正文

11月7日每日安全热点 - 苹果对产品线的24个漏洞进行了修补

admin
admin V管理员 /0 评论 /14 阅读
0321
此篇文章发布距今已超过1140天,您需要注意文章的内容或图片是否可用!

漏洞 Vulnerability
[EXP公开] CVE-2020-13935: Tomcat WebSocket 拒绝服务漏洞通告
https://cert.360.cn/warning/detail?id=c01c205c79fc1a9740f6ca9b133fb6f7
CVE-2020-27955:Gita <= 2.29.2 – 远程代码执行 via git-lfs
https://cxsecurity.com/issue/WLB-2020110033
恶意软件 Malware
勒索软件告警: Pay2Key
https://research.checkpoint.com/2020/ransomware-alert-pay2key/
安全事件 Security Incident
GitHub企业服务端源码泄漏
https://www.de24.news/2020/11/githubs-source-code-leaked-on-github-last-night-kind-of.html
安全资讯 Security Information
RansomExx恶意软件现在也将目标对准了linux系统
https://securityaffairs.co/wordpress/110491/malware/linux-version-ransomexx-ransowmare.html
苹果对产品线的24个漏洞进行了修补
https://www.darkreading.com/vulnerabilities—threats/apple-patches-24-vulnerabilities-across-product-lines/d/d-id/1339399
Pwn2Own东京第一天:NETGEAR路由器、NAS设备被攻破
https://securityaffairs.co/wordpress/110509/hacking/pwn2own-tokyo-2020-day1.html
安全研究 Security Research
关于 Trickbot 恶意软件新增的 Anchor 模块分析
https://paper.seebug.org/1392/
CVE-2020-15999:Chrome FreeType字体库堆溢出原理分析
https://www.anquanke.com/post/id/221878
渗透技巧——通过Exchange ActiveSync访问内部文件共享
https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E9%80%9A%E8%BF%87Exchange-ActiveSync%E8%AE%BF%E9%97%AE%E5%86%85%E9%83%A8%E6%96%87%E4%BB%B6%E5%85%B1%E4%BA%AB/