12月17日每日安全热点 - 移动设备已占DDoS攻击流量的41％

2019-12-17 10:15:38 360安全客安全资讯 53076 4

漏洞 Vulnerability

TP-Link Archer路由器密码溢出漏洞，可导致管理员密码失效，进而远程接管系统

https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/

CVE-2019-19743：D-Link DIR-615权限提升漏洞

https://nvd.nist.gov/vuln/detail/CVE-2019-19743

恶意软件 Malware

Emotet 木马最新活动

https://www.bleepingcomputer.com/news/security/emotet-trojan-is-inviting-you-to-a-malicious-christmas-party/

新型Mirai恶意软件菌株出现，扫描71种独特漏洞

https://www.cbronline.com/news/mirai-malware-echobot

安全事件 Security Incident

29,000名Facebook员工的工资数据被盗

https://www.databreachtoday.com/payroll-data-29000-facebook-employees-stolen-report-a-13509

南非IT公司Conor泄露了100万个Web浏览记录

https://www.zdnet.com/article/south-african-it-firm-conor-behind-the-leak-of-1-million-web-browsing-records/

安全资讯 Security Information

移动设备已占DDoS攻击流量的41％

https://www.darkreading.com/attacks-breaches/mobile-devices-account-for-41–of-ddos-attack-traffic/d/d-id/1336635

施耐德电气已修补了影响Modicon M580，M340，Quantum和Premium控制器的漏洞

http://feedproxy.google.com/~r/Securityweek/~3/NO-fk8ug6-Q/schneider-electric-patches-vulnerabilities-modicon-ecostruxure-products

安全研究 Security Research

通过Firefox Sync进行沙箱逃逸

https://www.thezdi.com/blog/2019/12/15/syncing-out-of-the-firefox-sandbox

隔离网络那点事

https://www.freebuf.com/articles/network/222263.html

CVE-2019-18276: Bash权限提升漏洞讲解

https://www.youtube.com/watch?v=-wGtxJ8opa8

（完）