每日安全动态推送(08-23)

admin 腾讯玄武实验室 2019-08-23


Tencent Security Xuanwu Lab Daily News


• [Browser, Privacy] Google Launches Open-Source Browser Extension for Ad Transparency: 
https://threatpost.com/google-launches-open-source-browser-extension-for-ad-transparency/147634/

   ・ Google 计划推出一套标准,用于在线上广告用户追踪与用户隐私保护之间找到平衡 – Jett


• [Windows] caseysmithrc/DerbyCon2019: 
https://github.com/caseysmithrc/DerbyCon2019

   ・ 在 Windows Script Hosts 的上下文中执行任意 .NET 汇编代码,来自 DerbyCon2019 – Jett


• [Tools] qilingframework/qiling: 
https://github.com/qilingframework/qiling

   ・ Qiling - 二进制模拟执行框架,可以以沙箱模式模拟执行多种架构的代码 – Jett


• (CVE-2019-TBA –> CVE-2019-TBA) Enigma NMS Multiple Vulnerabilities: 
https://mogozobo.com/?p=3647

   ・ Enigma NMS 管理系统被发现多个严重的漏洞,包括命令执行、SQL 注入等 – Jett


• Command Injection with USB Peripherals: 
https://carvesystems.com/news/command-injection-with-usb-peripherals/

   ・ 利用 USB 外设实现命令执行 – Jett


• [Vulnerability] CVE-2019-12527: Code Execution on Squid Proxy Through a Buffer Overflow: 
https://www.thezdi.com/blog/2019/8/22/cve-2019-12527-code-execution-on-squid-proxy-through-a-heap-buffer-overflow

   ・ Squid Web 代理软件缓冲区溢出漏洞,通过构造恶意数据包,无需认证即可远程触发(CVE-2019-12527) – Jett


• [Defend, Tools] BlueTeamLabs/sentinel-attack: 
https://github.com/BlueTeamLabs/sentinel-attack

   ・ 利用 Sysmon 和 MITRE ATT&CK; 框架实现威胁检测的实践 – Jett


• [Android] Spyware App on Google Play Gets Boot, Returns Days Later: 
https://threatpost.com/spyware-app-on-google-play-gets-boot-returns-days-later/147618/

   ・ ESET 在 Google Play 市场中发现了一款基于 AhMyth 开源代码实现的恶意软件 – Jett


• [Hardware] New 4CAN tool helps identify vulnerabilities in on-board car computers: 
http://feedproxy.google.com/~r/feedburner/Talos/~3/mDuP_ubufN8/new-4can-tool-helps-identify.html

   ・ Talos 开源了一款用于研究汽车安全的硬件工具 - 4CAN – Jett


• [Windows] sailay1996/UAC_bypass_windows_store: 
https://github.com/sailay1996/UAC_bypass_windows_store

   ・ Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe) – Jett


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号: 腾讯玄武实验室 
https://weibo.com/xuanwulab

    已同步到看一看

    发送中

    本站仅按申请收录文章,版权归原作者所有
    如若侵权,请联系本站删除
    觉得不错,分享给更多人看到
    腾讯玄武实验室 热门文章:

    BadTunnel:跨网段劫持广播协议    阅读/点赞 : 3386/54

    安全动态推送春节合辑(上)    阅读/点赞 : 449/5

    每日安全动态推送(02-21)    阅读/点赞 : 392/4

    每日安全动态推送(03-13)    阅读/点赞 : 390/6

    每日安全动态推送(09-19)    阅读/点赞 : 380/4

    每日安全动态推送(10-11)    阅读/点赞 : 378/4

    每日安全动态推送(06-20)    阅读/点赞 : 368/6

    每日安全动态推送(10-19)    阅读/点赞 : 344/4

    每日安全动态推送(11-25)    阅读/点赞 : 331/4

    每日安全动态推送(07-18)    阅读/点赞 : 320/4

    腾讯玄武实验室 微信二维码

    腾讯玄武实验室 微信二维码