每日安全资讯-2020.7.7

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Purple Fox EK为其武器库增加了CVE-2020-0674和CVE-2019-1458的漏洞利用、PlayStation的IPV6_2292PKTOPTIONS存在UaF导致任意内核R/W、OneDrive<20.073提权漏洞、一些BAT的XSS实例(四)高级篇等。

【病毒区】
1、Reverse engineering of the Anubis malware
https://orangecyberdefense.com/uk/blog/uncategorized/reverse-engineering-of-the-anubis-malware/

2、Purple Fox EK Adds Exploits for CVE-2020-0674 and CVE-2019-1458 to its Arsenal

3、WastedLocker Goes “Big-Game Hunting” in 2020

4、Pig in a poke: smartphone adware

【漏洞分析区】
5、PlayStation:Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives($10,000)

6、OneDrive < 20.073 Escalation of Privilege

7、Norec Attack: Stripping BLE encryption from Nordic’s Library (CVE-2020–15509)

【技术分享区】
8、一些BAT的XSS实例(四)高级篇

9、Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.1

10、All your SPF are belong to us: Exploring trust relationships through global scale SPF Mining

11、Playing with Relayed Credentials

12、Donky: Domain Keys – Efficient In-Process Isolation for RISC-V and x86

#工具#SMBGhost (CVE-2020-0796) and SMBleed (CVE-2020-1206) Scanner

#工具#Nagios XI 5.6.12 - ‘export-rrd.php’ Authenticated Remote Code Execution
https://packetstormsecurity.com/files/158313

1