Tencent Security Xuanwu Lab Daily News
• Unpacking the Latest macOS Backdoor Unleashed by Cracked Apps:
https://securityonline.info/unpacking-the-latest-macos-backdoor-unleashed-by-cracked-apps/
・ macOS用户受到了一场复杂的恶意软件攻击,该攻击利用了盗版应用程序的漏洞,展现出了恶意行为者在网络空间中不断演变的威胁。
– SecTodayBot
• Learning Binary Ninja For Reverse Engineering and Scripting:
http://console-cowboys.blogspot.com/2024/01/learning-binary-ninja-for-reverse.html
・ 使用Binary Ninja的逆向工程教程
– SecTodayBot
• MajorDoMo Command Injection:
https://packetstormsecurity.com/files/176669
・ MajorDoMo在0662e5e版本之前存在命令注入漏洞,并提供了利用该漏洞的Metasploit模块。
– SecTodayBot
• GAP-Burp-Extension: find more potential parameters and potential links:
https://securityonline.info/gap-burp-extension-find-more-potential-parameters-and-potential-links/
・ GAP-Burp-Extension是一个用于模糊测试的新工具,能够发现潜在的参数和链接,为安全测试提供帮助。
– SecTodayBot
• Domain Escalation – Backup Operator:
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/
・ 介绍了Windows中Backup Operators组和SeBackupPrivilege权限的潜在安全风险
– SecTodayBot
• CVE-2023-5716 Alert: Critical Flaw in ASUS Armoury Crate Exposed:
https://securityonline.info/cve-2023-5716-alert-critical-flaw-in-asus-armoury-crate-exposed/
・ ASUS Armoury Crate软件存在严重漏洞CVE-2023-5716,攻击者可以利用此漏洞远程访问或修改系统中的任意文件。
– SecTodayBot
• Coldriver threat group targets high-ranking officials to obtain credentials:
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
・ 揭示了一个名为Coldriver的黑客组织,文章对该黑客组织的策略、社会工程技术和恶意软件进行了详细分析,并介绍了Google TAG创建的YARA规则来发现Spica后门。
– SecTodayBot
• PixieFAIL – 9 UEFI Flaws Expose Computers To Remote Attacks:
https://gbhackers.com/pixiefail-uefi-flaws/
・ PixieFAIL – 9 UEFI漏洞,详细分析了漏洞的根本原因,包括影响的网络协议栈和引导过程。
– SecTodayBot
• Cracked software beats gold: new macOS backdoor stealing cryptowallets:
https://securelist.com/new-macos-backdoor-crypto-stealer/111778/
・ 恶意软件利用新的方法感染 macOS 系统,加密脚本和隐藏活动,包括恶意软件分析和内部工作机制的研究。
– SecTodayBot
• Ivanti Connect Secure Unauthenticated Remote Code Execution:
https://packetstormsecurity.com/files/176668
・ 利用Metasploit模块来利用Ivanti Connect Secure和Ivanti Policy Secure的认证绕过和命令注入漏洞,实现未经身份验证的远程代码执行。
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(1-24)