360-CERT每日安全简报
Daily Security Briefing
2021-07-01 星期四
漏洞 Vulnerability
CVE-2021-35464: ForgeRock AM远程代码执行漏洞通告
https://cert.360.cn/warning/detail?id=95aac3f95ad740c3f34f4c08a67b9868
CVE-2020-3580: Cisco ASA安全软件XSS漏洞通告
https://cert.360.cn/warning/detail?id=da110699471438ea6c30b12ac979e535
安全事件 Security Incident
Lorenz由于算法问题,导致部分文件能解密
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-decryptor-recovers-victims-files-for-free/
使用 LoLBins 的恶意 Office 文档
https://www.netskope.com/blog/not-laughing-malicious-office-documents-using-lolbins
疑似Hades组织以军事题材针对乌克兰发起攻击
https://mp.weixin.qq.com/s/1wQbepT4pMJdv2k8uoR01w
“WayBack”行动:隐藏在视线中的大规模行动
https://yoroi.company/research/the-wayback-campaign-a-large-scale-operation-hiding-in-plain-sight/
美国超市巨头Wegmans敏感数据泄露
https://www.hackread.com/wegmans-supermarket-expose-sensitive-data/
REvil勒索软件的新Linux加密机针对ESXi虚拟机
https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn