每日安全动态推送(09-29)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• VirusTotal APK Malware Detection Data - Week 39: 20200921-20200927:
https://blog.trustlook.com/virustotal-apk-malware-detection-data-week-39-20200921-20200927/

   ・ VirusTotal APK恶意软件检测数据-第39周 – Schwarrzz


• [CTF] ductf2020 pwn-or-web v8 challenge:
https://seb-sec.github.io/2020/09/28/ductf2020-pwn-or-web.html

   ・ ductf2020 pwn-or-web v8 challenge writeup  – Jett


• [Browser] Local Data Encryption in Chromium:
https://textslashplain.com/2020/09/28/local-data-encryption-in-chromium/

   ・ Chromium 浏览器的本地数据加密机制分析 – Jett


• Cobalt Strike 绕过流量审计:
https://paper.seebug.org/1349/

   ・ Cobalt Strike 绕过流量审计. – lanying37


• DPDK security advisory for multiple vhost crypto issues:
http://seclists.org/oss-sec/2020/q3/200

   ・ DPDK 开发套件修复了多个漏洞,包括一个 vhost crypto 问题导致 Host 虚拟机逃逸的漏洞 – Jett


• [Tools, IoT] emba, an analyzer for Linux-based firmware of embedded devices:
https://github.com/e-m-b-a/emba

   ・ emba - 用于分析基于 Linux 的嵌入设备的固件的工具 – Jett


• Fashion retailer BrandBQ exposes 1 TB of customers, contractors data:
https://www.hackread.com/fashion-retailer-brandbq-expose-customers-data/

   ・ 波兰电商 BrandBQ 因 Elasticsearch 服务器泄露 1TB 用户数据 – Jett


• 某游戏外挂团队针对大量企业员工发起网络攻击活动:
https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/11/a-game-plugin-team-launched-a-cyber-attack-against-a-large-number-of-corporate-employees/

   ・ 某游戏外挂团队针对大量企业员工发起网络攻击活动 – Jett


• [Tools] Release v3.0.2.0 · lgandx/Responder:
https://github.com/lgandx/Responder/releases/tag/v3.0.2.0

   ・ LLMNR/NBT-NS/mDNS 协议攻击工具 Responder 更新 3.0.2.0 版本 – Jett


• EkoParty - Advanced Fuzzing Workshop:
https://github.com/antonio-morales/EkoParty_Advanced_Fuzzing_Workshop

   ・ EkoParty - Advanced Fuzzing Workshop  – Jett


• [Web] Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call | by Yasho | InfoSec Write-ups | Sep, 2020 | Medium:
https://medium.com/bugbountywriteup/taking-down-the-sso-account-takeover-in-3-websites-of-kolesa-due-to-insecure-jsonp-call-facd79732e45

   ・ 利用不安全的 JSONP 调用接管 Kolesa 站点的任意账户 – Jett


• GHSL-2020-113: Command injection vulnerability in limdu - CVE-2020-4066:
https://securitylab.github.com/advisories/GHSL-2020-113-limdu

   ・ GitHub labs 对开源库 limdu 命令注入漏洞的分析(CVE-2020-4066) – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: