每日攻防资讯简报[Aug.25th]

  • A+
所属分类:安全新闻

每日攻防资讯简报[Aug.25th]

0x00资讯

1.Mitre发布的防御框架Shield

每日攻防资讯简报[Aug.25th]

https://shield.mitre.org/matrix/

 

2.美国股票人寿保险公司National Western Life被REvil勒索软件入侵,攻击者获取656 GB机密数据

每日攻防资讯简报[Aug.25th]

https://cybleinc.com/2020/08/24/national-western-life-insurance-company-nightmare-continues/

 

3.微软宣布Internet Explorer 11的退休时间表

https://hotforsecurity.bitdefender.com/blog/microsoft-announces-internet-explorer-11s-retirement-timeline-23981.html


0x01漏洞

1.C编写的针对嵌入式的TLS1.3客户端wolfSSL可导致中间人攻击的漏洞(CVE-2020-24613)

https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/

 

2.2020年全球勒索软件攻击中使用的前四大漏洞

https://blog.sensecy.com/2020/08/20/global-ransomware-attacks-in-2020-the-top-4-vulnerabilities/

 

3.TeamViewer高危漏洞,可允许攻击者窃取密码(CVE-2020-13699)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13699

0x02恶意代码

1.RTF Royal Road释放了一个新的MFC后门,与Goblin Panda相关

https://medium.com/@Sebdraven/rtf-royal-road-drops-a-new-backdoor-mfc-and-links-with-goblin-panda-90db06f80611

 

2.银行木马QBot初始恶意文档中使用的新技术

https://blog.morphisec.com/qakbot-qbot-maldoc-two-new-techniques

 

3.揭开黑客雇佣军DeathStalker的面纱

https://securelist.com/deathstalker-mercenary-triumvirate/98177/

 

4.移动平台广告欺诈软件Triada和xhelper预装在20万台廉价手机上

https://www.upstreamsystems.com/well-known-malware-committing-click-ad-fraud-low-end-devices-emerging-markets-uncovered-secure-d/

 

5.假冒的Malwarebytes安装文件投递基于XMRig的门罗币挖矿软件

https://blog.avast.com/fake-malwarebytes-installation-files-distributing-coinminer

0x03工具

1.Red-EC2:在AWS上通过Ansible构建RedTeam基础设施

https://github.com/jfmaes/Red-EC2

 

2.drovorub-hunt:以网络为基础,协助搜寻Drovorub恶意软件C&C

https://github.com/Insane-Forensics/drovorub-hunt

0x04技术

1.Windows通过端口监视器实现驻留

https://posts.slayerlabs.com/monitor-persistence/

 

2.结合使用Microsoft Graph API和Python来查找Office365邮箱中的恶意收件箱规则

https://blog.rothe.uk/risky-rules-in-office365/

 

3.XSS:算术运算符和可选链接,以绕过过滤器和Sanitization

https://www.secjuice.com/xss-arithmetic-operators-chaining-bypass-sanitization/

 

4.在“下载”文件夹中执行“Python”命令可能导致代码执行

https://glyph.twistedmatrix.com/2020/08/never-run-python-in-your-downloads-folder.html

 

5.如何实现Office格式的Dropper

https://marcoramilli.com/2020/08/24/how-to-reverse-office-droppers-personal-notes/

 

6.HttpOnly标志:保护Cookies免受XSS攻击

https://www.acunetix.com/blog/web-security-zone/httponly-flag-protecting-cookies/

 

7.certutil – one more GUI lolbin

https://www.hexacorn.com/blog/2020/08/23/certutil-one-more-gui-lolbin/

 

8.PC-3000闪存:如何从microSD卡恢复数据

https://blog.acelaboratory.com/pc-3000-flash-circuit-board-and-msd-card-preparing-and-soldering.html

 

9.使用深度强化学习加持的WiFi攻击工具Pwnagotchi破解WiFi握手包

 

10.逆向Android平台的新冠追踪App

 

11.Python基础:使用Scapy构造数据包

https://medium.com/python-in-plain-english/python-basics-packet-crafting-with-scapy-b3e4ea5c8111

 

12.使用Safari网络共享API窃取本地文件

https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html

 

13.在Azure中检测和锁定基于网络的恶意软件

https://www.sans.org/blog/detecting-and-locking-down-network-based-malware-in-azure/

天融信阿尔法实验室成立于2011年,一直以来,阿尔法实验室秉承“攻防一体”的理念,汇聚众多专业技术研究人员,从事攻防技术研究,在安全领域前瞻性技术研究方向上不断前行。作为天融信的安全产品和服务支撑团队,阿尔法实验室精湛的专业技术水平、丰富的排异经验,为天融信产品的研发和升级、承担国家重大安全项目和客户服务提供强有力的技术支撑。



每日攻防资讯简报[Aug.25th]

每日攻防资讯简报[Aug.25th]

天融信

阿尔法实验室

长按二维码关注我们



发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: