9月22日每日安全热点 - 微软开源OneFuzz

2020-09-22 09:30:10 360安全客安全资讯 78289 4

漏洞 Vulnerability

CVE-2020-4643：WebSphere Application Server信息泄露漏洞

https://www.ibm.com/support/pages/node/710969

CVE-2020-5421：Spring Framework RFD 保护机制绕过漏洞

https://tanzu.vmware.com/security/cve-2020-5421

安全研究 Security Research

RASP攻防 —— RASP安全应用与局限性浅析

https://security.tencent.com/index.php/blog/msg/166

对多米诺行动所用JScript漏洞(CVE-2020-0968)的详细分析

https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/cve-2020-0968/

利用隐写术配合4个重定向连接到c2

https://medium.com/@curtbraz/one-part-steganography-four-redirectors-and-a-splash-of-c2-e13e5a65daa9

CVE-2020-16171：Acronis Cyber Backup SSRF漏洞分析

https://www.rcesecurity.com/2020/09/CVE-2020-16171-Exploiting-Acronis-Cyber-Backup-for-Fun-and-Emails/

fastadmin最新版前台getshell漏洞分析

https://mp.weixin.qq.com/s/XR6p6sf3__QtpMjJuJEjfA

安全报告 Security Report

Checkpoint 对 Rampant Kitten 伊朗间谍组织的分析报告

https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/

安全工具 Security Tools

微软开源OneFuzz

https://github.com/microsoft/onefuzz

（完）