每日安全资讯-2020.9.30

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:Lazarus Group的BLINDINGCAN恶意软件分析、幽灵在行动-Specter分析报告、在IBM WebSphere中利用其他远程协议、谨防Shadowbunny-使用虚拟机驻村和逃避检测等。

【病毒区】
1、an analysis of Lazarus Group’s BLINDINGCAN malware

2、LodaRAT Update: Alive and Well

3、幽灵在行动:Specter分析报告

【漏洞分析区】
4、Chrome Cross-domain content can be fetched from resources loaded by the content scheme (reward: $20000)
https://bugs.chromium.org/p/chromium/issues/detail?id=1092449

5、Exploiting Other Remote Protocols in IBM WebSphere(CVE-2020-4464/CVE-2020-4448)

【技术分享区】
6、邮件伪造组合拳
https://www.anquanke.com/post/id/218889

7、Beware of the Shadowbunny - Using virtual machines to persist and evade detections
https://embracethered.com/blog/shadowbunny.html

8、AI-Security-Learning:安全数据科学和ai安全算法的学习资料

9、《2020上半年中国手机安全状况报告》
https://www.anquanke.com/post/id/218882

#工具#RmiTaste allows security professionals to detect, enumerate, interact and attack RMI services by calling remote methods with gadgets from ysoserial.https://github.com/STMSolutions/RmiTaste

#工具#DecryptRDCManager:decrypt credentials from Remote Desktop Manager by using the functionality from the RDCMan.DLL