每日安全动态推送(03-03)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• First Fully Weaponized Spectre Exploit Discovered Online | The Record by Recorded Future:
https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online/

   ・ 2018 年爆出的“幽灵”漏洞,近期该漏洞完整攻击代码出现在 VirusTotal 平台 – Jett


• bluetooth_stack开源蓝牙协议栈源码分析与漏洞挖掘:
https://www.cnblogs.com/hac425/p/14470699.html

   ・ bluetooth_stack 开源蓝牙协议栈源码分析与漏洞挖掘 – Jett


• How I Might Have Hacked Any Microsoft Account - The Zero Hack:
https://thezerohack.com/how-i-might-have-hacked-any-microsoft-account

   ・ How I Might Have Hacked Any Microsoft Account – Jett


• CVE-2020-3992 & CVE-2021-21974: Pre-Auth Remote Code Execution in VMware ESXi:
https://www.thezdi.com/blog/2021/3/1/cve-2020-3992-amp-cve-2021-21974-pre-auth-remote-code-execution-in-vmware-esxi

   ・ VMware ESXi SLP 服务 Pre-Auth RCE 漏洞分析(CVE-2020-3992、CVE-2021-21974) – Jett


• ObliqueRAT returns with new campaign using hijacked websites:
http://feedproxy.google.com/~r/feedburner/Talos/~3/TszHfxDii4A/obliquerat-new-campaign.html

   ・ 近期有攻击者利用恶意 Office 文档传播 ObliqueRAT 远控样本 – Jett


• Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed:
https://www.graplsecurity.com/post/anatomy-of-an-exploit-rce-with-cve-2020-1350-sigred

   ・ Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed – Jett


• A Privacy & Security Analysis of the Alexa Skill Ecosystem:
https://www.alexa-skill-analysis.org/

   ・ 亚马逊的Alexa技能的安全性和隐私问题分析。 – lanying37


• ForbiddenProgrammer/CVE-2021-21315-PoC:
https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC

   ・ Node.JS 第三方库 systeminformation 被发现命令注入漏洞 – Jett


• [Android] Yet another RenderFrameHostImpl UAF:
https://microsoftedge.github.io/edgevr/posts/yet-another-uaf/

   ・ Chromium RenderFrameHostImpl UAF 漏洞的利用 – Jett


• Jailbreak Tool Works on iPhones Up to iOS 14.3:
https://threatpost.com/jailbreak-tool-works-on-iphones-up-to-ios-14-3/164420/

   ・ UnC0ver 团队宣布其越狱工具已经支持 iOS 14.3 版本 – Jett


• 红蓝对抗中的云原生漏洞挖掘及利用实录:
https://security.tencent.com/index.php/blog/msg/183

   ・ 红蓝对抗中的云原生漏洞挖掘及利用实录 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-03)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: