360-CERT每日安全简报
Daily Security Briefing
2020-11-18 星期三
漏洞 Vulnerability
CVE-2020-27131 思科安全管理器反序列化漏洞
https://mp.weixin.qq.com/s/6X09PZ9gjaPL-auWPEaoeg
Citrix SD-WAN 多个高危漏洞通告
https://cert.360.cn/warning/detail?id=d8b15268cb967257223e5b192040f6d6
Citrix XenMobile 路径遍历漏洞
https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
安全事件 Security Incident
Linux.Ngioweb 僵尸网络快速更新,正在瞄准物联网设备
https://paper.seebug.org/1400/
黑客正在积极探索数百万个WordPress网站
https://www.bleepingcomputer.com/news/security/hackers-are-actively-probing-millions-of-wordpress-sites/
安全报告 Security Report
Windows系统仍然容易受到BlueKeep漏洞的攻击
https://securityaffairs.co/wordpress/111051/hacking/windows-vulnerable-bluekeep.html
安全研究 Security Research
Linux X.25套接字栈越界读写漏洞详细分析
https://mp.weixin.qq.com/s/BkyoC5M25T3KGG2xaqIr3w
基于OpenResty的WAF原理与实践
https://www.freebuf.com/articles/web/254124.html
Adminer SSRF:绕过CVE-2018-7667修复并走私POST参数
https://mp.weixin.qq.com/s/1_mlzJNdEXVXltV3vc7fjQ
Android端Firefox引擎中的漏洞分析
https://www.anquanke.com/post/id/222389
一种针对Webpack等前端打包工具构建的网站的自动化测试思路
https://mp.weixin.qq.com/s/0YDXUbJuKue01H9w35xf-A
骑士 CMS 远程命令执行分析
https://xz.aliyun.com/t/8520
CVE-2020-1472漏洞实战
https://mp.weixin.qq.com/s?__biz=MzU1NjgzOTAyMg==&mid=2247489080&idx=1&sn=8e90a8616383fa4b675cba47f8787159
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn