360-CERT每日安全简报
Daily Security Briefing
2021-08-26 星期四
漏洞 Vulnerability
CVE-2021-3711/CVE-2021-3712: OpenSSL 安全更新
https://www.openssl.org/news/secadv/20210824.txt
CVE-2021-35940: Apache Portable Runtime内存越界漏洞安全更新
CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613 - Pony Mail
安全事件 Security Incident
来自美色的诱惑- APT-C-09(摩诃草)组织近期攻击活动披露
https://mp.weixin.qq.com/s/_LHJYgf6l9uFYMN23fUQAA
黄金鼠组织新型移动端攻击武器FlutterSpy披露
https://mp.weixin.qq.com/s/xoHaxeSfz5TDPrRraVO9nQ
朝鲜BLUELIGHT:InkySquid 部署 RokRAT
https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/
伪装成“出口金条销售合同”的恶意word文档
https://asec.ahnlab.com/ko/26609/
与CROSSWALK同样危险的SideWalk
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
APT41 以 Earth Baku的名义重新发起网络间谍活动
https://www.trendmicro.com/en_us/research/21/h/apt41-resurfaces-as-earth-baku-with-new-cyberespionage-campaign.html
数十万台设备使用 Mirai 僵尸网络针对的 Realtek SDK
https://heimdalsecurity.com/blog/hundreds-of-thousands-of-devices-using-realtek-sdk-targeted-by-mirai-botnet/
3800 万条记录因 Microsoft 配置错误而暴露
https://www.ehackingnews.com/2021/08/38-million-records-exposed-due-to.html
地下黑客论坛出售7000万AT&T用户的私人信息
https://www.ehackingnews.com/2021/08/private-details-of-70m-at-users-offered.html
We are greeting further cooperation with all parts of security services. If you are interested or have other technical questions relating to cybersecurity, please contact the following:

RSS:daily feed

Email:cert@360.cn

Twitter:@360CERT

or visit cert.360.cn