每日安全动态推送(08-21)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials:
https://www.cadosecurity.com/2020/08/17/teamtnt-the-first-crypto-mining-worm-to-steal-aws-credentials/

   ・ TNT小组–分析窃取AWS凭证的加密矿蠕虫溯源。 – lanying37


• How Unsecure gRPC Implementations Can Compromise APIs, Applications:
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/yLGs0iLtVzA/

   ・ gRPC 通信框架实现存在数据泄露等安全问题 – Jett


• 利用 ZoomEye 追踪多种 Redteam C&C 后渗透攻击框架:
https://paper.seebug.org/1301/

   ・ 利用 ZoomEye 追踪多种 Redteam C&C 后渗透攻击框架  – Jett


• [Windows] Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2:
https://thehackernews.com/2020/08/windows-update-download.html

   ・ Windows 发布例外更新,修复 Server 2012 R2 Remote Access Service (RAS) 组件的 2 个漏洞 – Jett


• [Web] Пентестинг Web Shell:
https://cisoclub.ru/pentesting-web-shells/

   ・ 渗透测试Web Shell方法总结。 – lanying37


• [Wireless] darkmentorllc/publications:
https://github.com/darkmentorllc/publications/blob/master/2020/TI_SILABS_BLE_RCEs/whitepaper_TI_SILABS_BLE_RCEs_v1.0.0.pdf

   ・ From Knowing Nothing to Knowing Something,蓝牙低功耗设备 RCE – Jett


• github/securitylab:
https://github.com/github/securitylab

   ・ GitHub Security Lab 已公开的资料 – Jett


• [Web] CSRF Protection Bypass in Play Framework:
https://blog.doyensec.com/2020/08/20/playframework-csrf-bypass.html

   ・ Play Web 框架 CSRF 保护 Bypass 漏洞分析 – Jett


• [Malware] FritzFrog: A New Generation of Peer-to-Peer Botnets | Guardicore Labs:
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/

   ・ FritzFrog:针对以Golang语言编写的僵尸网络恶意软件分析。 – lanying37


• [Exploit, Vulnerability] [PDF] https://www.usenix.org/system/files/sec20-yun.pdf:
https://www.usenix.org/system/files/sec20-yun.pdf

   ・ Automatic Techniques to Systematically Discover New Heap Exploitation Primitives – Jett


• [PDF] https://bit.ly/3h93I6H:
https://bit.ly/3h93I6H

   ・ Blackhat USA 关于 CMS 模板安全的议题 “Room for Escape: Scribbling Outside the Lines of Template Security” – Jett


• GitHub - danieluhricek/LiSa: Sandbox for automated Linux malware analysis.:
https://github.com/danieluhricek/LiSa

   ・ LiSa - Linux 恶意软件自动化分析的沙盒 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: