360-CERT每日安全简报
Daily Security Briefing
2021-05-18 星期二
漏洞 Vulnerability
CVE-2021-31166:Windows HTTP协议远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=4a48aa5671248e5181e57081ba4b0e2a
CVE-2021-29505:XStream远程代码执行漏洞
http://x-stream.github.io/CVE-2021-29505.html
CVE-2020-0674: Microsoft Internet Explorer 8/11 UAF 漏洞
https://github.com/forrest-orr/DoubleStar
安全事件 Security Incident
透明部落组织通过ObliqueRAT拓展恶意软件工具库
https://blog.talosintelligence.com/2021/05/transparent-tribe-infra-and-targeting.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29
黑客组织FIN7技战术更新
https://bi-zone.medium.com/from-pentest-to-apt-attack-cybercriminal-group-fin7-disguises-its-malware-as-an-ethical-hackers-c23c9a75e319
法国东芝公司遭DarkSide勒索软件组织袭击
https://www.zdnet.com/article/toshiba-unit-struck-by-darkside-ransomware-group/
QNAP警告称eCh0raix勒索软件攻击和Roon服务器0day
https://www.bleepingcomputer.com/news/security/qnap-warns-of-ech0raix-ransomware-attacks-roon-server-zero-day/
谈判失败,Babuk勒索软件帮泄露更多警察局的数据
https://www.hackread.com/babuk-ransomware-gang-leaks-dc-police-data/
爱尔兰医疗服务遭到2000万美元勒索
https://www.bleepingcomputer.com/news/security/ireland-s-health-services-hit-with-20-million-ransomware-demand/
安盛保险公司遭遇勒索软件攻击
https://www.bleepingcomputer.com/news/security/insurer-axa-hit-by-ransomware-after-dropping-support-for-ransom-payments/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn