12月22日每日安全热点 - 黑客论坛上泄露了270K Ledger所有者的实际地址

2020-12-22 09:30:16 360安全客安全资讯 332 4

漏洞 Vulnerability

CVE-2020-35606 Webmin命令执行漏洞

https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html

禅道项目管理系统( ZenTaoPMS )高危漏洞分析与利用

https://paper.seebug.org/1435/

WP Admin Panel身份验证绕过和RCE

https://ssd-disclosure.com/ssd-advisory-auth-bypass-and-rce-in-infinite-wp-admin-panel/

安全事件 Security Incident

黑客论坛上泄露了270K Ledger所有者的实际地址

https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/

安全研究 Security Research

用DNS进行网络度量和安全分析

https://mp.weixin.qq.com/s/P1dS0vDSerWkTsmIQuSKPw

SolarWinds第二个后门

https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/

防范未修复的Kubernetes中间人漏洞

https://unit42.paloaltonetworks.com/cve-2020-8554/

CVE-2020-17144漏洞分析与武器化

http://www.zcgonvh.com/post/analysis_of_CVE-2020-17144_and_to_weaponizing.html

一个CS马伪装下的loader样本分析

https://www.sec-in.com/article/582

流量分析与日志溯源的个人理解

https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247491985&idx=1&sn=48aaba71ed7c51f6ebd40dd6c44569cf

（完）