每日安全动态推送(08-31)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Checking your browser before accessing bleepingcomputer.com.:
https://www.bleepingcomputer.com/news/technology/centurylink-routing-issue-led-to-outages-on-hulu-steam-discord-more/

   ・ 美国电信公司 CenturyLink 路由问题导致 Cloudflare 等多家公司网络故障 – Jett


• HackerOne:
https://hackerone.com/reports/783877

   ・ 利用 Slack Desktop 的跳转漏洞最终实现 RCE – Jett


• nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters:
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

   ・ 为 Bug Bounty Hunters 入门整理的资料 – Jett


• [Malware] The Anatomy of a Malicious Package:
https://blog.phylum.io/malicious-javascript-code-in-npm-malware/

   ・ 如何构造一个 Node.js NPM 恶意软件包 – Jett


• GitHub - TheOdysseyJB/Odyssey: Odyssey Swift-based semi-untethered jailbreak:
https://github.com/TheOdysseyJB/Odyssey

   ・ Odyssey 越狱工具的开源代码 – Jett


• Graphtage: A New Semantic Diffing Tool:
https://blog.trailofbits.com/2020/08/28/graphtage/

   ・ Graphtage - 支持对 JSON 文件进行 Diff 比对的工具 – Jett


• Auth bypass: Leaking Google Cloud service accounts and projects:
https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html?m=1

   ・ 身份验证绕过漏洞:Google Cloud服务帐户与项目泄漏。 – lanying37


• Cisco ISE < 1.5 Passwords decryption | Synacktiv:
https://www.synacktiv.com/publications/cisco-ise-15-passwords-decryption.html

   ・ CISCO ISE 密码原始明文还原 – Jett


• CVE-2020-0796 LPE 深度分析:
http://blog.topsec.com.cn/cve-2020-0796-lpe-%e6%b7%b1%e5%ba%a6%e5%88%86%e6%9e%90/

   ・ Windows SMB 协议 CVE-2020-0796 导致本地任意地址写过程分析 – Jett


• Weblogic12c T3 协议安全漫谈:
https://paper.seebug.org/1321/

   ・ Weblogic12c T3 协议安全漫谈  – Jett


• 海康萤石智能门锁的网关分析:
https://paper.seebug.org/1320/

   ・ 海康萤石智能门锁的网关分析  – Jett


• 手机色情软件中的“偷拍者”:
https://blogs.360.cn/post/shou-ji-se-qing-ruan-jian-zhong-de-tou-pai-zhe.html

   ・ 手机色情软件中的“偷拍者”  – Jett


• GitHub - zodiacon/ProcMonXv2: Process Monitor X v2:
https://github.com/zodiacon/ProcMonXv2

   ・ 基于 Event Tracing for Windows (ETW) 而不再依赖驱动实现的 Process Monitor – Jett


• Cisco NX-OS Software CLI Arbitrary Command Execution Vulnerability:
http://dlvr.it/RfRhwX

   ・ Cisco NX-OS软件CLI中存在任意命令执行漏洞。 – lanying37


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: