每日安全资讯-2020.5.26

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日欧导读:数以千计的企业系统被新的Blue Mockingbird恶意软件团伙感染、Moodle DOM XSS到RCE、从浏览器攻击MSI RGB Lighting、滥用Fedora/CentOS上的PackageKit进行提权、深入探讨AMSI的内部工作原理,并介绍了一种新的bypass技术、CDN事与愿违-基于HTTP范围请求的放大攻击、使用 ZoomEye 寻找 APT 攻击的蛛丝马迹等。

【病毒区】
1、Thousands of enterprise systems infected by new Blue Mockingbird malware gang

2、Aggressive in-app advertising in Android

3、CERT-France publishes a report on the Dridex malware and its associated cybercrime ecosystem

【漏洞分析区】
4、CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive

5、Moodle DOM Stored XSS to RCE
https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html

6、Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5

【技术分享区】
7、Attacking MSI RGB Lighting From The Browser
https://sameorigin.link/msi_rgb.html

8、Reverse engineering and exploiting HEVD’s buffer overflow.

9、Abusing PackageKit on Fedora/CentOS for fun & profit (from wheel to root).
https://sysdream.com/news/lab/2020-05-25-abusing-packagekit-on-fedora-centos-for-fun-profit-from-wheel-to-root/

10、a dive into the inner workings of AMSI, and describes a new bypass technique

11、shellcode 分离免杀与不落地加载

12、WAF绕过之SQL注入(归来)
https://xz.aliyun.com/t/7767

13、CDN Backfired: Amplification Attacks Based on HTTP Range Requests

14、LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage
https://eprint.iacr.org/2020/615

15、使用 ZoomEye 寻找 APT 攻击的蛛丝马迹
https://paper.seebug.org/1219/

16、How dangerous is Request Splitting, a vulnerability in Golang or how we found the RCE in Portainer and hacked Uber

3 2 1