12月17日每日安全热点 - SolarWinds供应链攻击事件中C2的DGA子域名列表

2020-12-17 09:30:42 360安全客安全资讯 42563 4

漏洞 Vulnerability

CVE-2018-16243 SolarWinds数据库性能分析器多个XSS漏洞

https://gist.github.com/james-otten/d3ee2f0fccc3b87aafe1616a6c2c2d4e

CVE-2020-29436：Nexus Repository Manager 3 XML外部实体注入漏洞通告

https://cert.360.cn/warning/detail?id=3b88588fbf92c7a5e82881c6e7e33e03

安全工具 Security Tools

SolarWinds供应链攻击中域名生成算法破解工具

https://github.com/malcomvetter/SunburstStrings

安全报告 Security Report

落鹰行动-史上影响力最大的供应链攻击行动揭秘

https://mp.weixin.qq.com/s/lh7y_KHUxag_-pcFBC7d0Q

Operation Earth Kitsune 行动背后的APT37

https://www.trendmicro.com/en_us/research/20/l/who-is-the-threat-actor-behind-operation-earth-kitsune-.html

安全事件 Security Incident

美国FBI、CISA和ODNI就SolarWinds Orion事件发布联合声明

https://www.dni.gov/index.php/newsroom/press-releases/item/2175-joint-statement-by-the-federal-bureau-of-investigation-fbi-the-cybersecurity-and-infrastructure-security-agency-cisa-and-the-office-of-the-director-of-national-intelligence-odni

安全资讯 Security Information

SolarWinds更新服务器的密码(solarwinds123)曾在Github上被泄露

https://www.theregister.com/2020/12/16/solarwinds_github_password/

安全研究 Security Research

SolarWinds Orion .NET WebShell 分析

https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/

SolarWinds供应链攻击事件中C2的DGA子域名列表

https://twitter.com/0xrb/status/1339095481008308225

旺刺组织（APT-C-47）使用ClickOnce技术的攻击活动披露

https://mp.weixin.qq.com/s/h_MUJfa3QGM9SqT_kzcdHQ

CVE-2020-25695 Postgresql权限提升漏洞writeup

https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/

（完）