内存解析内存破坏漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=2073
安全事件 Security Incident
揭露:受雇佣的APT组织攻击南亚金融娱乐行业
https://thehackernews.com/2020/11/uncovered-apt-hackers-for-hire-target.html
Vertafore数据泄露暴露了2770万德克萨斯州驾驶员的数据
https://securityaffairs.co/wordpress/110848/data-breach/vertafore-data-breach.html
安全报告 Security Report
系统管理模式深入探讨:SMM隔离如何强化平台安全性
https://www.microsoft.com/security/blog/2020/11/12/system-management-mode-deep-dive-how-smm-isolation-hardens-the-platform/
安全研究 Security Research
探索CVE-2020-16898“坏邻居”漏洞的可利用性
https://blog.zecops.com/vulnerabilities/exploring-the-exploitability-of-bad-neighbor-the-recent-icmpv6-vulnerability-cve-2020-16898/
SAD DNS-新的DNS缓存攻击方式
https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
Firefox漏洞研究第2部分
https://blog.exodusintel.com/2020/11/10/firefox-vulnerability-research-part-2/
Firefox漏洞研究第1部分
https://blog.exodusintel.com/2020/10/20/firefox-vulnerability-research/
Weblogic IIOP 协议 NAT 网络绕过
https://paper.seebug.org/1396/
使用Sysmon检测已知的DLL劫持和命名管道令牌模拟攻击
https://labs.jumpsec.com/detecting-known-dll-hijacking-and-named-pipe-token-impersonation-attacks-with-sysmon/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn