360-CERT每日安全简报
Daily Security Briefing
2020-12-08 星期二
安全报告 Security Report
[酒仙桥六号部队] 红色行动之从绝望到重见光明
https://mp.weixin.qq.com/s/FbA1BshhyQFWsW4nAgxQFw
[原创]某SCADA的远程代码执行漏洞挖掘与利用
https://bbs.pediy.com/thread-263970.htm
IoT 领域 IPv6 安全现状报告
https://static1.squarespace.com/static/5a01100f692ebe0459a1859f/t/5fa2ba52a81b683350465a2f/1604500058182/White_Paper__Current_State_of_IPv6_Security_in_IoT.pdf
安全研究 Security Research
Spring 全家桶各类 RCE 漏洞浅析
https://paper.seebug.org/1422/
Microsoft Teams 无交互、跨平台、具有蠕虫能力的 RCE 漏洞分析
https://github.com/oskarsve/ms-teams-rce/blob/main/README.md
FastJson<=1.2.47RCE细枝末节详细分析
https://www.anquanke.com/post/id/224820
Java反序列化过程中 RMI JRMP 以及JNDI多种利用方式详解
http://blog.topsec.com.cn/java%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e8%bf%87%e7%a8%8b%e4%b8%ad-rmi-jrmp-%e4%bb%a5%e5%8f%8ajndi%e5%a4%9a%e7%a7%8d%e5%88%a9%e7%94%a8%e6%96%b9%e5%bc%8f%e8%af%a6%e8%a7%a3/
安全资讯 Security Information
暗度陈仓!超两千万部金立手机变肉鸡,魅族回应称未参与过
https://zhuanlan.kanxue.com/article-14372.htm
卡巴斯基调查显示四分之一的印度人使用弱密码
https://www.freebuf.com/news/254693.html
安全事件 Security Incident
俄罗斯政府背景的组织利用 VMware Workspace One Access 产品漏洞攻击目标
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn