每日安全动态推送(10-15)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• CVE-2020-12928 Exploit Proof-of-Concept, Privilege Escalation in AMD Ryzen Master AMDRyzenMasterDriver.sys - The Human Machine Interface:
https://h0mbre.github.io/RyzenMaster_CVE/

   ・ AMD Ryzen Master 驱动漏洞的分析和利用(CVE-2020-12928) – Jett


• 安卓逆向之自动化 JNI 静态分析:
https://paper.seebug.org/1363/

   ・ 深入理解MacOS平台的可执行文件MachO格式分析。 – lanying37


• Osquery: Using D-Bus to query systemd data:
https://blog.trailofbits.com/2020/10/14/osquery-using-d-bus-to-query-systemd-data/

   ・ Osquery: Using D-Bus to query systemd data  – Jett


• Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips:
https://threatpost.com/intel-encryption-security-ice-lake-chips/160083/

   ・ 对标 AMD SME,Intel 为其新一代 Ice Lake 处理器新增内存加密技术的支持 – Jett


• QEMU KVM学习笔记:
https://github.com/yifengyou/learn-kvm

   ・ QEMU KVM学习笔记. – lanying37


• DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug:
https://blog.br0vvnn.io/pages/blogpost.aspx?id=1&ln=0

   ・ DOS2RCE - V8 引擎空指针引用漏洞的新利用方法 – Jett


• Tiger-Team-1337: Audi A7 2014 MMI Mishandles the Format-string Specifiers:
https://tiger-team-1337.blogspot.com/2020/10/audi-a7-2014-mmi-mishandles-format.html

   ・ 2014 款奥迪 A7 娱乐系统蓝牙名字展示存在格式化字符串漏洞 – Jett


• Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE:
https://threatpost.com/critical-sonicwall-vpn-bug/160108/

   ・ SonicWall VPN portal 被发现蠕虫级 RCE 漏洞 – Jett


• Finding Bugs Using Your Own Code: Detecting Functionally-similar yet Inconsistent Code:
https://www.longlu.org/publication/fics/

   ・ Finding Bugs Using Your Own Code - 检测代码中功能相似但代码不一致的 Pattern – Jett


• [PDF] https://www.usenix.org/system/files/woot20-paper1-slides-cho.pdf:
https://www.usenix.org/system/files/woot20-paper1-slides-cho.pdf

   ・ 利用 Linux 内核中的栈上变量未初始化漏洞泄露内核指针 – Jett


• FIN11: Widespread Email Campaigns as Precursor for Ransomware and Data Theft:
http://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html

   ・ FireEye 对 FIN11 APT 组织近期攻击活动的分析报告 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(10-15)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: