首页 >> 网络安全 >>网络周态 >> 每日安全动态推送(07-24)
详细内容

每日安全动态推送(07-24)

时间:2020-07-24     作者:腾讯玄武实验室【转载】   来自:微信公众号   阅读

• [PDF] https://pdf-insecurity.org/download/report-pdf-signatures-2020-03-02.pdf:

https://pdf-insecurity.org/download/report-pdf-signatures-2020-03-02.pdf

   ・ PDF 文档数字签名 Bypass 的多个方法 – Jett


• Attacking MS Exchange Web Interfaces:

https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/

   ・ MS Exchange Web 接口攻击方法总结以及从互联网攻击 MS Exchange 泄漏 AD 域信息的新方法 – Jett


• [Tools] Fix #17135 - Support Memory Tagging Extension instructions ##anal (#1… · radareorg/radare2@1dbe43d:

https://github.com/radareorg/radare2/commit/1dbe43d

   ・ 逆向分析工具 Radare2 新增对 MTE 指令的支持 – Jett


• [Tools] 7 Days to Lift: A Mission in Microcode:

https://blog.ret2.io/2020/07/22/ida-pro-avx-decompiler/

   ・ 扩展 IDA Hex-Rays 的反编译器,增加对 Intel AVX 指令的支持 – Jett


• [Tools] hardenedlinux/harbian-qa:

https://github.com/hardenedlinux/harbian-qa/blob/master/syzkaller/cover_filter.md

   ・ 为内核 Fuzz 工具 Syzkaller 实现对 Coverage Filter 的支持 – Jett


• [Tools] GitHub - bitdefender/bddisasm: bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.:

https://github.com/bitdefender/bddisasm

   ・ bddisasm - BitDefender 开源的一个高性能轻量级的 x86/x64 指令反汇编工具 – Jett


• Chaining 5 Bugs for Code Execution on the Rockwell FactoryTalk HMI at Pwn2Own Miami:

https://www.thezdi.com/blog/2020/7/22/chaining-5-bugs-for-code-execution-on-the-rockwell-factorytalk-hmi-at-pwn2own-miami

   ・ 组合 5 个漏洞实现工控软件 Rockwell FactoryTalk View SE 的代码执行 – Jett


• Cisco Network Security Flaw Leaks Sensitive Data:

https://threatpost.com/network-security-cisco-flaw-leaks-sensitive-data/157691/

   ・ 思科 Firepower 和 ASA 软件被发现高危漏洞,可以泄漏敏感数据,已有攻击者公开 PoC – Jett


• Garmin Suffers Reported Ransomware Attack:

https://threatpost.com/garmin-suffers-ransomware-attack/157698/

   ・ 由于遭受勒索软件攻击,智能穿戴设备公司佳明(Garmin)多个服务从周三夜里开始下线,至今未恢复 – Jett


• [Fuzzing] MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec:

https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-2-effective-fuzzing-qmage.html?m=1

   ・ MMS Exploit Part 2: Effective Fuzzing of the Qmage Codec – Jett


• HTTP Referer Leak:

https://www.youtube.com/watch?v=uDigwNal7GQ

   ・ 通过 HTTP Referer 泄漏各类敏感信息的攻击方式与防御方法 – Jett

ots网络logo

OTS网络安全门户主要提供网络信息安全教程、文章、工具,让更多的小伙伴加入我们的社区一起学习。

技术支持: 建站ABC | 管理登录