每日安全资讯-2020.3.2

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Clop勒索软件将目标转向ICS/SCADA、诺崇狮APT组织揭露、Google Titan M芯片固件中的漏洞分析、browser-pwn cve-2020-6418漏洞分析、VeeamFSR.sys允许非特权用户对任何文件进行假读,嗅探写和其他IO操作、趋势科技发布关于病毒利用的50多种绕过技术、Facebook价值$55,000的OAuth漏洞等。

【病毒区】
1、Clop ransomware evolved from targeting individual Windows users to enterprises and has now evolved further to target industrial companies(ICS/SCADA-focused companies)
2、Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
3、ViperSoftX, a new JavaScript-based remote access trojan (RAT) and cryptocurrency stealer
4、下一只沉默的羔羊是谁? - 诺崇狮APT组织揭露

【漏洞分析区】
5、A mysterious bug in the firmware of Google’s Titan M chip (CVE-2019-9465)
6、qdPM v9.1 Authenticated RCE Exploit(CVE-2020–7246)
7、OpenVPN Connect for Windows (MSI) - 3.1.0.361 - Privilege Escalation(CVE-2020-9442)
8、browser-pwn cve-2020-6418漏洞分析

【技术分享区】
9、VeeamFSR.sys lets non privileged user to fake reads, sniff writes and other IO operations on any file regardless of its permissions.
10、Pwning VMware, Part 2: ZDI-19-421, a UHCI bug
11、Reverse engineering checkra1n stage2(pongoOS) and stage3(kpf) binary
12、DBI-Assisted Android Application Reverse Engineering
13、云原生之容器安全实践
14、Malware Evasion Encyclopedia:over 50 techniques used by various malwares to detect virtualized and sandboxed environments.
15、360:2019年Android恶意软件专题报告
16、SecWiki周刊(2020/02/24-2020/03/01)
17、Facebook OAuth Vulnerability($55,000).
工具-FullPowers:Recover the default privilege set of a LOCAL/NETWORK SERVICE account