每日安全动态推送(06-14)

渗透技巧 2年前 (2022) admin

637 0 0

Tencent Security Xuanwu Lab Daily News

• 2280 – project-zero – Project Zero – Monorail:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2280

・ Issue 2280: Chrome: Incomplete fix for CVE-2022-1096 – Jett

• Apple’s macOS Ventura | 7 New Security Changes to Be Aware Of – SentinelOne:
https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/

・ Apple macOS Ventura 新版本系统安全相关的变化 – Jett

• The many lives of BlackCat ransomware – Microsoft Security Blog:
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/

・微软对 BlackCat 勒索软件的分析 – Jett

• Microsoft Azure Synapse Pwnalytics | by James Sebree | Tenable TechBlog | Jun, 2022 | Medium:
https://medium.com/tenable-techblog/microsoft-azure-synapse-pwnalytics-87c99c036291

・微软 Synapse Analytics 平台被发现提权漏洞 – Jett

• 一加工程模式指令逆向:
https://radioactive.blog/2022/06/02/oneplus_engineermode_code_all_in_one/

・一加工程模式指令逆向 – lanying37

• JWT attacks:
https://portswigger.net/web-security/jwt

・ SON web tokens (JWTs) 使用过程中的设计和实现漏洞 – Jett

• GitHub – winsiderss/systeminformer: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com:
https://github.com/winsiderss/systeminformer

・ System Informer – 一款开源的 Windows 资源监控和软件调试工具 – Jett

• 聊下最近的 CVE-2022-30190:
https://paper.seebug.org/1915/

・聊下最近的 CVE-2022-30190 – lanying37

• Finding vulnerabilities in curl 7.83.0 without reading a single-line of C code – Vulnerability Research:
https://haxatron.gitbook.io/vulnerability-research/vr2

・ curl 7.83.0 的 Cookie/Authorization 过程被发现 3 个逻辑漏洞 – Jett

• SeaFlower 藏海花:
https://objective-see.com/blog/blog_0x6F.html

・对攻击 Web3 钱包 iOS 用户的 SeaFlower 藏海花后门 App 的分析 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab