每日安全动态推送(09-23)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629):
https://raelize.com/posts/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/

   ・ 绕过物联网开发版 ESP32 的加密安全启动机制 (CVE-2020-13629) – Jett


• uTorrent CVE-2020-8437 Vulnerability And Exploit Overview:
https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html

   ・ uTorrent 协议层远程漏洞的分析和利用 – Jett


• GitHub - uknowsec/SharpSQLDump: 内网渗透中快速获取数据库所有库名,表名,列名。具体判断后再去翻数据,节省时间。适用于mysql,mssql。:
https://github.com/uknowsec/SharpSQLDump

   ・ SharpSQLDump:内网渗透中快速获取数据库所有库名,表名,列名功能。 – lanying37


• IBM QRadar Wincollect Escalation of Privilege:
https://labs.redyops.com/index.php/2020/09/11/ibm-qradar-wincollect-escalation-of-privileges-cve-2020-4485-cve-2020-4486/

   ・ IBM SIEM 产品 QRadar 软件 Windows 本地提权漏洞(CVE-2020-4485/4486)的分析 – Jett


• GitHub - crowdsecurity/crowdsec: Crowdsec - An open-source, lightweight agent to detect and respond to bad behaviours. It also automatically benefits from our global community-wide IP reputation database.:
https://github.com/crowdsecurity/crowdsec/

   ・ Crowdsec - 一款开源的、轻量级的异常行为检测 Agent,适用于容器和虚拟机环境 – Jett


• Linux内核AF_PACKET原生套接字漏洞(CVE-2020-14386)分析:
https://mp.weixin.qq.com/s/uv3BiznUCUy8do_ullnXUw

   ・ Linux内核AF_PACKET原生套接字漏洞(CVE-2020-14386)分析  – Jett


• [Android] Google Online Security Blog: Lockscreen and Authentication Improvements in Android 11:
https://security.googleblog.com/2020/09/lockscreen-and-authentication.html

   ・ Android 11 锁屏和身份验证过程改进的细节 – Jett


• Espressif ESP32: Bypassing Secure Boot using EMFI:
https://raelize.com/posts/espressif-systems-esp32-bypassing-sb-using-emfi/

   ・ Espressif ESP32: Bypassing Secure Boot using EMFI – Jett


• Exploiting Tiny Tiny RSS:
https://www.digeex.de/blog/tinytinyrss/

   ・ Exploiting Tiny Tiny RSS – Jett


• adulau/ssldump:
https://github.com/adulau/ssldump

   ・ ssldump - SSLv3/TLS 网络协议 Analyzer – Jett


• [Tools] fatedier/frp:
https://github.com/fatedier/frp

   ・ frp - 是一个专注于内网穿透的高性能的反向代理应用 – Jett


• WebSphere XXE 漏洞分析(CVE-2020-4643):
https://paper.seebug.org/1342/

   ・ WebSphere XXE 漏洞分析(CVE-2020-4643) – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: