每日安全资讯-2019.12.11

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:拉丁美洲网络间谍活动研究、新的Plundervolt漏洞影响Intel CPU、黑客行动WizardOpium使用的Windows 0Day漏洞、Git子模块更新命令执行漏洞分析、SockPuppet:iOS 12.4内核利用、深入了解三星的TrustZone、ESET 2020年趋势报告等。

【病毒区】
1、A study of Machete cyber espionage operations in Latin America
2、a new Trojan Family on Google Play targeting carrier billing and advertising

【漏洞分析区】
3、New Plundervolt attack impacts Intel CPUs(CVE-2019-11157)
4、Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
5、Git submodule update command execution(CVE-2019-19604)
6、SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4(CVE-2019-8605)
7、CVE-2019-19248: Local Privilege Escalation in EA’s Origin Client

【技术分享区】
9、Hackers can jack ShapeShift’s crypto wallets in 15 minutes
10、MacOS Filename Homoglyphs Revisited
11、A Deep Dive Into Samsung’s TrustZone (Part 1)
12、Azure Privilege Escalation via Cloud Shell
13、The ESET Trends Report for 2020
14、awesome-reverse-engineering:Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect!
工具-attack_range:A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

2 1