1月20日每日安全热点 - Malwarebytes证实受到Solarwinds影响

360安全客 安全资讯 47553 4

Powered by 360CERT

漏洞 Vulnerability

多个聊天应用被发现存在安全漏洞可被利用窃听

https://www.bleepingcomputer.com/news/security/bugs-in-signal-facebook-google-chat-apps-let-attackers-spy-on-users/

 

Mautic XSS到RCE

https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce.html

 

安全研究 Security Research

DNSpooq:第七个DNSmasq漏洞

https://www.bleepingcomputer.com/news/security/dnspooq-bugs-let-attackers-hijack-dns-on-millions-of-devices/

 

Kubernetes Pod提权实践

https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation

 

开源软件中的缓存荼毒攻击

https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/

 

安全工具 Security Tools

Snort 3.1正式发布

https://blog.snort.org/2021/01/snort-3-officially-released.html

 

安全资讯 Security Information

Malwarebytes证实受到Solarwinds影响并且内部邮件遭泄露

https://www.bleepingcomputer.com/news/security/malwarebytes-says-solarwinds-hackers-accessed-its-internal-emails/

 

Solarwinds行动中第四个恶意软件Raindrop被发现

https://www.bleepingcomputer.com/news/security/solarwinds-hackers-used-7-zip-code-to-hide-raindrop-cobalt-strike-loader/

 

安全事件 Security Incident

Freakout恶意软件意图感染Linux设备

https://www.bleepingcomputer.com/news/security/freakout-malware-exploits-critical-bugs-to-infect-linux-hosts/

 

FBI向多数行业发出警告提醒防范钓鱼攻击

https://securityaffairs.co/wordpress/113596/hacking/fbi-alert-vishing-attacks.html

 

安全客 Security Geek

Jumpserver 任意命令执行漏洞分析报告

https://www.anquanke.com/post/id/229074

 

2020N1CTF-W2L

https://www.anquanke.com/post/id/228233

(完)