360-CERT每日安全简报
Daily Security Briefing
2021-08-16 星期一
漏洞 Vulnerability
CVE-2021-37608: Apache OFBiz任意文件上传漏洞
https://www.mail-archive.com/announce@apache.org/msg06678.html
CVE-2021-37690: Tensorflow UAF漏洞
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg
安全事件 Security Incident
TeamTNT新变种通过ELF打包bash脚本,利用Hadoop ResourceManager RCE 传播
https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
IISpy:微软Web服务器后门
https://www.ehackingnews.com/2021/08/iispy-installs-backdoor-on-microsofts.html
100万张被盗信用卡在暗网曝光
https://www.cnbeta.com/articles/tech/1165047.htm
IT咨询巨头埃森哲遭遇Lockbit勒索软件攻击,被勒索3.2亿美元
https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/
Bahamut组织利用钓鱼网站分发Android APK
https://blog.cyble.com/2021/08/10/bahamut-threat-group-targeting-users-through-phishing-campaign/
Aggah 使用被攻陷的网站攻击亚洲各地的企业,包括台湾制造业
https://www.anomali.com/blog/aggah-using-compromised-websites-to-target-businesses-across-asia-including-taiwan-manufacturing-industry
LOREC53组织分析报告——攻击组件部分
http://blog.nsfocus.net/lorec53-nsfocus/
冒充统一部,与朝鲜有关的APT攻击出现... “网络攻击注意力变成了工作”
https://blog.alyac.co.kr/4009?category=957259
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn