安全研究 Safety research
立即修改密码,KeePass曝严重漏洞,密码数据库被明文导出https://www.freebuf.com/articles/356226.html 开源电子病历OpenEMR曝出严重漏洞,影响全球10万医疗机构https://www.secrss.com/articles/51431 至少29000台设备受到影响,威联通公告QTS和QuTShero存在严重漏洞https://www.ithome.com/0/670/537.htm Eclypsium披露AMI MegaRAC BMC软件中的多个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=990ab0fce6794b17b6ded101db00c3a0 新的 Sh1mmer ChromeBook 漏洞可取消注册受管设备https://www.bleepingcomputer.com/news/security/new-sh1mmer-chromebook-exploit-unenrolls-managed-devices/
发布时间: 2023 - 02 - 02
立即修补Zoho ManageEngine实例!CVE-2022-47966的PoC漏洞即将发布https://securityaffairs.com/140920/hacking/zoho-manageengine-flaw-poc-exploit.html 研究人员发布针对Zoho RCE关键漏洞的PoChttps://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-manageengine-rce-bug-patch-now/ 70%的应用程序发布5年后,至少包含一个漏洞https://www.freebuf.com/news/355512.html 专家在四种不同的Microsoft Azure服务中发现了SSRF漏洞https://securityaffairs.com/140947/hacking/microsoft-azure-services-ssrf-flaws.html  Netcomm和TP-Link路由器中被发现严重的安全漏洞https://thehackernews.com/2023/01/critical-security-vulnerabilities.html
发布时间: 2023 - 01 - 19
思科针对EoL商业路由器中未修补的漏洞发出警告https://thehackernews.com/2023/01/cisco-issues-warning-for-unpatched.html 安全公司披露可窃取用户敏感信息的谷歌Chrome浏览器高危漏洞https://www.ithome.com/0/667/914.htm Cacti服务器因未能修补大多数关键漏洞而受到攻击https://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html 美国防部计划发起“黑掉五角大楼3.0”漏洞赏金计划https://www.secrss.com/articles/51083 CISA警告:来自制造商的影响工业控制系统的漏洞https://www.bleepingcomputer.com/news/security/hackers-exploit-cacti-critical-bug-to-install-malware-open-reverse-shells/
发布时间: 2023 - 01 - 17
Twitter回应,2亿用户数据不是通过系统漏洞流出https://www.freebuf.com/articles/355054.html 微软发布2023年1月份安全更新总计修复98个漏洞http://www.anquan419.com/knews/24/4183.html CISA命令机构修补勒索软件团伙滥用的Exchange漏洞https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exchange-bug-abused-by-ransomware-gang/ 高通骁龙通告22个安全漏洞,联想、微软和三星设备受影响https://www.freebuf.com/news/354778.html Windows Backup Service权限提升漏洞 (CVE-2023-21752) 安全通告https://www.secrss.com/articles/51001
发布时间: 2023 - 01 - 13
流行开发工具CircleCI曝出严重漏洞https://www.secrss.com/articles/50792 突破太空网络安全!航天器关键技术爆严重漏洞https://www.secrss.com/articles/50880 高通发布2023年1月份安全更新修复其固件中的22个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=3291dee1d61d4d919c9478846cb229a3 Zoho修复ManageEngine中SQL注入漏洞CVE-2022-47523https://redqueen.tj-un.com/InfoDetails.html?id=8da7eecdc22e4d11ad63745bdd1ccf86 高通骁龙漏洞影响联想、微软和三星设备https://securityaffairs.com/140528/security/qualcomm-snapdragon-flaws.html
发布时间: 2023 - 01 - 10
奔驰、宝马等汽车品牌存在API漏洞,可能暴露车主个人信息https://www.freebuf.com/news/354346.html Synology修复VPN路由器中最大严重性漏洞https://www.bleepingcomputer.com/news/security/synology-fixes-maximum-severity-vulnerability-in-vpn-routers/ 高通发布补丁更新,修复其芯片组中多个安全漏洞https://thehackernews.com/2023/01/qualcomm-chipsets-and-lenovo-bios-get.html 2022年GreyNoise在野大规模漏洞利用报告https://www.secrss.com/articles/50719 华为鸿蒙系统去年修复近300个漏洞,超3成是高危漏洞https://www.secrss.com/articles/50707
发布时间: 2023 - 01 - 06
研究人员披露Google Home智能音箱监听用户对话的漏洞 https://redqueen.tj-un.com/InfoDetails.html?id=3a7b8a471a7a499eaffdbe0074319d6c WordPress安全警报:新的Linux恶意软件利用了二十多个CMS漏洞https://thehackernews.com/2023/01/wordpress-security-alert-new-linux.html CISA将JasperReports漏洞添加到其已知利用漏洞目录中https://securityaffairs.com/140131/security/known-exploited-vulnerabilities-catalog-jasperreports.html BRAVE BRAVE Vulnerability CVE-2022-47932https://redqueen.tj-un.com/IntelDetails.html?id=fc4a30b106aa4b46a038e236607c923c
发布时间: 2023 - 01 - 03
微软悄悄修复Azure跨租户数据访问高危漏洞https://www.secrss.com/articles/50529 赶紧自查,Citrix数千台服务器存在严重安全风险https://www.freebuf.com/news/353804.html XStream拒绝服务漏洞 (CVE-2022-41966)安全风险通告https://www.secrss.com/articles/50473 XStream拒绝服务漏洞 (CVE-2022-41966)安全风险通告https://www.secrss.com/articles/50473 HUAWEI Multiple product Vulnerability CVE-2022-46328https://redqueen.tj-un.com/IntelDetails.html?id=deb2cac6f19f41489cd03e30c67352ee
发布时间: 2022 - 12 - 30
Linux被爆“满分级”关键内核级漏洞https://www.freebuf.com/news/353584.html Apache ShardingSphere身份认证绕过漏洞 (CVE-2022-45347)安全通告https://www.secrss.com/articles/50398 Microsoft Exchange Server 'OWASSRF'漏洞安全风险通告https://www.secrss.com/articles/50363 研究人员披露开源博客平台Ghost中的两个安全漏洞https://redqueen.tj-un.com/InfoDetails.html?id=6eda086c13c64f3282c410e76b64f318 Wordfence透露WP插件漏洞CVE-2022-45359被在野利用https://redqueen.tj-un.com/InfoDetails.html?id=eedccd0d29274028aad52c5d7b4dafaa
发布时间: 2022 - 12 - 27
Linux Kernel本地权限提升漏洞 (CVE-2022-2602) 安全通告https://www.secrss.com/articles/50324 Splunk Enterprise远程代码执行漏洞 (CVE-2022-43571) 安全通告https://www.secrss.com/articles/50309 Foxit PDF Reader远程代码执行漏洞 (CVE-2022-28672) 安全通告https://www.secrss.com/articles/50310 Ghost CMS博客软件中报告的两个新的安全漏洞https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html Zerobot恶意软件正通过利用Apache漏洞传播https://www.bleepingcomputer.com/news/security/zerobot-malware-now-spreads-by-exploiting-apache-vulnerabilities/
发布时间: 2022 - 12 - 23
Samba发布安全更新以修补多个高危漏洞https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html 国家漏洞库CNNVD:关于微软多个安全漏洞的通报https://www.secrss.com/articles/50091 究团队披露乐高BrickLink网站中的API安全漏洞https://redqueen.tj-un.com/InfoDetails.html?id=f16e8fd411d54bf6833f2cdbcf844867 携多漏洞出击的Golang僵尸网络:Zerobothttps://www.freebuf.com/articles/network/351944.html GITHUB ENTERPRISE_SERVER Vulnerability CVE-2022-46256https://redqueen.tj-un.com/IntelDetails.html?id=dc10e79cd7664c6483565e660b01cfe1
发布时间: 2022 - 12 - 20
VMware修复了关键的ESXi和vRealize安全漏洞https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-esxi-and-vrealize-security-flaws/ 微软修补了用来传播勒索软件的 Windows 零日漏洞https://www.freebuf.com/news/352566.html 国家漏洞库CNNVD:关于微软多个安全漏洞的通报https://www.secrss.com/articles/50091 谷歌进军漏洞管理市场,推出免费开源漏洞扫描工具https://www.secrss.com/articles/50063 Apple多款产品漏洞安全风险通告https://www.secrss.com/articles/50046
发布时间: 2022 - 12 - 16
思科爆出严重漏洞,更新补丁明年一月才能发布!https://www.freebuf.com/news/352199.html 超过半数EDR工具存在严重漏洞,数亿端点面临风险https://www.freebuf.com/news/352023.html 谷歌警告ScarCruft黑客利用Internet Explorer零日漏洞https://thehackernews.com/2022/12/google-warns-of-internet-explorer-zero.html 新的基于Go的僵尸网络Zerobot利用了数十个漏洞https://securityaffairs.co/wordpress/139392/malware/zerobot-botnet-dozens-flaws.html Sophos发布更新,修复其Firewall 19.5中的7个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=0218436452eb4102a7c93182e91c2d7f
发布时间: 2022 - 12 - 13
联网车辆服务SiriusXM存在漏洞,允许远程汽车黑客攻击https://securityaffairs.co/wordpress/139345/hacking/vehicle-service-siriusxm-flaw.html 高危AMI MegaRAC漏洞影响AMD、ARM、HPE、Dell等众多服务器https://www.freebuf.com/news/351686.html Cacti命令执行漏洞(CVE-2022-46169)安全风险通告https://www.secrss.com/articles/49767 Ping堆栈溢出漏洞(CVE-2022-23093)安全通告https://www.secrss.com/articles/49752 Google发布12月份的Android更新总计修复81个漏洞https://redqueen.tj-un.com/InfoDetails.html?id=cbda4a20c35645e39e5912766434864e
发布时间: 2022 - 12 - 08
三星小米等厂商均受影响,谷歌披露威胁数百万安卓设备的高危漏洞https://www.ithome.com/0/658/513.htm 十年未被发现!现代汽车曝重大安全漏洞,黑客可远程解锁、启动汽车https://www.freebuf.com/news/351422.html Google紧急修复Chrome中被利用的漏洞CVE-2022-4262https://redqueen.tj-un.com/InfoDetails.html?id=8202ed3a024d48098d52fc241b9baa47 安装了200万的Android远程键盘应用程序中存在关键RCE漏洞https://www.bleepingcomputer.com/news/security/critical-rce-bugs-in-android-remote-keyboard-apps-with-2m-installs/ 谷歌发现用于部署间谍软件的Windows漏洞利用框架https://www.bleepingcomputer.com/news/security/google-discovers-windows-exploit-framework-used-to-deploy-spyware/
发布时间: 2022 - 12 - 05
美国CISA警告:Oracle Fusion中间件漏洞已遭在野利用https://www.secrss.com/articles/49563 德国Festo和CODESYS公司的OT产品被曝存在漏洞https://thehackernews.com/2022/11/3-new-vulnerabilities-affect-ot.html 宏碁五款电脑驱动程序存在漏洞,可导致恶意软件入侵https://www.freebuf.com/articles/mobile/351149.html Windows IKE协议扩展远程代码执行漏洞安全风险通告https://www.secrss.com/articles/49503 专家透露AWS AppSync中存在跨租户漏洞https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html
发布时间: 2022 - 12 - 01
微软发布带外更新,紧急修复补丁引发的Kerberos问题https://www.secrss.com/articles/49306 “去中心化版Twitter”Mastodon曝出严重漏洞https://www.secrss.com/articles/49338 数百万Android设备仍然没有针对 Mali GPU 漏洞的补丁 https://thehackernews.com/2022/11/million-of-android-devices-still-dont.html Google Chrome释出紧急更新修复年内的第8个0day漏洞https://www.solidot.org/story?sid=73490 Google Chrome GPU堆溢出漏洞安全风险通告https://www.secrss.com/articles/49381
发布时间: 2022 - 11 - 28
微软Microsoft Exchange爆出高危安全漏洞ProxyNotShell,现已修复https://www.bleepingcomputer.com/news/security/exploit-released-for-actively-abused-proxynotshell-exchange-bug/ Atlassian Bitbucket Server/Data Center命令注入漏洞安全风险通告https://www.secrss.com/articles/49215 某医疗机构公众号系统漏洞遭利用,攻击者窃取10余万条公民数据境外售卖被抓https://www.secrss.com/articles/49228 国家漏洞库CNNVD:关于F5 BIG-IP安全漏洞的通报https://www.secrss.com/articles/49133 IBM URBANCODE_DEPLOY Vulnerability CVE-2022-40751https://redqueen.tj-un.com/IntelDetails.html?id=777030dc09f94f0e98f9bc3a05cff538
发布时间: 2022 - 11 - 22
F5 BIG-IP和BIG-IQ设备中报告高严重性漏洞,现已修复https://thehackernews.com/2022/11/high-severity-vulnerabilities-reported.html 马斯克执掌推特三周后,双因素身份认证出现漏洞https://www.freebuf.com/articles/349902.html Log4j漏洞难修补!美国联邦政府遭入侵,FBI称黑手为伊朗黑客https://www.secrss.com/articles/49097 Varonis披露Zendesk Explore中SQL注入等漏洞的细节https://redqueen.tj-un.com/InfoDetails.html?id=294530918804468a9611008f809a8920 Oxeye披露Spotify Backstage中的远程代码执行漏洞https://redqueen.tj-un.com/InfoDetails.html?id=77c82aff89c44d5bbfa821397e13fcaf
发布时间: 2022 - 11 - 18
黑客敲门:数字门禁系统漏洞让攻击者随意打开你家大门https://www.secrss.com/articles/48936 幽灵必须死:漏洞利用幽灵'msg_msg'以及VED的防护策略https://www.solidot.org/story?sid=73351 多个高严重性漏洞影响OpenLiteSpeed Web服务器软件https://thehackernews.com/2022/11/multiple-high-severity-flaw-affect.html 研究人员因发现谷歌像素锁定屏幕漏洞获得 7 万美元奖励https://securityaffairs.co/wordpress/138372/mobile-2/google-pixel-lock-screen-bypass.html ZOHOCORP ZOHO_CRM_LEAD_MAGNET Vulnerability CVE-2022-41978https://redqueen.tj-un.com/IntelDetails.html?id=b271a1d61bb64c84940738f4fbee0e57
发布时间: 2022 - 11 - 15
友情连接:
免费服务热线 ree service hotline 400-613-1868 手机端
法律声明 Copyright  西安交大捷普网络科技有限公司  陕ICP备18022218号-1

陕公网安备 61019002000857号

犀牛云提供云计算服务