每日安全动态推送(02-04)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Android] Five Critical Android Bugs Patched, Part of Feb. Security Bulletin:
https://threatpost.com/five-critical-bugs-patched-feb-security-bulletin/163623/

   ・ Android 发布 2 月份漏洞补丁公告,修复 5 个高危漏洞 – Jett


• Endpoint Detection and Response: How Hackers Have Evolved | Optiv:
https://www.optiv.com/explore-optiv-insights/source-zero/endpoint-detection-and-response-how-hackers-have-evolved

   ・ Endpoint Detection and Response: How Hackers Have Evolved – Jett


• Advisories - GitHub Security Lab:
https://securitylab.github.com/advisories

   ・ GitHub Security Lab 已披露的漏洞公告列表 – Jett


• GitHub - ossf/scorecard: OSS Security Scorecards:
https://github.com/ossf/scorecard

   ・ Security Scorecards - 开源组件安全健康度衡量工具 – Jett


• Introduction:
https://www.longterm.io/vdso_sidechannel.html

   ・ VDSO As A Potential KASLR Oracle – Jett


• Major Vulnerabilities Discovered in Realtek RTL8195A Wi-Fi Module:
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered

   ・ Realtek RTL8195A Wi-Fi 模块被发现多个高危漏洞 – Jett


• Facebook Messenger Desktop App Arbitrary File Read | by Renwa | Feb, 2021 | Medium:
https://medium.com/@renwa/facebook-messenger-desktop-app-arbitrary-file-read-db2374550f6d

   ・ Facebook Messenger Desktop App Arbitrary File Read – Jett


• ScareCrow:
https://github.com/optiv/ScareCrow

   ・ ScareCrow - 自动化生成 EDR 软件 Bypass Payload 的工具 – Jett


• [Web] How I was able to Turn a XSS into a Account Takeover | by Josh Fam | Feb, 2021 | Medium:
https://pullerjsecu.medium.com/how-i-was-able-to-turn-a-xss-into-a-account-takeover-ae0c478640e7

   ・ How I was able to Turn a XSS into a Account Takeover – Jett


• [IoT] Polle Vanhoof | Elegant Security - Cybersecurity and Webdesign:
https://pollevanhoof.be/nuggets/smart_cards/nespresso

   ・ 通过复制智能卡欺骗 Nespresso 咖啡机 – Jett


• Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source:
http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/6OwNXmk69LQ/know-prevent-fix-framework-for-shifting.html

   ・ Google 计划从构建精确漏洞库、开源组件依赖分析、高危漏洞通知预警等角度推动建立开源组件的安全生态 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(02-04)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: