ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ27ÖÜ

Ðû²¼Ê±¼ä 2020-07-06

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê06ÔÂ29ÈÕÖÁ07ÔÂ05ÈÕ¹²ÊÕ¼Çå¾²Îó²î65¸ö£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇApache GuacamoleÌض¨PDUÄÚ´æÆÆËð´úÂëÖ´ÐÐÎó²î; Palo Alto Networks PAN-OS SAMLÑéÖ¤ÈƹýÎó²î£»£»£»£»F5 BIG-IP Traffic Management User½Ó¿Ú´úÂëÖ´ÐÐÎó²î£»£»£»£»ZyXEL CloudCNM SecuManagerÓ²±àÂëÎó²î£»£»£»£»TOBESOFT Nexacro14/17 ExtCommonApiV13 Library API²»µ±²ÎÊý´¦Öóͷ£´úÂëÖ´ÐÐÎó²î¡£ ¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇApacheÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ÐÞ¸´ÆäTomcatÖеÄDoSÎó²î£»£»£»£»ºÚ¿Íй¶°ÍÎ÷×Üͳ¼°20Íò¹«ÎñԱСÎÒ˽¼ÒÐÅÏ¢£¬£¬£¬£¬£¬£¬¾¯·½ÈÔÔÚÊÓ²ìÖУ»£»£»£»Î¢ÈíÐû²¼´øÍâ¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´Windows 10ÖеĴúÂëÖ´ÐÐÎó²î£»£»£»£»¶ñÒâÈí¼þTrickBotͨ¹ý¼ì²éÆÁÄ»Çø·ÖÂÊÒÔÌӱܲ¡¶¾ÆÊÎö£»£»£»£»¶ñÒâÈí¼þAlina»Ø¹é£¬£¬£¬£¬£¬£¬Ê¹ÓÃDNSËíµÀÇÔÊØÐÅÓÿ¨Êý¾Ý¡£ ¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£ ¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Apache GuacamoleÌض¨PDUÄÚ´æÆÆËð´úÂëÖ´ÐÐÎó²î


Apache Guacamoleδ׼ȷÑé֤ͨ¹ý¾²Ì¬ÐéÄâͨµÀ´ÓRDPЧÀÍÆ÷ÎüÊÕµÄÊý¾ÝÖ¸Õ룬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄPDUÇëÇ󣬣¬£¬£¬£¬£¬¿É´¥·¢ÄÚ´æÆÆË𣬣¬£¬£¬£¬£¬Ö´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£

https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc@%3Cannounce.apache.org%3E


2. Palo Alto Networks PAN-OS SAMLÑéÖ¤ÈƹýÎó²î


Palo Alto Networks PAN-OS SAMLÉí·ÝÑéÖ¤±£´æÊý¾ÝαÔìÎÊÌâÎó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉδÊÚȨ»á¼û£¬£¬£¬£¬£¬£¬¿ØÖÆ×°±¸¡£ ¡£¡£¡£¡£

https://security.paloaltonetworks.com/CVE-2020-2021


3. F5 BIG-IP Traffic Management User½Ó¿Ú´úÂëÖ´ÐÐÎó²î


F5 BIG-IP Traffic Management User½Ó¿Ú±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£

https://support.f5.com/csp/article/K52145254


4. ZyXEL CloudCNM SecuManagerÓ²±àÂëÎó²î


ZyXEL CloudCNM SecuManagerʹÓÃÃÜÂëaxirosµÄrootÕË»§£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉδÊÚȨ»á¼ûϵͳ¡£ ¡£¡£¡£¡£

https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml


5. TOBESOFT Nexacro14/17 ExtCommonApiV13 Library API²»µ±²ÎÊý´¦Öóͷ£´úÂëÖ´ÐÐÎó²î


TOBESOFT Nexacro14/17 ExtCommonApiV13 Library API´¦Öóͷ£²ÎÊý±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35491



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ApacheÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ÐÞ¸´ÆäTomcatÖеÄDoSÎó²î


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.us-cert.gov/ncas/current-activity/2020/06/26/apache-releases-security-advisory-apache-tomcat


2¡¢ºÚ¿Íй¶°ÍÎ÷×Üͳ¼°20Íò¹«ÎñԱСÎÒ˽¼ÒÐÅÏ¢£¬£¬£¬£¬£¬£¬¾¯·½ÈÔÔÚÊÓ²ìÖÐ


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/brazilian-federal-police-investigates-presidential-data-leak/  


3¡¢Î¢ÈíÐû²¼´øÍâ¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´Windows 10ÖеĴúÂëÖ´ÐÐÎó²î


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsoft-releases-oob-security-updates-for-windows-10-rce-bugs/


4¡¢¶ñÒâÈí¼þTrickBotͨ¹ý¼ì²éÆÁÄ»Çø·ÖÂÊÒÔÌӱܲ¡¶¾ÆÊÎö


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-screen-resolution-to-evade-analysis/


5¡¢¶ñÒâÈí¼þAlina»Ø¹é£¬£¬£¬£¬£¬£¬Ê¹ÓÃDNSËíµÀÇÔÊØÐÅÓÿ¨Êý¾Ý


c7c7ÓéÀÖƽ̨(ÖйúÓÎ)µÇ¼¹ÙÍøÈë¿Ú


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/alina-point-sale-malware-ongoing-campaign/157087/