首页 >> 网络安全 >>网络周态 >> 每日安全动态推送(01-08)
详细内容

每日安全动态推送(01-08)

时间:2021-01-09     作者:腾讯玄武实验室【转载】   阅读

Tencent Security Xuanwu Lab Daily News


• MindShaRE: Analysis of VMware Workstation and ESXi Using Debug Symbols from Flings:
https://www.thezdi.com/blog/2021/1/6/mindshare-analysis-of-vmware-workstation-and-esxi-using-debug-symbols-from-flings

   ・ 从 VMware Flings 中提取部分 VMware Workstation/ESXi 的调试符号 – Jett


• [Attack] Operation ‘Kremlin’:
https://www.clearskysec.com/operation-kremlin/

   ・ ClearSky 安全团队对 Kremlin 攻击行动的分析报告 – Jett


• [Browser] Sandboxing vs. Elevated Browsing (As Administrator) – text/plain:
https://textslashplain.com/2021/01/07/sandboxing-vs-elevated-browsing-as-administrator/

   ・ Sandboxing vs. Elevated Browsing (As Administrator)  – Jett


• Introduction:
https://github.com/astarasikov/macos-gpu-fuzzing-public

   ・ 有研究员公开了一个 Fuzz macOS GPU 相关模块的 Fuzzer – Jett


• Vulnerability Spotlight: Multiple vulnerabilities in Genivia gSOAP:
http://feedproxy.google.com/~r/feedburner/Talos/~3/mHEnQCFA0do/vuln-spotlight-genivia-gsoap-.html

   ・ 漏洞焦点:Genivia gSOAP工具插件中包出现多个漏洞问题。 – lanying37


• [PDF] https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf:
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

   ・ 用侧信道的方式还原 Google Titan Security Key – Jett


• NICER Protocol Deep Dive: Internet Exposure of DNS:
https://blog.rapid7.com/2021/01/05/nicer-protocol-deep-dive-internet-exposure-of-dns/

   ・ NICER协议深入研究:互联网的域名系统(DNS)服务报告公开。 – lanying37


• Binary Ninja Hexagon Processor Plugin:
https://github.com/google/binja-hexagon

   ・ Google 开源一个 Binary Ninja 的插件,用于对高通骁龙 CPU 处理器的支持  – Jett


• [macOS] The Apple M1 System on Chip (SoC):
https://gts3.org/2021/overview-of-apple-m1-soc.html

   ・ Apple M1 SoC 技术概览 – Jett


• Analyzing CVE-2020-16040:
https://faraz.faith/2021-01-07-cve-2020-16040-analysis/

   ・ V8 引擎 CVE-2020-16040 漏洞的分析 – Jett


点击图片直接加群
更多
ots网络logo

OTS网络安全门户主要提供网络信息安全教程、文章、工具,让更多的小伙伴加入我们的社区一起学习。

技术支持: 建站ABC | 管理登录