每日安全资讯-2020.4.29

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:UU页游助手升级通道传播独狼Rootkit病毒,已感染上万台电脑、LeetHozer Botnet分析报告、Open-AudIT v3.3.1远程命令执行、GlobalProtect VPN提权漏洞、Apple图像分析框架ImageIO中的14个无需点击漏洞、Keybase一次点击RCE、GitLab任意文件读取、2020攻防演练弹药库、一个GIF图像即可接管Microsoft Teams中的帐户等。

【病毒区】
1、Hiding in plain sight: PhantomLance walks into a market

2、Lucy’s Back: Ransomware Goes Mobile

3、UU页游助手升级通道传播独狼Rootkit病毒,已感染上万台电脑

4、Donot APT团伙近期针对周边国家和地区的攻击活动分析

5、LeetHozer Botnet分析报告

【漏洞分析区】
6、Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078)

7、Exploiting GlobalProtect VPN for Privilege Escalation(CVE-2019-17435), Part One: Windows

8、Exploiting GlobalProtect VPN for Privilege Escalation(CVE-2019-17436), Part Two: Linux and macOS

9、Exploiting Feedback Hub in Windows 10

10、Triggering garbage collection with rejected promises to cause use-after-free in Chrome

11、Netsweeper PreAuth RCE

12、googleprojectzero:Fuzzing ImageIO(14 zero-click bugs in Image I/O, Apple’s image parsing framework)

13、1-click RCE on Keybase

14、High Severity Vulnerability Patched in Real-Time Find and Replace Plugin(WordPress Plugin>100K)

15、GitLab:Arbitrary file read via the UploadsRewriter when moving and issue

16、PbootCMS v2.0.7从前台数据库下载到后台RCE研究
https://xz.aliyun.com/t/7628

17、Kong未授权访问漏洞(CVE-2020-11710)
https://xz.aliyun.com/t/7631

【技术分享区】
18、2020攻防演练弹药库
https://blog.riskivy.com/2020攻防演练弹药库-您有主机上线请注意/

19、What is old is new again: The Relay Attack

20、Hunting a Linux kernel bug

21、Exploiting JD bugs in crypto contexts to achieve RCE and tampering with Java applets

22、Curve9767 and Fast Signature Verification

23、Stomping Shadow Copies - A Second Look Into Deletion Methods

24、Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

25、Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams

#工具#CursedChrome:Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.

#工具#Trishul is an automated vulnerability finding Burp Extension.

#工具#PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass

#工具#BetaFast:NetSPI’s Vulnerable Thick Client