ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ23ÖÜ

Ðû²¼Ê±¼ä 2020-06-09

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê06ÔÂ01ÈÕÖÁ06ÔÂ07ÈÕ¹²ÊÕ¼Çå¾²Îó²î79¸ö£¬£¬ £¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇZoom Client´¦Öóͷ£¶¯»­GIFÐÂÎÅ·¾¶±éÀúÎó²î£»£»£»£»Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç³öÎó²î£»£»£»£»NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î£»£»£»£»IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´ÐÐÎó²î£»£»£»£»Docker EngineÖÐÐÄÈ˹¥»÷Îó²î¡£¡£ ¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǶíÂÞ˹ºÚ¿Í¹¥»÷²¨À¼Õþ¸®»ú¹¹£¬£¬ £¬£¬£¬Ðû²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢£»£»£»£»ÊÓƵ¼ô¼­Ó¦ÓÃVivaVideo»òΪÌع¤Èí¼þ£¬£¬ £¬£¬£¬Ó°ÏìÁè¼Ý1.57ÒÚÓû§£»£»£»£»Ó¡¶ÈÖ§¸¶Ó¦ÓÃBHIMÒòÉèÖùýʧ£¬£¬ £¬£¬£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢£»£»£»£»DopplePaymerÌåÏÖÒÑÀÖ³ÉÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÏà¹ØÎļþ£»£»£»£»MozillaÐû²¼FirefoxÇå¾²¸üУ¬£¬ £¬£¬£¬ÐÞ¸´¶à¸öí§Òâ´úÂëÖ´ÐÐÎó²î¡£¡£ ¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬ £¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£ ¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Zoom Client´¦Öóͷ£¶¯»­GIFÐÂÎÅ·¾¶±éÀúÎó²î


Zoom Client´¦Öóͷ£°üÀ¨¶¯»­GIFµÄÐÂÎű£´æĿ¼±éÀúÎó²î£¬£¬ £¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÐÂÎÅÇëÇ󣬣¬ £¬£¬£¬¿ÉÒÔÄ¿µÄÓû§ÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂ룬£¬ £¬£¬£¬»òÕû¸ö×éÓû§ÊÜÓ°Ïì¡£¡£ ¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055


2. Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç³öÎó²î


Cisco 829 Industrial Integrated Services RoutersÖÎÀíinter-VMÐźű£´æÇå¾²Îó²î£¬£¬ £¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬¿ÉʹӦÓóÌÐòÍ߽⻣»£»£»òÕß¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH


3. NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


NEC ESMPRO Manager RMIЧÀͱ£´æÊäÈëÑéÖ¤Îó²î£¬£¬ £¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-684/


4. IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´ÐÐÎó²î


IBM WebSphere Application Server Network Deployment±£´æδÃ÷Çå¾²Îó²î£¬£¬ £¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£

https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-in-websphere-application-server-nd-cve-2020-4448/


5. Docker EngineÖÐÐÄÈ˹¥»÷Îó²î


Docker EngineËù½¨ÉèµÄÍøÂçÅþÁ¬»áĬÈÏÎüÊÕIPv6·ÓÉÆ÷ͨ¸æ£¬£¬ £¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬ £¬£¬£¬¿É¾ÙÐÐÖÐÐÄÈ˹¥»÷£¬£¬ £¬£¬£¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢¡£¡£ ¡£¡£¡£

https://github.com/docker/docker-ce/releases/v19.03.11



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢¶íÂÞ˹ºÚ¿Í¹¥»÷²¨À¼Õþ¸®»ú¹¹£¬£¬ £¬£¬£¬Ðû²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/05/russian-hackers-attacked-poland-due-to.html


2¡¢ÊÓƵ¼ô¼­Ó¦ÓÃVivaVideo»òΪÌع¤Èí¼þ£¬£¬ £¬£¬£¬Ó°ÏìÁè¼Ý1.57ÒÚÓû§


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://latesthackingnews.com/2020/05/31/vivavideo-and-other-apps-with-over-157-million-installs-spy-on-users/


3¡¢Ó¡¶ÈÖ§¸¶Ó¦ÓÃBHIMÒòÉèÖùýʧ£¬£¬ £¬£¬£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/indian-payment-app-bhim-data-breach/


4¡¢DopplePaymerÌåÏÖÒÑÀÖ³ÉÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÏà¹ØÎļþ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/


5¡¢MozillaÐû²¼FirefoxÇå¾²¸üУ¬£¬ £¬£¬£¬ÐÞ¸´¶à¸öí§Òâ´úÂëÖ´ÐÐÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.theregister.com/2020/06/04/firefox_77_security_fixes/