每日安全资讯-2020.2.7

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:攻击者滥用Bitbucket传播恶意软件库、Google Play上恶意的优化工具和实用程序分析、Infostealer,Keylogger和勒索软件合二为一:Anubis面向250多个Android应用程序、Python Waitress 1.4.2 ReDoS漏洞分析、对MYSQL注入相关内容及部分Trick的归类小结等。

【病毒区】
1、The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
2、Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
3、Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications
4、CamuBot Banking Trojan Returns In Targeted Attacks in Brazil

【漏洞分析区】
5、Python Waitress 1.4.2 ReDoS - CVE-2020-5236

【技术分享区】
6、对MYSQL注入相关内容及部分Trick的归类小结
7、Variant Analysis on Recent 0-days
8、Retrospective on the latest zero-days found in the wild

【工具区】
工具-PrivescCheck:Privilege Escalation Enumeration Script for Windows
工具-PoC for CVE-2019-14514 Microvirt MEmu Android emulator OS Command Injection
工具-(PoC)MikroTik WinBox before 3.21 is vulnerable to a path traversal issue that allows an attacker to write files anywhere on the system where WinBox has write privileges(CVE-2020-5720)

2 1