360-CERT每日安全简报
Daily Security Briefing
2021-05-27 星期四
漏洞 Vulnerability
CVE-2021-21985: VMware vCenter Server远程代码执行漏洞
https://cert.360.cn/warning/detail?id=21bda4287b2b47416e93cc7817bf4a1a
CVE-2021-21974:VMware ESXI OpenSLP堆溢出漏洞POC公开
https://straightblast.medium.com/my-poc-walkthrough-for-cve-2021-21974-a266bcad14b9
CVE-2021-23017:Nginx DNS解析器堆写入漏洞
http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html?_ga=2.226374547.887891783.1622009482-1877491649.1622009482
安全事件 Security Incident
APT41组织滥用Microsoft数字签名进行恶意活动
https://www.lac.co.jp/lacwatch/report/20210521_002618.html
从Wiper到Ransomware | 伊朗Agrius组织的演化
https://assets.sentinelone.com/sentinellabs/evol-agrius
APT组织白皮书—来自加沙地区的Molerats
https://mp.weixin.qq.com/s/OxtOiqrb9lcGhwJtXqmuZg
担心遭受黑客以金融交易和报酬为名发起的攻击
https://blog.alyac.co.kr/3799?category=957259
Lazarus 发起的"Operation Dream Job" 攻击是什么?
https://resources.infosecinstitute.com/topic/what-is-operation-dream-job-by-lazarus/
英国保险公司从勒索软件攻击中恢复
https://www.databreachtoday.com/uk-insurer-recovering-from-ransomware-attack-a-16736
俄罗斯暗网市场Hydra加密货币交易在2020年达到13.7亿美元
https://www.zdnet.com/article/russian-dark-web-marketplace-hydra-cryptocurrency-transactions-reached-1-37bn-in-2020/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn