每日安全资讯-2020.3.3

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:针对黎巴嫩政府的APT34、影响数百万个Android设备的关键联发科rootkit已经公开发布了几个月、macOS安全框架和以前的CVE探究等。

【病毒区】
1、Karkoff 2020: a new APT34 espionage operation involves Lebanon Government
2、Malware “LODEINFO” Targeting Japan
3、Roaming Mantis, part V-Distributed in 2019 using SMiShing and enhanced anti-researcher techniques

【漏洞分析区】
4、Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months(CVE-2020-0069)
工具-mtk-easy-su:Get bootless root access with one click.

【技术分享区】
6、SOP Bypass via browser-cache
7、SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Waves
8、macOS Security Framework and previous CVEs
9、A Security Review of SharePoint Site Pages
10、Yet Another Tamper Detection in Android
11、Service Principal Name (SPN)
12、Hacking Unicode Like a Boss
工具-FuzzBench is a free service that evaluates fuzzers on a wide variety of real-world benchmarks, at Google scale.
工具-AppFirewall - a free, fully open-source application firewall for macOS 10.13 High Sierra and later

1

1 Like