ÐÅÏ¢Äþ¾²Öܱ¨-2020ÄêµÚ22ÖÜ

Ðû²¼Ê±¼ä 2020-06-01

> ±¾ÖÜÄþ¾²Ì¬ÊÆ×ÛÊö


2020Äê05ÔÂ25ÈÕÖÁ05ÔÂ31ÈÕ¹²ÊÕ¼Äþ¾²Â©¶´58¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇTrendMicro InterScan Web Security Virtual Appliance LogSettingHandlerÃüÁî×¢È멶´; IBM Security Identity Governance and IntelligenceδÊÚȨÃüÁîÖ´ÐЩ¶´£»Apple macOS Catalina FontParser´úÂëÖ´ÐЩ¶´£»Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐЩ¶´£»Ubiquiti Networks AirOS OSÃüÁî×¢È멶´ ¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÄþ¾²Ê¼þÊÇÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÄþ¾²×î¼Ñʵ¼ù¡·£»ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢£»Ì©¹úÒƶ¯ÔËÓªÉÌAIS´æÔÚÄþ¾²ÎÊÌ⣬й¶83ÒÚÌõÓû§¼Ç¼£»Android©¶´StrandHogg 2.0±»Åû¶£¬Ó°ÏìÁè¼Ý10ÒŲ́É豸£»AppleÐû²¼Äþ¾²¸üУ¬ÐÞ¸´macOSºÍSafariÖÐ50¶à©¶´ ¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜÄþ¾²ÍþвΪÖÐ ¡£



>ÖØÒªÄþ¾²Â©¶´Áбí


1.Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÃüÁî×¢È멶´


Trend Micro InterScan Web Security Virtual Appliance LogSettingHandlerÀà½âÎömount_device²ÎÊýʱ´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐÈÎÒâÃüÁî ¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-676/


2. IBM Security Identity Governance and IntelligenceδÊÚȨÃüÁîÖ´ÐЩ¶´


IBM Security Identity Governance and Intelligence´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉδÊÚȨִÐÐÃüÁî ¡£

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4231/


3. Apple macOS Catalina FontParser´úÂëÖ´ÐЩ¶´


Apple macOS Catalina FontParser´æÔÚÄþ¾²Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄPDFÎļþÇëÇ󣬿ÉÔ½½çд£¬ÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë ¡£

https://support.apple.com/zh-cn/HT211170


4. Inductive Automation Ignition·´ÐòÁл¯´úÂëÖ´ÐЩ¶´


Inductive Automation Ignition´æÔÚ·´ÐòÁл¯Â©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿ÉÒÔÓ¦Ó÷¨Ê½ÉÏÏÂÎÄÖ´ÐÐÈÎÒâ´úÂë ¡£

https://www.us-cert.gov/ics/advisories/icsa-20-147-01


5. Ubiquiti Networks AirOS OSÃüÁî×¢È멶´


Ubiquiti Networks AirMax AirOS´æÔÚÊäÈëÑé֤©¶´£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔÀûÓ鶴Ìá½»ÌØÊâµÄÇëÇ󣬿É×¢ÈëÈÎÒâÃüÁî²¢Ö´ÐÐ ¡£

https://community.ui.com/releases/Security-advisory-bulletin-011-011/d0d411a5-6dcb-4988-9709-d57f50957261



> ÖØÒªÄþ¾²Ê¼þ×ÛÊö


1¡¢ÃÀ¹úCISA¡¢DOEºÍÓ¢¹úµÄNCSCÁªºÏÐû²¼¡¶ICSÍøÂçÄþ¾²×î¼Ñʵ¼ù¡·


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.us-cert.gov/ncas/current-activity/2020/05/22/cisa-doe-and-uks-ncsc-issue-guidance-protecting-industrial-control


2¡¢ºÚ¿Í×éÖ¯Maze¹¥»÷¸ç˹´ïÀè¼ÓÒøÐУ¬ÇÔÈ¡ÆäÐÅÓÿ¨ÐÅÏ¢



×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-leak-credit-card-info-from-costa-ricas-state-bank/


3¡¢Ì©¹úÒƶ¯ÔËÓªÉÌAIS´æÔÚÄþ¾²ÎÊÌ⣬й¶83ÒÚÌõÓû§¼Ç¼


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/


4¡¢Android©¶´StrandHogg 2.0±»Åû¶£¬Ó°ÏìÁè¼Ý10ÒŲ́É豸


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/critical-android-bug-lets-malicious-apps-hide-in-plain-sight/


5¡¢AppleÐû²¼Äþ¾²¸üУ¬ÐÞ¸´macOSºÍSafariÖÐ50¶à©¶´


×ðÁú¶¶È¦ - Ϊdu¶øÉú


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/apple-patches-over-40-vulnerabilities-macos-catalina