ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ25ÖÜ

Ðû²¼Ê±¼ä 2020-06-23

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê06ÔÂ15ÈÕÖÁ06ÔÂ21ÈÕ¹²ÊÕ¼Çå¾²Îó²î75¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇTreck TCP/IP»ûÐÎIPV4±¨ÎÄ´¦Öóͷ£´úÂëÖ´ÐÐÎó²î; Cisco Small Business RV Series Routers CVE-2020-3286Õ»Òç³öí§Òâ´úÂëÖ´ÐÐÎó²î£»Adobe Audition CVE-2020-9658Ô½½çд´úÂëÖ´ÐÐÎó²î£»Cypress Semiconductor CYW20735 evaluation board»º³åÇøÒç³öÎó²î£»Google Chrome V8Ô½½çд´úÂëÖ´ÐÐÎó²î¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊÇGTPЭÒé±£´æÎó²î£¬¿É±»Ê¹ÓöԷäÎÑÍøÂç¾ÙÐÐDoS¹¥»÷£»ÑÇÂíÑ·AWSÔøÒ»Á¬3ÌìÔâµ½2.3 Tbps DDoS¹¥»÷£»Ë¼¿ÆÐû²¼2020ÄêÏÄÈÕµÄÓ¦¼±ÏìÓ¦Ç÷ÊƱ¨¸æ£»ÃÀ¹ú´ó¹æÄ£DDoS¹¥»÷ʵΪT-MobileÉèÖùýʧµ¼Ö£»Ô¶³Ì×ÀÃæµÄUSBÇý¶¯±£´æÎó²î£¬¿ÉʹÓôËÎó²î¾ÙÐÐÌáȨ¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬±¾ÖÜÇå¾²ÍþвΪÖС£


>Ö÷ÒªÇå¾²Îó²îÁбí


1.Treck TCP/IP»ûÐÎIPV4±¨ÎÄ´¦Öóͷ£´úÂëÖ´ÐÐÎó²î


Treck TCP/IP´¦Öóͷ£»ûÐεÄIPv4±¨Îı£´æÇå¾²Îó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://www.jsof-tech.com/ripple20/


2. Cisco Small Business RV Series Routers CVE-2020-3286Õ»Òç³öí§Òâ´úÂëÖ´ÐÐÎó²î


Cisco Small Business RV Series RoutersµÄWEBÖÎÀí½Ó¿Ú±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíͨ¹ýÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿ÉʹӦÓóÌÐò±ÀÀ£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-stack-vUxHmnNz


3. Adobe Audition CVE-2020-9658Ô½½çд´úÂëÖ´ÐÐÎó²î


Adobe Audition±£´æÔ½½çдÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßʹÓÃÎó²î¹¹½¨¶ñÒâÎļþ£¬ÓÕʹÓû§ÆÊÎö£¬¿ÉʹӦÓóÌÐò±ÀÀ£»òÒÔÓ¦ÓóÌÐòÉÏÏÂÎÄÖ´ÐÐí§Òâ´úÂë¡£

https://helpx.adobe.com/security/products/audition/apsb20-40.html


4. Cypress Semiconductor CYW20735 evaluation board»º³åÇøÒç³öÎó²î


Cypress Semiconductor CYW20735 evaluation board±£´æ»º³åÇøÒç³öÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬿Éʹϵͳ±ÀÀ£»òÖ´ÐÐí§Òâ´úÂë¡£

https://github.com/seemoo-lab/frankenstein/blob/master/doc/CVE_2019_18614.md


5. Google Chrome V8Ô½½çд´úÂëÖ´ÐÐÎó²î


Google Chrome V8±£´æÔ½½çдÎó²î£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇó£¬ÓÕʹÓû§ÆÊÎö£¬¿Éʹϵͳ±ÀÀ£»òÖ´ÐÐí§Òâ´úÂë¡£

https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html



> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢GTPЭÒé±£´æÎó²î£¬¿É±»Ê¹ÓöԷäÎÑÍøÂç¾ÙÐÐDoS¹¥»÷


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.darkreading.com/vulnerabilities---threats/protocol-vulnerability-threatens-mobile-networks/d/d-id/1338068


2¡¢ÑÇÂíÑ·AWSÔøÒ»Á¬3ÌìÔâµ½2.3 Tbps DDoS¹¥»÷


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://androidrookies.com/amazons-aws-hit-with-a-record-breaking-2-3-tbps-ddos-attack/


3¡¢Ë¼¿ÆÐû²¼2020ÄêÏÄÈÕµÄÓ¦¼±ÏìÓ¦Ç÷ÊƱ¨¸æ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://blog.talosintelligence.com/2020/06/CTIR-trends-q3-2020.html


4¡¢ÃÀ¹ú´ó¹æÄ£DDoS¹¥»÷ʵΪT-MobileÉèÖùýʧµ¼ÖÂ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/t-mobile-outage-caused-by-configuration-error-not-a-ddos-attack/


5¡¢Ô¶³Ì×ÀÃæµÄUSBÇý¶¯±£´æÎó²î£¬¿ÉʹÓôËÎó²î¾ÙÐÐÌáȨ


ÓÅ·¢¹ú¼Ê¡¤ËæÓŶø¶¯Ò»´¥¼´·¢


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/bug-in-usb-for-remote-desktop-lets-hackers-add-fake-devices/