ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ19ÖÜ

Ðû²¼Ê±¼ä 2020-05-11

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê05ÔÂ04ÈÕÖÁ05ÔÂ10ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´60¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess Node¶à¸öÕ»Òç³ö©¶´; S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐЩ¶´£»IBM Data Risk ManagerÈÎÒâÎļþÏÂÔØ©¶´£»3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐЩ¶´£»Mozilla Firefox SCTP»º³åÇøÒç³ö©¶´¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊǹȸèÐû²¼ÁËÕë¶ÔAndroid OSµÄÄþ¾²¸üУ¬ÐÞ¸´¶à¸ö©¶´£»Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÎï´æÔÚ©¶´£¬»ò½«Ó°Ïì9£¥Óû§£»ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý£»ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬Ð¹Â¶°üÂÞÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ£»Ë¼¿ÆÐû²¼Äþ¾²¸üУ¬ÐÞ¸´¶à¸ö²úÎïÖеÄ12¸ö©¶´¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖС£


>ÖØÒªÄþ¾²Â©¶´Áбí


1. Advantech WebAccess Node¶à¸öÕ»Òç³ö©¶´


Advantech WebAccess Node´æÔÚ¶à¸öÕ»Òç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓ÷¨Ê½±ÀÀ£»ò¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://www.us-cert.gov/ics/advisories/icsa-20-128-0


2. S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐЩ¶´


S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems


3. IBM Data Risk ManagerÈÎÒâÎļþÏÂÔØ©¶´


IBM Data Risk Manager´æÔÚĿ¼±éÀú©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÏÂÔØÈÎÒâÎļþ¡£

https://www.ibm.com/support/pages/node/6206875


4. 3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐЩ¶´


3S-Smart Software Solutions CODESYS Runtime PLC_Task¹¦Ð§´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. Mozilla Firefox SCTP»º³åÇøÒç³ö©¶´


Mozilla Firefox ESR SCTP»º³åÇøÒç³ö©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄWEBÇëÇó£¬ÓÕʹÓû§½âÎö£¬¿ÉʹӦÓ÷¨Ê½±ÀÀ£»òÕß¿ÉÖ´ÐÐÈÎÒâ´úÂë¡£

https://www.auscert.org.au/bulletins/ESB-2020.1600/


> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢¹È¸èÐû²¼ÁËÕë¶ÔAndroid OSµÄÄþ¾²¸üУ¬ÐÞ¸´¶à¸ö©¶´

×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability


2¡¢Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÎï´æÔÚ©¶´£¬»ò½«Ó°Ïì9£¥Óû§


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/


3¡¢ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/


4¡¢ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬Ð¹Â¶°üÂÞÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.videogameschronicle.com/news/a-full-mario-64-pc-port-has-been-released/


5¡¢Ë¼¿ÆÐû²¼Äþ¾²¸üУ¬ÐÞ¸´¶à¸ö²úÎïÖеÄ12¸ö©¶´


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/