西门子发布《能源行业网络安全:事件响应手册》;NordVPN API漏洞允许攻击者查看用户支付信息

发布时间 2020-03-08

【安全播报】


西门子发布《能源行业网络安全:事件响应手册》

https://new.siemens.com/us/en/company/press/siemens-stories/energy/simulating-a-cyberattack-on-the-energy-industry-a-playbook-for-incident-response.html


【漏洞补丁】


Zoho修复ManageEngine Desktop Central中的RCE 0day

https://www.bleepingcomputer.com/news/security/zoho-fixes-no-auth-rce-zero-day-in-manageengine-desktop-central/


NordVPN API漏洞允许攻击者查看用户支付信息

https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/


【攻击事件】


Koodo Mobile系统遭黑客攻击,被盗数据已在网上出售

https://www.bleepingcomputer.com/news/security/telus-owned-koodo-mobile-announces-data-breach-stolen-info-for-sale/


【威胁情报】


TrickBot利用虚假WHO冠状病毒邮件分发,针对意大利

https://www.bleepingcomputer.com/news/security/trickbot-malware-targets-italy-in-fake-who-coronavirus-emails/