每日安全资讯-2020.6.18

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:深入研究新恶意软件MassLogger、针对俄罗斯组织的恶意软件AcidBox、Win32k提权漏洞、Pulse Secure Client windows提权漏洞、WordPress核心中的XSS到RCE、AngularJS中的mXSS、FF Sandbox Escape、通过Web部件执行SharePoint远程代码、在AMD Mini-PC上攻击Golden Ring等。

【病毒区】
1、An in-depth look into a new piece of malware named MassLogger

2、Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

3、Detecting PoshC2 – Indicators of Compromise

4、AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
https://unit42.paloaltonetworks.com/acidbox-rare-malware/

5、CrystalBit/Apple Double DLL Hijack – From fraudulent software bundle downloads to an evasive miner raging campaign

【漏洞分析区】
6、CVE-2020-1054 | Win32k Elevation of Privilege Vulnerability

7、A Click from the Backyard | Analysis of CVE-2020-9332, a Vulnerable USB Redirection Software

8、Pulse Secure Client for Windows <9.1.6 TOCTOU Privilege Escalation (CVE-2020-13162)

9、From XSS in WordPress core to RCE(CVE-2020-4046)

10、PHP-fusion security vulnerabilities 2020
https://blog.firosolutions.com/exploits/php-fusion-security-2020/

11、mXSS vulnerability in AngularJS

12、FF Sandbox Escape (CVE-2020-12388)

13、CVE-2020-1181: SharePoint Remote Code Execution Through Web Parts

14、dbus file descriptor leak (DoS) - CVE-2020-12049

15、integer overflow in LibVNCClient HandleCursorShape resulting in remote heap overflow - CVE-2019-20788

16、Mimosa Routers Privilege Escalation and Authentication bypass(CVE-2020-14003)

【技术分享区】
17、Attacking the Golden Ring on AMD Mini-PC

18、Reverse Engineering Snapchat (Part I): Obfuscation Techniques
https://hot3eed.github.io/snap_part1_obfuscations.html

19、Sysmon Image File Name Evasion

20、HackingDay 2020 (Online)
https://www.hackinn.com/index.php/archives/695/

#工具#FuzzGen, is a tool for automatically synthesizing fuzzers for complex libraries in a given environment.

#工具#Qmail exploit code (Debian 10)
https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.tar.gz