每日安全资讯-2019.12.12

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

【病毒区】
1、Waterbear is Back, Uses API Hooking to Evade Security Product Detection
2、Deep Dive - Phoenix Keylogger and Its Autoit Cryptor

【漏洞分析区】
3、Local privilege escalation in EA Windows Origin Client (CVE-2019-19247 & CVE-2019-19248)
4、SetWindowsHookEx Leaks A Kernel Pointer – CVE-2019-1469
5、Apple Safari SVG marker element baseVale remote code execution vulnerability (CVE-2019-8846)
6、AirDoS: Remotely render any nearby iPhone or iPad unusable
7、Denial-of-service vulnerabilities in Linux kernel, W1.fi
8、File Extension Spoofing in Windows Defender Antivirus
9、Local Privilege Escalation in OpenBSD’s dynamic loader (CVE-2019-19726)
10、Multiple Vulnerabilities in Belkin WeMo Insight Switch

【技术分享区】
11、The quiet evolution of phishing
12、Digital lockpicking - stealing keys to the kingdom
13、Finding Vulnerabilities in Closed Source Windows Software by Applying Fuzzing
14、CDPSvc DLL Hijacking - From LOCAL SERVICE to SYSTEM
15、嵌入式浏览器安全之初识Cef
16、codeblue jp 2019 videos
17、InfiltrateCon 2020 videos
18、GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery($5,000)
19、Bootstrap XSS Collection
工具-WMIC Service Modification for Lateral Movement
工具-MalwinX: A framework for learning Malware and win32 functions