360-CERT每日安全简报
Daily Security Briefing
2021-04-08 星期四
漏洞 Vulnerability
Pwn2Own 2021大会上曝出Exchange存在未授权代码执行漏洞
https://twitter.com/thezdi/status/1379467992862449664
Django发布安全更新修复一个低危漏洞
https://www.djangoproject.com/weblog/2021/apr/06/security-releases/
VRealize Operations高危漏洞POC已公开
https://attackerkb.com/topics/51Vx3lNI7B/cve-2021-21975
Rockwell FactoryTalk AssetCenter存在严重漏洞
https://securityaffairs.co/wordpress/116391/ics-scada/rockwell-factorytalk-assetcentre-flaws.html
安全事件 Security Incident
深信服VPN客户端远程下载文件执行挖掘(已修复)
https://mp.weixin.qq.com/s/XbsxziIFKx8VhGd-pv0Ghg
Aurora活动:针对阿塞拜疆的网络攻击
https://blog.malwarebytes.com/threat-analysis/2021/04/aurora-campaign-attacking-azerbaijan-using-multiple-rats/
EtterSilent为黑客提供廉价工具
https://www.scmagazine.com/home/security-news/ransomware/hackers-rush-to-new-doc-builder-that-uses-macro-exploit-posing-as-docusign/
医疗网络钓鱼事件导致重大数据泄露
https://www.databreachtoday.com/healthcare-phishing-incidents-lead-to-big-breaches-a-16339
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn