每日安全资讯-2020.11.6

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:加沙和西岸黑客在国际上利用公司VoIP电话系统漏洞并从中获利、Apple iOS 14.2 FreeType整数截断导致堆缓冲区溢出、Adobe Acrobat Reader中的多个JavaScript漏洞等。

【病毒区】
1、Who’s Calling? Gaza and West-Bank Hackers Exploit and Monetize Corporate VoIP Phone System Vulnerability Internationally

【漏洞分析区】
2、Apple iOS 14.2 Heap buffer overflow due to integer truncation in FreeType
https://bugs.chromium.org/p/chromium/issues/detail?id=1139963

3、CVE-2020-8276 – Exposure of Sensitive Information to an Unauthorized Actor – Brave Browser Potentially Logs The Last Time A Tor Window Was Used.

4、Attack of the clones: Git clients remote code execution(CVE-2020-27955)

5、Multiple JavaScript vulnerabilities in Adobe Acrobat Reader

6、Exploiting SIGRed (CVE-2020–1350) on Windows Server 2012/2016/2019

【技术分享区】
7、Low Privilege Active Directory Enumeration from a non-Domain Joined Host
https://www.attackdebris.com/?p=470

#工具#Threat-Broadcast:从公开的威胁情报来源爬取并整合最新信息