ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ23ÖÜ

Ðû²¼Ê±¼ä 2020-06-09

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê06ÔÂ01ÈÕÖÁ06ÔÂ07ÈÕ¹²ÊÕ¼Çå¾²Îó²î79¸ö£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇZoom Client´¦Öóͷ£¶¯»­GIFÐÂÎÅ·¾¶±éÀúÎó²î£»£»£»£»£»Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç³öÎó²î£»£»£»£»£»NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î£»£»£»£»£»IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´ÐÐÎó²î£»£»£»£»£»Docker EngineÖÐÐÄÈ˹¥»÷Îó²î ¡£ ¡£ ¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǶíÂÞ˹ºÚ¿Í¹¥»÷²¨À¼Õþ¸®»ú¹¹£¬£¬£¬£¬Ðû²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢£»£»£»£»£»ÊÓƵ¼ô¼­Ó¦ÓÃVivaVideo»òΪÌع¤Èí¼þ£¬£¬£¬£¬Ó°ÏìÁè¼Ý1.57ÒÚÓû§£»£»£»£»£»Ó¡¶ÈÖ§¸¶Ó¦ÓÃBHIMÒòÉèÖùýʧ£¬£¬£¬£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢£»£»£»£»£»DopplePaymerÌåÏÖÒÑÀÖ³ÉÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÏà¹ØÎļþ£»£»£»£»£»MozillaÐû²¼FirefoxÇå¾²¸üУ¬£¬£¬£¬ÐÞ¸´¶à¸öí§Òâ´úÂëÖ´ÐÐÎó²î ¡£ ¡£ ¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖÐ ¡£ ¡£ ¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Zoom Client´¦Öóͷ£¶¯»­GIFÐÂÎÅ·¾¶±éÀúÎó²î


Zoom Client´¦Öóͷ£°üÀ¨¶¯»­GIFµÄÐÂÎű£´æĿ¼±éÀúÎó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÐÂÎÅÇëÇ󣬣¬£¬£¬¿ÉÒÔÄ¿µÄÓû§ÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂ룬£¬£¬£¬»òÕû¸ö×éÓû§ÊÜÓ°Ïì ¡£ ¡£ ¡£¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055


2. Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç³öÎó²î


Cisco 829 Industrial Integrated Services RoutersÖÎÀíinter-VMÐźű£´æÇå¾²Îó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»£»òÕß¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë ¡£ ¡£ ¡£¡£¡£¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH


3. NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


NEC ESMPRO Manager RMIЧÀͱ£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë ¡£ ¡£ ¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-684/


4. IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´ÐÐÎó²î


IBM WebSphere Application Server Network Deployment±£´æδÃ÷Çå¾²Îó²î£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë ¡£ ¡£ ¡£¡£¡£¡£

https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-in-websphere-application-server-nd-cve-2020-4448/


5. Docker EngineÖÐÐÄÈ˹¥»÷Îó²î


Docker EngineËù½¨ÉèµÄÍøÂçÅþÁ¬»áĬÈÏÎüÊÕIPv6·ÓÉÆ÷ͨ¸æ£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬¿É¾ÙÐÐÖÐÐÄÈ˹¥»÷£¬£¬£¬£¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢ ¡£ ¡£ ¡£¡£¡£¡£

https://github.com/docker/docker-ce/releases/v19.03.11



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢¶íÂÞ˹ºÚ¿Í¹¥»÷²¨À¼Õþ¸®»ú¹¹£¬£¬£¬£¬Ðû²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/05/russian-hackers-attacked-poland-due-to.html


2¡¢ÊÓƵ¼ô¼­Ó¦ÓÃVivaVideo»òΪÌع¤Èí¼þ£¬£¬£¬£¬Ó°ÏìÁè¼Ý1.57ÒÚÓû§


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://latesthackingnews.com/2020/05/31/vivavideo-and-other-apps-with-over-157-million-installs-spy-on-users/


3¡¢Ó¡¶ÈÖ§¸¶Ó¦ÓÃBHIMÒòÉèÖùýʧ£¬£¬£¬£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/indian-payment-app-bhim-data-breach/


4¡¢DopplePaymerÌåÏÖÒÑÀÖ³ÉÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÏà¹ØÎļþ


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/


5¡¢MozillaÐû²¼FirefoxÇå¾²¸üУ¬£¬£¬£¬ÐÞ¸´¶à¸öí§Òâ´úÂëÖ´ÐÐÎó²î


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.theregister.com/2020/06/04/firefox_77_security_fixes/