每日安全资讯-2020.5.6

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:一种新的移动银行木马EventBot诞生、分析英特尔无线适配器中的远程代码执行、未经身份验证的访问API密钥访问导致ManageEngine OpManager中的RCE、通过Morita Shogi 64在Nintendo 64上执行远程代码、iOS沙箱逃逸、绕过Windows Defender运行时扫描等。

【病毒区】
1、Nazar: Spirits of the Past

2、EventBot: a New Mobile Banking Trojan is born

【漏洞分析区】
3、CVE 2019-19639: Hijacking Centurylink Routers

4、Multiple code execution vulnerabilities in Accusoft ImageGear

5、OneTone(WordPress theme) Vulnerability Leads to JavaScript Cookie Hijacking

6、Stealing your SMS messages with iOS 0day

7、Analyzing a Trio of Remote Code Execution Bugs in Intel Wireless Adapters(CVE-2020-0558)

8、CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering

9、Unauthenticated Access API Key Access leads to RCE in ManageEngine OpManager(CVE-2020-11946)
https://ssd-disclosure.com/ssd-advisory-unauthenticated-access-api-key-access-leads-to-rce/

10、Multiple Vulnerabilities in WordPress’ Most Popular Learning Management System Plugins

【技术分享区】
11、shogihax - Remote Code Execution on Nintendo 64 through Morita Shogi 64
https://cturt.github.io/shogihax.html

12、“Psychic Paper” iOS sandbox escape writeup

13、Bypassing Windows Defender Runtime Scanning
https://labs.f-secure.com/blog/bypassing-windows-defender-runtime-scanning/

14、COM Hijacking for Lateral Movement

15、Privilege Escalation in Google Cloud Platform – Part 1 (IAM)

16、Privilege Escalation in Google Cloud Platform – Part 2 (Non-IAM)

17、Evil SQL Client Console: Msbuild All the Things

18、Windows 10 20H1.19577开始System进程内Ntdll的一点变化
https://blogs.360.cn/post/Windows10_19577_Ntdll_in_SystemProcess.html

19、The Strictly Zero-Correlation Attack with Application to the Full DES

20、Active-Directory-Exploitation-Cheat-Sheet:A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

21、Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet.

22、DOM XSS in Gmail with a little help from Chrome

23、SecWiki周刊(2020/04/27-2020/05/03)
https://www.sec-wiki.com/weekly/322

#工具#GOPART is a Go package that provides different PE tricks to difficult the reverse engineering of your Windows applications.

#工具#BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files).

#工具#PoC of Saltstack 3000.1 - Remote Code Execution(CVE-2020-11651/CVE-2020-11652)
https://www.exploit-db.com/exploits/48421

#工具#Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)

4 3 2 1