Tencent Security Xuanwu Lab Daily News
• [Fuzzing] Why CVE-2022-3602 was not detected by fuzz testing:
https://allsoftwaresucks.blogspot.com/2022/11/why-cve-2022-3602-was-not-detected-by.html
・ 这篇文章分析为什么这两天爆出的 OpenSSL punycode 漏洞没有提前被 Fuzz 测试发现
– Jett
• 0xADE1A1DE/USB-Injection:
https://github.com/0xADE1A1DE/USB-Injection
・ 以其他已连接 USB 设备的身份注入击键指令,来自 USENIX 会议的 Paper:The Impostor Among US(B): Off-Path Injection Attacks on USB Communications
– Jett
• [Attack] Dropbox Hacked – Attackers Stolen 130 GitHub Repositories:
https://cybersecuritynews.com/dropbox-hacked/
・ Dropbox 被黑,攻击者利用被黑员工的密钥信息窃取了 Dropbox 存储在 GitHub 的大量源码
– Jett
• RC4 Is Still Considered Harmful:
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
・ James Forshaw 发现 Windows 认证中使用的 RC4 加密存在缺陷,可以以其他用户的身份认证
– Jett
• Qual+Android方案Unlock学习 以Oneplus7Pro为例:
https://o0xmuhe.github.io/2022/11/01/Qual-Android%E6%96%B9%E6%A1%88Unlock%E5%AD%A6%E4%B9%A0-%E4%BB%A5Oneplus7Pro%E4%B8%BA%E4%BE%8B/
・ 某款刷机工具 Unlock 实现机制的研究
– Jett
• Ghidra_10.2_build:
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_10.2_build
・ NSA 发布 Ghidra 10.2 版本,Debugger、Decompiler 等组件均有更新
– Jett
• [Vulnerability] Local clone optimization dereferences symbolic links by default:
https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85
・ Git 修复了一个本地仓库 clone 过程中的符号链接 Following 问题,可以泄露用户敏感信息
– Jett
• Server-side attacks, C&C in public clouds and other MDR cases we observed:
https://securelist.com/server-side-attacks-cc-in-public-clouds-mdr-cases/107826/
・ 卡巴斯基对云环境实际攻击样本及相关攻击手法的总结分析
– Jett
• [Network] Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style:
https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/
・ Sec-consult 对互联网的 DNS 解析服务分析发现,大量存在 Kaminsky DNS 缓存污染攻击的风险
– Jett
• LOLBINed — Using Kaspersky Endpoint Security “KES” Installer to Execute Arbitrary Commands:
https://nasbench.medium.com/lolbined-using-kaspersky-endpoint-security-kes-installer-to-execute-arbitrary-commands-1c999f1b7fea
・ 利用卡巴斯基终端安全软件的 KES Installer 组件提供的 “Features”可以执行任意命令
– Jett
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(11-04)