ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ22ÖÜ

Ðû²¼Ê±¼ä 2020-06-01

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ25ÈÕÖÁ05ÔÂ31ÈÕ¹²ÊÕ¼Çå¾²Îó²î58¸ö£¬£¬£¬£¬£¬ £¬ÖµµÃ¹Ø×¢µÄÊÇTrendMicro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î; IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î £»£»£»£»£»£»£»Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î £»£»£»£»£»£»£»Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î £»£»£»£»£»£»£»Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î¡£¡£¡£ ¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡· £»£»£»£»£»£»£»ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬£¬£¬£¬£¬ £¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢ £»£»£»£»£»£»£»Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬ £¬Ð¹Â¶83ÒÚÌõÓû§¼Í¼ £»£»£»£»£»£»£»AndroidÎó²îStrandHogg 2.0±»Åû¶£¬£¬£¬£¬£¬ £¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸ £»£»£»£»£»£»£»AppleÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ £¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î¡£¡£¡£ ¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬£¬£¬ £¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£ ¡£¡£



>Ö÷ÒªÇå¾²Îó²îÁбí


1.Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÏÂÁî×¢ÈëÎó²î


Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÀàÆÊÎömount_device²ÎÊýʱ±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬ £¬¿ÉÖ´ÐÐí§ÒâÏÂÁî¡£¡£¡£ ¡£¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-676/


2. IBM Security Identity Governance and IntelligenceδÊÚȨÏÂÁîÖ´ÐÐÎó²î


IBM Security Identity Governance and Intelligence±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬ £¬¿ÉδÊÚȨִÐÐÏÂÁî¡£¡£¡£ ¡£¡£

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4231/


3. Apple macOS Catalina FontParser´úÂëÖ´ÐÐÎó²î


Apple macOS Catalina FontParser±£´æÇå¾²Îó²î£¬£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄPDFÎļþÇëÇ󣬣¬£¬£¬£¬ £¬¿ÉÔ½½çд£¬£¬£¬£¬£¬ £¬ÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£

https://support.apple.com/zh-cn/HT211170


4. Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐÐÎó²î


Inductive Automation Ignition±£´æ·´ÐòÁл¯Îó²î£¬£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬ £¬¿ÉÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£¡£¡£ ¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-147-01


5. Ubiquiti Networks AirOS OSÏÂÁî×¢ÈëÎó²î


Ubiquiti Networks AirMax AirOS±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬ £¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬£¬£¬ £¬¿É×¢Èëí§ÒâÏÂÁî²¢Ö´ÐС£¡£¡£ ¡£¡£

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢ÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÇå¾²×î¼Ñʵ¼ù¡·


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.us-cert.gov/ncas/current-activity/2020/05/22/cisa-doe-and-uks-ncsc-issue-guidance-protecting-industrial-control


2¡¢ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬£¬£¬£¬£¬ £¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢



ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/


3¡¢Ì©¹úÒƶ¯ÔËÓªÉÌAIS±£´æÇå¾²ÎÊÌ⣬£¬£¬£¬£¬ £¬Ð¹Â¶83ÒÚÌõÓû§¼Í¼


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/


4¡¢AndroidÎó²îStrandHogg 2.0±»Åû¶£¬£¬£¬£¬£¬ £¬Ó°ÏìÁè¼Ý10ÒŲ́װ±¸


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/critical-android-bug-lets-malicious-apps-hide-in-plain-sight/


5¡¢AppleÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬ £¬ÐÞ¸´macOSºÍSafariÖÐ50¶àÎó²î


ÍòÀû¹ú¼Ê¹ÙÍø(ÖйúÓÎ)ÓÐÏÞ¹«Ë¾


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/apple-patches-over-40-vulnerabilities-macos-catalina