首页 >> 网络安全 >>网络周态 >> 每日安全动态推送(07-30)
详细内容

每日安全动态推送(07-30)

时间:2020-07-30     作者:腾讯玄武实验室【转载】   阅读

• [Windows] Official Support for Remote Debugging a .NET Core Linux app in WSL2 from Visual Studio on Windows:
https://www.hanselman.com/blog/OfficialSupportForRemoteDebuggingANETCoreLinuxAppInWSL2FromVisualStudioOnWindows.aspx

   ・ Windows上的Visual Studio新版在WSL2中将支持远程调试.NET Core Linux应用程序。 – lanying37


• 'BootHole' attack impacts Windows and Linux systems using GRUB2 and Secure Boot | ZDNet:
https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/

   ・ 关于GRUB2中的BootHole漏洞对Windows和Linux系统的影响 – Schwarrzz


• You don’t need SMS-2FA.:
http://blog.cmpxchg8b.com/2020/07/you-dont-need-sms-2fa.html

   ・ Tavis Ormandy 写了一篇 Blog 分析短信验证码双因素认证方式的问题 – Jett


• [Web] Arbitrary file upload vulnerability in Wordpress wpDiscuz plugin:
http://www.mannulinux.org/2020/07/file-upload-vulnerability-wpDiscuz.html

   ・ WordPress wpDiscuz插件中的任意文件上传漏洞http://  – Schwarrzz


• Abusing Docker Registry to gain access to a mounted Volume:
https://blog.pentesteracademy.com/abusing-docker-registry-to-gain-access-to-a-mounted-volume-8649f8cc0b3e

   ・ 滥用Docker Registry来访问已安装的卷  – Schwarrzz


• [iOS] Team Pangu demonstrates unpatchable Secure Enclave Processor (SEP) chip vulnerability in iOS:
https://androidrookies.com/team-pangu-demonstrates-unpatchable-secure-enclave-processor-sep-chip-vulnerability-in-ios/

   ・ 盘古团队在MOSEC会议上展示了iOS中不可修复的SEP漏洞问题。  – lanying37


• [Fuzzing, Tools] Home:
https://hexhive.epfl.ch/magma/

   ・ Magma - 用于评估 Fuzzer 的一个工具 – Jett


• [Browser] 1072171 - Security: missing the -0 case when intersecting and computing the Type::Range in NumberMax - chromium:
https://bugs.chromium.org/p/chromium/issues/detail?id=1072171

   ・ V8 NumberMax 处理 Type::Range 过程的类型混淆漏洞 Issue – Jett


• [Windows, Tools] Getting better stack traces in Process Monitor / Process Explorer:
https://tinyurl.com/yxr2ltan

   ・ 如何在Process Monitor / Process Explorer中获得更好的堆栈跟踪  – Schwarrzz


• [Malware] Doki, an undetectable Linux backdoor targets Docker Servers:
https://securityaffairs.co/wordpress/106519/malware/doki-linux-backdoor-docker.html

   ・ Doki,一个以Docker服务器为目标的无法检测到的Linux后门  – Schwarrzz


• [Attack] APT trends report Q2 2020:
https://securelist.com/apt-trends-report-q2-2020/97937/

   ・ 卡巴斯基发布的 2020 Q2 APT 趋势分析报告 – Jett


• [Browser] Speculation in JavaScriptCore:
https://webkit.org/blog/10308/speculation-in-javascriptcore/

   ・ Speculation in JavaScriptCore – Jett


• CVE-2020–9934: Bypassing the OS X Transparency, Consent, and Control (TCC) Framework for…:
https://medium.com/@mattshockl/cve-2020-9934-bypassing-the-os-x-transparency-consent-and-control-tcc-framework-for-4e14806f1de8

   ・ TCC 框架被发现漏洞,普通用户可以利用此漏洞直接访问隐私数据 – Jett


• Subscribe to Email Updates:
https://capsule8.com/blog/grubbing-secure-boot-the-wrong-way-cve-2020-10713/

   ・ 启动组件 GRUB2 被发现缓冲区溢出漏洞,可被利用 Bypass Secure Boot – Jett


• [Tools] Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html

   ・ Project Zero 发表一篇 Blog,对去年野外被利用的 0Day 漏洞的分析总结 – Jett

技术支持: 建站ABC | 管理登录