漏洞 Vulnerability
CVE-2019-12409: Apache-Solr JMX暴露外网远程代码执行漏洞预警
https://cert.360.cn/warning/detail?id=6d587356fa64b826f29aa5d682ac6a7f
CVE-2019-17085 Micro Focus Operations Agent上的XXE攻击漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17085
GMail XSS漏洞
https://research.securitum.com/xss-in-amp4email-dom-clobbering/
ABB发电信息管理器(PGIM)高风险漏洞CVE-2019-18250
https://www.us-cert.gov/ics/advisories/icsa-19-318-05
安全工具 Security Tools
恶意软件分析wiki
https://www.peerlyst.com/posts/a-malware-analysis-wiki-peerlyst
安全资讯 Security Information
新的勒索软件NextCry 利用服务器同步功能加密磁盘(专门针对NextCloud)
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
北美电网安全演习
https://www.utilitydive.com/news/nercs-simulated-grid-attack-leaves-thousands-of-new-york-customers-in-hypo/567359/
研究人员发现Active Directory后门和其他攻击媒介可能导致特权升级
https://www.itsecurityguru.org/2019/11/19/new-attack-vectors-opened-to-windows-hello/
安全报告 Security Report
2020年网络安全展望
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophoaslabs-uncut-2020-threat-report.pdf
安全研究 Security Research
APT33最新活动分析
https://github.com/StrangerealIntel/CyberThreatIntel/blob/master/Iran/APT/APT33/16-11-19/Analysis%20APT33.md
ACBackdoor:对新的多平台后门的分析
https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/
CVE-2019-14271,Docker容器漏洞分析
https://unit42.paloaltonetworks.com/docker-patched-the-most-severe-copy-vulnerability-to-date-with-cve-2019-14271/
安全事件 Security Incident
美国路易斯安那州政府被勒索软件攻击
https://www.itsecurityguru.org/2019/11/19/ransomware-attack-on-louisiana-government-suffers-outage/
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论