2月4日每日安全热点 - Solarwinds修复几个新的关键漏洞

Inspired by 360CERT

漏洞 Vulnerability

Sonicwall修复0day漏洞

https://www.bleepingcomputer.com/news/security/sonicwall-fixes-actively-exploited-sma-100-zero-day-vulnerability/

 

思科修复SMB VPN路由中多个RCE漏洞

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-code-execution-bugs-in-smb-vpn-routers/

 

Realtek Wifi模块多个漏洞

https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered

 

恶意软件 Malware

Cacheflow恶意浏览器插件分析

https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/

 

安全研究 Security Research

webOS安全研究

https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html

 

安全工具 Security Tools

EDR绕过框架

https://github.com/optiv/ScareCrow

 

安全资讯 Security Information

卡巴斯基发布Fonix勒索软件解密工具

https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/

 

Defender ATP将Chrome更新识别为PHP后门

https://www.bleepingcomputer.com/news/security/microsoft-defender-atp-detects-chrome-updates-as-php-backdoors/

 

安全事件 Security Incident

Solarwinds修复几个新的关键漏洞

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/

 

最新版macOS仍未修复SUDO提权漏洞

https://www.bleepingcomputer.com/news/security/latest-macos-big-sur-also-has-sudo-root-privilege-escalation-flaw/

 

EscortReviews遭数据泄露数十万人受影响

https://www.bleepingcomputer.com/news/security/female-escort-review-site-data-breach-affects-470-000-members/

 

安全客 Security Geek

Apache Shiro 认证绕过分析（CVE-2020-17523）

https://www.anquanke.com/post/id/230935