10月20日每日安全热点 - Exchange、Outlook遭APT组织围攻

2020-10-20 09:30:33 360安全客安全资讯 71440 4

漏洞 Vulnerability

CVE-2019-1003030: Jenkins 2.63 沙箱绕过

https://cxsecurity.com/issue/WLB-2020100124

CVE-2020-16952: Microsoft SharePoint SSI / ViewState 远程代码执行

https://cxsecurity.com/issue/WLB-2020100123

CVE-2020-17022: Microsoft Windows Codecs Library 远程代码执行

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022

安全资讯 Security Information

GravityRAT间谍软件的目标是印度的Android和MacOS设备

https://www.darkreading.com/attacks-breaches/gravityrat-spyware-targets-android-and-macos-in-india/d/d-id/1339218

Microsoft Exchange, Outlook 遭到apt组织围攻

https://threatpost.com/microsoft-exchange-outlook-apts/160273/

这个新的恶意软件使用远程覆盖攻击劫持你的银行帐户

https://www.zdnet.com/article/this-new-malware-uses-remote-overlay-attacks-to-hijack-your-bank-account/

安全研究 Security Research

域渗透之SPN

https://www.anquanke.com/post/id/219934

DrayTek Vigor 2960 从未授权到rce

https://bestwing.me/drayteck-vigor-vulnerability-d%1Disclosure.html

攻击者如何利用二维码及如何降低二维码风险

https://www.csoonline.com/article/3584773/how-attackers-exploit-qr-codes-and-how-to-mitigate-the-risk.html#tk.rss_all

KimSuky各类攻击手法浅析

https://www.anquanke.com/post/id/219593

（完）