每日安全动态推送(08-14)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• [Tools] Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets:
https://www.usenix.org/conference/usenixsecurity20/presentation/ruge

   ・ 利用固件模拟的技术实现针对蓝牙模块的无线 Fuzz – Jett


• [Network] [PDF] https://www.usenix.org/system/files/sec20-afek.pdf:
https://www.usenix.org/system/files/sec20-afek.pdf

   ・ NXNSAttack - 针对 DNS 系统的数据包放大攻击 – Jett


• The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment:
https://www.usenix.org/conference/usenixsecurity20/presentation/frik

   ・ 广告过滤插件对用户搜索产品和购买行为的影响 – Jett


• North Korean Hacking Group Attacks Israeli Defense Industry:
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html?referringSource=articleShare

   ・ 朝鲜黑客组织袭击以色列国防工业 – Schwarrzz


• [Browser] Helping people spot the spoofs: a URL experiment:
https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html?m=1

   ・ 将要发布的 Chome 86 版本将改进地址栏显示 URL 的方式,以防御地址栏欺骗 – Jett


• CVE-2019-7609:
https://github.com/kisec/CVE-2019-7609?fbclid=IwAR02m1XrcGDleYn8KzrjBRuIFNXzwJumhrYi2n7zSFeq9fvPk39FxPyAyWY

   ・ Kibana CVE-2019-7609 RCE Exploit 代码 – Jett


• [Android] GitHub - darvincisec/VirtualDynamicAnalysis: A basic android pentest environment to instrument apps without root or repackaging an app:
https://github.com/darvincisec/VirtualDynamicAnalysis

   ・ 无需 root 和重打包,将 App 安装到克隆 App 内实现动态分析 – Jett


• [PDF] https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf:
https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf

   ・ 实时检测 4G 伪基站 – Jett


• Cache poisoning of wget:
https://medium.com/bugbountywriteup/cache-poisoning-of-wget-94a4d70104b1?source=rss----7b722bfd1b8d---4

   ・ wget缓存中毒  – Schwarrzz


• [Crypto] [PDF] https://www.usenix.org/system/files/foci20-paper-bushart.pdf:
https://www.usenix.org/system/files/foci20-paper-bushart.pdf

   ・ Padding Ain’t Enough: Assessing the Privacy Guarantees of Encrypted DNS (Paper) – Jett


• GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496:
https://github.co/31KaWrA

   ・ ApacheOfBiz XMLRPC 反序列化漏洞分析(CVE-2020-9496) – Jett


• [Browser] Everything Old is New Again: Binary Security of WebAssembly:
https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann

   ・ Everything Old is New Again: Binary Security of WebAssembly  – Jett


• [Browser, macOS] 946156 - Security: Chrome (Mac OS X) - Arbitrary File Permission Modification - chromium:
https://crbug.com/946156

   ・ macOS 版本的 Chrome 浏览器任意文件权限修改漏洞 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: