每日安全动态推送(1-24)

Tencent Security Xuanwu Lab Daily News

• Unpacking the Latest macOS Backdoor Unleashed by Cracked Apps:
https://securityonline.info/unpacking-the-latest-macos-backdoor-unleashed-by-cracked-apps/

   ・ macOS用户受到了一场复杂的恶意软件攻击，该攻击利用了盗版应用程序的漏洞，展现出了恶意行为者在网络空间中不断演变的威胁。 – SecTodayBot

• Learning Binary Ninja For Reverse Engineering and Scripting:
http://console-cowboys.blogspot.com/2024/01/learning-binary-ninja-for-reverse.html

   ・ 使用Binary Ninja的逆向工程教程 – SecTodayBot

• MajorDoMo Command Injection:
https://packetstormsecurity.com/files/176669

   ・ MajorDoMo在0662e5e版本之前存在命令注入漏洞，并提供了利用该漏洞的Metasploit模块。 – SecTodayBot

• GAP-Burp-Extension: find more potential parameters and potential links:
https://securityonline.info/gap-burp-extension-find-more-potential-parameters-and-potential-links/

   ・ GAP-Burp-Extension是一个用于模糊测试的新工具，能够发现潜在的参数和链接，为安全测试提供帮助。 – SecTodayBot

• Domain Escalation – Backup Operator:
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/

   ・ 介绍了Windows中Backup Operators组和SeBackupPrivilege权限的潜在安全风险 – SecTodayBot

• CVE-2023-5716 Alert: Critical Flaw in ASUS Armoury Crate Exposed:
https://securityonline.info/cve-2023-5716-alert-critical-flaw-in-asus-armoury-crate-exposed/

   ・ ASUS Armoury Crate软件存在严重漏洞CVE-2023-5716，攻击者可以利用此漏洞远程访问或修改系统中的任意文件。 – SecTodayBot

• Coldriver threat group targets high-ranking officials to obtain credentials:
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials

   ・ 揭示了一个名为Coldriver的黑客组织，文章对该黑客组织的策略、社会工程技术和恶意软件进行了详细分析，并介绍了Google TAG创建的YARA规则来发现Spica后门。 – SecTodayBot

• PixieFAIL – 9 UEFI Flaws Expose Computers To Remote Attacks:
https://gbhackers.com/pixiefail-uefi-flaws/

   ・ PixieFAIL – 9 UEFI漏洞，详细分析了漏洞的根本原因，包括影响的网络协议栈和引导过程。 – SecTodayBot

• Cracked software beats gold: new macOS backdoor stealing cryptowallets:
https://securelist.com/new-macos-backdoor-crypto-stealer/111778/

   ・ 恶意软件利用新的方法感染 macOS 系统，加密脚本和隐藏活动，包括恶意软件分析和内部工作机制的研究。 – SecTodayBot

• Ivanti Connect Secure Unauthenticated Remote Code Execution:
https://packetstormsecurity.com/files/176668

   ・ 利用Metasploit模块来利用Ivanti Connect Secure和Ivanti Policy Secure的认证绕过和命令注入漏洞，实现未经身份验证的远程代码执行。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(1-24)