每日安全资讯-2020.2.5

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:WhatsApp PC端任意文件读取漏洞分析、Realtek高清音频驱动程序包-DLL预加载和潜在的滥用、将Defender ATP与Azure Sentinel集成在一起以检测Pass-The-Hash&Pass-The-Ticket攻击等。

【漏洞分析区】
1、Full disclosure: 0day vulnerability (backdoor) in firmware for HiSilicon-based DVRs, NVRs and IP cameras
2、Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access($12,500)
3、Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses (CVE-2019-19705)

【技术分享区】
4、Introduction to mobile network intrusions from a mobile phone
5、The return of the spoof part 2: Command line spoofing
6、Integrating Defender ATP with Azure Sentinel to detect Pass-The-Hash & Pass-The-Ticket
7、Breaking out of a Sandboxed Editor to perform RCE
工具-iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift!