每日安全动态推送(10-12)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• GitHub - coreruleset/coreruleset: OWASP ModSecurity Core Rule Set (Official Repository):
https://github.com/coreruleset/coreruleset

   ・ OWASP ModSecurity核心规则集(CRS)资源合集。 – lanying37


• DLL Hijacking in NVIDIA SMI:
https://www.pentestpartners.com/security-blog/dll-hijacking-in-nvidia-smi/

   ・ NVIDIA 驱动系统管理接口(SMI)DLL 注入漏洞的分析 – Jett


• [Machine Learning] Distributed and federated learning:
https://labs.f-secure.com/blog/how-to-attack-distributed-machine-learning-via-online-training/

   ・ 通过 Online Training 攻击分布式机器学习 – Jett


• GitHub - netzob/netzob: Netzob: Protocol Reverse Engineering, Modeling and Fuzzing:
https://github.com/netzob/netzob

   ・ Netzob:用于协议逆向工程,建模与模糊测试项目脚本工具。 – lanying37


• Samsung Hypervisor (RKP) arbitrary zero write:
https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write/

   ・ Samsung Hypervisor (RKP) arbitrary zero write – Jett


• CVE-2019-0230: Apache Struts OGNL Remote Code Execution:
https://www.thezdi.com/blog/2020/10/7/cve-2019-0230-apache-struts-ognl-remote-code-execution

   ・ CVE-2019-0230: Apache Struts OGNL Remote Code Execution – Jett


• Exploiting Other Remote Protocols in IBM WebSphere:
https://www.thezdi.com/blog/2020/9/29/exploiting-other-remote-protocols-in-ibm-websphere

   ・ ZDI 对 IBM WebSphere IIOP 协议远程漏洞的分析 – Jett


• Detecting Iterator Invalidation with CodeQL:
https://blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/

   ・ 利用 CodeQL 分析工具检测 C++ 迭代器失效导致的安全漏洞 – Jett


• The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses:
https://www.thezdi.com/blog/2020/9/30/the-anatomy-of-a-bug-door-dissecting-two-d-link-router-authentication-bypasses

   ・ D-Link 路由器家庭网络管理协议(HNAP)认证绕过漏洞的分析 – Jett


• Enter the Vault: Authentication Issues in HashiCorp Vault:
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html

   ・ Project Zero 对密钥信息管理工具 HashiCorp Vault 认证绕过漏洞的分析 – Jett


• HEH Botnet, 一个处于开发阶段的 IoT P2P Botnet:
https://blog.netlab.360.com/heh-an-iot-p2p-botnet-cn/

   ・ HEH Botnet, 一个处于开发阶段的 IoT P2P Botnet  – Jett


• [Pentest] Introducing LDAP C2 for C3:
https://labs.f-secure.com/blog/introducing-ldap-c2-for-c3/

   ・ F-Securelabs 开源的 C3 渗透测试套件开始支持 C2 over LDAP – Jett


• Detecting Microsoft 365 and Azure Active Directory Backdoors:
http://www.fireeye.com/blog/threat-research/2020/09/detecting-microsoft-365-azure-active-directory-backdoors.html

   ・ 检测 Microsoft 365 与 Azure 活动目录的后门 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(10-12)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: