每日安全资讯-2020.11.4

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:CVE-2020-16009 v8 0day、Github Actions中广泛存在的注入漏洞、Electronic Arts (EA) Origin本地提权、基于跨模态检索的二进制代码-源代码匹配等。

【病毒区】
1、Operation Earth Kitsune: A Dance of Two New Backdoors

【漏洞分析区】
2、CVE-2020-16009: v8 0day
https://chromium.googlesource.com/v8/v8.git/+/3ba21a17ce2f26b015cc29adc473812247472776^!/#F3

3、Github: Widespread injection vulnerabilities in Actions(CVE-2020-15228)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids

4、CVE-2020-27708: Electronic Arts (EA) Origin – Local Privilege Escalation

【技术分享区】
5、基于跨模态检索的二进制代码-源代码匹配

#工具#Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as well as threat hunters to get up and running quickly.

2 1