360-CERT每日安全简报
Daily Security Briefing
2020-12-03 星期四
漏洞 Vulnerability
IBM DB2任意代码执行漏洞
https://www.cnvd.org.cn/flaw/show/CNVD-2020-68350
CVE-2020-13530: EIP OpENer拒绝服务漏洞
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1143
CVE-2020-13556:EIP OpENer越界写漏洞
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1170
安全研究 Security Research
Project Zero: iOS 无交互无线电攻击
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
邮件持久化攻击的新前景
https://www.mdsec.co.uk/2020/11/a-fresh-outlook-on-mail-based-persistence/
安全事件 Security Incident
K12 教育机构遭受Ryuk勒索软件攻击
https://securityaffairs.co/wordpress/111824/malware/k12-ryuk-ransomware.html
BlackShadow组织攻击了以色列保险公司Shirbit
https://www.hackread.com/hackers-steal-israel-insurance-firm-client-data-breach/
恶意软件 Malware
通过SSH进行横向移动的挖矿僵尸网络
https://tolisec.com/multi-vector-minertsunami-botnet-with-ssh-lateral-movement/
安全资讯 Security Information
Turla APT组织使用了工具集Crutch实施攻击
https://securityaffairs.co/wordpress/111813/apt/turla-crutch-malware-platform.html
新型网络攻击可影响生物学研究DNA合成过程
https://www.hackread.com/malware-attack-trick-biologists-dangerous-toxins/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn