每日安全动态推送(08-14)

admin
admin
admin
138858
文章
114
评论
2020年8月14日11:49:56评论198 views字数 2513阅读8分22秒阅读模式
Tencent Security Xuanwu Lab Daily News


• [Tools] Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets:
https://www.usenix.org/conference/usenixsecurity20/presentation/ruge

   ・ 利用固件模拟的技术实现针对蓝牙模块的无线 Fuzz – Jett


• [Network] [PDF] https://www.usenix.org/system/files/sec20-afek.pdf:
https://www.usenix.org/system/files/sec20-afek.pdf

   ・ NXNSAttack - 针对 DNS 系统的数据包放大攻击 – Jett


• The Impact of Ad-Blockers on Product Search and Purchase Behavior: A Lab Experiment:
https://www.usenix.org/conference/usenixsecurity20/presentation/frik

   ・ 广告过滤插件对用户搜索产品和购买行为的影响 – Jett


• North Korean Hacking Group Attacks Israeli Defense Industry:
https://www.nytimes.com/2020/08/12/world/middleeast/north-korea-hackers-israel.html?referringSource=articleShare

   ・ 朝鲜黑客组织袭击以色列国防工业 – Schwarrzz


• [Browser] Helping people spot the spoofs: a URL experiment:
https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html?m=1

   ・ 将要发布的 Chome 86 版本将改进地址栏显示 URL 的方式,以防御地址栏欺骗 – Jett


• CVE-2019-7609:
https://github.com/kisec/CVE-2019-7609?fbclid=IwAR02m1XrcGDleYn8KzrjBRuIFNXzwJumhrYi2n7zSFeq9fvPk39FxPyAyWY

   ・ Kibana CVE-2019-7609 RCE Exploit 代码 – Jett


• [Android] GitHub - darvincisec/VirtualDynamicAnalysis: A basic android pentest environment to instrument apps without root or repackaging an app:
https://github.com/darvincisec/VirtualDynamicAnalysis

   ・ 无需 root 和重打包,将 App 安装到克隆 App 内实现动态分析 – Jett


• [PDF] https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf:
https://i.blackhat.com/USA-20/Wednesday/us-20-Quintin-Detecting-Fake-4G-Base-Stations-In-Real-Time.pdf

   ・ 实时检测 4G 伪基站 – Jett


• Cache poisoning of wget:
https://medium.com/bugbountywriteup/cache-poisoning-of-wget-94a4d70104b1?source=rss----7b722bfd1b8d---4

   ・ wget缓存中毒  – Schwarrzz


• [Crypto] [PDF] https://www.usenix.org/system/files/foci20-paper-bushart.pdf:
https://www.usenix.org/system/files/foci20-paper-bushart.pdf

   ・ Padding Ain’t Enough: Assessing the Privacy Guarantees of Encrypted DNS (Paper) – Jett


• GHSL-2020-069: Unsafe deserialization of XMLRPC arguments in ApacheOfBiz - CVE-2020-9496:
https://github.co/31KaWrA

   ・ ApacheOfBiz XMLRPC 反序列化漏洞分析(CVE-2020-9496) – Jett


• [Browser] Everything Old is New Again: Binary Security of WebAssembly:
https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann

   ・ Everything Old is New Again: Binary Security of WebAssembly  – Jett


• [Browser, macOS] 946156 - Security: Chrome (Mac OS X) - Arbitrary File Permission Modification - chromium:
https://crbug.com/946156

   ・ macOS 版本的 Chrome 浏览器任意文件权限修改漏洞 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2020年8月14日11:49:56
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   每日安全动态推送(08-14)https://cn-sec.com/archives/89328.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息