360-CERT每日安全简报
Daily Security Briefing
2020-12-04 星期五
漏洞 Vulnerability
LILIN DVR/NVR 在野0-day漏洞攻击报告2
https://blog.netlab.360.com/another-lilin-dvr-0-day-being-used-to-spread-mirai/
恶意软件 Malware
QuasarRAT远控及其家族分析
https://github.com/JPCERTCC/QuasarRAT-Analysis
攻击政府的 Turla Crutch 后门
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
Turla 组织和 Co 组织之间的活动关联分析
https://www.heise.de/news/APT-Gruppen-Turla-und-Co-tarnen-Angriffe-durch-scheinbar-harmlose-Aktivitaeten-4978541.html
DeathStalker 恶意软件分析
https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/
APT 21 样本逐步剖析
https://cybergeeks.tech/dissecting-apt21-samples-using-a-step-by-step-approach/
Xhunt 分析:使用了新的后门
https://unit42.paloaltonetworks.com/xhunt-campaign-backdoors/
僵尸网络 Gitpaste-12 通过GitHub和Pastebin传播
https://www.bleepingcomputer.com/news/security/reverse-shell-botnet-gitpaste-12-spreads-via-github-and-pastebin/?__cf_chl_jschl_tk__=a03581222de621ec3be6db48da71ce71821ac1e1-1607048481-0-AbO2Crj9tikh8EQY80k3dciDuCOPb3ndVRxd9a1T4_H0Nkd86WTLb2LnNGUh1LyewgyUauPw3V5zchUzFnvmHvOp4xfzxX0am02HT0dS30FuKHFth8m3lxjp6ofgUkkb8crjCJZ_go5JLaMVN7jH-v6izwmARTYV2rEvWzQP-Jm7I4EpftqNSob4widmelpWQYhgniQUcLfIwPvW2gmFMgVuFEVyNbKiZvYHAqry1679Kw0NZPzPcrHUsDBpJPjyjF0wmuUdAiDlHf532J52sZzaU-IV6Hc8IOHrvkhkh-4rypAsrd6c7smU9x4hzcm9N8P4McaNQ4KZIG_v93fP4B2WMMP3WftrYv0qPaCkyEx4pUBt_t_cNIB502n3Ppx667Z621v0zSI9TqNSuvslwL0oa9UpoJsI8wtsWibpHC-q
安全报告 Security Report
卡巴斯基:APT事件的年度回顾(2020)
https://securelist.com/apt-annual-review-what-the-worlds-threat-actors-got-up-to-in-2020/99574/
安全事件 Security Incident
针对美国智库的APT攻击披露
https://us-cert.cisa.gov/sites/default/files/publications/AA20-336A-APT_Actors_Targeting_US_ThinkTanks.pdf
安全资讯 Security Information
Trickbot新增Bootkit模块攻击固件
https://www.bankinfosecurity.com/trickbot-now-uses-bootkit-to-attack-firmware-a-15517
全球网络钓鱼组织聚焦在“COVID-19” 冷链
https://www.tripwire.com/state-of-security/security-data-protection/global-phishing-campaign-sets-sights-on-covid-19-cold-chain/
安全研究 Security Research
V8逃逸分析(escape-analysis)——N1CTF2020 Escape
https://www.anquanke.com/post/id/224317
As-Exploits: 中国蚁剑后渗透框架
https://xz.aliyun.com/t/8591
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn