每日安全资讯-2020.7.17

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:新的Android恶意软件BlackRock现在也窃取了非银行应用程序的密码、APT29以COVID-19疫苗开发为目标、溯源黑帽利用 Web 编辑器漏洞非法植入 SEO 页面事件、MMS漏洞利用第1部分-Samsung Qmage编解码器和远程攻击面介绍、通过Microsoft Windows Cab文件执行远程代码、部分快速充电产品存在“BadPower”风险的安全提示、Apache Kylin远程命令执行漏洞、一些BAT的XSS实例(五)最终篇等。

【病毒区】
1、BlackRock:New Android Malware Now Steals Passwords For Non-Banking Apps Too

2、APT29 targets COVID-19 vaccine development

3、GMERA:Mac cryptocurrency trading application rebranded, bundled with malware

4、Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families

5、溯源黑帽利用 Web 编辑器漏洞非法植入 SEO 页面事件
https://paper.seebug.org/1273/

【漏洞分析区】
6、MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface

7、CVE-2020-1300: Remote Code Execution Through Microsoft Windows Cab Files

8、CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure

9、Testing Ripple20: A closer look and proof of concept script for CVE-2020-11898

10、部分快速充电产品存在“BadPower”风险的安全提示

11、Apache Kylin远程命令执行漏洞报告(CVE-2020-13925)
https://www.freebuf.com/vuls/243541.html

【技术分享区】
12、Windows Server Containers Are Open, and Here’s How You Can Break Out
https://unit42.paloaltonetworks.com/windows-server-containers-vulnerabilities/

13、Weaponizing Mapping Injection with Instrumentation Callback for stealthier windows process injection

14、Exploiting AD gpLink for Good or Evil

15、Masking Malicious Memory Artifacts Part II: Insights from Moneta

16、Silencing the EDR. How to disable process, threads and image-loading detection callbacks.

17、Structured fuzzing Android’s NFC

18、一些BAT的XSS实例(五)最终篇

19、freebuf《2020 DevSecOps 企业实践白皮书》
https://www.freebuf.com/articles/243414.html

#工具#capa:The FLARE team’s open-source tool to identify capabilities in executable files.

#工具#PhishingKitTracker:A daily updated collection of phishing kits for security researchers.

1