每日安全资讯-2020.2.14

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:“美女与野兽”,Transparent Tribe启用新资产对印度空军发起特定攻击、Radeon软件的AMD用户体验计划启动器提权漏洞分析、Android蓝牙子系统“BlueFrag”漏洞分析、使用自定义脚本扩展攻击Azure、对美国Federal Elections投票应用程序Voatz的安全性分析等。

【病毒区】
1、Playing defense against Gamaredon Group
2、Threat actors attempt to capitalize on coronavirus outbreak
3、Decryptor for Paradise
4、“美女与野兽”,Transparent Tribe启用新资产对印度空军发起特定攻击

【漏洞分析区】
5、Privilege Escalation ( FileWrite eop) in AMD User Experience Program Launcher from Radeon Software
6、Another Privilege Escalation ( FileWrite eop) in AMD User Experience Program Launcher from Radeon Software (CVE-2020-8950)
7、ModSecurity Denial of Service Details and PoC CVE-2019-19886
8、Android蓝牙子系统“BlueFrag”漏洞分析(CVE-2020-0022)

【技术分享区】
9、Attacking Azure with Custom Script Extensions
10、LPC Bus Sniffing Attack against Microsoft BitLocker in TPM-only Mode
11、From S3 bucket to Laravel unserialize RCE
12、Abused CloudFlare Workers Service Used to Inject Korean SEO Spam
13、The Ballot is Busted Before the Blockchain:A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections
14、Intro to Android Hacking
工具-FockCache, a tool to test your CDN against cache poisoning

2 1