ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ32ÖÜ

Ðû²¼Ê±¼ä 2020-08-10

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê08ÔÂ03ÈÕÖÁ08ÔÂ09ÈÕ¹²ÊÕ¼Çå¾²Îó²î59¸ö£¬£¬£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ¹ýʧÒýÓÃÎó²î£»£»Geutebruck G-Cam OSÏÂÁî×¢ÈëÎó²î£»£»Cisco StarOS IPv6»º³åÇøÒç³öÎó²î£»£»Cohesive Networks vns3:vpn OSÏÂÁî×¢ÈëÎó²î; Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐÐÎó²î¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÑо¿Ö°Ô±·¢Ã÷HTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½·¨£»£»NordPass³ÆÓÐÉÏÍò¸öÉèÖùýʧµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Í¼£»£»ºÚ¿ÍÈëÇÖ2getherЧÀÍÆ÷£¬£¬£¬£¬£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò£»£»¿¨°Í˹»ù·¢Ã÷ÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý£»£»Intel 20GBÔ´´úÂëºÍÉñÃØÎļþй¶£¬£¬£¬£¬£¬ÏÖÔÚȪԴδ֪¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£


Ö÷ÒªÇå¾²Îó²îÁбí


1.Advantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ¹ýʧÒýÓÃÎó²î


Advantech WebAccess HMI Designer´¦Öóͷ£ÏîÄ¿Îļþ±£´æÀàÐÍ»ìÏýÇå¾²Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÎļþÇëÇ󣬣¬£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02


2. Geutebruck G-Cam OSÏÂÁî×¢ÈëÎó²î


GeutebruckG-Cam±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄURLÇëÇ󣬣¬£¬£¬£¬¿ÉÒÔROOTȨÏÞÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03


3. Cisco StarOS IPv6»º³åÇøÒç³öÎó²î


Cisco StarOS IPv6Á÷Á¿´¦Öóͷ£±£´æ»º³åÇøÒç³öÎó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄIPv6Êý¾Ý°ü£¬£¬£¬£¬£¬¾ÙÐоܾøЧÀ͹¥»÷¡£¡£¡£¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m


4. Cohesive Networks vns3:vpn OSÏÂÁî×¢ÈëÎó²î


Cohesive Networks vns3:vpnÖÎÀí½çÃæ±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£¡£

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0007/FEYE-2020-0007.md


5. Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐÐÎó²î


Android Qualcomm×é¼þ±£´æÇå¾²£¬£¬£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬¿ÉÒÔϵͳÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£

https://source.android.com/security/bulletin/2020-08-01


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢Ñо¿Ö°Ô±·¢Ã÷HTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½·¨


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html


2¡¢NordPass³ÆÓÐÉÏÍò¸öÉèÖùýʧµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Í¼


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/


3¡¢ºÚ¿ÍÈëÇÖ2getherЧÀÍÆ÷£¬£¬£¬£¬£¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜÇ®±Ò


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/106726/hacking/2gether-hacked.html


4¡¢¿¨°Í˹»ù·¢Ã÷ÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68  


5¡¢Intel 20GBÔ´´úÂëºÍÉñÃØÎļþй¶£¬£¬£¬£¬£¬ÏÖÔÚȪԴδ֪


¿­Ðý¹ú¼ÊÓÎÏ·(Öйú)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/