每日安全动态推送(01-06)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• NTFS Remote Code Execution (CVE-2020-17096) Analysis - ZecOps Blog:
https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/

   ・ Windows. NTFS 文件系统上个月修复的 CVE-2020-17096 RCE 漏洞的分析 – Jett


• Google Warns of Critical Android Remote Code Execution Bug:
https://threatpost.com/google-warns-of-critical-android-remote-code-execution-bug/162756/

   ・ 一月份补丁中 Android 修复 43 个漏洞 – Jett


• [PDF] https://i.blackhat.com/eu-20/Thursday/eu-20-Meffre-This-Is-For-The-Pwners-Exploiting-A-Webkit-0day-In-Playstation4.pdf:
https://i.blackhat.com/eu-20/Thursday/eu-20-Meffre-This-Is-For-The-Pwners-Exploiting-A-Webkit-0day-In-Playstation4.pdf

   ・ 利用 WebKit 0Day 漏洞攻击 PS4 – Jett


• Remote Code Execution Through Cross-Site Scripting In Electron Apps | InfoSec Write-ups:
https://medium.com/bugbountywriteup/remote-code-execution-through-cross-site-scripting-in-electron-f3b891ad637

   ・ CVE-2020–35717 — RCE through XSS in zonote Electron App – Jett


• Phishing the Holiday Season:
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phishing-the-holiday-season/

   ・ 针对网络钓鱼利用假期节日发送恶意邮件分析。 – lanying37


• New year, new anti-debug: Don't Thread On Me:
https://secret.club/2021/01/04/thread-stuff.html

   ・ 两种 Windows anti-debug 新方法 – Jett


• [macOS] Waiting for the redirectiron...:
https://objective-see.com/blog/blog_0x5F.html

   ・ The Mac Malware of 2020 – Jett


• [Malware] ElectroRAT: Attacker Creates Fake Companies to Drain Crypto Wallets:
https://www.intezer.com/blog/research/operation-electrorat-attacker-creates-fake-companies-to-drain-your-crypto-wallets/

   ・ ElectroRAT: Attacker Creates Fake Companies to Drain Crypto Wallets – Jett


• PyBeacon:
https://github.com/nccgroup/pybeacon

   ・ PyBeacon - NCCGroup 开源的用于处理 Cobalt Strike beacons 的脚本 – Jett


• macOS 11.0.1 - Source:
https://opensource.apple.com/release/macos-1101.html

   ・ Apple 公开 macOS 11.0.1 版本的源码 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(01-06)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: