每日安全动态推送(1-24)
2024-1-24 16:3:13 Author: mp.weixin.qq.com(查看原文) 阅读量:8 收藏

Tencent Security Xuanwu Lab Daily News

• Unpacking the Latest macOS Backdoor Unleashed by Cracked Apps:
https://securityonline.info/unpacking-the-latest-macos-backdoor-unleashed-by-cracked-apps/

   ・ macOS用户受到了一场复杂的恶意软件攻击,该攻击利用了盗版应用程序的漏洞,展现出了恶意行为者在网络空间中不断演变的威胁。 – SecTodayBot

• Learning Binary Ninja For Reverse Engineering and Scripting:
http://console-cowboys.blogspot.com/2024/01/learning-binary-ninja-for-reverse.html

   ・ 使用Binary Ninja的逆向工程教程 – SecTodayBot

• MajorDoMo Command Injection:
https://packetstormsecurity.com/files/176669

   ・ MajorDoMo在0662e5e版本之前存在命令注入漏洞,并提供了利用该漏洞的Metasploit模块。 – SecTodayBot

• GAP-Burp-Extension: find more potential parameters and potential links:
https://securityonline.info/gap-burp-extension-find-more-potential-parameters-and-potential-links/

   ・ GAP-Burp-Extension是一个用于模糊测试的新工具,能够发现潜在的参数和链接,为安全测试提供帮助。 – SecTodayBot

• Domain Escalation – Backup Operator:
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/

   ・ 介绍了Windows中Backup Operators组和SeBackupPrivilege权限的潜在安全风险 – SecTodayBot

• CVE-2023-5716 Alert: Critical Flaw in ASUS Armoury Crate Exposed:
https://securityonline.info/cve-2023-5716-alert-critical-flaw-in-asus-armoury-crate-exposed/

   ・ ASUS Armoury Crate软件存在严重漏洞CVE-2023-5716,攻击者可以利用此漏洞远程访问或修改系统中的任意文件。 – SecTodayBot

• Coldriver threat group targets high-ranking officials to obtain credentials:
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials

   ・ 揭示了一个名为Coldriver的黑客组织,文章对该黑客组织的策略、社会工程技术和恶意软件进行了详细分析,并介绍了Google TAG创建的YARA规则来发现Spica后门。 – SecTodayBot

• PixieFAIL – 9 UEFI Flaws Expose Computers To Remote Attacks:
https://gbhackers.com/pixiefail-uefi-flaws/

   ・ PixieFAIL - 9 UEFI漏洞,详细分析了漏洞的根本原因,包括影响的网络协议栈和引导过程。 – SecTodayBot

• Cracked software beats gold: new macOS backdoor stealing cryptowallets:
https://securelist.com/new-macos-backdoor-crypto-stealer/111778/

   ・ 恶意软件利用新的方法感染 macOS 系统,加密脚本和隐藏活动,包括恶意软件分析和内部工作机制的研究。 – SecTodayBot

• Ivanti Connect Secure Unauthenticated Remote Code Execution:
https://packetstormsecurity.com/files/176668

   ・ 利用Metasploit模块来利用Ivanti Connect Secure和Ivanti Policy Secure的认证绕过和命令注入漏洞,实现未经身份验证的远程代码执行。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959513&idx=1&sn=8254346b49947e825dde8511b1ebb250&chksm=8baed046bcd95950106e1d0bceac3a1dead732dc307cedccc2bc8ead5275710ccd400d3106fa&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh