记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

每日安全动态推送(05-07)

2021-05-07 13:29
Tencent Security Xuanwu Lab Daily News

• “BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks: 
https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/

   ・ BadAlloc:影响 IoT 和 OT 设备的一系列内存分配漏洞,攻击者可以利用这些漏洞绕过安全限制,以执行恶意代码。 – potato


• Apple Silicon Hardware Secrets: SPRR and Guarded Exception Levels (GXF): 
https://blog.svenpeter.dev/posts/m1_sprr_gxf/

   ・ Apple Silicon Hardware Secrets: SPRR and Guarded Exception Levels (GXF) – potato


• [Malware] The UNC2529 Triple Double: A Trifecta Phishing Campaign: 
http://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html

   ・ UNC2529 钓鱼活动的追踪分析报告。 – potato


• Operation TunnelSnake: 
https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/

   ・ 在 TunnelSnake 活动中新发现了 Moriya Rootkit,及对 Moriya 的分析。 – potato


• Making the Internet more secure one signed container at a time: 
http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/FLp9ykAkb4U/making-internet-more-secure-one-signed.html

   ・ 使用 Cosign 等签名流程可以有效的改善容器供应链安全。 – potato


• Analysis of HSTS Caches of Different Browsers: 
https://insinuator.net/2021/05/analysis-of-hsts-caches-of-different-browsers/

   ・ 不同浏览器的 HSTS 缓存实现的分析。 – potato


• Pwn2Own Qualcomm DSP - Check Point Research: 
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

   ・ 对于高通 DSP(Digital Signal Processor )安全研究。 – potato


• Heappy: a happy heap editor: 
https://github.com/gand3lf/heappy

   ・ Heappy:基于 gdb / gef 的编辑器,辅助开发 PoC 时处理堆栈问题。 – potato


• Security probe of Qualcomm MSM data services - Check Point Research: 
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/

   ・ 高通 MSM(Mobile Station Modem)安全性调研。 – potato


• Detecting memory management bugs with GCC 11, Part 1: Understanding dynamic allocation: 
https://developers.redhat.com/blog/2021/04/30/detecting-memory-management-bugs-with-gcc-11-part-1-understanding-dynamic-allocation/

   ・ 利用 GCC 11 检测内存管理错误——第一部分:理解动态内存分配 – potato


• 2152 - Android: Memory Disclosure, OOB Write, and Double Free in NFC's Felica Tag Handling - project-zero: 
https://bugs.chromium.org/p/project-zero/issues/detail?id=2152

   ・ Android NFC 中的 Felica 处理存在内存泄漏、OOB 和 Double Free。 – potato


• Audit of Session Secure Messaging Application: 
http://blog.quarkslab.com/audit-of-session-secure-messaging-application.html

   ・ Quarkslab 对 Oxen 下的 Session(即时聊天工具)安全审计。 – potato


• CVE-2021-26411 在野样本中利用 RPC 绕过 CFG 缓解技术的研究: 
https://paper.seebug.org/1579/

   ・ CVE-2021-26411 在野样本中利用 RPC 绕过 CFG 缓解技术的研究. – lanying37


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号:腾讯玄武实验室 
https://weibo.com/xuanwulab



知识来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651957479&idx=1&sn=5302f3f0f4205cae3df49c7b08e4760b

阅读:120425 | 评论:0 | 标签:安全

想收藏或者和大家分享这篇好文章→复制链接地址

“每日安全动态推送(05-07)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

广而告之 💖

标签云 ☁