每日安全资讯-2020.7.2

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:FileCry勒索病毒实力演绎“智商堪忧”、亡命徒(Outlaw)僵尸网络感染约2万台Linux服务器、Dubbo2.7.7反序列化漏洞绕过分析、Apache Shiro权限绕过漏洞分析、SMBaloo-针对Windows ARM64的CVE-2020-0796(又名“ SMBGhost”)漏洞等。

【病毒区】
1、Ransomware on the Rise: Buran’s transformation into Zeppelin
https://www.gdatasoftware.com/blog/2020/06/35946-burans-transformation-into-zeppelin

2、FileCry勒索病毒实力演绎“智商堪忧”

3、游走在东欧和中亚的奇幻熊

4、亡命徒(Outlaw)僵尸网络感染约2万台Linux服务器

【漏洞分析区】
5、Mobile IoT modules vulnerable to FOTA updates backdooring at scale
https://penthertz.com/blog/mobile-iot-modules-FOTA-backdooring-at-scale.html

6、TuxGuitar - stealing local files (XXE)

7、A Second Look at CVE-2019-19781 (Citrix NetScaler / ADC)

8、Remote code execution vulnerabilities in LEADTOOLS 20(CVE-2020-6089)

9、Dubbo2.7.7反序列化漏洞绕过分析

10、Apache Shiro权限绕过漏洞分析(CVE-2020-11989)

【技术分享区】
11、Resurrecting an old AMSI Bypass
https://sensepost.com/blog/2020/resurrecting-an-old-amsi-bypass/

12、SMBaloo:A CVE-2020-0796 (aka “SMBGhost”) exploit for Windows ARM64.

13、Firmware Insider: Bluetooth Randomness is Mostly Random

14、Taking over Azure DevOps Accounts with 1 Click($3000)

15、Tricking the “Create snippet” feature into displaying the wrong filetype can lead to RCE on Slack users

#工具#GoGhost is a High Performance, lightweight, portable Open Source tool for mass SMBGhost Scan.