每日安全资讯-2020.6.16

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Netgear 0Day漏洞分析、D-Link家庭路由器6个新漏洞分析、复制和粘贴的奇特案例–关于在浏览器中粘贴任意内容的风险、Cobalt Strike一个存在了很久的漏洞分析、新的移动互联网协议漏洞使黑客瞄准4G/5G用户等。

【漏洞分析区】
1、Netgear 0-day Vulnerability Analysis and Exploit for 79 devices and 758 firmware images

2、6 New Vulnerabilities Found on D-Link Home Routers
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/

3、The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers(bugs in Chromium, Firefox, Safari, Google Docs, Gmail, TinyMCE, CKEditor, and others. Includes also 0-day in Froala)

4、Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability

5、Attacking FreeIPA — Part IV: CVE-2020–10747

6、CVE-2020-5410 Spring Cloud Config目录穿越漏洞
https://xz.aliyun.com/t/7877

【技术分享区】
7、Exploiting a Webroot Type Confusion Bug

8、exynos8890-bootrom-dump : dump Exynos 8890 bootROM from Samsung Galaxy S7

9、New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users

10、Secure coding XPC Services - Part 4 - Improved client authorization

11、SMTP Injection in Gsuite(3133.7$)

12、安天:从反恶意代码到对抗高级威胁

#工具#Grafiki is a Django project about Sysmon and graphs,