每日安全动态推送(03-09)

渗透技巧 2年前 (2022) admin
667 0 0
Tencent Security Xuanwu Lab Daily News


• Put an io_uring on it: Exploiting the Linux Kernel – Blog | Grapl:
https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel

   ・ 利用 Linux 内核 io_uring Syscall 的漏洞实现本地提权 – Jett


• Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities:
https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/

   ・ Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities – Jett


• Make JDBC Attacks Brilliant Again 番外篇:
http://tttang.com/archive/1462

   ・ Make JDBC Attacks Brilliant Again 番外篇. – lanying37


• CVE-2022-26143: TP240PhoneHome reflection/amplification DDoS attack vector:
https://blog.cloudflare.com/cve-2022-26143/

   ・ Mitel MiCollab 商业电话系统的 CVE-2022-26143 漏洞被利用发起 DDoS 攻击 – Jett


• Reversing embedded device bootloader (U-Boot) – p.1:
https://www.shielder.it/blog/2022/03/reversing-embedded-device-bootloader-u-boot-p.1/

   ・ Reversing embedded device bootloader (U-Boot) – Jett


• Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday:
https://threatpost.com/microsoft-zero-days-critical-bugsmarch-patch-tuesday/178817/

   ・ 微软发布 3 月份漏洞补丁公告,修复 3 个高危漏洞 – Jett


• Pascom: The story of 3 bugs that lead to unauthed RCE. – Blog – Kerbit:
https://kerbit.io/research/read/blog/4

   ・ Pascom: The story of 3 bugs that lead to unauthed RCE – Jett


• Branch History Injection – VUSec:
https://www.vusec.net/projects/bhi-spectre-bhb/

   ・ Branch History Injection – Spectre-v2 攻击硬件缓解措施的绕过 – Jett


• Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure:
https://threatpost.com/zero-click-flaws-ups-critical-infratructure/178810/

   ・ APC Smart-UPS 设备被发现高危漏洞,利用该漏洞攻击者可以远程控制该设备 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(03-09)

版权声明:admin 发表于 2022年3月9日 下午12:26。
转载请注明:每日安全动态推送(03-09) | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...