ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ22ÖÜ

Ðû²¼Ê±¼ä 2020-06-01

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ25ÈÕÖÁ05ÔÂ31ÈÕ¹²ÊÕ¼Çå¾²Îó²î58¸ö£¬£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇTrendMicro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î; IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î£»£»£»£»£»£»Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î£»£»£»£»£»£»Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î£»£»£»£»£»£»Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡·£»£»£»£»£»£»ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬£¬£¬£¬£¬£¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢£»£»£»£»£»£»Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬Ð¹Â¶83ÒÚÌõÓû§¼Í¼£»£»£»£»£»£»AndroidÎó²îStrandHogg 2.0±»Åû¶£¬£¬£¬£¬£¬£¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸£»£»£»£»£»£»AppleÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î


Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÀàÆÊÎömount_device²ÎÊýʱ±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-676/


2. IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î


IBM Security Identity Governance and Intelligence±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉδÊÚȨִÐÐÏÂÁî¡£¡£¡£¡£¡£¡£

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4231/


3. Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î


Apple macOS Catalina FontParser±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄPDFÎļþÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÔ½½çд£¬£¬£¬£¬£¬£¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://support.apple.com/zh-cn/HT211170


4. Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


Inductive Automation Ignition±£´æ·´ÐòÁл¯Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-147-01


5. Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î


Ubiquiti Networks AirMax AirOS±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬£¬¿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£¡£¡£¡£¡£¡£

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡·


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.us-cert.gov/ncas/current-activity/2020/05/22/cisa-doe-and-uks-ncsc-issue-guidance-protecting-industrial-control


2¡¢ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬£¬£¬£¬£¬£¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢



¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/


3¡¢Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬£¬Ð¹Â¶83ÒÚÌõÓû§¼Í¼


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/


4¡¢AndroidÎó²îStrandHogg 2.0±»Åû¶£¬£¬£¬£¬£¬£¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/critical-android-bug-lets-malicious-apps-hide-in-plain-sight/


5¡¢AppleÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/apple-patches-over-40-vulnerabilities-macos-catalina