6月9日每日安全热点 - DARPA组织启动漏洞赏金项目

2020-06-09 09:45:08 360安全客安全资讯 53178 4

漏洞 Vulnerability

CVE-2020-10759：fwupd中的S3存储桶接管和PGP签名绕过漏洞

https://twitter.com/xerubus/status/1270128211184111616

CVE-2020-12695：UPnP协议漏洞可导致数十亿设备遭受攻击

http://feedproxy.google.com/~r/Securityweek/~3/lWs-B9QsNKM/callstranger-upnp-flaw-affecting-billions-devices-allows-data-exfiltration-ddos-attacks

WLB-2020060034：Virtual Airlines管理系统2.6.2版本SQL注入

https://cxsecurity.com/issue/WLB-2020060034

安全研究 Security Research

应急响应之X系统数据库篡改应急分享

https://www.freebuf.com/articles/web/236766.html

安全资讯 Security Information

DARPA组织启动漏洞赏金项目

https://www.darkreading.com/vulnerabilities—threats/darpa-launches-bug-bounty-program/d/d-id/1338027?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

HigaisaAPT组织利用恶意LNK文件攻击Zeplin协作平台

https://securityaffairs.co/wordpress/104469/apt/higaisa-hacking-group.html?utm_source=rss&utm_medium=rss&utm_campaign=higaisa-hacking-group

恶意软件 Malware

伪装的勒索软件解密工具对受害者的文件二次加密

https://www.anquanke.com/post/id/207965

CISA发出针对使用SMBGhost漏洞的攻击预警

https://www.scmagazine.com/home/security-news/vulnerabilities/cisa-warns-attackers-are-using-exploit-code-for-smbghost-bug/

（完）