每日安全资讯-2020.5.15

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Mikroceen-在中亚的知名网络中利用后门进行间谍活动、Mandrake-四年未被发现的高级Android间谍软件框架的故事、Nginx <= 1.8.0存在HTTP Request Smuggling漏洞、Adobe Acrobat Reader中的安全漏洞允许恶意程序静默地在macOS上获得root权限、通过RPC中继NTLM身份验证、Windows 10 1909中的反射PE注入、解决iPhone USB受限模式等。

【病毒区】
1、Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia

2、COMpfun authors spoof visa application with HTTP status-based Trojan

3、RATicate: an attacker’s waves of information-stealing malware

4、Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years

5、TrickBot银行木马“锦上添花”:再增加载器模块
https://www.freebuf.com/articles/terminal/233418.html

【漏洞分析区】
6、HTTP Request Smuggling on Nginx <=1.8.0 (CVE-2020-12440)

7、Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently

8、Relaying NTLM authentication over RPC(CVE-2020-1113)
https://blog.compass-security.com/2020/05/relaying-ntlm-authentication-over-rpc/

9、The Path Not Taken: How We Accidentally Bypassed Window’s PathCanonicalize()(CVE-2020-0655)

10、ruby ActionView::Helpers::JavaScriptHelper xss(CVE-2020-5267)

【技术分享区】
11、Reflective PE Injection in Windows 10 1909

12、iOS Swift Anti-Jailbreak Bypass with Frida
https://syrion.me/blog/ios-swift-antijailbreak-bypass-frida/

13、Fuzzing TLS certificates from their ASN.1 grammar
https://blog.doyensec.com/2020/05/14/asn1fuzz.html

14、Introduction to Hacking Thick Clients: Part 2 – The Network

15、Working Around the iPhone USB Restricted Mode

#工具#the PoC for CVE-2020-12720 (vBulletin 5.6.1)