每日安全资讯-2020.11.24

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:通过改造Notepad ++编辑器进行的针对性黑客攻击、Zend PHP 7新的反序列化利用链、Windows内核提权漏洞分析、npm内网IP限制可被绕过用于SSRF、Windows打印后台处理程序漏洞分析、基于Outlook邮件的持久性攻击等。

【病毒区】
1、a weaponized version of the popular open source Notepad++ editor, used in targeted attacks
https://www.trendmicro.com/en_us/research/20/k/weaponizing-open-source-software-for-targeted-attacks.html

2、TrickBot is Dead. Long Live TrickBot!

3、Analyzing an Emotet Dropper and Writing a Python Script to Statically Unpack Payload.

4、TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader

【漏洞分析区】
5、New gadget chain for deserialization in Zend Framework applications. Triggers on __destruct(), gives RCE and works in PHP 7.

6、SD-PWN — Part 3 — Cisco vManage — Another Day, Another Network Takeover

7、gitlab XSS on Issue reference numbers

8、Remote code execution in Elixir-based Paginator(CVE-2020-15150)

9、Windows Kernel Elevation of Privilege Vulnerability(CVE-2020-1034)
https://windows-internals.com/exploiting-a-simple-vulnerability-in-35-easy-steps-or-less/

10、CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)

11、discovering, exploiting and shutting down a dangerous Windows print spooler vulnerability(CVE-2020-1030)
https://www.accenture.com/us-en/blogs/cyber-defense/discovering-exploiting-shutting-down-dangerous-windows-print-spooler-vulnerability

【技术分享区】
12、A Fresh Outlook on Mail Based Persistence

13、Potatoes - Windows Privilege Escalation
https://jlajara.gitlab.io/others/2020/11/22/Potatoes_Windows_Privesc.html

#工具#Gnome is a module to load your signed driver stealthily.