每日安全动态推送(12-23)

Tencent Security Xuanwu Lab Daily News

• NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories:
https://www.wiz.io/blog/azure-app-service-source-code-leak

   ・ 微软 Azure App Service 在 Local Git 方式部署代码时存在漏洞，泄漏用户源码库 – Jett

• [PDF] https://www.bitdefender.com/files/News/CaseStudies/study/410/Bitdefender-PR-Whitepaper-Abode-creat4625-en-EN.pdf:
https://www.bitdefender.com/files/News/CaseStudies/study/410/Bitdefender-PR-Whitepaper-Abode-creat4625-en-EN.pdf

   ・ Abode IOTA 存在 Management Console 命令注入等多个高危漏洞 – Jett

• Cloud Security Breaches and Vulnerabilities: 2021 in Review:
https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review/

   ・ 2021 年云安全事件回顾 – Jett

• [Network] Responder and IPv6 attacks:
https://g-laurent.blogspot.com/2021/12/responder-and-ipv6-attacks.html

   ・ Responder and IPv6 attacks – Jett

• [Vulnerability] MS Teams: 1 feature, 4 vulnerabilities | Positive Security:
https://positive.security/blog/ms-teams-1-feature-4-vulns

   ・ Microsoft Team 链接预览欺骗、IP 地址泄漏等漏洞的分析 – Jett

• BLISTER malware campaign discovered | Elastic Blog:
https://www.elastic.co/cn/blog/elastic-security-uncovers-blister-malware-campaign

   ・ Elastic 安全团队发现 BLISTER 恶意软件携带有效合法签名传播 – Jett

• Background:
https://objective-see.com/blog/blog_0x6A.html

   ・ macOS Gatekeeper Bypass 漏洞分析（CVE-2021-30853） – Jett

• All in One SEO Plugin Bug Threatens 3M Websites with Takeovers:
https://threatpost.com/all-in-one-seo-plugin-bug-threatens-3m-websites-with-takeovers/177240/

   ・ WordPress 插件 All in One SEO 漏洞可导致网站被攻破，影响 300 万站点 – Jett

• Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!:
https://nakedsecurity.sophos.com/2021/12/21/apaches-other-product-critical-bugs-in-httpd-web-server-patch-now/

   ・ Apache HTTP Server httpd 被发现两个高危漏洞 – Jett

• [PDF] https://messlab.moyix.net/papers/irqdebloat_oakland22.pdf:
https://messlab.moyix.net/papers/irqdebloat_oakland22.pdf

   ・ IRQDebloat – 利用自动化的固件重写技术部分禁用嵌入式设备的的功能，从而收紧暴露的攻击面（Paper） – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(12-23)