每日安全动态推送(12-16)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Exploiting new-era of Request forgery on mobile applications:
http://dphoeniixx.com/2020/12/13-2/

   ・ Exploiting new-era of Request forgery on mobile applications  – Jett


• CVE-2020-25695 Privilege Escalation in Postgresql:
https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/

   ・ Postgresql 数据库 superuser 提权漏洞分析(CVE-2020-25695) – Jett


• [Malware] PyMICROPSIA: New Information-Stealing Trojan from AridViper:
https://bit.ly/3mbEzKD

   ・ PyMICROPSIA:针对由AridViper组织新型窃取信息木马溯源。 – lanying37


• [Reverse Engineering, IoT] Reverse Engineering the TP-Link HS110:
https://www.softscheck.com/en/reverse-engineering-tp-link-hs110/

   ・ 对TP-Link HS110设备固件逆向工程分析。 – lanying37


• [PDF] https://arxiv.org/pdf/2012.07432.pdf:
https://arxiv.org/pdf/2012.07432.pdf

   ・ Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)(paper)  – Jett


• Jackalope:
https://github.com/googleprojectzero/Jackalope

   ・ Project Zero 研究员 Ivan Fratric 开源了一个用于 Fuzz Windows、macOS 二进制文件的工具 – Jett


• [Tools, Defend] Threat Hunting: Log Monitoring Lab Setup with ELK:
https://www.hackingarticles.in/threat-hunting-log-monitoring-lab-setup-with-elk/

   ・ 威胁狩猎:使用开源ELK项目进行日志监控实验室部署。  – lanying37


• Keytap2 - acoustic keyboard eavesdropping based on language n-gram frequencies #31:
https://github.com/ggerganov/kbd-audio/discussions/31

   ・ Keytap2 - 通过机器学习训练键盘击键声音,通过侧信道的方式实现 Keylogger – Jett


• [macOS] Attacking Unattended Installs on macOS:
https://medium.com/tenable-techblog/attacking-unattended-installs-on-macos-dfc1f57984e0

   ・ Attacking Unattended Installs on macOS – Jett


• AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers:
https://arxiv.org/abs/2012.06884

   ・ AIR-FI - 通过隐蔽的 Wi-Fi 信号从物理隔绝的计算机中向外渗透数据 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(12-16)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: