每日安全资讯-2020.2.6

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:在Google Play中发现了17个下载总数超过550K的Android恶意软件、CDPwn:5个影响数百万设备的思科CDP协议中的0Day、飞利浦智能灯泡的缺陷使您的WiFi网络暴露给黑客、Apple修复了macOS邮件漏洞,该漏洞暴露了macOS Catalina 10.15.3中的加密电子邮件文本、使用Wireshark,radare2和Frida分析WhatsApp通讯等。

【病毒区】
1、Seventeen Android Nasties Spotted in Google Play, Total Over 550K Downloads
2、STOMP 2 DIS: Brilliance in the (Visual) Basics
3、Decryptor for “.ransomwared”

【漏洞分析区】
4、CDPwn:5 Zero-day Vulnerabilities in Cisco Discovery Protocol Impacting Tens of Millions of Devices
5、Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
6、CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script
7、CVE-2019-12180 – ReadyAPI & SoapUI command execution via malicous project file

【技术分享区】
8、Apple Fixed macOS Mail Vulnerability That Exposed Text of Encrypted Emails in macOS Catalina 10.15.3
9、车联网安全系列——特斯拉iBeacon隐私泄露
10、DOUBLEPULSAR RCE 2: An RDP Story
11、A classic bug in SAP HANA and misconfigured NFS share: a tale in two parts
12、Linux Kernel Module Rootkit — Syscall Table Hijacking
13、Revisiting ReDoS: A Rough Idea of Data Exfiltration by ReDoS and Side-channel Techniques
14、Analyzing WhatsApp Calls with Wireshark, radare2 and Frida
15、Android Banking Malware
16、VB2019 paper: The cake is a lie! Uncovering the secret world of malware-like cheats in video games
17、Hijacking shared report links in Google Data Studio
18、Shopify:Remote Code Execution on kitcrm using bulk customer update of Priority Products($15,000)
工具-Flamingo captures credentials(SSH, HTTP, LDAP, DNS, FTP, SNMP) sprayed across the network by various IT and security products.

3 2 1