ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ32ÖÜ

Ðû²¼Ê±¼ä 2020-08-10

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê08ÔÂ03ÈÕÖÁ08ÔÂ09ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´59¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ´íÎóÒýÓ鶴£»Geutebruck G-Cam OSÃüÁî×¢È멶´£»Cisco StarOS IPv6»º³åÇøÒç³ö©¶´£»Cohesive Networks vns3:vpn OSÃüÁî×¢È멶´; Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐЩ¶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇÑо¿ÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½Ê½£»NordPass³ÆÓÐÉÏÍò¸öÅäÖôíÎóµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Ç¼£»ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷ £¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜ»õ±Ò£»¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý£»Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶ £¬Ä¿Ç°À´Ô´Î´Öª¡£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾ÖÜÄþ¾²ÍþвΪÖС£


ÖØÒªÄþ¾²Â©¶´Áбí


1.Advantech WebAccess HMI DesignerÏîÄ¿ÎļþÄÚ´æ´íÎóÒýÓ鶴


Advantech WebAccess HMI Designer´¦ÖÃÏîÄ¿Îļþ´æÔÚÀàÐÍ»ìÏýÄþ¾²Â©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÎļþÇëÇó £¬¿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-02


2. Geutebruck G-Cam OSÃüÁî×¢È멶´


GeutebruckG-Cam´æÔÚÊäÈëÑé֤©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄURLÇëÇó £¬¿ÉÒÔROOTȨÏÞÖ´ÐÐÈÎÒâÃüÁî¡£

https://us-cert.cisa.gov/ics/advisories/icsa-20-219-03


3. Cisco StarOS IPv6»º³åÇøÒç³ö©¶´


Cisco StarOS IPv6Á÷Á¿´¦ÖôæÔÚ»º³åÇøÒç³ö©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ鶴Ìá½»ÌØÊâµÄIPv6Êý¾Ý°ü £¬½øÐоܾø·þÎñ¹¥»÷¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asr5k-ipv6-dos-ce3zhF8m


4. Cohesive Networks vns3:vpn OSÃüÁî×¢È멶´


Cohesive Networks vns3:vpn¹ÜÀí½çÃæ´æÔÚÄþ¾²Â©¶´ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâÃüÁî¡£

https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0007/FEYE-2020-0007.md


5. Android Qualcomm×é¼þCVE-2020-11118´úÂëÖ´ÐЩ¶´


Android Qualcomm×é¼þ´æÔÚÄþ¾² £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇó £¬¿ÉÒÔϵͳÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë¡£

https://source.android.com/security/bulletin/2020-08-01


> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢Ñо¿ÈËÔ±·¢ÏÖHTTP/2 ÐÂÐͼÆʱ²àÐŵÀ¹¥»÷·½Ê½


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html


2¡¢NordPass³ÆÓÐÉÏÍò¸öÅäÖôíÎóµÄÊý¾Ý¿âй¶100ÒÚÌõ¼Ç¼


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.welivesecurity.com/2020/07/30/10-billion-records-exposed-unsecured-databases/


3¡¢ºÚ¿ÍÈëÇÖ2gether·þÎñÆ÷ £¬ÇÔÈ¡¼ÛÖµ120ÍòÅ·ÔªµÄ¼ÓÃÜ»õ±Ò


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://securityaffairs.co/wordpress/106726/hacking/2gether-hacked.html


4¡¢¿¨°Í˹»ù·¢ÏÖÒÁÀÊAPT×éÖ¯OilrigʹÓÃDoHÇÔÈ¡ÍøÂçÖÐÊý¾Ý


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/#ftag=RSSbaffb68  


5¡¢Intel 20GBÔ´´úÂëºÍ»úÃÜÎļþй¶ £¬Ä¿Ç°À´Ô´Î´Öª


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/