每日安全资讯-2020.7.1

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:新的Mac勒索软件OSX.EvilQuest分析、藏身“隐秘的角落”大肆敛财?!XMRig变种挖矿木马猖獗作恶、老病毒Spreadoc借助文档传播活跃七年、Zombie VPN-VPN SDK(anchorFree)上的RCE、Meltdown再度来袭,通过泄漏KVA Shadow Mappings突破Windows KASLR、Apache Dubbo 反序列化漏洞分析、Nexus Repository Manager 2.x 命令注入漏洞两次绕过、Ripple20 Treck TCP/IP协议栈漏洞分析与验证、绕过CrowdStrike端点检测和响应、针对RMI服务的九重攻击 - 上等。

【病毒区】
1、OSX.EvilQuest Uncovered-analyzing a new piece of mac ransomware (and more!)

2、How a New macOS Malware Dropper Delivers VindInstaller Adware

3、藏身“隐秘的角落”大肆敛财?!XMRig变种挖矿木马猖獗作恶

4、老病毒Spreadoc借助文档传播活跃七年

【漏洞分析区】
5、Meet Zombie VPN-It’s SYSTEM level a code execution on a special VPN SDK (anchorFree), which mostly used by privacy and Antivirus vendors.(CVE-2020-12828)
https://0xsha.io/posts/zombievpn-breaking-that-internet-security

6、Some DOS bugs while processing Microsoft LNK files

7、Meltdown Reloaded: Breaking Windows KASLR by Leaking KVA Shadow Mappings
https://labs.bluefrostsecurity.de/blog/2020/06/30/meltdown-reloaded-breaking-windows-kaslr/

8、Apache Dubbo 反序列化漏洞分析(CVE-2020-1948)
https://juejin.im/post/5ef2be63f265da02b643218a

9、Nexus Repository Manager 2.x 命令注入漏洞 (CVE-2019-5475) 两次绕过
https://paper.seebug.org/1260/

10、Ripple20:Treck TCP/IP协议栈漏洞分析与验证

【技术分享区】
11、Bypassing CrowdStrike Endpoint Detection and Response

12、Automating DLL Hijack Discovery

13、Exploiting an Envoy heap vulnerability

14、Unlocking the Power of Macro Authentication in Application Security: Part Two

15、针对RMI服务的九重攻击 - 上
https://xz.aliyun.com/t/7930

16、Hunting for anomalous sessions in your data with Azure Sentinel

17、Systematic Analysis of Randomization-based Protected Cache Architectures

#工具#AutomatedLab (AL) enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time.